System and method for controlling access to a database object
First Claim
Patent Images
1. A method, comprising:
- receiving a query from a user, the query requesting access to a database object in a first database table;
accessing a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier;
determining whether the user is an owner of the database object based on the first column;
in response to determining that the user is not an owner of the database object, determining whether the user is authorized to access the database object by;
accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier;
determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and
determining whether the user is authorized to access the database object based on the user identifier in the fourth column of the second database table; and
allowing the user to access the database object in response to determining the user is authorized to access the database object.
2 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment of the present disclosure, a method includes receiving a query from a user, the query requesting access to a database object in a first database table, the database object comprising a first column and a second column. The method also includes determining whether the user is authorized to access the database object based on the first column, and determining whether the user is authorized to access the database object based on the second column. The method further includes allowing the user to access to database object in response to determining the user is authorized to access the database object based on the first column or the second column.
-
Citations
11 Claims
-
1. A method, comprising:
-
receiving a query from a user, the query requesting access to a database object in a first database table; accessing a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier; determining whether the user is an owner of the database object based on the first column; in response to determining that the user is not an owner of the database object, determining whether the user is authorized to access the database object by; accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier; determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and determining whether the user is authorized to access the database object based on the user identifier in the fourth column of the second database table; and allowing the user to access the database object in response to determining the user is authorized to access the database object. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
a memory; and one or more processors operable, upon executing one or more instructions stored in the memory, to; receive a query from a user, the query requesting access to a database object in a first database table; access a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier; determine whether the user is an owner of the database object based on the first column; in response to determining that the user is not an owner of the database object, determine whether the user is authorized to access the database object by; accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier; determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and determining whether the user has access to the database object based on the user identifier in the fourth column of the second database table; and allow the user to access the database object in response to determining the user is authorized to access the database object. - View Dependent Claims (6, 7)
-
-
8. Logic encoded in a non-transitory computer readable storage medium, the logic comprising instructions that when executed on a processor are operable to:
-
receive a query from a user, the query requesting access to a database object in a first database table; access a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier; determine whether the user is an owner of the database object based on the first column; in response to determining that the user is not an owner of the database object, determine whether the user is authorized to access the database object by; accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier; determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and determining whether the user has access to the database object based on the user identifier in the fourth column of the second database table; and allow the user to access the database object in response to determining the user is authorized to access the database object. - View Dependent Claims (9, 10)
-
-
11. A method, comprising:
-
receiving a query from a user, the query requesting access to a database object in a first database table; accessing a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier; modifying the query to include instructions for determining whether the user is authorized to access the database object based on the first column or the second column; determining whether the user is an owner of the database object based on a first value in the first column; in response to determining that the user is not an owner of the database object, accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier; determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; determining whether the user is authorized to access the database object based on the user identifier in the fourth column of the second database table, in response to determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and allowing the user to access the database object in response to determining the user is authorized based on the first column or the user identifier in the fourth column.
-
Specification