Method for providing security mechanisms for data warehousing and analysis

US 7,555,786 B2
Filed: 04/29/2004
Issued: 06/30/2009
Est. Priority Date: 04/29/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing restricted access to data contained in a business intelligence system using a database and having an application with user input, the method comprising:

defining one or more security roles;

defining one or more security filters associated with one or more query subjects of a relational database of business intelligence information that are to be secured by restricting access to the one or more query subjects, each of the security filters providing a mapping between at least one of the one or more security roles and a filter expression, expressed in a structured query language, that grants access to a subset of rows in the one or more query subjects;

selecting one or more user security roles from the one or more security roles and thereby selecting one or more user security filters from the one or more related security filters;

accepting user input defining an original data access language statement, expressed in the structured query language, to determine information required to be selected from the one or more query subjects of the database;

combining, by a computer, the one or more filter expressions of the one or more security filters with the original data access statement to produce a modified data access statement expressed in the structured query language, the modified data access statement limiting the requested information to the rows with access granted by the filter expressions mapped to the user security roles through the security filters;

accessing, by the computer, the data stored within the database by interpreting the modified data access statement; and

presenting business intelligence data accessed by the modified data access statement.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a method for using a relational database management system to support on-line analytical processing (OLAP) systems by providing a security access mechanism. The method of restricting access to data contained in a business intelligence system, comprises the steps of defining one or more security roles, associating the security roles with business intelligence data, selecting one or more security roles from the one or more security roles, combining the one or more security filters with a data access language statement, and interpreting the data access statement.

21 Citations

8 Claims

1. A method of providing restricted access to data contained in a business intelligence system using a database and having an application with user input, the method comprising:
- defining one or more security roles;
  
  defining one or more security filters associated with one or more query subjects of a relational database of business intelligence information that are to be secured by restricting access to the one or more query subjects, each of the security filters providing a mapping between at least one of the one or more security roles and a filter expression, expressed in a structured query language, that grants access to a subset of rows in the one or more query subjects;
  
  selecting one or more user security roles from the one or more security roles and thereby selecting one or more user security filters from the one or more related security filters;
  
  accepting user input defining an original data access language statement, expressed in the structured query language, to determine information required to be selected from the one or more query subjects of the database;
  
  combining, by a computer, the one or more filter expressions of the one or more security filters with the original data access statement to produce a modified data access statement expressed in the structured query language, the modified data access statement limiting the requested information to the rows with access granted by the filter expressions mapped to the user security roles through the security filters;
  
  accessing, by the computer, the data stored within the database by interpreting the modified data access statement; and
  
  presenting business intelligence data accessed by the modified data access statement.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising storing the one or more security filters in a separate system.
  - 3. The method of claim 1, further comprising combining information from a separate database with information from the business intelligence database to define the one or more security roles.
  - 4. The method of claim 1, further comprising storing the business intelligence information in a plurality of relational databases.
  - 5. The method of claim 1, wherein combining the one or more filter expressions of the one or more security filters with the original data access statement comprises:
    - combining the one or more filter expressions using OR functions; and
      
      combining the combined one or more filter expressions with the original data access statement using an AND function to provide a union of access rights of each of the one or more filter expressions associated with the one or more security roles.
  - 6. The method of claim 1, further comprising constructing the one or more security filters to include a reference to a second security filter.
  - 7. The method of claim 6, wherein the second security filter is reused.

8. A computer-readable medium comprising instructions for causing a computer to:
- define one or more security roles;
  
  define one or more security filters associated with one or more query subjects of a relational database of business intelligence information that are to be secured by restricting access to the one or more query subjects, each of the one or more security filters providing a mapping between at least one of the one or more security roles and a filter expression, expressed in a structured query language, that grants access to a subset of rows in the one or more query subjects;
  
  select one or more user security roles from the one or more security roles and thereby selecting one or more user security filters from the one or more related security filters;
  
  accept user input defining an original data access language statement, expressed in the structured query language, to determine information required to be selected from the one or more query subjects of the database;
  
  combine the one or more filter expressions of the one or more security filters with the original data access statement to produce a modified data access statement expressed in the structured query language, the modified data access statement limiting the requested information to the rows with access granted by the filter expressions mapped to the user security roles through the security filters;
  
  access the data stored within the database by interpreting the modified data access statement; and
  
  present business intelligence data accessed by the modified data access statement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Potter, Charles M., Seeds, Glen M.
Primary Examiner(s)
Hoffman; Brandon S

Application Number

US10/835,526
Publication Number

US 20050022029A1
Time in Patent Office

1,888 Days
Field of Search

None
US Class Current

726/30
CPC Class Codes

G06F 16/284   Relational databases

G06F 21/6227   where protection concerns t...

G06F 2221/2113   Multi-level security, e.g. ...

Y10S 707/99939   Privileged access

Method for providing security mechanisms for data warehousing and analysis

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing security mechanisms for data warehousing and analysis

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links