Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2002-06-06
2003-06-10
Shah, Sanjiv (Department: 2172)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000
Reexamination Certificate
active
06578029
ABSTRACT:
TECHNICAL FIELD OF INVENTION
The following invention relates generally to defining user access to computer systems, and in particular, to the ability to define selectively and flexibly the limits of each of a plurality of users' access to the features of one or more applications capable of being run on a computer system.
BACKGROUND OF INVENTION
In an environment such as a shared-resource service bureau environment, where many employees and/or clients have access to a computer system capable of running numerous applications, it is often desirable to have the ability to restrict access by certain users or classes of users to one or more features of such applications. As used herein, the term “features” includes any of the nearly infinite possible application functions such as, by way of example, accessing data from database tables, generating, viewing and printing reports, and sending and/or receiving e-mail.
Presently, such flexibility in restricting user access is unavailable. With respect to restricting access to data, one method presently employed by Oracle® Corporation in its database programs is to limit, at the database level, a user's ability to access particular data tables. Oracle® Corporation accomplishes this by providing for the assignment of “roles” to users which restrict access, not specifically to the data itself, but to the tables holding the data.
The need for more flexibility in restricting access to application features, including the data access feature restricted by the Oracle® roles, can be illustrated by a simple example. The following is a hypothetical data table of confidential financial transactions made by clients A, B and C on the morning of Jun. 15, 1998, where WDRWL indicates a withdrawal, DPST indicates a deposit, and PYMNT indicates a payment.
TABLE 1
Client
Time
Type
Amount
1
A
9:15 A
WDRWL
1000.00
2
B
9:17 A
DPST
2500.00
3
B
9:24 A
DPST
1750.00
4
A
9:35 A
PYMNT
5000.00
5
C
10:02 A
WDRWL
50.46
6
A
10:41 A
DPST
106.08
7
C
10:47 A
PYMNT
530.06
In order to prepare a report regarding the confidential transactions of only client A for the month of June, one needs access to the data in rows 1, 4 and 6, but not rows 2, 3, 5 and 7. Since this data is highly sensitive, restriction of access to the data pertinent only to the assignment (i.e., reporting of client A's transactions) is highly desirable.
In addition, the application used to prepare a report of A's past transactions may have the ability to generate several different types of reports, including reports projecting future performance in addition to showing past performance. Depending on who is given the assignment, it may not be desirable to permit access to both types of report-generating abilities. It may also be undesirable to permit printing of the reports generated.
SUMMARY OF THE INVENTION
In accordance with the present invention, one or more “attributes” are assigned to users of a computer system capable of running numerous applications. Each attribute is a name-value pair wherein the name designates the application feature or features to which access is being defined (e.g., accessing data, generating reports) and the value sets the limits of access (e.g., all or some data). Attributes may be assigned in groups to eliminate the burden of preparing individual attribute assignments for each user.
In accordance with the invention, a system and method are provided for defining a user's ability to run at least one feature of an application. According to the system and method, a user is assigned at least one attribute. The attributes are stored in a table in a database. An application is run by the user and the attributes assigned to the user are retrieved. The attributes are enforced by the application such that the user's access to the features of the application is defined in accordance with the retrieved attributes.
In accordance with a further aspect of the invention, a system and method for defining a user's ability to run at least one feature of an application are provided wherein a group is assigned at least one attribute, and the group is assigned to a user. The group is stored in a table in a database. An application is run by the user and the group assigned to the user is retrieved. The attributes assigned to the group are enforced by the application such that the user's access to the features of the application is defined in accordance with the retrieved attributes.
It is therefore an object of the present invention to provide the ability to selectively define access to application features available to a given user or group of users of a computer system.
It is a further object of the present invention to provide greater flexibility than is presently available in the ability to restrict user access to data contained in table-oriented databases.
For a better understanding of the present invention, together with other and further objects, reference is made to the following description, taken in conjunction with the accompanying drawings and its scope will be pointed out in the appended claims.
REFERENCES:
patent: 5724578 (1998-03-01), Morinaga et al.
patent: 6061684 (2000-05-01), Glasser et al.
patent: 6064656 (2000-05-01), Angal et al.
patent: 6085191 (2000-07-01), Fisher et al.
patent: 6131120 (2000-10-01), Reid
patent: 6161139 (2000-12-01), Win et al.
patent: 6182142 (2001-01-01), Win et al.
patent: 6202066 (2001-03-01), Baakley et al.
patent: 6430549 (2002-08-01), Gershfield et al.
patent: 2 301912 (1996-12-01), None
patent: 95/22792 (1995-08-01), None
patent: 97/49211 (1997-12-01), None
Information Week, Jun. 22, 1998, pp. 54-60, Davis, B., entitled “Sign On Here”.
Oracle 7™ Server Administrator's Guide, Release 7.3, Feb. 1996, Chapter 20, pp. 20-1 through 20-26, entitled “Managing User Privileges and Roles”.
Barger Shawn G.
Gershfield James N.
Baker & Botts LLP
Electronic Data Systems Corporation
Shah Sanjiv
LandOfFree
System and method for selectively defining access to... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for selectively defining access to..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for selectively defining access to... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3134084