Masking object data based on user authorization
First Claim
Patent Images
1. A method, comprising:
- processing an object in response to a user control of an application, wherein the object is maintained in a format that is not self-describing;
accessing, by using a computer, layout information for a requested object, wherein the layout information delineates fields in the object;
determining from access control information whether a user is authorized to access the fields indicated in the layout information;
in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field;
generating the fields from the object into a formatted object formatted according to the layout information;
generating data from the object in fields that the user is determined to have authority to access into the formatted object; and
including the at least one code generated for the at least one field the user is not authorized access into the at least one field in the formatted object indicated in the layout information, wherein the data from the object for the at least one field for which the code is generated is not included in the formatted object, and wherein the at least one code included in the formatted object is enabled to be used by an authorized user subsequent to including the at least one code in the field in the formatted object to access from the object the data for the at least one field the user is not authorized to access.
5 Assignments
0 Petitions
Accused Products
Abstract
Provided are a method, system, and program for processing a request for an object from a user. Layout information for the requested object is accessed, wherein the layout information delineates fields in the object. A determination is made from access control information as to whether the user is authorized to access the fields indicated in the layout information. The data from the object in one field which the user is not authorized to access is masked. The fields from the object are generated into a formatted object formatted according to the layout information, wherein the masked data is presented unintelligible to the user.
-
Citations
17 Claims
-
1. A method, comprising:
-
processing an object in response to a user control of an application, wherein the object is maintained in a format that is not self-describing; accessing, by using a computer, layout information for a requested object, wherein the layout information delineates fields in the object; determining from access control information whether a user is authorized to access the fields indicated in the layout information; in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field; generating the fields from the object into a formatted object formatted according to the layout information; generating data from the object in fields that the user is determined to have authority to access into the formatted object; and including the at least one code generated for the at least one field the user is not authorized access into the at least one field in the formatted object indicated in the layout information, wherein the data from the object for the at least one field for which the code is generated is not included in the formatted object, and wherein the at least one code included in the formatted object is enabled to be used by an authorized user subsequent to including the at least one code in the field in the formatted object to access from the object the data for the at least one field the user is not authorized to access. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
initiating a dump operation for an object in memory being accessed by a user invoked application in response to a failure effecting an application operation, wherein the object is maintained in a format that is not self-describing; accessing, by using a computer, layout information for the object subject to the dump operation, wherein the layout information delineates fields in the object; determining from access control information whether the user is authorized to access the fields indicated in the layout information; in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field; masking data from the object in the at least one field which the user is not authorized to access by adding the generated at least one code to the at least one field, wherein the at least one code is used to access from the object the data for the at least one field the user is not authorized to access; generating the fields from the object into a formatted object formatted according to the layout information including any masked data for the at least one field of the object the user is not authorized to access, wherein the masked data is presented unintelligible to the user; generating data from the object in fields that the user is determined to have authority to access into the formatted object; and outputting the formatted object to a dump location. - View Dependent Claims (7)
-
-
8. A system, comprising:
-
a processor; a computer readable storage medium including code executed to perform operations, the operations comprising; an application; an access control module that is executed to perform operations, the operations comprising; processing an object in response to a user control of the application, wherein the object is maintained in a format that is not self-describing; accessing layout information for a requested object, wherein the layout information delineates fields in the object; determining from access control information whether a user is authorized to access the fields indicated in the layout information; in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field; generating the fields from the object into a formatted object formatted according to the layout information; generating data from the object in fields that the user is determined to have authority to access into the formatted object; and including the at least one code generated for the at least one field the user is not authorized access into the at least one field in the formatted object indicated in the layout information, wherein the data from the object for the at least one field for which the at least one code is generated is not included in the formatted object, and wherein the at least one code included in the formatted object is enabled to be used by an authorized user subsequent to including the at least one code in the field in the formatted object to access from the object the data for the at least one field the user is not authorized to access. - View Dependent Claims (9, 10, 11, 12)
-
-
13. An article of manufacture comprising a computer readable storage medium including code executed by a processor to communicate with an application and cause operations to be performed, the operations comprising:
-
processing an object in response to a user control of the application, wherein the object is maintained in a format that is not self-describing; accessing layout information for a requested object, wherein the layout information delineates fields in the object; determining from access control information whether a user is authorized to access the fields indicated in the layout information; in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field; generating the fields from the object into a formatted object formatted according to the layout information; generating data from the object in fields that the user is determined to have authority to access into the formatted object; and including the at least one code generated for the at least one field the user is not authorized access into the at least one field in the formatted object indicated in the layout information, wherein the data from the object for the at least one field for which the at least one code is generated is not included in the formatted object, and wherein the at least one code included in the formatted object is enabled to be used by an authorized user subsequent to including the at least one code in the field in the formatted object to access from the object the data for the at least one field the user is not authorized to access. - View Dependent Claims (14, 15, 16, 17)
-
Specification