US2004139075A1PendingUtilityA1
Database access method and system for user role defined access
Priority: Mar 31, 2000Filed: Dec 22, 2003Published: Jul 15, 2004
Est. expiryMar 31, 2020(expired)· nominal 20-yr term from priority
G06F 21/6227Y10S707/99932Y10S707/99939Y10S707/99936Y10S707/99935
45
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Method and system for determination and granting of access to data and files by the file or database creator, owner or manager or by group or user access profiles. The database is partitionable among data owners, and access is awarded based upon the requestor's organizational attributes.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A database management system having an access control subsystem, said database management system comprising:
a) a plurality of user entries representing users seeking access to data items, each of said user entries having at least one organizational access attribute; and b) a plurality of data items, each of said data items being a data file, a data field within a data file, or a view of data items, and selected ones of said data items have at least one organizational access attribute; said access control subsystem being configured to: a) receive a database query from a user requesting one or more data items; b) read the user's organizational access attributes; c) read the data item's organizational access attributes; and d) present data items to the user to which the user, based on the user's access attributes, has access.
2 . The database management system of claim 1 in which access is granted to the user by determining whether the user's organizational access attributes and the data item's organizational attributes include a match.
3 . The database management system of claim 1 wherein a plurality of organizations exclusively own individual data files in the database management system, whereby an individual data file has a single owner.
4 . The database management system of claim 3 wherein said access control subsystem is configured to authorize a customer of an owner organization having access to a data item to grant access to the data item to an additional user while the customer accesses the data item.
5 . The database management system of claim 4 wherein said access control subsystem is configured to authorize the customer of the owner organization to access the data item and to thereafter authorize the additional user to access and update the data item.
6 . The database management system of claim 1 wherein said organizational access attributes are configured hierarchically, such that each organizational access attribute has a hierarchical level and a hierarchical branch, and each user access attribute has a hierarchical level and a hierarchical branch, and said access control subsystem is configured to grant access based on one or both of (a) the hierarchical levels of the user and data item, or (b) the hierarchical branch of the user and data item.
7 . The database management system of claim 6 wherein said hierarchical levels correspond to ranges of organizations, and to data items identified thereto.
8 . The database management system of claim 7 wherein the data items are chosen from the group consisting of data fields, data files, and views.
9 . The database management system of claim 6 wherein said hierarchical branches correspond to virtual or real organizations and data items identified thereto.
10 . The database management system of claim 9 wherein said data items are chosen from the group consisting of data files and views.
11 . The database management system of claim 6 wherein hierarchical levels correspond to access to data fields and data views, and hierarchical branches correspond to access to data files and data views.
12 . A method of managing a database having:
a) a plurality of user entries representing users seeking access to data items, each of said user entries having at least one organizational access attribute; and b) a plurality of data items, each of said data items being a data file, a data field within a data file, or a view of data items, and selected ones of said data items have at least one organizational access attribute; said method comprising: a) receiving a database query from a user requesting one or more data items; b) reading the user's organizational access attributes; c) reading the data item's organizational access attributes; and d) presenting data items to the user to which the user based on the user's access attributes has access.
13 . The method of claim 12 comprising determining whether the user's organizational access attributes and the data item's organizational access attributes include a match, and if so, granting access.
14 . The method of claim 12 wherein a plurality of organizations exclusively own individual data files in the database management system, and an individual data file has a single owner.
15 . The method of claim 14 comprising a customer of an owner organization having access to a data item granting access to the data item to an additional user while the customer is accessing the data item.
16 . The method of claim 15 comprising the customer of the owner organization accessing the data item and to thereafter authorize the additional user to access and update the data item.
17 . The method of claim 12 wherein said organizational access attributes are configured hierarchically, such that each organizational access attribute has a hierarchical level and a hierarchical branch, and each user access attribute has a hierarchical level and a hierarchical branch, said method comprising granting access based on one or both of (a) the hierarchical levels of the user and data item, or (b) the hierarchical branch of the user and data item.
18 . The method of claim 17 wherein said hierarchical levels correspond to ranges of organizations, and to data items identified thereto.
19 . The method of claim 18 wherein the data items are chosen from the group consisting of data fields, data files, and views.
20 . The method of claim 17 wherein said hierarchical branches correspond to virtual or real organizations and data items identified thereto.
21 . The method of claim 20 wherein said data items are chosen from the group consisting of data files and views.
22 . The method of claim 17 wherein hierarchical levels correspond to access to data fields and data views, and hierarchical branches correspond to access to data files and data views.
23 . A method of managing a database system having a plurality of files, said files having a plurality of fields, said database being divisible into multiple sets of file and field entries having views visible to users having personal, positional, or organizational attributes associated with the said views, said users being divisible into multiple membership sets based upon organizational attributes, which method comprises:
(a) determining the personal, positional, and organizational attributes of users; and (b) when a users queries the database:
(i) accessing files and fields within the database to which the user has access based upon the user's attributes; and
(ii) presenting a view to which the user has access based upon the user's attributes.
24 . The method of claim 23 comprising determining access to files based upon one attribute and determining access to fields based upon another attribute.
25 . The method of claim 23 comprising determining access to files based upon a first organizational attribute and determining access to fields within the files based upon one of a personal attribute or a second organizational attribute.
26 . The method of claim 23 comprising determining access to a file based upon an attribute and to at least one field in the file based upon the same attribute.
27 . The method of claim 26 comprising determining access to a file based upon an organizational attribute and to at least one field in the file based upon the same organizational attribute.
28 . The method of claim 25 wherein one of said users is an internal user having access to first portions of a view, and wherein another one of said users is an external user having access to second portions of the view.
29 . The method of claim 28 wherein said first and second portions of the view are partially overlapping and partially non-overlapping.
30 . A database system comprising a database having a plurality of files, said files having a plurality of fields, said users having personal, positional, and organizational attributes, and being divisible into multiple membership sets based upon organizational attributes, said database having views visible to said users based upon the personal, positional, and organizational attributes thereof.
31 . The database system of claim 30 wherein the multiple sets of files and fields are overlapping across organizations.
32 . The database system of claim 30 wherein the multiple sets of files and fields are disjoint across organizations.
33 . The database system of claim 30 wherein the multiple sets of users are in overlapping organizations.
34 . The database system of claim 30 wherein the multiple sets of users are in disjoint organizations.
35 . The database system of claim 30 wherein views visible to a user are determined by the user's organizational and positional attributes.
36 . The database system of claim 35 wherein view files are determined by a user's organizational attributes.
37 . The database system of claim 35 wherein view fields are determined by a user's positional attributes.
38 . The database system of claim 35 wherein view files are determined by a user's organizational attributes, and view fields are determined by a user's positional attributes.
39 . A database system comprising a partitionable database of a plurality of separate virual databases, each of said separate virtual databases having a unique database owner, and wherein a user can only access files in a virtual database to which the said user has access authorization from the database owner.
40 . The database system of claim 39 wherein said separate virtual databases are disjoint.
41 . The database system of claim 40 wherein said separate, disjoint virtual databases have unique owners.
42 . The database system of claim 41 wherein a user requires authorization from a database owner to access the owner's separate, virtual database.
43 . The database system of claim 42 wherein a user requires authorization from the owner of a file within the separate, virtual database to access the file owner's file.
44 . The database system of claim 43 wherein a user's access authorization to a particular file in the virtual database is granted by the file owner's initiation of a database call through an associated computer telephony integration (CTI) system.
45 . The database system of claim 44 wherein the database is a multi-tenant database having a plurality of tenants, each tenant being the owner of a separate virtual database, at least two of the tenants utilizing a common call center service.
46 . A method of managing a database system having a partitionable database of a plurality of separate virtual databases, each of said separate virtual databases having a unique database owner, said method comprising the owner of a separate virtual database granting access authorization to a user, and the user thereafter accessing a file in the virtual database to which the said user has been granted access authorization from the database owner.
47 . The database management method of claim 46 wherein said separate virtual databases are disjoint.
48 . The database management method of claim 47 wherein said separate, disjoint virtual databases have unique owners.
49 . The database management method of claim 46 wherein a user requires authorization from the owner of a file within the separate, virtual database to access the file owner's file.
50 . The database management method of claim 49 wherein the file owner grants access authorization to the file owner's file in the virtual database to a user.
51 . The database management method of claim 50 wherein the file owner's initiation of a database call through an associated computer telephony integration (CTI) system grants access authorization to the file owner's file to a user.
52 . The database management method of claim 51 wherein the database is a multi-tenant database having a plurality of tenants, each tenant being the owner of a separate virtual database, at least two of the tenants utilizing a common call center service.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.