Mechanism for uniform access control in a database system
First Claim
1. A computer-implemented method for managing data in a database system, comprising the steps of:
- storing, in content structures, first resources that belong to an information hierarchy and first access control data used to define user access privileges for accessing said first resources;
storing, in a set of hierarchy structures, information that defines hierarchical relationships within said information hierarchy and second access control data used to define user access privileges for accessing said first resources;
maintaining said first access control data and said second access control data to maintain consistency between said first access control data and said second access control;
wherein said content structures include a first set of database objects that contain at least a portion of said first resources and said first access control data;
wherein said hierarchical structures include a second set of database objects, different than said first set of database objects, that contain at least a portion of said information that defines hierarchical relationships and said second access control data;
wherein said first set of database objects are one or more first database objects defined by the database system; and
wherein said second set of database objects are one or more second database objects defined said database system.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are provided for facilitating uniform access control to data managed by a database server that can emulate hierarchically organized systems, whether the data is accessed through hierarchical or relational access mechanisms. A database server that can emulate hierarchically organized systems uses separate relational or object-relational database tables to store the content of the resources that belong to a hierarchy (the “content structures”) and information that captures the hierarchy (the “hierarchy structures”). Both types of structures contain access control data that define consistent user access privileges. To determine access privileges for a user requesting access to data in the database, access control information is accessed in the hierarchy structures when the request is made through the hierarchical access mechanism, or accessed in the content structures when the request is made through a relational access mechanism. Access control is consistent between the hierarchical or relational access mechanisms because access through either is governed by user access data that reflects the same privileges.
-
Citations
26 Claims
-
1. A computer-implemented method for managing data in a database system, comprising the steps of:
-
storing, in content structures, first resources that belong to an information hierarchy and first access control data used to define user access privileges for accessing said first resources; storing, in a set of hierarchy structures, information that defines hierarchical relationships within said information hierarchy and second access control data used to define user access privileges for accessing said first resources; maintaining said first access control data and said second access control data to maintain consistency between said first access control data and said second access control; wherein said content structures include a first set of database objects that contain at least a portion of said first resources and said first access control data; wherein said hierarchical structures include a second set of database objects, different than said first set of database objects, that contain at least a portion of said information that defines hierarchical relationships and said second access control data; wherein said first set of database objects are one or more first database objects defined by the database system; and wherein said second set of database objects are one or more second database objects defined said database system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable medium carrying one or more sequences of instructions for managing data in a database system, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
storing, in content structures, first resources that belong to an information hierarchy and first access control data used to define user access privileges for accessing said first resources; storing, in a set of hierarchy structures, information that defines hierarchical relationships within said information hierarchy and second access control data used to define user access privileges for accessing said first resources; maintaining said first access control data and said second access control data to maintain consistency between said first access control data and said second access control; wherein said content structures include a first set of database objects that contain at least a portion of said first resources and said first access control data; wherein said hierarchical structures include a second set of database objects, different than said first set of database objects that contain at least a portion of said information that defines hierarchical relationships and said second access control data; wherein said first set of database objects are one or more first database objects defined by the database system; and wherein said second set of database objects are one or more second database objects defined said database system. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification