Computer relational database method and system having role based access control
First Claim
1. A method of controlling access to secured data, the method comprising:
- employing a repository, wherein the repository is operatively coupled to one or more databases storing secure data, wherein the employing a repository comprises;
intercepting a user query of one database of the one or more databases;
automatically determining from the user query, a user who generated the user query and a user role assigned to the user;
parsing the user query and identifying objects in the one database that are to be accessed as part of the user query;
looking up security information of identified objects in a metamodel stored in the one or more databases and determining which of the identified objects to filter out of the user query, wherein the security information qualifies which data objects are accessible by certain roles;
based on the user role and the identified objects to be filtered out of the user query, automatically building an expression tree to filter out secure data for which the user does not have access rights and modifying the user query by appending the expression tree to the user query to generate a modified user query to filter out secure data for which the user does not have access rights; and
applying the modified user query to the one database of the one or more databases;
using the repository to secure the security information in a database model; and
enabling the security information to be dynamically adjustable at runtime.
1 Assignment
0 Petitions
Accused Products
Abstract
In a method of controlling access to secured data, a repository operatively coupled to one or more databases storing secure data is employed to intercept a user query of one database of the one or more databases. A user who generated the user query and a user role assigned to the user is automatically determined from the intercepted query. The intercepted query is parsed. Security information of the identified objects is looked up in a metamodel stored in the one or more databases. Based on the determined user role and the identified objects to be filtered out of the user query, an expression tree to filter out secure data is automatically built and the user query is modified by appending the expression tree to the user query. The modified query is applied to the one database.
-
Citations
20 Claims
-
1. A method of controlling access to secured data, the method comprising:
-
employing a repository, wherein the repository is operatively coupled to one or more databases storing secure data, wherein the employing a repository comprises; intercepting a user query of one database of the one or more databases; automatically determining from the user query, a user who generated the user query and a user role assigned to the user; parsing the user query and identifying objects in the one database that are to be accessed as part of the user query; looking up security information of identified objects in a metamodel stored in the one or more databases and determining which of the identified objects to filter out of the user query, wherein the security information qualifies which data objects are accessible by certain roles; based on the user role and the identified objects to be filtered out of the user query, automatically building an expression tree to filter out secure data for which the user does not have access rights and modifying the user query by appending the expression tree to the user query to generate a modified user query to filter out secure data for which the user does not have access rights; and applying the modified user query to the one database of the one or more databases; using the repository to secure the security information in a database model; and enabling the security information to be dynamically adjustable at runtime. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of controlling access to secured data, the method comprising:
-
intercepting a user query of one database of one or more databases; automatically determining from the user query, a user who generated the user query and a user role assigned to the user; parsing the user query and identifying objects in the one database that are to be accessed as part of the user query; looking up security information of identified objects in a metamodel stored in the one or more databases and determining which of the identified objects to filter out of the user query, wherein the security information qualifies which data objects are accessible by certain roles; based on the user role and the identified objects to be filtered out of the user query, automatically building an expression tree to filter out secure data for which the user does not have access rights and modifying the user query by appending the expression tree to the user query to generate a modified user query to filter out secure data for which the user does not have access rights; and applying the modified user query to the one database. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable storage medium having a computer readable program embodied therein that when executed by a processor causes a computing system to perform a method of controlling access to secured data, the method comprising:
-
intercepting a user query of one database of one or more databases; automatically determining from the user query, a user who generated the user query and a user role assigned to the user; parsing the user query and identifying objects in the one database that are to be accessed as part of the user query; looking up security information of identified objects in a metamodel stored in the one or more databases and determining which of the identified objects to filter out of the user query, wherein the security information qualifies which data objects are accessible by certain roles; based on the user role and the identified objects to be filtered out of the user query, automatically building an expression tree to filter out secure data for which the user does not have access rights and modifying the user query by appending the expression tree to the user query to generate a modified user query to filter out secure data for which the user does not have access rights; and applying the modified user query to the one database. - View Dependent Claims (20)
-
Specification