Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
1998-12-21
2001-08-14
Alam, Hosain T. (Department: 2172)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000, C707S793000, C705S052000, C705S054000, C709S220000, C709S225000, C713S187000, C713S152000
Reexamination Certificate
active
06275825
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to a data access control apparatus for limiting data access in accordance with user attributes.
In a conventional data access control apparatus for accessing a database in accordance with a relational database management system (RDBMS), access right information is set using a database language “SQL”, and the database access is controlled in accordance with the RDBMS functions. As another method, the access right information is managed by an upper application layer to control access to the database.
In setting or changing an access right using the database language “SQL”, descriptions based on the SQL are required to request the data item name, file name, and retrieval condition corresponding to “SE LECT”, “FROM”, and “WHERE” in the data access SQL statement (SELECT statement). The more the database inquiry conditions are complicated, the larger the work amount becomes. Sophisticated database knowledge and SQL knowledge are required. It is very difficult for a regular operator to set/change the access right using the SQL. At present, the regular operator requests a database manager to set/change the access right.
In the method of managing the access right information by the upper application layer, complicated logic must be installed in an application itself. It is very difficult for even a specialist having
5
advanced knowledge to set/change the access right information. When the database is accessed using another tool, security of the database may be impaired. This method is not suitable for an open environment in which a variety of software applications are present.
The present applicant has proposed a technique (Japanese Patent Application No. 9-149913 entitled “Data Access Control Apparatus and its Program Recording Medium”) which eliminates descriptions based on settings using the database language in setting an access right in accordance with a user attribute to allow a regular operator having no special knowledge to easily set or change an access right, and which does not describe an access right in an application itself to maintain security in an open environment by access control upon analyzing access right information individually managed.
BRIEF SUMMARY OF THE INVENTION
It is an object of the present invention to provide a data access control apparatus which can reduce an operator's load and prevent setting errors of access right information in setting, in units of users, access right information corresponding to each user.
The feature of the present invention is as follows.
A data access control apparatus for limiting access to data on the basis of a user attribute in accessing the data in a database having a plurality of records each constituted by a plurality of data items comprises: user information storage means for storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users; definition means for defining a user group corresponding to contents of the data item representing the user attribute; generation means for generating user group information representing that a user group is made to correspond to each user; access right information storage means for storing access right information in correspondence with the user group, the access right information representing whether access to the data in the database is allowed; and access control means for, when an arbitrary user is designated in accessing the database, determining a user group, to which the arbitrary user belongs, with reference to the user group information generated by the generation means, and determining on the basis of the access right information made to correspond to the determined user group whether access to the data in the database is allowed.
According to the present invention, in setting, in units of users, access right information corresponding to each user, the operator's load can be reduced, and setting errors of the access right information can be prevented. A regular operator having no special knowledge can automatically set access right information without performing settings. Therefore, security of the database can be maintained even in an open environment.
Additional objects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out hereinafter.
REFERENCES:
patent: 5057996 (1991-10-01), Cutler et al.
patent: 5129083 (1992-07-01), Cutler et al.
patent: 5265221 (1993-11-01), Miller
patent: 5497418 (1996-03-01), Kudelski
patent: 5915019 (1999-06-01), Ginter et al
patent: 5944794 (1999-08-01), Okamoto et al.
patent: 5991751 (1999-11-01), Rivette et al.
patent: 5999766 (1999-12-01), Hisatomi et al.
patent: 6119132 (2000-09-01), Kuwano
patent: 6178422 (2001-01-01), Tada et al.
patent: 10-326213 (1998-12-01), None
Dewan, Prasun et al., “Controlling Access in Multiuser Interfaces”, ACM Transactions on Computer-Human Interaction, vol. 5, No. 1, Mar. 1998, pp. 34-62.*
Kang, Sukhoon et al., “An Integrated Access Control In Heterogeneous Distributed Database Systems”, IEEE Region 10 International Conference, TENCON '92, Nov. 11-13 1992, vol. 1, pp. 222-226.*
Oki, Y. et al., “A Design Method for Data Integrity in Object-Oriented Database Systems”, Proceedings of IEEE Singapore International Conference on Networks, Jul. 3-7 1995, pp. 204-209.*
Chor, Leong Peng et al., “Group Accesses With Smart Card And Threshold Scheme”, Proceedings of the IEEE Region 10 Conference, TENCON 99, Sep. 15-17 1999, vol. 1, pp. 415-418.*
S. P. Deng et al, “A Dynamic Access Control Model for Object-Oriented System”,Proceedings of the International Carnahan Conference on Security Technology, New York, US, IEEE, Oct. 13-15, 1993, pp. 159-163.
S. H. Von Solms et al, “The management of computer security profiles using a role-oriented approach”,Computers&Security, vol. 13, No. 8, 1994, pp. 673-680.
Database WPI, Week 9908, Derwent Publications Ltd., London, GB; AN 1999-091335, XP002129060 & JP 10 326213 A (Casio Computer Co. Ltd.), Dec. 8 1998.
Isomura Kunihiko
Kobayashi Yo-ichi
Machida Tomohiro
Alam Hosain T.
Alam Shahid
Casio Computer Co. Ltd.
Frishauf, Holtz Goodman, Langer & Chick, P.C.
LandOfFree
Data access control apparatus for limiting data access in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data access control apparatus for limiting data access in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data access control apparatus for limiting data access in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2498255