Efficient data structures for multi-dimensional security

US 8,196,184 B2
Filed: 02/16/2007
Issued: 06/05/2012
Est. Priority Date: 02/16/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing multi-dimensional security, the method comprising:

generating, using a processor, models having dimensions;

wherein each dimension includes one of;

a static dimension permission that locks the permissions of the dimension from customization and a dynamic dimension permission that allows permissions to be customized;

associating a group role with one or more of the models, wherein the group role includes a group permission for accessing data associated with the model and the dimensions;

wherein the group role is associated with the one or more models through a selection interface that specifies what models and what dimensions to be associated with the group role;

wherein a default permission for the group role is set by a graphical interface that includes options for setting the default permission to;

a low permission that specifies read and write access;

a medium permission that specifies read access and no write access, and a high permission that specifies no read/write access;

associating a user with the model and the dimensions, wherein the user includes a user permission for accessing data associated with the model and the dimensions;

storing the user permission and the group permission within a relational data store;

generating a collective user permissions table from the user permission and the group permission within the relational data store, wherein the collective user permissions table identifies collective user permissions based on the group permissions for accessing data associated with the model and user permissions for accessing data associated with the model; and

pushing the collective user permissions that is stored in the relational data store to a multi-dimensional store to provide multi-dimensional security for a multi-dimensional representation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Efficient data structures are generated to enforce permissions on a multi-dimensional representation in a performance management application. A model site is generated having at least one model with at least one dimension. User permissions and group permissions are set for the model. The user permission and the group permissions are deployed to a relational database. A collective user permission table is generated based on the user permissions and the group permissions. Thus, an end user may receive permissions associated with a model and permissions associated with particular dimensions of a model without an inefficient consumption of resources.

Citations

20 Claims

1. A computer-implemented method for providing multi-dimensional security, the method comprising:
- generating, using a processor, models having dimensions;
  
  wherein each dimension includes one of;
  
  a static dimension permission that locks the permissions of the dimension from customization and a dynamic dimension permission that allows permissions to be customized;
  
  associating a group role with one or more of the models, wherein the group role includes a group permission for accessing data associated with the model and the dimensions;
  
  wherein the group role is associated with the one or more models through a selection interface that specifies what models and what dimensions to be associated with the group role;
  
  wherein a default permission for the group role is set by a graphical interface that includes options for setting the default permission to;
  
  a low permission that specifies read and write access;
  
  a medium permission that specifies read access and no write access, and a high permission that specifies no read/write access;
  
  associating a user with the model and the dimensions, wherein the user includes a user permission for accessing data associated with the model and the dimensions;
  
  storing the user permission and the group permission within a relational data store;
  
  generating a collective user permissions table from the user permission and the group permission within the relational data store, wherein the collective user permissions table identifies collective user permissions based on the group permissions for accessing data associated with the model and user permissions for accessing data associated with the model; and
  
  pushing the collective user permissions that is stored in the relational data store to a multi-dimensional store to provide multi-dimensional security for a multi-dimensional representation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein the model is associated with a model site, and wherein the model is actuated on the model site.
  - 3. The computer-implemented method of claim 1, wherein the model includes default permissions.
  - 4. The computer-implemented method of claim 1, wherein the model includes a permission customization selector, wherein the permission customization selector provides customization to a user permission associated with the group permission.
  - 5. The computer-implemented method of claim 4, wherein the permission customization selector is associated with the dimension of the model for customizing a user permission associated with the dimension.
  - 6. The computer-implemented method of claim 1, wherein the user is a member of the group role, and wherein the user permission is different than the group permission.
  - 7. The computer-implemented method of claim 1, wherein the user permission and the group permission include at least one member of a group comprising:
    - no permission, total access permission, read permission, write permission, and read-write permission.
  - 8. The computer-implemented method of claim 1, wherein the group permission is set by a slider interface that includes a slider setting for the low permission, the medium permission, and the high permission.
  - 9. The computer-implemented method of claim 1, wherein generating a collective user permissions table further comprises:
    - determining a number of dimensions associated with the model;
      
      determining user permissions for each of the dimensions;
      
      determining group permissions for each of the dimensions;
      
      generating a security table for each of the dimensions;
      
      determining the user membership in the group role; and
      
      generating the collective user permissions table, wherein the generation of the collective user permissions table is based on the security table for each of the dimensions and the user membership in the group role.

10. A computer-readable storage medium that excludes signals and waves having computer-executable instructions encoded thereon for providing multi-dimensional security, the instructions comprising:
- generating a model site having a plurality of models;
  
  actuating models associated with the site, wherein the models includes a dimension that indicates a data category;
  
  wherein the dimension includes one of;
  
  a static dimension permission that locks the permissions of the dimension from customization and a dynamic dimension permission that allows permissions to be customized;
  
  associating a group role with one of the models, wherein the group role includes a group permission for accessing the model;
  
  wherein a default permission for the group role is set by a graphical interface that includes options for setting the default permission to;
  
  a low permission that specifies read and write access;
  
  a medium permission that specifies read access and no write access, and a high permission that specifies no read/write access;
  
  associating a user with the model, wherein the user is a member of the group role, wherein the user includes a user permission for accessing the model;
  
  generating the collective user permissions table, wherein the generation of the collective user permissions table is based on the security table for each of the dimensions and the user membership in the group role;
  
  associating the collective user permissions with a multi-dimensional store to provide security for a multi-dimensional representation when a user queries the multi-dimensional representation.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer-readable storage medium of claim 10, wherein the model includes a plurality of dimensions.
  - 12. The computer-readable storage medium of claim 10, wherein the model includes a permission customization selector, wherein the permission customization selector provides customization to a user permission associated with the group permission.
  - 13. The computer-readable storage medium of claim 12, wherein the permission customization selector is associated with the dimension of the model for customizing a user permission associated with the dimension.
  - 14. The computer-readable storage medium of claim 10, wherein the user permission is different than the group permission.
  - 15. The computer-readable storage medium of claim 10, wherein the user permission and the group permission include at least one member of a group comprising:
    - no permission, total access permission, read permission, write permission, and read-write permission.
  - 16. The computer-readable storage medium of claim 10, wherein the group permission is set by a slider interface.

17. A system for providing multi-dimensional security, the instructions comprising:
- a processor; and
  
  a memory having computer executable instructions stored thereon, wherein the computer executable instructions are configured to;
  
  actuate a model, wherein the model includes a plurality of dimensions that indicate a data category;
  
  wherein each dimension includes one of;
  
  a static dimension permission that locks the permissions of the dimension from customization and a dynamic dimension permission that allows permissions to be customized;
  
  associate a group role with the model, wherein the group role includes a group permission for accessing the model;
  
  wherein a default permission for the group role is set by a graphical interface that includes options for setting the default permission to;
  
  a low permission that specifies read and write access;
  
  a medium permission that specifies read access and no write access, and a high permission that specifies no read/write access;
  
  associate a user with the model, wherein the user is a member of the group role, wherein the user includes a user permission for accessing the model, wherein the user permission includes less access than the group permission;
  
  determine a number of dimensions associated with the model;
  
  determine user permissions for each of the dimensions;
  
  determine group permissions for each of the dimensions;
  
  generate a security table for each of the dimensions;
  
  determine the user membership in the group role; and
  
  generate the collective user permissions table, wherein the generation of the collective user permissions table uses the security table for each of the dimensions and the user membership in the group role; and
  
  associate the collective user permissions table with a multi-dimensional store to provide security for a multi-dimensional representation when a user queries the multi-dimensional representation.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the model includes a permission customization selector, wherein the permission customization selector provides customization to a user permission associated with the group permission.
  - 19. The system of claim 17, wherein the user permission and the group permission include at least one member of a group comprising:
    - no permission, total access permission, read permission, write permission, and read-write permission.
  - 20. The system of claim 17, wherein the group permission is set by a slider interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Amirov, Anton, Dong, George Randell, Jacob, Sanjay, Yang, Mark Xiahong, Shetty, Rohan Ratnaker
Primary Examiner(s)
Srivastava, Vivek
Assistant Examiner(s)
TRUONG, THONG P

Application Number

US11/707,663
Publication Number

US 20080201766A1
Time in Patent Office

1,936 Days
Field of Search

726/4, 707/600, 707/999.009, 707/957, 707/958
US Class Current

726/4
CPC Class Codes

G06F 16/283   Multi-dimensional databases...

G06F 21/6227   where protection concerns t...

H04L 63/08   for authentication of entit...

Y10S 707/957   Multidimensional

Y10S 707/958   Data cubes

Efficient data structures for multi-dimensional security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Efficient data structures for multi-dimensional security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links