Relational lockdown for an item store
First Claim
1. A system for relational lockdown of an item store, the system comprising:
- a processing unit;
a relational object item store comprising data items persisted as relational objects;
a relational engine;
a filing system configured to;
manipulate, utilizing said relational engine, data items written in application specific format in the item store; and
manage, store and retrieve the data items in accordance with a respective type of each data item; and
a memory system storing;
a first program module comprising instructions that are executable by the processing unit for initiating a lockdown of said item store by disabling all access to said item store by all users associated with said filing system, each user having an assigned set of privileges indicative of operations that the user is allowed to perform on the item store; and
a second program module comprising instructions that are executable by the processing unit for;
determining a sequence of caller and callee modules invoking executable code;
determining, by combining privileges associated with the sequence of caller and callee modules, a privilege level associated with the executable code, the privilege level indicative of operations that the executable code can perform on the item store;
determining a set of privileges assigned to a user associated with the executable code;
determining a combined set of privileges, based on the privilege level associated with the executable code and the set of privileges assigned to a user associated with the executable code; and
after the first program module has disabled all access to said item store, allowing limited access to said item store, based on said combined set of privileges.
2 Assignments
0 Petitions
Accused Products
Abstract
Various mechanisms are provided for the lockdown of an item store. For example, a method is provided that comprises of disabling access to a relational engine for a set of users associated with a filing system utilizing the relational engine to manipulate data in an item store. Following such disabling of access, an exception is created by allowing access to the relational engine for users of the filing system based on a set of privileges the users have been assigned. The disabling of access can be accomplished by removing system users from ownership roles, and the allowing of access can be accomplished by providing certificates to users that have associated set of privileges granted to the users.
33 Citations
29 Claims
-
1. A system for relational lockdown of an item store, the system comprising:
-
a processing unit; a relational object item store comprising data items persisted as relational objects; a relational engine; a filing system configured to; manipulate, utilizing said relational engine, data items written in application specific format in the item store; and manage, store and retrieve the data items in accordance with a respective type of each data item; and a memory system storing; a first program module comprising instructions that are executable by the processing unit for initiating a lockdown of said item store by disabling all access to said item store by all users associated with said filing system, each user having an assigned set of privileges indicative of operations that the user is allowed to perform on the item store; and a second program module comprising instructions that are executable by the processing unit for; determining a sequence of caller and callee modules invoking executable code; determining, by combining privileges associated with the sequence of caller and callee modules, a privilege level associated with the executable code, the privilege level indicative of operations that the executable code can perform on the item store; determining a set of privileges assigned to a user associated with the executable code; determining a combined set of privileges, based on the privilege level associated with the executable code and the set of privileges assigned to a user associated with the executable code; and after the first program module has disabled all access to said item store, allowing limited access to said item store, based on said combined set of privileges. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for relational lockdown of an item store comprising data items persisted as relational objects and a relational engine, the method comprising:
-
initiating a lockdown of a relational object item store by disabling all access to said item store by all identities associated with a filing system utilizing said relational engine to manipulate data items written in application specific format in the item store and managing, storing and retrieving the data items in accordance with a respective type of each data item, each identity having an assigned set of privileges to access the item store; determining a sequence of caller and callee modules invoking executable code; determining, by combining privileges associated with the sequence of caller and callee modules, a privilege level associated with the executable code; and after said disabling all access, allowing limited access to said item store by one or more identities associated with the executable code, based on the set of privileges assigned to the one or more identities and the privilege level associated with the executable code. - View Dependent Claims (10, 11, 12, 13, 14, 21, 22, 23, 24, 25, 26)
-
-
15. A computer readable storage medium not consisting of communication media, the computer readable storage medium comprising computer executable instructions executable by a computer to perform acts for relational lockdown of an item store, the acts comprising:
-
initiating a lockdown of a relational object item store by disabling all access to a relational engine by all identities associated with a filing system utilizing said relational engine to manipulate data items written in application specific format in the item store and managing, storing and retrieving the data items in accordance with a respective type of each data item, each identity having an assigned set of privileges to access the item store; determining a sequence of caller and callee modules invoking executable code; determining, by combining privileges associated with the sequence of caller and callee modules, a privilege level associated with the executable code; and allowing limited access to said relational engine by one or more identities, after said disabling all access, based on the set of privileges assigned to the one or more identities and the combined privileges associated with the sequence of caller and callee modules invoking the executable code. - View Dependent Claims (16, 17, 18, 19, 20, 27, 28, 29)
-
Specification