Row level security integration of analytical data store with cloud architecture
First Claim
1. A method of building a secure read-only analytic data structure, the method including:
- accessing a data set from at least one transactional data management system, wherein data in the data set has security attributes managed by the at least one transactional data management system;
processing first security translation rules that accept the security attributes as predicates and generating one or more security tokens for each object in the data set; and
storing the one or more security tokens by association with each secured object in the read-only analytic data structure generated from the data set, wherein the stored one or more security tokens govern access to each secured object.
1 Assignment
0 Petitions
Accused Products
Abstract
A predicate-based row level security system is used when workers build or split an analytical data store. According to one implementation, predicate-based means that security requirements of source transactional systems can be used as predicates to a rule base that generates one or more security tokens, which are associated with each row as attributes of a dimension. Similarly, when an analytic data store is to be split, build job, user and session attributes can be used to generate complementary security tokens that are compared to security tokens of selected rows. Efficient indexing of a security tokens dimension makes it efficient to qualify row retrieval based on security criteria.
-
Citations
23 Claims
-
1. A method of building a secure read-only analytic data structure, the method including:
-
accessing a data set from at least one transactional data management system, wherein data in the data set has security attributes managed by the at least one transactional data management system; processing first security translation rules that accept the security attributes as predicates and generating one or more security tokens for each object in the data set; and storing the one or more security tokens by association with each secured object in the read-only analytic data structure generated from the data set, wherein the stored one or more security tokens govern access to each secured object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium impressed with computer program instructions for building a secure read-only analytic data structure, the instructions, when executed on a hardware processor implement a method comprising:
-
accessing a data set from at least one transactional data management system, wherein data in the data set has security attributes managed by the at least one transactional data management system; processing first security translation rules that accept the security attributes as predicates and generating one or more security tokens for each object in the data set; and storing the one or more security tokens by association with each secured object in the read-only analytic data structure generated from the data set, wherein the stored one or more security tokens govern access to each secured object. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus for building a secure read-only analytic data structure, the apparatus comprising:
-
a memory storing computer instructions; and a processor configured to execute the stored computer instructions to; access a data set from at least one transactional data management system, wherein data in the data set has security attributes managed by the at least one transactional data management system; process first security translation rules that accept the security attributes as predicates and generating one or more security tokens for each object in the data set; and store the one or more security tokens by association with each secured object in the read-only analytic data structure generated from the data set, wherein the stored one or more security tokens govern access to each secured object.
-
Specification