Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2000-03-31
2004-05-04
Vu, Kim (Department: 2172)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000, C707S793000, C713S182000, C713S183000
Reexamination Certificate
active
06732100
ABSTRACT:
FIELD OF THE INVENTION
The invention relates to determination and granting of access to data and files by the file or database creator, owner or manager or by group or user access profiles.
BACKGROUND
Current database management applications and especially the access subsystems thereof support what could be called a “Single Organization Model”. This means that all users of a system, even though they may work in various divisions of a company or various channels of a marketing organization, or even different entities leasing portions of the same database through a common vendor or service organization, are deemed to ultimately work for the same organization, and that organization is at the root of the organizational hierarchy.
Present access control mechanisms, built on the “Single Organization Model,” are cumbersome when applied to multi-divisional or multi-channel organizations or to multi-tenant databases.
This is because present access authorization systems are adapted to: (1) partition data to show users only those records that they or their position have been granted visibility to, and (2) show users all “global” data in a particular dataset. However, absent cumbersome “work arounds” present access authorization subsystems do not have the ability to partition data at the organizational or channel level. This makes it impossible, for instance, for companies using the “e-channel marketing” paradigm that do business in multiple countries in Europe to maintain separate price lists for each country and have only those price lists that are appropriate for a region or country be accessible. This cumbersome access control also makes it difficult for multiple small financial service organizations to outsource database and telephone support operations to a common vendor while preserving customer confidentiality.
SUMMARY
The invention is a database management system and a method of using the system. The system has an access control subsystem, and is characterized by a plurality of user entries representing users seeking access to data items, where each of the user entries has at least one organizational access attribute. The data stored in the underlying database has a plurality of data items. Each of the data items may be a data file, a data field within a data file, or a view of a data items. Selected ones of the data items have at least one organizational access attribute. This organization attribute is used by the access control subsystem. The access control subsystem receives a database query from a user requesting access to one or more of the data items. The access control subsystem reads the user's organizational access attributes, and reads the data item's organizational access attributes. The access control subsystem then presents data items to the user to which the user has access authorization.
In one embodiment of the invention, particularly useful in channel marketing and in multi-divisional enterprises, the database files have a plurality of fields, and the users have personal, positional, and organizational attributes, and are divisible into multiple membership sets based upon organizational attributes. The database views are visible to users based upon the personal, positional, and organizational attributes of the users.
The data files and fields may extend across organizations, or they may be disjoint, extending to only one organization. Likewise, the users may be in overlapping organizations, or in only one organization.
According to this embodiment of the invention, the views visible to a user are determined by the user's organizational and positional attributes, and the view files are determined by a user's organizational and/or positional attributes. In a still further embodiment, the view files are determined by a user's organizational attributes, and view fields are determined by a user's positional attributes.
In an alternative embodiment of the invention a plurality of organizations exclusively own individual data files in the database management system. An individual data file has a single owner. The access control subsystem is configured to authorize a customer of the owner organization to have access to their own data items and to grant access to their own data items to an additional user, for example, a telephone service representative, while the customer accesses the data items. The customer can authorize the additional user to access and update the data item.
In this embodiment, the database system may be regarded as a partitionable database with a plurality of separate virtual databases. Each of the separate virtual databases may have a unique database owner, and a user can only access files in a virtual database to which the user has access authorization from the database owner.
The separate virtual databases may be disjoint, for example with common ownership or separate and unique owners. Access may depend upon authorization from the database owner to access either the database or a file within the database, and where the user requesting access is not the owner of the file, access may require authorization from the owner of the file. This situation typically occurs in a multi-tenant database having a plurality of tenants, where each tenant is the owner of a separate virtual database, and at least two of the tenants utilize a common call center service, as is the case with a large financial institution servicing the customer accounts of other financial institutions.
REFERENCES:
patent: 5335346 (1994-08-01), Fabbio
patent: 5778357 (1998-07-01), Kolton et al.
patent: 5941947 (1999-08-01), Brown et al.
patent: 6085191 (2000-07-01), Fisher et al.
patent: 6253203 (2001-06-01), O'Flaherty et al.
patent: 6275825 (2001-08-01), Kobayashi et al.
patent: 6349294 (2002-02-01), Shaath et al.
patent: 6499059 (2002-12-01), Banzhaf
Annadata Anil
Brodersen Karen
Chen Mingte J.
Malden Matthew S.
Rothwein Thomas M.
Perkins Coie LLP
Siebel Systems Inc.
Soong James W.
Vu Kim
Woo Isaac
LandOfFree
Database access method and system for user role defined access does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Database access method and system for user role defined access, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Database access method and system for user role defined access will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3262704