Rule based database security system and method
First Claim
1. A method for processing requests from a user to perform an action with respect to data stored in an electronic database, the method comprising:
- defining a plurality of user defined rules containing security constraints for accessing said data;
receiving at a user interface a request to provide to the user interface data comprising a first set of data elements;
transferring the request from the user interface to a rule engine;
applying said plurality of rules to the request to determine if the request passes said security constraints and modifying the request, if required to meet the security constraints, by adding one or more constraints to the request implementing rules for transaction control, action triggering, object initialization and access control; and
accessing said data to perform the request if the request meets said security constraints.
10 Assignments
0 Petitions
Accused Products
Abstract
A rule-based database security system and method are disclosed. A method for processing requests from a user to perform an action with respect to data stored in an electronic database includes defining a plurality of user defined rules containing security constraints for accessing the data and receiving a request at a user interface. The request is transferred from the user interface to a rule engine and the plurality of rules are applied to the request to determine if the request passes the security constraints. The method further includes modifying the request if required to meet the security constraints. The data is accessed to perform the request if the request meets the security constraints.
-
Citations
22 Claims
-
1. A method for processing requests from a user to perform an action with respect to data stored in an electronic database, the method comprising:
-
defining a plurality of user defined rules containing security constraints for accessing said data;
receiving at a user interface a request to provide to the user interface data comprising a first set of data elements;
transferring the request from the user interface to a rule engine;
applying said plurality of rules to the request to determine if the request passes said security constraints and modifying the request, if required to meet the security constraints, by adding one or more constraints to the request implementing rules for transaction control, action triggering, object initialization and access control; and
accessing said data to perform the request if the request meets said security constraints. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for processing requests for accessing a database comprising:
-
receiving a query for data from the database at a user interface, the query comprising a request to provide to the user interface data comprising a first set of data elements;
transferring said query to a rule engine, the rule engine having a plurality of user defined rules containing security constraints for accessing said data;
modifying said query by adding one or more constraints to the query;
issuing said modified query to the database implementing rules for transaction control, action triggering, object initialization and access control; and
transmitting data obtained from the database to the user. - View Dependent Claims (14)
-
-
15. A security system operable to interface between a user and an electronic database and configured to process requests from the user to perform an action with respect to data stored in the database, the system comprising:
-
a user interface operable to receive a request from the user to obtain data within the electronic database, the request comprising a request to provide to the user interface data comprising a first set of data elements, form a query based on the request, and pass the query to a rule engine, the user request including a user identifier; and
a data manager operable to submit said query to the database and return requested data to the rule engine;
the rule engine comprising a plurality of user defined rules which apply security constraints to at least one of said query and requested data based on the user identifier, including by modifying said query, if required to meet the security constraints, by adding one or more constraints to the query and implementing rules for transaction control, action triggering, object initialization and access control. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A security system operable to interface between a user and an electronic database and configured to process requests from the user to perform an action with respect to data stored in the database, the system comprising:
-
a user interface operable to receive a request from the user to obtain data within the database and pass the request to a rule engine, the request comprising a request to provide to the user interface data comprising a first set of data elements; and
a rule engine comprising a plurality of security rules and operable to evaluate the request against said plurality of rules to determine if the user has authority to perform the requested action with respect to the data, the security rules being based on a relation between the user and said data, the rule engine being configured to modify said request, if required to satisfy the security rules, by adding one or more constraints to the request and implementing rules for transaction control, action triggering object initialization and access control.
-
-
22. A method for processing requests from a user to perform an action with respect to data stored in an electronic database, the method comprising:
-
defining a plurality of user defined rules containing security constraints for accessing said data, said user defined rules being based on a relation between the user and said data;
receiving at a user interface a request to provide to the user interface data comprising a first set of data elements;
transferring the request from the user interface to a rule engine;
applying said plurality of rules to the request to determine if the request passes said security constraints;
modifying said request, if it is determined that said request does not pass the security constraints, by adding one or more constraints to the request implementing rules for transaction control, action triggering, object initialization and access control; and
accessing said data to perform the request if the request meets said security constraints.
-
Specification