System and method for efficiently securing enterprise data resources
First Claim
Patent Images
1. For a data management system that secures access to a plurality of data objects contained in a data hierarchy of an enterprise, a method of securing access to data attributes of the data objects, said method comprising:
- receiving an identification of one or more data attributes of a first data object to which access is being secured in the data hierarchy, each data attribute corresponding to a set of data values of the first data object;
receiving an identification of one or more data attributes of a second data object to which access is being secured in the data hierarchy, each data attribute corresponding to a set of data values of the second data object, wherein the identified data attributes of the first and second objects comprise a set of data attributes with different access permissions;
defining a virtual security object from the identified data attributes of the first and second data objects, the virtual security object representing a logical object that allows corresponding identified data attributes from the first and second data objects to be uniformly secured as a group;
receiving a set of control permissions for the virtual security object; and
applying the set of control permissions that is received for the virtual security object uniformly across the set of data attributes by overriding the different access permissions of the set of data attributes, wherein the set of control permission is used to control access to the data values of the identified data attributes in response to user queries.
9 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a system and method that secures access to data objects of an enterprise that includes multiple data objects and multiple user applications that access data attributes of the data objects. In some embodiments, secure access is provided via a secure resource that secures access to data attributes of at least two objects by defining access control permissions for the secure resource and applying the defined access control permissions to the data attributes of the secure resource.
-
Citations
26 Claims
-
1. For a data management system that secures access to a plurality of data objects contained in a data hierarchy of an enterprise, a method of securing access to data attributes of the data objects, said method comprising:
-
receiving an identification of one or more data attributes of a first data object to which access is being secured in the data hierarchy, each data attribute corresponding to a set of data values of the first data object; receiving an identification of one or more data attributes of a second data object to which access is being secured in the data hierarchy, each data attribute corresponding to a set of data values of the second data object, wherein the identified data attributes of the first and second objects comprise a set of data attributes with different access permissions; defining a virtual security object from the identified data attributes of the first and second data objects, the virtual security object representing a logical object that allows corresponding identified data attributes from the first and second data objects to be uniformly secured as a group; receiving a set of control permissions for the virtual security object; and applying the set of control permissions that is received for the virtual security object uniformly across the set of data attributes by overriding the different access permissions of the set of data attributes, wherein the set of control permission is used to control access to the data values of the identified data attributes in response to user queries. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. For a data management system that secures access to a plurality of data objects stored within a data hierarchy of an enterprise, a non-transitory computer readable medium storing a computer program that provides a graphical user interface (GUI) for securing access to data attributes of the data objects, said GUI comprising:
-
a first user interface tool for (i) receiving an identification of one or more data attributes of a first data object to which access is being secured in the data hierarchy and (ii) receiving an identification of one or more data attributes of a second data object to which access is being secured in the data hierarchy in order to define a virtual security object that represents a logical object that allows the identified data attributes from the first and second data objects to be uniformly secured as a group, wherein the identified data attributes of the first and second objects comprise a set of data attributes with different access permissions; and a second user interface tool for applying a set of control permissions to the virtual security object, wherein the set of control permissions are uniformly applied across each of the identified data attributes by overriding the different access permissions of the set of data attributes, wherein the set of control permissions are used to restrict access to the identified data attributes in response to user queries. - View Dependent Claims (12)
-
-
13. A non-transitory computer readable storage medium storing a computer program that secures access to one or more databases of an enterprise, each database comprising a plurality of tables, each table having one or more data attributes, the computer program comprising sets of instructions for:
-
receiving an identification of one or more data attributes of a first table to which access is being secured in a data hierarchy, each data attribute corresponding to a set of data values of the first table; receiving an identification of one or more data attributes of a second table to which access is being secured in the data hierarchy, each data attribute corresponding to a set of data values of the second table, wherein the identified data attributes of the first and second tables comprise a set of data attributes with different access permissions; defining a virtual security object from the identified data attributes of the first and second tables, the virtual security object representing a logical data structure that allows corresponding identified data attributes from the first and second tables to be uniformly secured as a group; receiving a set of control permissions for the virtual security object; and applying the set of control permissions that is received for the virtual security object uniformly across the set of data attributes by overriding the different access permissions of the set of data attributes, wherein the set of control permissions is used to control access to data values of the identified data attributes in response to user queries. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. For a data management system, a method of securing access to one or more databases of an enterprise, each database comprising a set of one or more tables, said method comprising:
-
receiving an identification of one or more data attributes of a first table to which access is being secured in a data hierarchy, each data attribute corresponding to a set of data values of the first table; receiving an identification of one or more data attributes of a second table to which access is being secured in the data hierarchy, each data attribute corresponding to a set of data values of the second table, wherein the identified data attributes of the first and second tables comprise a set of data attributes with different access permissions; defining a virtual security object from the identified data attributes of the first and second tables, the virtual security object representing a logical data structure allowing the corresponding identified data attributes from the first and second tables to be uniformly secured as a group; receiving a set of control permissions for the virtual security object; and applying the set of control permissions uniformly across the data attributes identified for the virtual security object by overriding the different access permissions of the set of data attributes, wherein the set of control permissions is used to control access to data values of the identified data attributes of the first and second tables in response to user queries. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification