Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
1998-07-17
2002-08-06
Shah, Sanjiv (Department: 2172)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000
Reexamination Certificate
active
06430549
ABSTRACT:
TECHNICAL FIELD OF INVENTION
The following invention relates generally to defining user access to computer systems, and in particular, to the ability to define selectively and flexibly the limits of each of a plurality of users' access to the features of one or more applications capable of being run on a computer system.
BACKGROUND OF INVENTION
In an environment such as a shared-resource service bureau environment, where many employees and/or clients have access to a computer system capable of running numerous applications, it is often desirable to have the ability to restrict access by certain users or classes of users to one or more features of such applications. As used herein, the term “features” includes any of the nearly infinite possible application functions such as, by way of example, accessing data from database tables, generating, viewing and printing reports, and sending and/or receiving e-mail.
Presently, such flexibility in restricting user access is unavailable. With respect to restricting access to data, one method presently employed by Oracle® Corporation in its database programs is to limit, at the database level, a user's ability to access particular data tables. Oracle® Corporation accomplishes this by providing for the assignment of “roles” to users which restrict access, not specifically to the data itself, but to the tables holding the data.
The need for more flexibility in restricting access to application features, including the data access feature restricted by the Oracle® roles, can be illustrated by a simple example. The following is a hypothetical data table of confidential financial transactions made by clients A, B and C on the morning of Jun. 15, 1998, where WDRWL indicates a withdrawal, DPST indicates a deposit, and PYMNT indicates a payment.
TABLE 1
Client
Time
Type
Amount
1
A
9:15A
WDRWL
1000.00
2
B
9:17A
DPST
2500.00
3
B
9:24A
DPST
1750.00
4
A
9:35A
PYMNT
5000.00
5
C
10:02A
WDRWL
50.46
6
A
10:41A
DPST
106.08
7
C
10:47A
PYMNT
530.06
In order to prepare a report regarding the confidential transactions of only client A for the month of June, one needs access to the data in rows 1, 4 and 6, but not rows 2, 3, 5 and 7. Since this data is highly sensitive, restriction of access to the data pertinent only to the assignment (i.e., reporting of client A's transactions) is highly desirable.
In addition, the application used to prepare a report of A's past transactions may have the ability to generate several different types of reports, including reports projecting future performance in addition to showing past performance. Depending on who is given the assignment, it may not be desirable to permit access to both types of report-generating abilities. It may also be undesirable to permit printing of the reports generated.
SUMMARY OF THE INVENTION
In accordance with the present invention, one or more “attributes” are assigned to users of a computer system capable of running numerous applications. Each attribute is a name-value pair wherein the name designates the application feature or features to which access is being defined (e.g., accessing data, generating reports) and the value sets the limits of access (e.g., all or some data). Attributes may be assigned in groups to eliminate the burden of preparing individual attribute assignments for each user.
In accordance with the invention, a system and method are provided for defining a user's ability to run at least one feature of an application. According to the system and method, a user is assigned at least one attribute. The attributes are stored in a table in a database. An application is run by the user and the attributes assigned to the user are retrieved. The attributes are enforced by the application such that the user's access to the features of the application is defined in accordance with the retrieved attributes.
In accordance with a further aspect of the invention, a system and method for defining a user's ability to run at least one feature of an application are provided wherein a group is assigned at least one attribute, and the group is assigned to a user. The group is stored in a table in a database. An application is run by the user and the group assigned to the user is retrieved. The attributes assigned to the group are enforced by the application such that the user's access to the features of the application is defined in accordance with the retrieved attributes.
It is therefore an object of the present invention to provide the ability to selectively define access to application features available to a given user or group of users of a computer system.
It is a further object of the present invention to provide greater flexibility than is presently available in the ability to restrict user access to data contained in table-oriented databases.
For a better understanding of the present invention, together with other and further objects, reference is made to the following description, taken in conjunction with the accompanying drawings and its scope will be pointed out in the appended claims.
REFERENCES:
patent: 4852001 (1989-07-01), Tsushima et al.
patent: 5117353 (1992-05-01), Stipanovich et al.
patent: 5164897 (1992-11-01), Clark et al.
patent: 5283731 (1994-02-01), Lalonde et al.
patent: 5416694 (1995-05-01), Parrish et al.
patent: 5459859 (1995-10-01), Senda
patent: 5592375 (1997-01-01), Salmon et al.
patent: 5671409 (1997-09-01), Fatseas et al.
patent: 5724578 (1998-03-01), Morinaga et al.
patent: 5734828 (1998-03-01), Pendse et al.
patent: 5754850 (1998-05-01), Janssen
patent: 5758324 (1998-05-01), Hartman et al.
patent: 5778181 (1998-07-01), Hidary et al.
patent: 5799285 (1998-08-01), Klingman
patent: 5799304 (1998-08-01), Miller
patent: 6061684 (2000-05-01), Glasser et al.
patent: 6064656 (2000-05-01), Angal et al.
patent: 6085191 (2000-07-01), Fisher et al.
patent: 6131120 (2000-10-01), Reid
patent: 6161139 (2000-10-01), Win et al.
patent: 6182142 (2001-01-01), Win et al.
patent: 6202066 (2001-03-01), Baokley et al.
patent: 2 301912 (1996-12-01), None
patent: 95/22792 (1995-08-01), None
patent: 97/49211 (1997-12-01), None
Information Week, Jun. 22, 1998, pp. 54-60, Davis, B., entitled “Sign On Here”.
Oracle7™ Server Administrator's Guide, Release 7.3, Feb. 1996, Chapter 20, pp. 20-1 through 20-26, entitled “Managing User Privileges and Roles”.
Barger Shawn G.
Gershfield James N.
Baker & Botts LLP
Electronic Data Systems Corporation
Shah Sanjiv
LandOfFree
System and method for selectivety defining access to... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for selectivety defining access to..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for selectivety defining access to... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2923725