×

Access control for elements in a database object

  • US 7,865,521 B2
  • Filed: 12/12/2005
  • Issued: 01/04/2011
  • Est. Priority Date: 12/12/2005
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of controlling access to elements in a database object, the method comprising:

  • receiving a request from a user to access the database object, wherein the request includes a query to retrieve information from the database object;

    determining whether an access restriction is imposed on the database object, the access restriction specifying a first user group to which the access restriction is applicable, defining a first dynamic condition the first user group must satisfy in order to access the database object, and identifying a first element set in the database object accessible to the first user group when the first dynamic condition is satisfied, wherein the first element set includes at least one, and less than all, table columns of the database object to restrict access to one or more table columns, wherein the first dynamic condition indicates access information including one or more of a session context and session purpose for the user to access the database object, and wherein two or more of said session contexts and purposes for the user to access the database object enable access to be restricted to at least one different table column of said database object; and

    controlling access to the elements in the database object by the user based on the access restriction, wherein controlling access to the elements in the database objects comprises;

    confirming whether the user is in the first user group when the access restriction is imposed on the database object;

    verifying whether the user satisfies the first dynamic condition when the user is in the first user group by ascertaining session information for the user from one or more session variables associated with the user, wherein the session information includes one or more of the session context and session purpose for access of the database object, and comparing the session information for the user against the access information indicated by the first dynamic condition to determine satisfaction of that condition; and

    allowing the user to access the first element set when the user satisfies the first dynamic condition, wherein allowing the user to access the first element set comprises;

    dynamically generating a dynamic pseudo-view of the database object comprising only the first element set in response to said verification of the user satisfying the first dynamic condition; and

    responding to the request from the user by applying the received query to the dynamic pseudo-view of the database object to retrieve the information.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×