System and method for efficiently securing enterprise data resources

US 8,433,717 B2
Filed: 03/13/2012
Issued: 04/30/2013
Est. Priority Date: 05/22/2008
Status: Active Grant

First Claim

Patent Images

1. For a data management system that secures access to a plurality of data objects contained in a data hierarchy of an enterprise, a method of securing access to data attributes of the data objects, said method comprising:

receiving an identification of a first set of data attributes of a first data object, said first set of data attributes corresponding to a first set of data values of the first data object;

receiving an identification of a second set of data attributes of a second data object that is hierarchically related to the first data object in the data hierarchy, said second set of data attributes corresponding to a second set of data values of the second data object;

defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group; and

applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second data objects in the data hierarchy, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a system and method that secures access to data objects of an enterprise that includes multiple data objects and multiple user applications that access data attributes of the data objects. In some embodiments, secure access is provided via a secure resource that secures access to data attributes of at least two objects by defining access control permissions for the secure resource and applying the defined access control permissions to the data attributes of the secure resource.

60 Citations

View as Search Results

21 Claims

1. For a data management system that secures access to a plurality of data objects contained in a data hierarchy of an enterprise, a method of securing access to data attributes of the data objects, said method comprising:
- receiving an identification of a first set of data attributes of a first data object, said first set of data attributes corresponding to a first set of data values of the first data object;
  
  receiving an identification of a second set of data attributes of a second data object that is hierarchically related to the first data object in the data hierarchy, said second set of data attributes corresponding to a second set of data values of the second data object;
  
  defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group; and
  
  applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second data objects in the data hierarchy, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein at least one of the first and second sets of data attributes comprises less than all the data attributes of the corresponding data object.
  - 3. The method of claim 1 further comprising performing a query over at least one of the first and second data objects, wherein access to the data attributes of the queried data object is restricted based on the set of control permissions applied to the data attributes.
  - 4. The method of claim 1, wherein the the set of control permission controls access to the data values of the first and second sets of data attributes for different applications of the enterprise.
  - 5. The method of claim 4, wherein the set of control permissions is applied transparently to the operations of the applications.
  - 6. The method of claim 1, wherein the set of control permissions is associated with a role that is assigned to people in the enterprise.
  - 7. The method of claim 1, wherein the first and second sets of data attributes comprise at least two of data files, data objects, and data directories.
  - 8. The method of claim 1 further comprising:
    - receiving modifications to the set of control permissions for the virtual security object; and
      
      applying the modified set of control permissions uniformly across the data attributes identified for the virtual security object.
  - 9. The method of claim 1, wherein the set of control permissions comprises at least one of read, write, create, update, delete, and merge that is applied uniformly across the identified data attributes.

10. For a data management system that secures access to a plurality of data objects stored within a data hierarchy of an enterprise, a method of securing access to data attributes of the data objects, said method comprising:
- providing a first user interface tool for (i) receiving an identification of a first set of data attributes of a first data object, (ii) receiving an identification of a second set of data attributes of a second data object that is hierarchically related to the first data object in the data hierarchy, and (iii) defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group, wherein the first set of data attributes corresponds to a first set of data values of the first data object, and the second set of data attributes corresponds to a second set of data values of the second data object; and
  
  providing a second user interface tool for applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second data objects in the data hierarchy, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, wherein at least one of the first and second sets of data attributes comprises less than all the data attributes of the corresponding data object.
  - 12. The method of claim 10, wherein the second user interface tool is further for associating a role to the set of control permissions.

13. A non-transitory computer readable medium storing a program that secures access to a plurality of data objects stored within a data hierarchy of an enterprise, the program having a graphical user interface (GUI) for securing access to data attributes of the data objects, said GUI comprising:
- a first user interface tool for (i) receiving an identification of a first set of data attributes of a first data object, (ii) receiving an identification of a second set of data attributes of a second data object that is hierarchically related to the first data object in the data hierarchy, and (iii) defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group, wherein the first set of data attributes corresponds to a first set of data values of the first data object, and the second set of data attributes corresponds to a second set of data values of the second data object; and
  
  a second user interface tool for applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second data objects in the data hierarchy, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries.
- View Dependent Claims (14)
- - 14. The non-transitory computer readable medium of claim 13, wherein at least one of the first and second sets of data attributes comprises less than all the data attributes of the corresponding data object.

15. A non-transitory machine readable medium storing a program that secures access to a plurality of tables of a database of an enterprise, the program comprising sets of instructions for:
- receiving an identification of a first set of data attributes of a first table, said first set of data attributes corresponding to a first set of data values of the first table;
  
  receiving an identification of a second set of data attributes of a second data table that is hierarchically related to the first table in the database, said second set of data attributes corresponding to a second set of data values of the second data table; and
  
  defining, from the first and second sets of data attributes, a virtual security object that represents a logical object which allows the first and second sets of data attributes to be uniformly secured as one group; and
  
  applying a set of control permissions that is received for the virtual security object uniformly across the first and second sets of data attributes while maintaining the hierarchical relationship between the first and second tables in the database, wherein the set of control permissions is used to control access to the data values of the first and second sets of data attributes in response to user queries.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory machine readable medium of claim 15, wherein at least one of the first and second sets of data attributes comprises less than all the data attributes of the corresponding table.
  - 17. The non-transitory machine readable medium of claim 15, wherein the set of control permission controls access to the data values of the first and second sets of data attributes for different applications of the enterprise.
  - 18. The non-transitory machine readable medium of claim 17, wherein the set of control permissions is applied transparently to the operations of the applications.
  - 19. The non-transitory machine readable medium of claim 15, wherein the first set of data attributes identified for the virtual security object comprise a plurality of data attributes.
  - 20. The non-transitory machine readable medium of claim 15, wherein the set of control permissions comprises at least one of read, write, create, update, delete, and merge that is applied uniformly across the identified data attributes.
  - 21. The non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for performing a query over at least one of the first and second data objects, wherein access to the data attributes of the queried data object is restricted based on the set of control permissions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Informatica Corporation
Original Assignee
Informatica Corporation
Inventors
Korablev, Dmitri, Danforth, Gregory
Primary Examiner(s)
VO, TRUONG V

Application Number

US13/419,406
Publication Number

US 20120233689A1
Time in Patent Office

413 Days
Field of Search

707/758, 707/694, 707/783
US Class Current

707/758
CPC Class Codes

G06F 21/604 Tools and structures for ma...

G06F 21/6218 to a system of files or obj...

System and method for efficiently securing enterprise data resources

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System and method for efficiently securing enterprise data resources

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others