System and method for controlling access to a database object

US 8,732,200 B2
Filed: 02/13/2012
Issued: 05/20/2014
Est. Priority Date: 02/13/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a query from a user, the query requesting access to a database object in a first database table;

accessing a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier;

determining whether the user is an owner of the database object based on the first column;

in response to determining that the user is not an owner of the database object, determining whether the user is authorized to access the database object by;

accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier;

determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and

determining whether the user is authorized to access the database object based on the user identifier in the fourth column of the second database table; and

allowing the user to access the database object in response to determining the user is authorized to access the database object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment of the present disclosure, a method includes receiving a query from a user, the query requesting access to a database object in a first database table, the database object comprising a first column and a second column. The method also includes determining whether the user is authorized to access the database object based on the first column, and determining whether the user is authorized to access the database object based on the second column. The method further includes allowing the user to access to database object in response to determining the user is authorized to access the database object based on the first column or the second column.

Citations

11 Claims

1. A method, comprising:
- receiving a query from a user, the query requesting access to a database object in a first database table;
  
  accessing a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier;
  
  determining whether the user is an owner of the database object based on the first column;
  
  in response to determining that the user is not an owner of the database object, determining whether the user is authorized to access the database object by;
  
  accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier;
  
  determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and
  
  determining whether the user is authorized to access the database object based on the user identifier in the fourth column of the second database table; and
  
  allowing the user to access the database object in response to determining the user is authorized to access the database object.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising modifying the query to include instructions for determining whether the user is authorized to access the database object based on the first column or the second column.
  - 3. The method of claim 1, wherein determining whether the user is listed as an owner of the database object comprises:
    - determining a first value in the first column; and
      
      determining whether the user has access to the database object based on the first value.
  - 4. The method of claim 1, wherein:
    - the first column comprises a foreign key reference to a third database table;
      
      the second column group identifier comprises a foreign key reference to a fourth database table;
      
      the group identifier in the third column comprises a foreign key reference to the fourth database table; and
      
      the user identifier in the fourth column comprises a foreign key reference to the third database table.

5. A system, comprising:
- a memory; and
  
  one or more processors operable, upon executing one or more instructions stored in the memory, to;
  
  receive a query from a user, the query requesting access to a database object in a first database table;
  
  access a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier;
  
  determine whether the user is an owner of the database object based on the first column;
  
  in response to determining that the user is not an owner of the database object, determine whether the user is authorized to access the database object by;
  
  accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier;
  
  determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and
  
  determining whether the user has access to the database object based on the user identifier in the fourth column of the second database table; and
  
  allow the user to access the database object in response to determining the user is authorized to access the database object.
- View Dependent Claims (6, 7)
- - 6. The system of claim 5, wherein the one or more processors are further operable to modify the query to include instructions for determining whether the user is authorized to access the database object based on the first column or the second column.
  - 7. The system of claim 5, wherein the one or more processors operable to determine whether the user is listed as an owner of the database object are further operable to:
    - determine a first value in the first column; and
      
      determine whether the user has access to the database object based on the first value.

8. Logic encoded in a non-transitory computer readable storage medium, the logic comprising instructions that when executed on a processor are operable to:
- receive a query from a user, the query requesting access to a database object in a first database table;
  
  access a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier;
  
  determine whether the user is an owner of the database object based on the first column;
  
  in response to determining that the user is not an owner of the database object, determine whether the user is authorized to access the database object by;
  
  accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier;
  
  determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and
  
  determining whether the user has access to the database object based on the user identifier in the fourth column of the second database table; and
  
  allow the user to access the database object in response to determining the user is authorized to access the database object.
- View Dependent Claims (9, 10)
- - 9. The logic of claim 8, wherein the one or more instructions are further operable to modify the query to include instructions for determining whether the user is authorized to access the database object based on the first column or the second column.
  - 10. The logic of claim 8, wherein the one or more instructions operable to determine whether the user is listed as an owner of the database object are further operable to:
    - determine a first value in the first column; and
      
      determine whether the user has access to the database object based on the first value.

11. A method, comprising:
- receiving a query from a user, the query requesting access to a database object in a first database table;
  
  accessing a row in the first database table associated with the database object, the row of the first database table comprising a first column and a second column, the first column comprising an owner of the database object and the second column comprising a group identifier;
  
  modifying the query to include instructions for determining whether the user is authorized to access the database object based on the first column or the second column;
  
  determining whether the user is an owner of the database object based on a first value in the first column;
  
  in response to determining that the user is not an owner of the database object, accessing a row in a second database table, the row in the second database table comprising a third column comprising a group identifier and a fourth column comprising a user identifier;
  
  determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table;
  
  determining whether the user is authorized to access the database object based on the user identifier in the fourth column of the second database table, in response to determining that the group identifier in the second column of the first database table matches the group identifier in the third column of the second database table; and
  
  allowing the user to access the database object in response to determining the user is authorized based on the first column or the user identifier in the fourth column.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Tootill, David Andrew
Primary Examiner(s)
Bhatia, Ajay
Assistant Examiner(s)
MUELLER, KURT A

Application Number

US13/371,634
Publication Number

US 20130212122A1
Time in Patent Office

827 Days
Field of Search

707/769, 707/634, 707/758, 707/781
US Class Current

707/781
CPC Class Codes

G06F 16/20 of structured data, e.g. re...

G06F 21/6227 where protection concerns t...

System and method for controlling access to a database object

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling access to a database object

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links