Method and mechanism for implementing synonym-based access control
First Claim
Patent Images
1. A computer-implemented method for implementing access control to data in a computing system, comprising:
- receiving a data query;
associating the data query with a named object, the named object associated with one or more security policies, each of the one or more security policies specifying data access parameters;
applying the one or more security policies associated with said named object to the data query by modifying the data query to include one or more new predicates; and
restricting access to data for the data query based upon the one or more security policies.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for implementing access control in a computer system is disclosed. Synonyms associated with shareable security policies and policy functions are employed to encapsulate data from underlying data sources. By controlling access and contents of synonyms and their underlying security policies, fine-grained access control can be implemented for system data sources.
8 Citations
34 Claims
-
1. A computer-implemented method for implementing access control to data in a computing system, comprising:
-
receiving a data query; associating the data query with a named object, the named object associated with one or more security policies, each of the one or more security policies specifying data access parameters; applying the one or more security policies associated with said named object to the data query by modifying the data query to include one or more new predicates; and restricting access to data for the data query based upon the one or more security policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for implementing access control to data in a computing system, comprising:
-
one or more security policies specifying data access parameters; a named object associated with the one or more security policies; and one or more corresponding policy functions to implement the one or more security policies associated with said named object against a data query by modifying the data query to include one or more new predicates, the data query being associated with the named object. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-implemented method of creating a synonym for synonym-based access control, comprising:
-
identifying whether one or more suitable security policies that match the data filtering intent of intended access control exist; creating the one or more suitable security policies if said one or more suitable security policies do not already exist; creating a synonym as a named data object to implement the data filtering intent of the intended access control; and associating the one or more suitable security policies with the synonym. - View Dependent Claims (16, 17, 18)
-
-
19. A computer program product comprising a computer usable storage medium having executable code to execute a method for implementing access control to data in a computing system, the method comprising the steps of:
-
receiving a data query; associating the data query with a named object, the named object associated with one or more security policies, each of the one or more security policies specifying data access parameters; applying the one or more security policies associated with said named object to the data query by modifying the data query to include one or more new predicates; and restricting access to data for the data query based upon the one or more security policies. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A system of creating a synonym for synonym-based access control, comprising:
-
means for identifying whether one or more suitable security policies that match the data filtering intent of intended access control exist; means for creating the one or more suitable security policies if said one or more suitable security policies do not already exist; means for creating a synonym as a named data object to implement the data filtering intent of the intended access control; and means for associating the one or more suitable security policies with the synonym. - View Dependent Claims (28, 29, 30)
-
-
31. A computer program product comprising a computer usable storage medium having executable code to execute a method for creating a synonym for synonym-based access control, comprising the steps of:
-
identifying whether one or more suitable security policies that match the data filtering intent of intended access control exist; creating the one or more suitable security policies if said one or more suitable security policies do not already exist; creating a synonym as a named data object to implement the data filtering intent of the intended access control; and associating the one or more suitable security policies with the synonym. - View Dependent Claims (32, 33, 34)
-
Specification