System and method for database integrity via local database lockout

US 6,901,401 B2
Filed: 03/21/2002
Issued: 05/31/2005
Est. Priority Date: 03/21/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling access to one or more database files, said method comprising:

deciding whether a local copy of a database is running on a computer system, wherein the local copy of the database is replicated from a server copy of the database, and wherein the local copy of the database is identical to the server copy of the database at the time of replication;

in response to deciding that the local copy of the database is running on the computer system, determining whether a user of the computer system is authorized to use the local copy of the database, wherein the determining includes;

retrieving one or more access control entries correspond in to the local copy of the database;

matching a user role corresponding to one or more of the access control entries to a key role, wherein the key role indicates roles allowed to use the local copy of the database; and

deciding whether a usemname corresponding to the user is authorized to use the local copy of the database in response to the matching;

denying the user access to the database files in the local copy of the database in response to determining that the user is not authorized; and

allowing the user access to the database files in the local copy of the database in response to determining that the user is authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided to perform a routine when the user attempts to access any document in a database. When the user attempts to access any document in the database, a call to a function is performed to determine whether the user is allowed to access a local copy of the database. The function determines whether the database is a local database. If the function determines that the database is running on the user'"'"'s local machine then the function determines whether the user has permission to access the local copy of the database by searching through individual and group access control files. If the user is authorized, the function allows the user to access the local copy of the database. However, if the user is not authorized, an error message is displayed and the user is denied access to the local database copy.

25 Citations

View as Search Results

17 Claims

1. A method for controlling access to one or more database files, said method comprising:
- deciding whether a local copy of a database is running on a computer system, wherein the local copy of the database is replicated from a server copy of the database, and wherein the local copy of the database is identical to the server copy of the database at the time of replication;
  
  in response to deciding that the local copy of the database is running on the computer system, determining whether a user of the computer system is authorized to use the local copy of the database, wherein the determining includes;
  
  retrieving one or more access control entries correspond in to the local copy of the database;
  
  matching a user role corresponding to one or more of the access control entries to a key role, wherein the key role indicates roles allowed to use the local copy of the database; and
  
  deciding whether a usemname corresponding to the user is authorized to use the local copy of the database in response to the matching;
  
  denying the user access to the database files in the local copy of the database in response to determining that the user is not authorized; and
  
  allowing the user access to the database files in the local copy of the database in response to determining that the user is authorized.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as described in claim 1 wherein the determining further comprises:
    - locating a username corresponding to the user in an access control list, wherein the access control list is related to the local copy of the database.
  - 3. The method as described in claim 1 wherein the determining further comprises:
    - locating a username corresponding to the user in one or more group access files, wherein each of the group access files include one or more usernames and each of the group access flies is related to the local copy of the database.
  - 4. The method as described in claim 1 wherein the determining further comprises:
    - locating a configuration view and a configuration document corresponding to the local copy of the database;
      
      retrieving one or more key roles from the configuration document; and
      
      determining whether a user entry corresponding to the user includes a user role that matches the key role.
  - 5. The method as described in claim 4 wherein the determining further comprises:
    - retrieving a user type corresponding to the user, wherein the user type indicates that the user is a member of a database access group;
      
      locating a group access document and a group view corresponding to the local copy of the database; and
      
      searching the group access document for a username corresponding to the user.
  - 6. The method as described in claim 1 further comprising:
    - processing a script called from one or more views of the local copy of the database, wherein the script performs the deciding, determining, denying, and allowing steps.

7. An information handling system comprising:
- one or more processors;
  
  a memory accessible by the processors;
  
  a nonvolatile storage area for storing database files;
  
  a database access tool for controlling access to a database, the database access tool including;
  
  means for deciding whether a local copy of a database is running on a computer system, wherein the local copy of the database is replicated from a server copy of the database, and wherein the local copy of the database is identical to the server copy of the database at the time of replication;
  
  means for determining whether a user of the computer system is authorized to use the local copy of the database, wherein said means for determining includes;
  
  means for retrieving one or more access control entries corresponding to the local copy of the database;
  
  means for matching a user role corresponding to one or more of the access control entries to a key role, wherein the key role indicates roles allowed to use the local copy of the database; and
  
  means for deciding whether a username corresponding to the user is authorized to use the local copy of the database in response to the matching;
  
  means for denying the user access to the database files in the local copy of the database in response to determining that the user is not authorized; and
  
  means for allowing the user access to the database files in the local copy of the database in response to determining that the user is authorized.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The information handling system as described in claim 7 wherein the means for determining further comprises:
    - means for locating a username corresponding to the user in an access control list, wherein the access control list is related to the local copy of the database.
  - 9. The information handling system as described in claim 7 wherein the means for determining further comprises:
    - means for locating a username corresponding to the user in one or more group access files, wherein each of the group access files include one or more usernames and each of the group access files is related to the local copy of the database.
  - 10. The information handling system as described in claim 7 wherein the means for determining further comprises:
    - means for locating a configuration view and a configuration document corresponding to the local copy of the database;
      
      means for retrieving one or more key roles from the configuration document; and
      
      means for determining whether a user entry corresponding to the user includes a user role that matches the key role.
  - 11. The information handling system as described in claim 10 wherein the means for determining further comprises:
    - means for retrieving a user type corresponding to the user, wherein the user type indicates that the user is a member of a database access group;
      
      means for locating a group access document and a group view corresponding to the local copy of the database; and
      
      means for searching the group access document for a username corresponding to the user.

12. A computer program product stored in a computer operable media for controlling access to one or more database files, said computer program product comprising:
- means for deciding whether a local copy of a database is running on a computer systems wherein the local copy of the database is replicated from a server copy of the database, and wherein the local copy of the database is identical to the server copy of the database at the time of replication;
  
  means for determining whether a user of the computer system is authorized to use the local copy of the database, wherein the means for determining includes;
  
  means for retrieving one or more access control entries corresponding to the local copy of the database;
  
  means for matching a user role corresponding to one or more of the access control entries to a key role, wherein the key role indicates roles allowed to use the local copy of the database; and
  
  means for deciding whether a username corresponding to the user is authorized to use the local copy of the database in response to the matching;
  
  means for denying the user access to the database files in the local copy of the database in response to determining that the user is not authorized; and
  
  means far allowing the user access to the database files in the local copy of the database in response to determining that the user is authorized.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The computer program product as described in claim 12 wherein the means for determining further comprises:
    - means for locating a username corresponding to the user in an access control list, wherein the access control list is related to the local copy of the database.
  - 14. The computer program product as described in claim 12 wherein the means for determining further comprises:
    - means for locating a username corresponding to the user in one or more group access files, wherein each of the group access files include one or more usernames and each of the group access files is related to the local copy of the database.
  - 15. The computer program product as described in claim 12 wherein the means for determining further comprises:
    - means for locating a configuration view and a configuration document corresponding to the local copy of the database;
      
      means for retrieving one or more key roles from the configuration document; and
      
      means for determining whether a user entry corresponding to the user includes a user role that matches the key role.
  - 16. The computer program product as described in claim 15 wherein the means for determining further comprises:
    - means for retrieving a user type corresponding to the user, wherein the user type indicates that the user is a member of a database access group;
      
      means for locating a group access document and a group view corresponding to the local copy of the database; and
      
      means for searching the group access document for a username corresponding to the user.
  - 17. The computer program product as described in claim 12 further comprising:
    - means for processing a script called from one or more views of the local copy of the database, wherein the script includes the means for deciding, the means for determining, the means for denying, and the means for allowing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bangel, Matthew Jay, Murray, Douglas G., Martin, James A. Jr., Hanrahan-Locke, Victoria
Primary Examiner(s)
Corrielus, Jean M.
Assistant Examiner(s)
Woo, Isaac M.

Application Number

US10/105,096
Publication Number

US 20030187846A1
Time in Patent Office

1,167 Days
Field of Search

707 1- 10, 707100-1041, 715517-525
US Class Current

1/1
CPC Class Codes

G06F 16/2343   Locking methods, e.g. distr...

G06F 21/6218   to a system of files or obj...

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99938   Concurrency, e.g. lock mana...

Y10S 707/99939   Privileged access

System and method for database integrity via local database lockout

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

System and method for database integrity via local database lockout

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others