Managing electronic information
First Claim
1. A method implemented by a computer, the method comprising:
- analyzing a plurality of database access statements stored in a computer memory that were issued for an application during the application'"'"'s use to determine previous accessed items and types of access for the application; and
developing a role for the application based on the previous accessed items and types of access for the application, wherein when the application is in use by a user, the developed role for the application allows the user database access.
4 Assignments
0 Petitions
Accused Products
Abstract
Electronic information management includes techniques for developing and applying database security. In certain implementations, database access statements issued for applications in use are analyzed. Analyzing issued database access statements may include capturing the database access statements, normalizing the database access statements, and eliminating redundancies from the database access statements. A standardized set of issued database access statements may result from the analysis procedure. From the analyzed database access statements, the items accessed and types of access may be determined for an application, and a set of permissions may be determined from the determined items accessed and types of access for the application. A role associated with the application may be developed based on the permissions for the application. The role may be used to allow a user database access when associated with the application.
27 Citations
23 Claims
-
1. A method implemented by a computer, the method comprising:
-
analyzing a plurality of database access statements stored in a computer memory that were issued for an application during the application'"'"'s use to determine previous accessed items and types of access for the application; and developing a role for the application based on the previous accessed items and types of access for the application, wherein when the application is in use by a user, the developed role for the application allows the user database access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article of manufacture comprising:
-
a machine-readable storage medium storing instructions configured to cause one or more machines to perform operations comprising; analyzing a plurality of database access statements that were issued for an application during the application'"'"'s use to determine previous accessed items and types of access for the application; and developing a role for the application based on the previous accessed items and types of access for the application, wherein when the application is in use by a user, the developed role for the application allows the user database access. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A database security analyzer comprising:
-
a communication interface configured to receive a plurality of database access statements that were issued for an application during the application'"'"'s use; a memory configured to store the issued database access statements; and a processor configured to develop a role for the application based on the previously issued database access statements for the application, wherein when the application is in use by a user, the developed role for the application allows a user database access. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A method implemented by a computer comprising:
-
capturing a plurality of database access statements that were issued for one or more applications during the application'"'"'s use, wherein the database access statements comprise Structured Query Language (SQL) queries; normalizing the captured database access statements; eliminating redundancies in the normalized database access statements; analyzing the normalized database access statements stored in a computer memory to determine previous accessed items and types of access for an application, wherein the previous accessed items and types of access include objects accessed and operations performed on the objects; determining permissions for the application based on the previous accessed items and types of access for the application; developing a role for the application based on the determined permissions; determining which of a set of users are authorized to use the application; detecting a user request to establish a session of the application; determining if the user is authorized to use the application; if the user is authorized to use the application, finding the role for the application; assigning the role to the user; detecting an end of the application session; and if an end of the application session is detected, disabling the assigned role for the user.
-
Specification