Techniques for replicating changes to access control lists on investigative analysis data
Abstract
Techniques for replicating changes to access control lists on investigative analysis data are disclosed. After a change is made in a database to an access control list (ACL) governing access to a secured component of a data object, an exporting nexus sends an ACL change network message to an importing nexus. The ACL change message includes information that importing nexus can use to apply the ACL change to the importing database. Applying the ACL change message includes using the information in the ACL change message to determine which change records for which secured components of the data object in the importing database the ACL change should be applied to. By doing so, user access to all change records in the importing database to which the ACL change is applied is governed by the new ACL, thereby preventing unauthorized access to the change records, including historical change records.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. A multimaster system for asynchronous replication among databases, comprising:
one or more computing devices configured to execute a first nexus that operates on a first database;
one or more computing devices configured to execute a second nexus that operates on a second database;
the first nexus configured: comprising one or more processors and storage media storing first instructions which when executed cause the one or more procesors:
to store first value data in the a first database, the first value data comprising a current value and one or more historical values of a first secured component of a data object, the first secured component associated in the first database with a first secured component identifier, the data object associated in the first database with a data object identifier;
to store first access control list data in the first database, the first access control list data comprising a current access control list and one or more historical access control lists governing, with respect to the first database, access to the current value and the one or more historical values of the first secured component; and
to send one or more network messages to the second nexus, the one or more network messages comprising the data object identifier, the first value data, and the first access control list data;
the second nexus configuredone or more computing devices comprising one or more processors and storage media storing second instructions which when executed cause the one or more processors:
to store second value data in the a second database, the second value data comprising a current value and one or more historical values of a second secured component of the data object, the second secured component associated in the second database with a second secured component identifier that is different than the first secured component identifier, the data object associated in the second database with the data object identifier, a change made to the first database to be propagated to the second database; to store second access control list data in the second database, the second access control list data comprising a current access control list and one or more historical access control lists governing, with respect to the second database, access to the current value and the one or more historical values of the second secured component; to receive the one or more network messages related to a change in the first access control list data; to compare the first value data to the second value data; to compare the first access control list data to the second access control list data; and responsive to determining that the first value data matches the second value data and the first access control list data matches the second access control list data, to identify the second secured component as being associated with the first secured component and to replace, in the second database, each of the current access control list and the one or more historical access control lists in the second access control list data with the current access control list from the first access control list data.
2. The system of claim 1 , wherein change records for the first secured component are identified in the first database using a first identifier, wherein change records for the second secured component are identified in the second database using a second identifier, wherein the first identifier cannot be used to identify, in the second database, change records for the second secured component, and wherein the second identifier cannot be used to identify, in the first database, change records for the first secured component.
3. The system of claim 1 :
wherein the first nexus is instructions when executed further configured cause the one or more processors:
to store first component type data in the first database, the first component type data comprising a current component type and one or more historical component types of the first secured component; and
to send one or more network messages to the second nexus, the one or more network messages comprising an identifier of the data object, the first value data, the first access control list data, and the first component type data;
wherein the second nexus is instructions when executed further configured cause the one or more processors:
to store second component type data in the second database, the second component type data comprising a current component type and one or more historical component types of the second secured component;
to compare the first component type data with the second component type data; and
responsive to determining that the first value data matches the second value data, the first access control list data matches the second access control list data, and the first component type data matches the second component type data, to replace, in the second access control list data in the second database, each of the current access control list and the one or more historical access control lists in the second access control list data with the current access control list from the first access control list data.
4. The system of claim 1 , wherein the first secured component and the second secured component are both properties of the data object, the first secured component and the second secured component having the same property name.
5. The system of claim 1 , wherein each access control list in the first access control list data comprises one or more access control items, each access control item comprising a user or a group of users and one or more permissions of the user or the group of users with respect to the first secured component, and wherein each access control list in the second access control list data comprises one or more access control items, each access control item comprising a user or a group of users and one or more permissions of the user or the group of users with respect to the second secured component.
6. The system of claim 1 , wherein the first secured component is a property, a note, or media, and wherein the second secured component is a property, a note, or media.
7. The system of claim 1 , wherein the first nexus is configured instructions when executed further cause the one or more processors to store the first value data in one or more first change records in the first database, each change record of the one or more first change records corresponding to the current value or one of the one or more historical values of the first secured component, and wherein the second nexus is configured instructions when executed further cause the one or more processors to store the second value data in one or more second change records in the second database, each change record of the one or more second change records corresponding to the current value or one of the one or more historical values of the second secured component.
8. The system of claim 1 , wherein the first nexus is configured instructions when executed further cause the one or more processors to format the one or more network messages using an eXtensible Markup Language (XML) or a protocol buffer.
9. The system of claim 1 , wherein the current access control list of the second access control data is the same as the current access control list of the first access control data; and wherein the second nexus is configured instructions when executed further cause the one or more processors to store the current access control list of the first access control data in the second database as the current access control list of the second access control data in response to receiving the one or more network messages.
10. The system of claim 1 , wherein the current value of the second value data is the same as the current value of the first value data; and wherein the second nexus is configured instructions when executed further cause the one or more processors to store the current value of the first value data in the second database as the current value of the second value data in response to receiving the one or more network messages.
11. A method performed by a multimaster system of asynchronous replication among databases, comprising:
a first nexus that operates on a first database performing the steps of: storing first value data in the a first database, the first value data comprising a current value and one or more historical values of a first secured component of a data object, the first secured component associated in the first database with a first secured component identifier, the data object associated in the first database with a data object identifier; storing first access control list data in the first database, the first access control list data comprising a current access control list and one or more historical access control lists governing, with respect to the first database, access to the current value and the one or more historical values of the first secured component; and sending one or more network messages to the second nexus, the one or more network messages comprising an identifier of the data object, the first value data, and the first access control list data;
a second nexus that operates on a second database performing the steps of: storing second value data in the a second database, the second value data comprising a current value and one or more historical values of a second secured component of the data object, the second secured component associated in the second database with a second secured component identifier that is different than the first secured component identifier, the data object associated in the second database with the data object identifier, a change made to the first database to be propagated to the second database; storing second access control list data in the second database, the second access control list data comprising a current access control list and one or more historical access control lists governing, with respect to the second database, access to the current value and the one or more historical values of the second secured component; receiving the one or more network messages related to a change in the first access control list data; comparing the first value data to the second value data; comparing the first access control list data to the second access control list data; and responsive to determining that the first value data matches the second value data and the first access control list data matches the second access control list data, identifying the second secured component as being associated with the first secured component and replacing, in the second database, each of the current access control list and the one or more historical access control lists in the second access control list data with the current access control list from the first access control list data.
12. The method of claim 11 , wherein change records for the first secured component are identified in the first database using a first identifier, wherein change records for the second secured component are identified in the second database using a second identifier, wherein the first identifier cannot be used to identify, in the second database, change records for the second secured component, and wherein the second identifier cannot be used to identify, in the first database, change records for the first secured component.
13. The method of claim 11 , further comprising:
the first nexus performing the steps of: storing first component type data in the first database, the first component type data comprising a current component type and one or more historical component types of the first secured component; sending one or more network messages to the second nexus, the one or more network messages comprising an identifier of the data object, the first value data, the first access control list data, and the first component type data;
the second nexus performing the steps of: storing second component type data in the second database, the second component type data comprising a current component type and one or more historical component types of the second secured component; comparing the first component type data with the second component type data; responsive to determining that the first value data matches the second value data, the first access control list data matches the second access control list data, and the first component type data matches the second component type data, replacing, in the second access control list data in the second database, each of the current access control list and the one or more historical access control lists in the second access control list data with the current access control list from the first access control list data.
14. The method of claim 11 , wherein the first secured component and the second secured component are both properties of the data object, the first secured component and the second secured component having the same property name.
15. The method of claim 11 , wherein each access control list in the first access control list data comprises one or more access control items, each access control item comprising a user or a group of users and one or more permissions of the user or the group of users with respect to the first secured component, and wherein each access control list in the second access control list data comprises one or more access control items, each access control item comprising a user or a group of users and one or more permissions of the user or the group of users with respect to the second secured component.
16. The method of claim 11 , wherein the first secured component is a property, a note, or media, and wherein the second secured component is a property, a note, or media.
17. The method of claim 11 , wherein the first nexus is configured to store the first value data is stored in one or more first change records in the first database, each change record of the one or more first change records corresponding to the current value or one of the one or more historical values of the first secured component, and wherein the second nexus is configured to store the second value data is stored in one or more second change records in the second database, each change record of the one or more second change records corresponding to the current value or one of the one or more historical values of the second secured component.
18. The method of claim 11 , wherein the first nexus is configured to format the one or more network messages are formatted using an eXtensible Markup Language (XML) or a protocol buffer.
19. The method of claim 11 , wherein the current access control list of the second access control data is the same as the current access control list of the first access control data; and wherein the second nexus is configured to store the current access control list of the first access control data is stored in the second database as the current access control list of the second access control data in response to receiving the one or more network messages.
20. The method of claim 11 , wherein the current value of the second value data is the same as the current value of the first value data; and wherein the second nexus is configured to store the current value of the first value data is stored in the second database as the current value of the second value data in response to receiving the one or more network messages.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.