DBFS permissions using user, role, and permissions flags

US 9,881,170 B2
Filed: 11/17/2014
Issued: 01/30/2018
Est. Priority Date: 08/05/1999
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

an operating system running on a client machine, receiving a request for a file operation on a specific file within a database file system that stores files in database objects of a database system;

in response to receiving said request;

said operating system determining whether a user associated with said request has a privilege required for said file operation for said specific file;

wherein said operating system determining whether said user has said privilege required for said file operation includes comparing an operating system user ID of said user to metadata associated with said specific file, wherein said operating system user ID is stored locally on said client machine, wherein said metadata contains privilege information, based on operating system user IDs, for file operations associated with said specific file;

when said operating system determines that said user has said privilege, said database system determining whether said user has said privilege required for said file operation on said specific file, based upon a database user ID associated with said user; and

in response to said database system determining that said user has said privilege required for said file operation for said specific file, said database system permitting said file operation on said specific file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating file operations on files and folders stored in a database file system where the database file system can authenticate a client-user request based upon the client-user'"'"'s database credentials. The database file system has the capability of storing file permissions based on database credentials. Once a client requests a certain file operation, the client'"'"'s operating system first determines whether the client has sufficient privileges to perform the requested file operation. If the client has privileges, the client operating system forwards the file operation request to the database file system. The database file system then authenticates the client, based on his database credentials, to determine whether or not to perform the requested file operation.

Citations

11 Claims

1. A method comprising:
- an operating system running on a client machine, receiving a request for a file operation on a specific file within a database file system that stores files in database objects of a database system;
  
  in response to receiving said request;
  
  said operating system determining whether a user associated with said request has a privilege required for said file operation for said specific file;
  
  wherein said operating system determining whether said user has said privilege required for said file operation includes comparing an operating system user ID of said user to metadata associated with said specific file, wherein said operating system user ID is stored locally on said client machine, wherein said metadata contains privilege information, based on operating system user IDs, for file operations associated with said specific file;
  
  when said operating system determines that said user has said privilege, said database system determining whether said user has said privilege required for said file operation on said specific file, based upon a database user ID associated with said user; and
  
  in response to said database system determining that said user has said privilege required for said file operation for said specific file, said database system permitting said file operation on said specific file.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said request is a second request, and the method further comprises the steps of:
    - prior to receiving said second request, receiving, at said database file system, a first request to establish a connection using said database user ID associated with said user for said user to said database file system; and
      
      said database system determining whether said user has said privilege required for said second request comprises evaluating said database user ID associated with said user.
  - 3. The method of claim 2, wherein said database system determining whether said user has said privilege required for said second request comprises evaluating a role set for said user in said database file system.
  - 4. The method of claim 2, wherein said database system determining whether said user has said privilege required for said second request comprises evaluating specific privileges maintained in said database file system set for said specific file.
  - 5. The method of claim 1, the method further including the step of updating privileges required for said file operation for said specific file by changing a database user ID associated with said specific file within said database file system.

6. A system for determining file operation permissions on a database system for a user, the system comprising:
- a client computer system configured to receive a request for a file operation on a specific file within a database management system that stores files in database objects of the database system;
  
  a client operating system configured to determine whether said user associated with said request has a privilege required for said file operation for said specific file;
  
  wherein said client operating system determines whether said user has said privilege required for said file operation includes comparing an operating system user ID of said user to metadata associated with said specific file, wherein said operating system user ID is stored locally on said client computer system, wherein said metadata contains privilege information, based on operating system user IDs, for file operations associated with said specific file;
  
  said database management system configured to determine whether said user has said privilege required for said file operation on said specific file, based upon a database user ID associated with said user, when said client operating system determines that said user has said privilege; and
  
  said database management system configured to permit said file operation on said specific file in response to said database system determining that said user has said privilege required for said file operation for said specific file.

7. One or more non-transitory storage media storing instructions which, when executed by one or more computing devices, causes:
- an operating system running on a client machine, receiving a request for a file operation on a specific file within a database file system that stores files in database objects of a database system;
  
  in response to receiving said request;
  
  said operating system determining whether a user associated with said request has a privilege required for said file operation for said specific file;
  
  wherein said operating system determining whether said user has said privilege required for said file operation includes comparing an operating system user ID of said user to metadata associated with said specific file, wherein said operating system user ID is stored locally on said client machine, wherein said metadata contains privilege information, based on operating system user IDs, for file operations associated with said specific file;
  
  when said operating system determines that said user has said privilege, said database system determining whether said user has said privilege required for said file operation on said specific file, based upon a database user ID associated with said user; and
  
  in response to said database system determining that said user has said privilege required for said file operation for said specific file, said database system permitting said file operation on said specific file.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The one or more non-transitory computer-readable media of claim 7, wherein said request is a second request,wherein said instructions include instructions for prior to receiving said second request, receiving, at said database file system, a first request to establish a connection using said database user ID associated with said user for said user to said database file system;
    - andsaid database system determining whether said user has said privilege required for said second request comprises evaluating said database user ID associated with said user.
  - 9. The one or more non-transitory computer-readable media of claim 8, wherein said database system determining whether said user has said privilege required for said second request comprises evaluating a role set for said user in said database file system.
  - 10. The one or more non-transitory computer-readable media of claim 8, wherein said database system determining whether said user has said privilege required for said second request comprises evaluating specific privileges maintained in said database file system set for said specific file.
  - 11. The one or more non-transitory computer-readable media of claim 7, the instructions further including instructions for updating privileges required for said file operation for said specific file by changing a database user ID associated with said specific file within said database file system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Morris, Michael
Primary Examiner(s)
Wong, Leslie

Application Number

US14/543,658
Publication Number

US 20160140354A1
Time in Patent Office

1,170 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/176   Support for shared access t...

G06F 16/188   Virtual file systems

G06F 21/6218   to a system of files or obj...

Y10S 707/99931   Database or file accessing

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99943   Generating database or data...

DBFS permissions using user, role, and permissions flags

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

DBFS permissions using user, role, and permissions flags

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links