Method for providing security mechanisms for data warehousing and analysis
First Claim
1. A method of providing restricted access to data contained in a business intelligence system using a database and having an application with user input, the method comprising:
- defining one or more security roles;
defining one or more security filters associated with one or more query subjects of a relational database of business intelligence information that are to be secured by restricting access to the one or more query subjects, each of the security filters providing a mapping between at least one of the one or more security roles and a filter expression, expressed in a structured query language, that grants access to a subset of rows in the one or more query subjects;
selecting one or more user security roles from the one or more security roles and thereby selecting one or more user security filters from the one or more related security filters;
accepting user input defining an original data access language statement, expressed in the structured query language, to determine information required to be selected from the one or more query subjects of the database;
combining, by a computer, the one or more filter expressions of the one or more security filters with the original data access statement to produce a modified data access statement expressed in the structured query language, the modified data access statement limiting the requested information to the rows with access granted by the filter expressions mapped to the user security roles through the security filters;
accessing, by the computer, the data stored within the database by interpreting the modified data access statement; and
presenting business intelligence data accessed by the modified data access statement.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention discloses a method for using a relational database management system to support on-line analytical processing (OLAP) systems by providing a security access mechanism. The method of restricting access to data contained in a business intelligence system, comprises the steps of defining one or more security roles, associating the security roles with business intelligence data, selecting one or more security roles from the one or more security roles, combining the one or more security filters with a data access language statement, and interpreting the data access statement.
21 Citations
8 Claims
-
1. A method of providing restricted access to data contained in a business intelligence system using a database and having an application with user input, the method comprising:
-
defining one or more security roles; defining one or more security filters associated with one or more query subjects of a relational database of business intelligence information that are to be secured by restricting access to the one or more query subjects, each of the security filters providing a mapping between at least one of the one or more security roles and a filter expression, expressed in a structured query language, that grants access to a subset of rows in the one or more query subjects; selecting one or more user security roles from the one or more security roles and thereby selecting one or more user security filters from the one or more related security filters; accepting user input defining an original data access language statement, expressed in the structured query language, to determine information required to be selected from the one or more query subjects of the database; combining, by a computer, the one or more filter expressions of the one or more security filters with the original data access statement to produce a modified data access statement expressed in the structured query language, the modified data access statement limiting the requested information to the rows with access granted by the filter expressions mapped to the user security roles through the security filters; accessing, by the computer, the data stored within the database by interpreting the modified data access statement; and presenting business intelligence data accessed by the modified data access statement. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable medium comprising instructions for causing a computer to:
-
define one or more security roles;
define one or more security filters associated with one or more query subjects of a relational database of business intelligence information that are to be secured by restricting access to the one or more query subjects, each of the one or more security filters providing a mapping between at least one of the one or more security roles and a filter expression, expressed in a structured query language, that grants access to a subset of rows in the one or more query subjects;select one or more user security roles from the one or more security roles and thereby selecting one or more user security filters from the one or more related security filters; accept user input defining an original data access language statement, expressed in the structured query language, to determine information required to be selected from the one or more query subjects of the database; combine the one or more filter expressions of the one or more security filters with the original data access statement to produce a modified data access statement expressed in the structured query language, the modified data access statement limiting the requested information to the rows with access granted by the filter expressions mapped to the user security roles through the security filters; access the data stored within the database by interpreting the modified data access statement; and present business intelligence data accessed by the modified data access statement.
-
Specification