Method for implementing access control for queries to a content management system
First Claim
1. A processor-implemented method for implementing access control for a query to a content management system that includes a content management server, the method comprising:
- a user processor transmitting the query to the content management server;
wherein the user processor is remotely located relative to the content management server to prevent user access to the content management server and to prevent the bypass of the security of the content management server;
at the content management server;
parsing the query into a plurality of portions;
creating an access control logic string for the query according to an access control privilege information of a user, wherein the access control logic string is query language that prohibits an unauthorized user from accessing restricted data;
inserting the access control logic string in each portion of the query that has been parsed to generate a dynamic query, wherein the dynamic query is a result of adding the access control logic string to each of the plurality of portions of the query;
executing the dynamic query; and
generating a secure query result.
2 Assignments
0 Petitions
Accused Products
Abstract
A method to generate an SQL sub-expression that implement access control rules stored in a library server. The SQL sub-expression is then merged with the SQL passed from an application program interface (API). The access control checking mechanism is implemented on the server side of the content management system. In this client/server environment, the query SQL statement is built in two layers: the API (client) layer and the server layer. The API sends the query string to the underlying stored procedure. The stored procedure then generates the access control logic based on the configuration parameters of the library server. This access control logic is dynamically added to the query string sent by the API. The stored procedure prepares, builds and executes this new query string as a dynamic SQL statement.
65 Citations
2 Claims
-
1. A processor-implemented method for implementing access control for a query to a content management system that includes a content management server, the method comprising:
-
a user processor transmitting the query to the content management server;
wherein the user processor is remotely located relative to the content management server to prevent user access to the content management server and to prevent the bypass of the security of the content management server;at the content management server; parsing the query into a plurality of portions; creating an access control logic string for the query according to an access control privilege information of a user, wherein the access control logic string is query language that prohibits an unauthorized user from accessing restricted data; inserting the access control logic string in each portion of the query that has been parsed to generate a dynamic query, wherein the dynamic query is a result of adding the access control logic string to each of the plurality of portions of the query; executing the dynamic query; and generating a secure query result. - View Dependent Claims (2)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsNelson, Kenneth Carlin, Richardt, Randal James, Hu, Tawei, Bhaghavan, Rupa
-
Primary Examiner(s)WOO, ISAAC M
-
Application NumberUS10/367,086Publication NumberTime in Patent Office1,957 DaysField of Search707 1- 10, 707100-1041US Class Current1/1CPC Class CodesG06F 16/2452 Query translationG06F 21/6218 to a system of files or obj...G06F 21/6227 where protection concerns t...Y10S 707/99932 Access augmentation or opti...Y10S 707/99934 Query formulation, input pr...Y10S 707/99937 SortingY10S 707/99938 Concurrency, e.g. lock mana...Y10S 707/99939 Privileged access
