System and method for efficiently securing enterprise data resources
First Claim
Patent Images
1. For a data management system that secures access to a plurality of data objects contained in a data hierarchy of an enterprise, a method of securing access to data attributes of the data objects, said method comprising:
- receiving an identification of a first set of data attributes of a first data object, said first set of data attributes corresponding to a first set of data values of the first data object;
receiving an identification of a second set of data attributes of a second data object that is hierarchically related to the first data object in the data hierarchy, said second set of data attributes corresponding to a second set of data values of the second data object;
defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group; and
applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second data objects in the data hierarchy, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries.
6 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a system and method that secures access to data objects of an enterprise that includes multiple data objects and multiple user applications that access data attributes of the data objects. In some embodiments, secure access is provided via a secure resource that secures access to data attributes of at least two objects by defining access control permissions for the secure resource and applying the defined access control permissions to the data attributes of the secure resource.
60 Citations
21 Claims
-
1. For a data management system that secures access to a plurality of data objects contained in a data hierarchy of an enterprise, a method of securing access to data attributes of the data objects, said method comprising:
-
receiving an identification of a first set of data attributes of a first data object, said first set of data attributes corresponding to a first set of data values of the first data object; receiving an identification of a second set of data attributes of a second data object that is hierarchically related to the first data object in the data hierarchy, said second set of data attributes corresponding to a second set of data values of the second data object; defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group; and applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second data objects in the data hierarchy, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. For a data management system that secures access to a plurality of data objects stored within a data hierarchy of an enterprise, a method of securing access to data attributes of the data objects, said method comprising:
-
providing a first user interface tool for (i) receiving an identification of a first set of data attributes of a first data object, (ii) receiving an identification of a second set of data attributes of a second data object that is hierarchically related to the first data object in the data hierarchy, and (iii) defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group, wherein the first set of data attributes corresponds to a first set of data values of the first data object, and the second set of data attributes corresponds to a second set of data values of the second data object; and providing a second user interface tool for applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second data objects in the data hierarchy, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries. - View Dependent Claims (11, 12)
-
-
13. A non-transitory computer readable medium storing a program that secures access to a plurality of data objects stored within a data hierarchy of an enterprise, the program having a graphical user interface (GUI) for securing access to data attributes of the data objects, said GUI comprising:
-
a first user interface tool for (i) receiving an identification of a first set of data attributes of a first data object, (ii) receiving an identification of a second set of data attributes of a second data object that is hierarchically related to the first data object in the data hierarchy, and (iii) defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group, wherein the first set of data attributes corresponds to a first set of data values of the first data object, and the second set of data attributes corresponds to a second set of data values of the second data object; and a second user interface tool for applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second data objects in the data hierarchy, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries. - View Dependent Claims (14)
-
-
15. A non-transitory machine readable medium storing a program that secures access to a plurality of tables of a database of an enterprise, the program comprising sets of instructions for:
-
receiving an identification of a first set of data attributes of a first table, said first set of data attributes corresponding to a first set of data values of the first table; receiving an identification of a second set of data attributes of a second data table that is hierarchically related to the first table in the database, said second set of data attributes corresponding to a second set of data values of the second data table; and defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group; and applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second tables in the database, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification