Computer Relational Database Method and System Having Role Based Access Control
First Claim
Patent Images
1. A method of controlling access to secured data, comprising:
- operatively coupling a repository to one or more databases storing secure data;
employing the repository, intercepting a user query of one of the databases;
automatically determining from the intercepted query, a user who generated the user query and a user role assigned to the user;
based on determined user role, automatically modifying the user query to filter out secure data for which the user does not have access rights; and
applying the modified query to the one database.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer method, system and apparatus control access to secured data in a plurality of databases. A repository is coupled to the databases and has a security runtime subsystem. The repository intercepts a user query of a subject database in the plurality. The security runtime subsystem determines from the intercepted query a user and corresponding user role. Based on user role, the security runtime subsystem automatically modifies the user query to filter out secure data for which the identified user is unauthorized to access but are part of the user query.
15 Citations
22 Claims
-
1. A method of controlling access to secured data, comprising:
-
operatively coupling a repository to one or more databases storing secure data; employing the repository, intercepting a user query of one of the databases; automatically determining from the intercepted query, a user who generated the user query and a user role assigned to the user; based on determined user role, automatically modifying the user query to filter out secure data for which the user does not have access rights; and applying the modified query to the one database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system of controlling access to secured data, comprising:
-
a repository operatively coupled to one or more databases storing secure data, the repository configured to intercept a user query of one of the databases; and a security runtime subsystem of the repository (i) automatically determining from the intercepted query a user who generated the user query and a user role assigned to the user, and (ii) based on determined user role, automatically modifying the user query to filter out secure data for which the user is ineligible to access, the repository applying the modified query to the one database and retrieving qualifying data as authorized by user role. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product comprising:
-
a computer readable storage medium having a computer readable program embodied therewith, the computer readable program including program code to; (a) operatively couple a repository to a plurality of databases storing secure data; (b) employ the repository to intercept a user query of one of the databases; (c) automatically determine from the intercepted query, a user who generated the user query and a user role assigned to the user; (d) based on determined user role, automatically modify the user query to filter out secure data for which the user does not have access rights; and (e) apply the modified query to the one database. - View Dependent Claims (22)
-
Specification