Composing abstract queries for delegated user roles
First Claim
1. A computer-implemented method of abstract query composition based on user roles defined in a database abstraction model, the computer-implemented method comprising:
- providing the database abstraction model, which contains a plurality of logical field definitions defining a plurality of logical fields that map to a plurality of physical fields of one or more underlying physical databases, each of the plurality of logical field definitions specifying;
(i) a logical field name and (ii) an access method comprising a function of one or more of the plurality of physical fields;
wherein the database abstraction model further defines a set of user roles;
the plurality of logical field definitions specifying at least two types of access methods selected from;
(i) a simple access method mapping to a specified physical field;
(ii) a filtered access method applying a specified filter to a physical field; and
(iii) a composed access method mapping to a set of values generated from one or more physical fields based on a specified formula;
prior to selecting any logical field to include in an abstract query desired to be composed, selecting, from the set of user roles, a plurality of user roles desired to have permission to execute the abstract query once composed, wherein the plurality of user roles is selected based on input from an administrative user of the database abstraction model;
subsequent to selecting the plurality of user roles, determining, by operation of one or more computer processors, a group of permitted logical fields to which access is permitted for at least one of the selected plurality of user roles;
generating output conveying;
(i) the group of permitted logical fields as being permitted based on the selected plurality of user roles and (ii) a group of non-permitted logical fields as being non-permitted based on the selected plurality of user roles;
subsequent to generating the output, selecting, from the group of permitted logical fields and based on input from the administrative user responsive to the generated output, one or more logical fields to include in the abstract query desired to be composed;
composing the abstract query based on the selected one or more logical fields; and
responsive to receiving, from a non-administrative user, a request to execute the composed abstract query, and upon determining that the non-administrative user has a role that matches at least one of the selected plurality of user roles defined in the database abstraction model, executing the composed abstract query in order to generate a set of query results, whereafter the set of query results is output for the non-administrative user.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide a database administrator composing an abstract query with visibility to logical fields that are permitted for the delegated roles. In one embodiment, a query interface is configured to receive administrator selections of delegated roles (i.e., the user roles to be provided with access to the finished abstract query). The query interface may then present the administrator with logical fields that are permitted for each delegated role. Providing such information may enable the administrator to verify that all intended users will have access to the finished abstract query.
18 Citations
21 Claims
-
1. A computer-implemented method of abstract query composition based on user roles defined in a database abstraction model, the computer-implemented method comprising:
-
providing the database abstraction model, which contains a plurality of logical field definitions defining a plurality of logical fields that map to a plurality of physical fields of one or more underlying physical databases, each of the plurality of logical field definitions specifying;
(i) a logical field name and (ii) an access method comprising a function of one or more of the plurality of physical fields;
wherein the database abstraction model further defines a set of user roles;
the plurality of logical field definitions specifying at least two types of access methods selected from;
(i) a simple access method mapping to a specified physical field;
(ii) a filtered access method applying a specified filter to a physical field; and
(iii) a composed access method mapping to a set of values generated from one or more physical fields based on a specified formula;prior to selecting any logical field to include in an abstract query desired to be composed, selecting, from the set of user roles, a plurality of user roles desired to have permission to execute the abstract query once composed, wherein the plurality of user roles is selected based on input from an administrative user of the database abstraction model; subsequent to selecting the plurality of user roles, determining, by operation of one or more computer processors, a group of permitted logical fields to which access is permitted for at least one of the selected plurality of user roles; generating output conveying;
(i) the group of permitted logical fields as being permitted based on the selected plurality of user roles and (ii) a group of non-permitted logical fields as being non-permitted based on the selected plurality of user roles;subsequent to generating the output, selecting, from the group of permitted logical fields and based on input from the administrative user responsive to the generated output, one or more logical fields to include in the abstract query desired to be composed; composing the abstract query based on the selected one or more logical fields; and responsive to receiving, from a non-administrative user, a request to execute the composed abstract query, and upon determining that the non-administrative user has a role that matches at least one of the selected plurality of user roles defined in the database abstraction model, executing the composed abstract query in order to generate a set of query results, whereafter the set of query results is output for the non-administrative user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable storage medium containing a program which, when executed, performs an operation of abstract query composition based on user roles defined in a database abstraction model, the operation comprising:
-
providing the database abstraction model, which contains a plurality of logical field definitions defining a plurality of logical fields that map to a plurality of physical fields of one or more underlying physical databases, each of the plurality of logical field definitions specifying;
(i) a logical field name and (ii) an access method comprising a function of one or more of the plurality of physical fields;
wherein the database abstraction model further defines a set of user roles;
wherein the plurality of logical field definitions specifies at least two access methods selected from;
(i) a simple access method mapping to a specified physical field;
(ii) a filtered access method applying a specified filter to a physical field; and
(iii) a composed access method mapping to a set of values generated from one or more physical fields based on a specified formula;prior to selecting any logical field to include in an abstract query desired to be composed, selecting, from the set of user roles, a plurality of user roles desired to have permission to execute the abstract query once composed, wherein the plurality of user roles is selected based on input from an administrative user of the database abstraction model; subsequent to selecting the plurality of user roles, determining, by operation of one or more computer processors when executing the program, a group of permitted logical fields to which access is permitted for at least one of the selected plurality of user roles; generating output conveying;
(i) the group of permitted logical fields as being permitted based on the selected plurality of user roles and (ii) a group of non-permitted logical fields as being non-permitted based on the selected plurality of user roles;subsequent to generating the output, selecting, from the group of permitted logical fields and based on input from the administrative user responsive to the generated output, one or more logical fields to include in the abstract query desired to be composed; composing the abstract query based on the selected one or more logical fields; and responsive to receiving, from a non-administrative user, a request to execute the composed abstract query, and upon determining that the non-administrative user has a role that matches at least one of the plurality of user roles defined in the database abstraction model, executing the composed abstract query in order to generate a set of query results, whereafter the set of query results is output for the non-administrative user. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system of abstract query composition based on user roles defined in a database abstraction model, the system comprising:
-
one or more computer processors; and a memory containing a program which, when executed by the one or more computer processors, performs an operation comprising; providing the database abstraction model, which contains a plurality of logical field definitions defining a plurality of logical fields that map to a plurality of physical fields of one or more underlying physical databases, each of the plurality of logical field definitions specifying;
(i) a logical field name and (ii) an access method comprising a function of one or more of the plurality of physical fields;
wherein the database abstraction model further defines a set of user roles;
wherein the plurality of logical field definitions specifies at least two access methods selected from;
(i) a simple access method mapping to a specified physical field;
(ii) a filtered access method applying a specified filter to a physical field; and
(iii) a composed access method mapping to a set of values generated from one or more physical fields based on a specified formula;prior to selecting any logical field to include in an abstract query desired to be composed, selecting, from the set of user roles, a plurality of user roles desired to have permission to execute the abstract query once composed, wherein the plurality of user roles is selected based on input from an administrative user of the database abstraction model; subsequent to selecting the plurality of user roles, determining a group of permitted logical fields to which access is permitted for at least one of the selected plurality of user roles; generating output conveying;
(i) the group of permitted logical fields as being permitted based on the selected plurality of user roles and (ii) a group of non-permitted logical fields as being non-permitted based on the selected plurality of user roles;subsequent to generating the output, selecting, from the group of permitted logical fields and based on input from the administrative user responsive to the generated output, one or more logical fields to include in the abstract query desired to be composed; composing the abstract query based on the selected one or more logical fields; and responsive to receiving, from a non-administrative user, a request to execute the composed abstract query, and upon determining that the non-administrative user has a role that matches at least one of the plurality of user roles defined in the database abstraction model, executing the composed abstract query in order to generate a set of query results, whereafter the set of query results is output for the non-administrative user. - View Dependent Claims (18, 19, 20, 21)
-
Specification