Synchronization of access permissions in a database network
First Claim
1. A method for synchronizing access permissions across at least two disparate database systems, the method comprising:
- queuing, into a work order queue, a plurality of work orders, each work order within the plurality of work orders comprising respective pre-defined synchronization rules and a respective sequence of a respective set of records stored in a source database system and a destination database system to be used for synchronizing access permissions between the source database system and the destination database system, wherein the source database system and the destination database system have distinct access control mechanisms associated therewith;
receiving, with a selected processing engine within a set of processing engines, a current work order from the work order queue, wherein the set of processing engines is separate from the source database system and the destination database system;
fetching, by the selected processing engine from the source database system in response to receiving the current work order and based upon the current work order, a current set of records, the current set of records being specified by the current work order and the current set of records having access permission rules assigned to the current set of records in the source database system, wherein the access permission rules are to be mapped to privileges to be assigned to records in the destination database system;
fetching, concurrently with the fetching by the selected processing engine, the current work order by a second processing engine, the second processing engine being different than the selected processing engine, wherein the selected processing engine and the second processing engine are each on a different processing node in a network and the selected processing engine and the second processing engine are selected in response to one of the processing nodes in the network having insufficient resources;
creating, with the selected processing engine in response to the fetching, a destination rule to be applied to the destination database system by mapping the access permission rules assigned to the current set of records in the source database system to the destination rule based upon at least one processing rule associated with the current set of records, the at least one processing rule defining a respective conversion mapping for access permission rules of the source database system to respective analogous access permission rules on the destination database system; and
applying, with the selected processing engine, the destination rule to at least one record in the destination database system, thereby altering an access control mechanism associated with the at least one record.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and computer program product is disclosed for synchronizing access permissions across at least two disparate database systems. A source database system is coupled to a destination database system, using an asynchronous parallel processing system with a set of processing engines whereby each of the processing engines has independent access, separate from each other processing engines, to both the source database and the destination database. A set of self-contained synchronization rules for synchronizing access permissions from the source database system to the destination database system is distributed to execute on the set of processing engines, wherein each of the self-contained synchronization rules are XML formatted data to define a conversion mapping for access permissions from the source database system to analogous access permissions on a destination database and each of the self-contained synchronization rules are able to execute on a processing engine independently.
-
Citations
17 Claims
-
1. A method for synchronizing access permissions across at least two disparate database systems, the method comprising:
-
queuing, into a work order queue, a plurality of work orders, each work order within the plurality of work orders comprising respective pre-defined synchronization rules and a respective sequence of a respective set of records stored in a source database system and a destination database system to be used for synchronizing access permissions between the source database system and the destination database system, wherein the source database system and the destination database system have distinct access control mechanisms associated therewith; receiving, with a selected processing engine within a set of processing engines, a current work order from the work order queue, wherein the set of processing engines is separate from the source database system and the destination database system; fetching, by the selected processing engine from the source database system in response to receiving the current work order and based upon the current work order, a current set of records, the current set of records being specified by the current work order and the current set of records having access permission rules assigned to the current set of records in the source database system, wherein the access permission rules are to be mapped to privileges to be assigned to records in the destination database system; fetching, concurrently with the fetching by the selected processing engine, the current work order by a second processing engine, the second processing engine being different than the selected processing engine, wherein the selected processing engine and the second processing engine are each on a different processing node in a network and the selected processing engine and the second processing engine are selected in response to one of the processing nodes in the network having insufficient resources; creating, with the selected processing engine in response to the fetching, a destination rule to be applied to the destination database system by mapping the access permission rules assigned to the current set of records in the source database system to the destination rule based upon at least one processing rule associated with the current set of records, the at least one processing rule defining a respective conversion mapping for access permission rules of the source database system to respective analogous access permission rules on the destination database system; and applying, with the selected processing engine, the destination rule to at least one record in the destination database system, thereby altering an access control mechanism associated with the at least one record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A synchronization system for synchronizing access permissions across at least two disparate database systems, the synchronization system comprising:
-
a source database system having a first set of records with an access control mechanism for each record; a destination database system communicatively coupled to the source database system, the destination database system having a second set of records with an access control mechanism for each record that differs from the control mechanism of the first set of records; an asynchronous parallel processing system with a set of processing engines, the asynchronous parallel processing system adapted to; queuing, into a work order queue, a plurality of work orders, each work order within the plurality of work orders comprising respective pre-defined synchronization rules and a respective sequence of a respective set of records stored in a source database system and a destination database system to be used for synchronizing access permissions between the source database system and the destination database system; receiving, with a selected processing engine within the set of processing engines, a current work order from the work order queue, wherein the set of processing engines is separate from the source database system and the destination database system; fetching, by the selected processing engine from the source database system in response to receiving the current work order and based upon the current work order, a current set of records, the current set of records being specified by the current work order and the current set of records having access permission rules assigned to the current set of records in the source database system, wherein the access permission rules are to be mapped to privileges to be assigned to records in the destination database system; fetching, concurrently with the fetching by the selected processing engine, the current work order by a second processing engine, the second processing engine being different than the selected processing engine, wherein the selected processing engine and the second processing engine are each on a different processing node in a network and the selected processing engine and the second processing engine are selected in response to one of the processing nodes in the network having insufficient resources; creating, with the selected processing engine in response to the fetching, a destination rule to be applied to the destination database system by mapping the access permission rules assigned to the current set of records in the source database system to the destination rule based upon at least one processing rule associated with the current set of records, the at least one processing rule defining a respective conversion mapping for access permission rules of the source database system to respective analogous access permission rules on the destination database system; and applying, with the selected processing engine, the self-contained processing rule to at least one record in the destination database system, thereby altering the access control mechanism associated with the record. - View Dependent Claims (10)
-
-
11. A computer program product for synchronizing access permissions across at least two disparate database systems, the computer program product comprising:
-
a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising; queuing, into a work order queue, a plurality of work orders, each work order within the plurality of work orders comprising respective pre-defined synchronization rules and a respective sequence of a respective set of records stored in a source database system and a destination database system to be used for synchronizing access permissions between the source database system and the destination database system, wherein the source database system and the destination database system have distinct access control mechanisms associated therewith; receiving, with a selected processing engine within a set of processing engines, a current work order from the work order queue, wherein the set of processing engines is separate from the source database system and the destination database system; fetching, by the selected processing engine from the source database system in response to receiving the current work order and based upon the current work order, a current set of records, the current set of records being specified by the current work order and the current set of records having access permission rules assigned to the current set of records in the source database system, wherein the access permission rules are to be mapped to privileges to be assigned to records in the destination database system; fetching, concurrently with the fetching by the selected processing engine, the current work order by a second processing engine, the second processing engine being different than the selected processing engine, wherein the selected processing engine and the second processing engine are each on a different processing node in a network and the selected processing engine and the second processing engine are selected in response to one of the processing nodes in the network having insufficient resources; creating, with the selected processing engine in response to the fetching, a destination rule to be applied to the destination database system by mapping the access permission rules assigned to the current set of records in the source database system to the destination rule based upon at least one processing rule associated with the current set of records, the at least one processing rule defining a respective conversion mapping for access permission rules of the source database system to respective analogous access permission rules on the destination database system; and applying, with the selected processing engine, the destination rule to at least one record in the destination database system, thereby altering an access control mechanism associated with the at least one record. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification