Empirical database access adjustment
First Claim
Patent Images
1. An apparatus for empirically adjusting a user'"'"'s authorized access to a database, the apparatus comprising:
- a non-transitory computer-readable storage medium storing executable computer program modules comprising;
a database discovery module configured to determine a structure of the database and the user'"'"'s authorized access to the database, the user'"'"'s authorized access including a set of authorized database tables and authorized columns;
a command monitoring module configured to monitor the user'"'"'s actual accesses to the database until a preselected quantity of actual accesses have been observed, the user'"'"'s actual accesses including a set of accessed database tables and accessed columns; and
an analysis module configured to compare the user'"'"'s actual accesses with the user'"'"'s authorized access and configured to adjust the user'"'"'s authorized access taking into account results of the comparing by changing settings within a database access control module to deny the user future database access to an authorized database table or an authorized column that is not in the set of accessed database tables and accessed columns; and
a processor for executing the computer program modules.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer implemented methods, apparati, and computer-readable media for empirically adjusting access to a database (1). An apparatus embodiment comprises: coupled to the database (1), a database discovery module (11) for determining authorized accesses to the database (1); coupled to the database (1), a command monitoring module (12) for monitoring actual accesses to the database (1); and coupled to the database discovery module (11) and to the command monitoring module (12), an analysis module (13) for comparing actual accesses with authorized accesses.
-
Citations
20 Claims
-
1. An apparatus for empirically adjusting a user'"'"'s authorized access to a database, the apparatus comprising:
-
a non-transitory computer-readable storage medium storing executable computer program modules comprising; a database discovery module configured to determine a structure of the database and the user'"'"'s authorized access to the database, the user'"'"'s authorized access including a set of authorized database tables and authorized columns; a command monitoring module configured to monitor the user'"'"'s actual accesses to the database until a preselected quantity of actual accesses have been observed, the user'"'"'s actual accesses including a set of accessed database tables and accessed columns; and an analysis module configured to compare the user'"'"'s actual accesses with the user'"'"'s authorized access and configured to adjust the user'"'"'s authorized access taking into account results of the comparing by changing settings within a database access control module to deny the user future database access to an authorized database table or an authorized column that is not in the set of accessed database tables and accessed columns; and a processor for executing the computer program modules. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for empirically adjusting a user'"'"'s authorized access to a database, the method comprising the steps of:
-
discovering the user'"'"'s authorized access to the database, the user'"'"'s authorized access including a set of authorized database tables and authorized columns; observing the user'"'"'s actual accesses to the database until a preselected quantity of actual accesses have been observed, the user'"'"'s actual accesses including a set of accessed database tables and accessed columns; comparing the user'"'"'s actual accesses with the user'"'"'s authorized access; and adjusting the user'"'"'s authorized database access taking into account results of the comparing step by changing settings within a database access control module of a computer-implemented database server to deny the user future database access to an authorized database table or an authorized column that is not in the set of accessed database tables and accessed columns. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium containing executable computer program instructions configured to empirically adjust a user'"'"'s authorized access to a database, the computer program instructions performing the steps of:
-
discovering the user'"'"'s authorized access to the database, the user'"'"'s authorized access including a set of authorized database tables and authorized columns; observing the user'"'"'s actual accesses to the database until a preselected quantity of actual accesses have been observed, the user'"'"'s actual accesses including a set of accessed database tables and accessed columns; comparing the user'"'"'s actual accesses with the user'"'"'s authorized access; and adjusting the user'"'"'s authorized database access taking into account results of the comparing step by changing settings within a database access control module of a computer-implemented database server to deny the user future database access to an authorized database table or an authorized column that is not in the set of accessed database tables and accessed columns. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification