US20090222449A1 - Controlling access to a database using database internal and external authorization information - Google Patents
Controlling access to a database using database internal and external authorization information Download PDFInfo
- Publication number
- US20090222449A1 US20090222449A1 US12/390,184 US39018409A US2009222449A1 US 20090222449 A1 US20090222449 A1 US 20090222449A1 US 39018409 A US39018409 A US 39018409A US 2009222449 A1 US2009222449 A1 US 2009222449A1
- Authority
- US
- United States
- Prior art keywords
- database
- external
- access
- account
- internal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Definitions
- the present invention relates to databases and, more particularly, to controlling access to a database.
- Databases are used to store data in a manner that facilitates subsequent use of the data.
- a database typically includes several tables containing one or more records.
- a record in a table stored in the database can hold information about a subject or item in its various fields.
- Database programs have been developed.
- Database programs often provide a user interface, which allows the user to conveniently interact with the database program in order to perform various operations on the data stored in the database.
- the interface provided by the database program is typically a graphical user interface which allows the user to conveniently interact with the database program and, in turn, with the database.
- the user may interact with the graphical user interface to, for example, view the data in various ways.
- the visual representations provided to the user can include, for example, a browse mode. The browse mode allows records to be viewed, changed, sorted, deleted, or added.
- a database program allows users to conveniently access data stored in a local database.
- a database program (or product) could also be provided as database server (or host), which allows a client (or a guest) to access data in a database, which is stored in a remote location with respect to the client.
- a first database program can, for example, be connected to a second database program over a computer network.
- one database program can act as a “client” (or guest) and establish a connection to the other database program which acts as “server” (or host) to a database.
- the client database program can, in turn, provide the end-user (e.g., a human, or application program) with access to data, which is stored remotely.
- Conventional database server programs can be configured only to grant access to a database based on a set of database accounts, which are typically defined by a database administrator, or alternatively grant access based on a set of operating system accounts which are typically defined by a system administrator.
- These operating system accounts are typically a set of general purpose accounts associated with different category of access privilege (e.g., “admin,” “manager,” “data-entry-only”).
- access privileges are typically assigned to several different users. For example, several different individuals may be assigned the access level “manager.” This approach, however, does not allow a particular user to be identified when an external account is used, and thus may not adequately support a secure environment and/or allow monitoring (or logging) activities initiated using external accounts.
- access privileges cannot be easily modified (or updated) when general categories of access privileges are used (because access privilege is not defined per individual users). For example, if a particular manager leaves, the “manager” access level should be changed to security reasons. As a result, several other managers may have to be assigned a new access-level.
- conventional techniques do not allow configuring a server database product (or program) such that both database and operating system accounts can be used together to control access to a database.
- conventional database server products control access to a database either entirely based on non-database accounts (e.g. operating system accounts), or entirely based on a set of identifiers (e.g., access keys), which are typically maintained and administered separately from the non-database accounts.
- the invention pertains to techniques for controlling access to a database.
- sets of database “internal” and “external” (or non-database) access-privileges are defined for a database.
- An “external” database component can, for example, be any component that resides outside a database system, program, or product that is used as interface to access a database.
- corporate accounts which are generally used in many corporate environments (e.g., operating system accounts) can be defined as database “external” accounts in accordance with one embodiment of the invention.
- the database external access-privileges are used in conjunction with a set of complementary database “internal” access privileges defined for database internal accounts.
- sets of database “internal” and “external” access-privileges are can be combined to generate an integrated access-privilege set which can be used as a single source to authorize access to a database regardless of whether database internal or external accounts are used to access the database.
- the invention can be used to seamlessly integrate databases with various non-database entities (e.g., corporate computing systems).
- non-database accounts may be authenticated externally, but access can be authorized using a database component (e.g., a server-side database component).
- databases can be integrated with various non-database entities, while authentication of non-database accounts is still performed by database external entities that are generally more preferred to authenticate their own accounts.
- the invention can be implemented to control access with respect to both database internal and external accounts, which can be used to seek access to the database.
- access to the database can be controlled using the same authentication information (e.g., username and password of an operating system account) regardless of whether the database is internally or externally accessed.
- This can be achieved by defining and using database “internal” and “external” access-privileges in a manner that allows combining them together and using them as an integrated access-privilege set arranged in accordance with assigned priority of authorized access.
- database internal and external access privileges may be conveniently defined and maintained in a central location, by a single entity that does not have to be a database administrator (e.g., a system or server administrator).
- a database administrator can still access the database using a database internal account regardless of which server or external (“non-database”) authenticator has been chosen by the non-database administrator (e.g., a system or server administrator) to authenticate database users.
- the invention can be implemented in numerous ways, including as a method, an apparatus, a computer readable medium, and a database products, program, or system. Several embodiments of the invention are discussed below.
- FIG. 1 depicts a computing environment in accordance with embodiment of the invention.
- FIG. 2 depicts a server-side database component 108 in accordance with one embodiment of the invention.
- FIG. 3 depicts an authorizing access method for authorizing access to a database in accordance with one embodiment of the invention.
- FIG. 4 depicts an authorizing access method for authorizing access to a database in accordance with another embodiment of the invention.
- FIG. 5 depicts a method for determining whether access to a database should be granted based on database external or internal authorization information in accordance with one embodiment of the invention.
- FIG. 6 depicts a “Define Accounts and Privileges” panel in accordance with one embodiment of the invention.
- FIG. 7 and FIG. 8 respectively depict “Edit Account” panels used to edit (or create) database external and internal authorization information.
- sets of database “internal” and “external” (or non-database) access-privileges are defined for a database.
- An “external” database component can, for example, be any component that resides outside a database system, program, or product that is used as interface to access a database.
- corporate accounts which are generally used in many corporate environments (e.g., operating system accounts) can be defined as “external” database accounts in accordance with one embodiment of the invention.
- the database external access-privileges are used in conjunction with a set of complementary database “internal” access privileges defined for database internal accounts.
- sets of database “internal” and “external” access-privileges are can be combined to generate an integrated access-privilege set which can be used as a single source to authorize access to a database regardless of whether database internal or external accounts are used to access the database.
- the invention can be used to seamlessly integrate databases with various non-database entities (e.g., corporate computing systems).
- non-database accounts may be authenticated externally, but access can be authorized using a database component (e.g., a server-side database component).
- databases can be integrated with various non-database entities, while authentication of non-database accounts is still performed by database external entities that are generally more preferred to authenticate their own accounts.
- the invention can be implemented to control access with respect to both database internal and external accounts, which can be used to seek access to the database.
- access to the database can be controlled using the same authentication information (e.g., username and password of an operating system account) regardless of whether the database is internally or externally accessed.
- This can be achieved by defining and using database “internal” and “external” access-privileges in a manner that allows combining them together and using them as an integrated access-privilege set arranged in accordance with assigned priority of authorized access.
- database internal and external access privileges may be conveniently defined and maintained in a central location, by a single entity that does not have to be a database administrator (e.g., a system or server administrator).
- a database administrator can still access the database using an internal database account regardless of which server or external (“non-database”) authenticator has been chosen by the non-database administrator (e.g., a system or server administrator) to authenticate database users.
- FIG. 1 depicts a computing environment 100 in accordance with embodiment of the invention.
- a plurality of client computers 102 and 104 can communicate with a server computer 108 via a network 106 .
- this communication may be established using a variety of existing wired or wireless communication protocols, hardware, and software components, which will not be discussed further.
- the client computer 102 includes a client-side database component 110 that can be used to initiate communication with a server-side database component 112 operating in the server computer 108 .
- the client-side database component 110 is used in order to access data stored in a database 114 .
- a user (or application) 116 can initiate a request to access data using the client-side database component 110 .
- This request may, for example, be initiated as a result of the user 116 requesting to list or open one or more database files stored in the database 114 .
- the user 116 may, for example, use a monitor 110 or a wireless phone 142 to access the client computer 102 .
- a request to access database 114 can be initiated by the client-side database component 102 , and transmitted via network 106 to the server-side database component 112 .
- the server-side database component 112 can initiate an authentication process when it receives the request to access database 114 .
- this authentication process authenticates the user 116 of the client computer 102 .
- the user 116 may have used a [user-id and password] to login to the client computer 102 .
- the server-side database component 112 initially authenticates the user 116 by sending the [user-id and password] to an external authenticator 118 for authentication before access to the database 114 is granted.
- the external authenticator 118 can, for example, be an operating system account manager (e.g., Active Directory in Windows operating environment, Open Directory in MAC operating environment).
- authentication information 150 can be made available as a block of data that is forwarded to the external authenticator 118 for authentication.
- the external authenticator 118 can, for example, decode and/or decrypt the block of data in order to authenticate the user 116 .
- the external authenticator 118 notifies the server-side database component 112 that the user 116 has been authenticated.
- the external authenticator 118 can send authorization information 152 , for example, as one or more privilege-identifiers, which are associated with the authentication-information 150 (e.g., user-id and password) of the authenticated user.
- a privilege-identifier may be a group-name that is also used in operating system accounts of corporate computing environments.
- a privilege-identifier may associate a user with a group that has certain privileges with respect to data stored in a database (e.g. a group name used in Active Directory in Windows operating environment).
- the server-side database component 112 can initiate an authorization process, which determines the privileges, which have been assigned to the user 116 with respect to database 112 (i.e., access-level privileges).
- sets of database internal information 120 e.g., database account information
- database external information 122 e.g., database external authentication information
- the database internal information 120 is defined as a set of database internal accounts that include both authentication information (e.g., name and password) with associated authorization information (e.g., an access-privilege set), while the database external 122 information includes external authorization information (e.g., group-names with associated access-privileges).
- the database external information 122 does not need to include external authentication information. As such, there is no need to store external authentication information in a database, and external authentication may be independently performed by a database external entity (e.g., an external authenticator). Moreover, the set of database internal and external information can combined to generate an integrated access-privilege set 180 which is used to control access to the database.
- a database external entity e.g., an external authenticator
- the server-side database component 112 can determine access-level privileges of user 116 even though the user may have been externally authenticated by the external authenticator 118 . More particularly, the server-side database component 112 can be configured to use the authorization information 152 sent by the external authenticator 118 and compare it with the generated integrated access-privilege set 160 in order to authorize the user 116 as a database internal or external account. Moreover, the server-side database component 112 can use the authentication information 152 in a manner that allows integration of external accounts (e.g. corporate accounts) used by various environments with database internal accounts. As will be discussed below, this integration allows authorized use of both database internal and external accounts, which attempt to access the database.
- external accounts e.g. corporate accounts
- an administrator-side database component e.g., an administrative tool
- an administrator-side database component 160 may also be provided to allow an administrator 162 to administrate the database 114 via server-side database component 112 . Both users and administrators can be provided with authorized access in essentially the same manner. As such, authorization of user will be further discussed.
- FIG. 2 depicts in greater detail the server-side database component 108 (shown in FIG. 1 ) in accordance with one embodiment of the invention.
- the server-side database component 108 includes an authentication interface 202 which can communicate with the external authenticator 118 (also shown in FIG. 1 ).
- a database engine 204 is connected to the authentication interface 202 and database 114 .
- authentication information 150 is forwarded, by the authentication interface 202 , to the external authenticator 118 , which initiates an authentication process. If the authentication process successfully authenticates the user associated with the authentication information 150 , the external authenticator 118 determines authorization information 152 associated with the user and forwards it to the authentication interface 202 .
- authentication information 150 may be in the form of a name and a password set (e.g., Bob and xx) which is forwarded by the authentication interface 202 to the external authenticator 118 .
- the authentication information 150 e.g., Bob, xx
- the authentication information 150 may be explicitly known, or may be forwarded as a block of data without the server-side database component 108 (or authentication interface 202 ) having explicit knowledge of its content.
- the external authenticator 118 can initiate an authentication process, which if successful, may result in transmission of authorization information 152 to the authentication interface 202 .
- the authorization information 152 includes database external privilege-identifiers associated with access privileges of the authenticated user. As such, authorization information 152 can provide access-level privileges that have been defined for the authenticated user for an operating system.
- these access privileges for a database may also be defined in a similar manner as privileges defined in corporate accounts (e.g. operating system accounts) in accordance with one embodiment of the invention.
- group-names may be defined and associated with various user names and passwords in a set of database external authorization information 122 , which is defined for the database 114 and can be stored in the database 114 .
- group matches e.g., Software, Manager Level-3 group
- group matches e.g., Software, Manager Level-3 group
- group names may also be defined for the database 114 and provided in the set of database external authorization information 122 , which defines access privileges, assigned to each group-name.
- group-names: “Software group” and “Manager Level-3” may respectively be associated with “read-only” and “Admin” access privileges.
- a name and a password pair used to sign into a corporate computing system (e.g., operating system account) can effectively also be assigned privileges with respect to accessing a database.
- the same name and password pair may be assigned access privileges and be stored in the database internal account 120 .
- database internal authorization information may be defined, for example, to associate a name and a password pair (Bob, xx) with “read-only” access privilege.
- both internal and external authorization information stored respectively in the database internal accounts 120 and database external authorization information 122 can be used together to determine access-privileges of a user with respect to the database 114 .
- an order field 230 can be provided for both the database internal accounts 120 and database external authorization information 122 .
- the order field may be used to determine whether a user account should be considered as an internal or external database account.
- the authorization information 152 includes a name, password, and one or more associated group-names (e.g., Bob, xx, Software, and Manager Level-3 group names)
- the internal and external authorization information 120 and 122 of the database 114 can be searched in accordance with the particular order indicated by the order field.
- the order field could be used to effectively generate an integrated access-privilege set 180 , which, among other things, can be displayed, for a user to allow convenient creating and maintenance of an integrated access-privilege set.
- authorization information 152 (Bob, xx), which is also associated with group names: Software and Manager Level-3, would be matched as an internal database account with “read-only” privilege (Order 2).
- authorization information (Tom, yy), associated with Hardware and Engineering Level-1 groups, may be matched to an external database account with access privilege of: “read-only” (Order 5).
- each of the external accounts may additionally be assigned a weight which is added to individual priority assigned to each account (e.g., an order) in order to determine which access levels should be used.
- FIG. 3 depicts an authorizing access method 300 for authorizing access to a database in accordance with one embodiment of the invention.
- a request to access the database is received ( 302 ). This request is typically received from a user on a local (or client) computer who is attempting to access a remote database via a server.
- the request to access the database is received ( 302 )
- integrated authorization information is obtained or received ( 306 ). Again, the authorization is typically associated with a user on a local computer who is attempting to access data stored on a server in a remote location.
- authorization access method 300 determines whether authorization should be made as an internal account. If it is determined ( 310 ) that authorization should not be made as an internal account, error is output ( 306 ), and the authorizing access method 300 ends. However, if it is determined ( 310 ) that authorization should be made as an internal account, access privileges are determined based on authorization information stored as internal account information and the authorizing access method 300 ends. On the other hand, if it is determined ( 308 ) that authorization should be made as an external account, access privileges are determined ( 314 ) based on database external authorization information. The authorization access method 300 ends following operations ( 314 ) or ( 312 ). Determination ( 314 ) will be described in greater detail below. The determination of whether authorization should be made as an external account ( 308 ) or an internal account ( 312 ) will also be described below.
- FIG. 4 depicts, in greater detail, an authorizing access method 400 for authorizing access to a database in accordance with another embodiment of the invention.
- a user on a local computer explicitly requests or triggers access ( 402 ) to a remote database.
- the remote database is typically accessed via a server.
- authorization information associated with the users' account is obtained ( 404 ).
- the authorization information can be a user name and a password.
- the same user-name (or user-id) and password are used by the user to sign into a local computer.
- the user name and password may, for example, correspond to an operating system account.
- the authorization information when the authorization information is obtained ( 404 ), the authorization information, (e.g., user name and password) are forwarded ( 406 ) to an external authenticator.
- the external authenticator is associated with the operating system or platform of the local computer that the user has signed into.
- the authorizing access method 400 ends. However, if it is determined ( 408 ) that the external authentication was successful, it is determined ( 412 ) whether any group names have been assigned to the authentication information, (e.g., user name and password). If it is determined ( 412 ) that a group name has not been associated or assigned to the authentication information, a database internal account is used ( 414 ) in order to authorize access to the database. More particularly, a determination is made ( 414 ) as to which internal account matches the authentication information, (e.g., user name and password).
- the authentication information e.g., user name and password
- an internal account matches the authentication information. Accordingly, if it is determined ( 416 ) that an internal database account matches the authentication information, access privileges are granted ( 418 ) based on the matching authorization information in the database internal account, and the authorizing access method 400 ends. However, if it is determined ( 416 ) that a database internal account which matches the authorization information was not found, an error is output ( 410 ), and the authorizing access method 400 ends.
- the authorization access method 400 ends following determination ( 422 ) of whether access privileges should be granted from an external account or an internal account. In other words, upon successful validation of authorization information, access may be granted based on either internal or external account information.
- FIG. 5 depicts a method 422 for determining whether access to a database should be granted based on database external or internal authorization information in accordance with one embodiment of the invention.
- authorization information is received ( 501 ).
- the authorization information is associated with a user seeking access to a database, and may include both internal authorization information (e.g., [name, password]), and external authorization information (e.g., one or more group-names).
- authorization information may include: a user name: Bob, password: XX, and matching group-names: software and manager level-3 (also shown in FIG. 2 ).
- an ordered list of all internal and external authorization information which has been defined for the database, is initially obtained ( 502 ).
- internal and external authorization information may, for example, be stored for each database that is made available to both local and remote users.
- Each of the internal and external authorization information may, for example, be provided in a table that includes an order or priority assigned (e.g., internal account information 120 and external authorization information 122 shown in FIG. 2 ).
- an ordered list of all internal and external authorization information e.g., an integrated access privilege set
- the method 422 operates to compare the authentication information received ( 501 ) with this ordered list ( 502 ).
- the first item in the ordered list (e.g., Sam, ZZ, order 1) is read ( 504 ).
- the determination ( 506 ) may, for example, be made by providing an external or internal field or flag for each item in the ordered list. If it is determined ( 506 ) that the item is not associated with an external account (i.e., the item is associated with an internal account), it is determined ( 508 ) whether the item matches the portion of the authorization information that corresponds to an internal account.
- the authorization information corresponding to an external account may also be arranged in order.
- group-names may be arranged in accordance with an access-priority, and be considered in the order of access-priority.
- access is granted ( 510 ) based on privileges defined in the item.
- the next item in the ordered list can be read ( 520 , 522 ). If it is determined ( 530 , 532 ) that last item in the ordered list has been read, but no match has been found, access is denied ( 540 ), and the authorization method 422 ends.
- FIGS. 6 , 7 and 8 depict representative screens, which are generated by a graphical user interface provided for accessing a server-side database product (or program) in accordance with one aspect of the invention. More particularly, the graphical user interface can be used to manage internal and external authorization information respectively for database internal and external accounts.
- FIG. 6 depicts a “Define Accounts and Privileges” panel in accordance with one embodiment of the invention.
- FIG. 6 shows several database internal accounts (labeled as FileMaker) and database external accounts (labeled as External Server) are displayed.
- FileMaker database internal accounts
- External Server database external accounts
- both database internal and external accounts may be managed using the panel depicted in FIG. 6 .
- authentication and/or authorization can occur based on the order, which appears in the panel, and so on.
- FIG. 7 and FIG. 8 respectively depict “Edit Account” panels used to edit (or create) database external and internal authorization information.
- an “Edit Account” panel may be used to define a group name and a privilege set when an external server is chosen for authentication.
- the “Edit Account” panel may also be used to define a database internal account (i.e., FileMaker), which can be authenticated internally by the database server.
- various privileges e.g., “Full Access, “Data Entry Only” may be defined for different database internal or external accounts.
- One advantage is that the invention that database and non-database access-privileges can be integrated and used to control access to a database.
- Another advantage of the invention is that is possible to externally authenticate non-database accounts by database external authenticator, while access to the database is authorized by a database component.
- Yet another advantage of the invention is that it is possible to define database internal accounts that can be used to access the database regardless of which database external server or authenticator is used.
- Still another advantage of the invention is that it is possible to use operating system account used in many existing corporate environments as external database accounts that are also authorized to access a database.
Abstract
Techniques for using both database internal and database external authorization information to control access to a database are disclosed. Corporate accounts which are generally used in many corporate environments (e.g., operating system accounts) can be defined as “external” database accounts with database external authorization information that define database external access privileges for a database. The database external access-privileges are used in conjunction with a set of complementary database “internal” access privileges defined for database internal accounts. An integrated access-privilege set is generated and used as a single source to authorize access to a database regardless of whether database internal or external accounts are used to access the database. As a result, databases can be integrated with various non-database entities (e.g., corporate computing systems).
Description
- This application is a continuation of U.S. patent application Ser. No. 11/048,834, filed on Feb. 1, 2005, and entitled “CONTROLLING ACCESS TO A DATABASE USING DATABASE INTERNAL AND EXTERNAL AUTHORIZATION INFORMATION,” which is hereby incorporated herein by reference and from which priority under 35 U.S.C. § 120 is claimed.
- The present invention relates to databases and, more particularly, to controlling access to a database.
- Databases are used to store data in a manner that facilitates subsequent use of the data. Typically, a database includes several tables containing one or more records. A record in a table stored in the database can hold information about a subject or item in its various fields.
- To allow a user to more easily access and manage data stored in databases, database programs have been developed. Database programs, among other things, often provide a user interface, which allows the user to conveniently interact with the database program in order to perform various operations on the data stored in the database. The interface provided by the database program is typically a graphical user interface which allows the user to conveniently interact with the database program and, in turn, with the database. The user may interact with the graphical user interface to, for example, view the data in various ways. The visual representations provided to the user can include, for example, a browse mode. The browse mode allows records to be viewed, changed, sorted, deleted, or added.
- As noted above, a database program allows users to conveniently access data stored in a local database. It should be noted that a database program (or product) could also be provided as database server (or host), which allows a client (or a guest) to access data in a database, which is stored in a remote location with respect to the client. Generally, a first database program can, for example, be connected to a second database program over a computer network. In any case, one database program can act as a “client” (or guest) and establish a connection to the other database program which acts as “server” (or host) to a database. The client database program can, in turn, provide the end-user (e.g., a human, or application program) with access to data, which is stored remotely.
- Conventional database server programs (or products), however, can be configured only to grant access to a database based on a set of database accounts, which are typically defined by a database administrator, or alternatively grant access based on a set of operating system accounts which are typically defined by a system administrator. These operating system accounts are typically a set of general purpose accounts associated with different category of access privilege (e.g., “admin,” “manager,” “data-entry-only”).
- These different categories of access privileges are typically assigned to several different users. For example, several different individuals may be assigned the access level “manager.” This approach, however, does not allow a particular user to be identified when an external account is used, and thus may not adequately support a secure environment and/or allow monitoring (or logging) activities initiated using external accounts. In addition, access privileges cannot be easily modified (or updated) when general categories of access privileges are used (because access privilege is not defined per individual users). For example, if a particular manager leaves, the “manager” access level should be changed to security reasons. As a result, several other managers may have to be assigned a new access-level.
- Moreover, conventional techniques do not allow configuring a server database product (or program) such that both database and operating system accounts can be used together to control access to a database. In other words, conventional database server products control access to a database either entirely based on non-database accounts (e.g. operating system accounts), or entirely based on a set of identifiers (e.g., access keys), which are typically maintained and administered separately from the non-database accounts.
- As database products are more commonly used to access databases in corporate environments, the need for integration of databases with corporate computing systems becomes more prevalent. Accordingly, improved techniques for controlling access to databases are needed.
- Broadly speaking, the invention pertains to techniques for controlling access to a database.
- In accordance with one aspect of the invention, sets of database “internal” and “external” (or non-database) access-privileges are defined for a database. An “external” database component can, for example, be any component that resides outside a database system, program, or product that is used as interface to access a database. It will be appreciated that corporate accounts which are generally used in many corporate environments (e.g., operating system accounts) can be defined as database “external” accounts in accordance with one embodiment of the invention. In general, the database external access-privileges are used in conjunction with a set of complementary database “internal” access privileges defined for database internal accounts. In addition, sets of database “internal” and “external” access-privileges are can be combined to generate an integrated access-privilege set which can be used as a single source to authorize access to a database regardless of whether database internal or external accounts are used to access the database. As such, the invention can be used to seamlessly integrate databases with various non-database entities (e.g., corporate computing systems). It should also be noted that non-database accounts may be authenticated externally, but access can be authorized using a database component (e.g., a server-side database component). Hence, databases can be integrated with various non-database entities, while authentication of non-database accounts is still performed by database external entities that are generally more preferred to authenticate their own accounts.
- As will be described below, the invention can be implemented to control access with respect to both database internal and external accounts, which can be used to seek access to the database. Moreover, access to the database can be controlled using the same authentication information (e.g., username and password of an operating system account) regardless of whether the database is internally or externally accessed. This can be achieved by defining and using database “internal” and “external” access-privileges in a manner that allows combining them together and using them as an integrated access-privilege set arranged in accordance with assigned priority of authorized access. As a result, database internal and external access privileges may be conveniently defined and maintained in a central location, by a single entity that does not have to be a database administrator (e.g., a system or server administrator). Yet, a database administrator can still access the database using a database internal account regardless of which server or external (“non-database”) authenticator has been chosen by the non-database administrator (e.g., a system or server administrator) to authenticate database users.
- The invention can be implemented in numerous ways, including as a method, an apparatus, a computer readable medium, and a database products, program, or system. Several embodiments of the invention are discussed below.
- Other aspects and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the invention.
- The present invention will be readily understood by the following detailed description in conjunction with the accompanying drawings, wherein like reference numerals designate like structural elements, and in which:
-
FIG. 1 depicts a computing environment in accordance with embodiment of the invention. -
FIG. 2 depicts a server-side database component 108 in accordance with one embodiment of the invention. -
FIG. 3 depicts an authorizing access method for authorizing access to a database in accordance with one embodiment of the invention. -
FIG. 4 depicts an authorizing access method for authorizing access to a database in accordance with another embodiment of the invention. -
FIG. 5 depicts a method for determining whether access to a database should be granted based on database external or internal authorization information in accordance with one embodiment of the invention. -
FIG. 6 depicts a “Define Accounts and Privileges” panel in accordance with one embodiment of the invention. -
FIG. 7 andFIG. 8 respectively depict “Edit Account” panels used to edit (or create) database external and internal authorization information. - As noted in the background section, the need for integration of databases with corporate computing systems has become more prevalent. Accordingly, improved techniques for controlling access to a database are disclosed.
- In accordance with one aspect of the invention, sets of database “internal” and “external” (or non-database) access-privileges are defined for a database. An “external” database component can, for example, be any component that resides outside a database system, program, or product that is used as interface to access a database. It will be appreciated that corporate accounts which are generally used in many corporate environments (e.g., operating system accounts) can be defined as “external” database accounts in accordance with one embodiment of the invention. In general, the database external access-privileges are used in conjunction with a set of complementary database “internal” access privileges defined for database internal accounts. In addition, sets of database “internal” and “external” access-privileges are can be combined to generate an integrated access-privilege set which can be used as a single source to authorize access to a database regardless of whether database internal or external accounts are used to access the database. As such, the invention can be used to seamlessly integrate databases with various non-database entities (e.g., corporate computing systems). It should also be noted that non-database accounts may be authenticated externally, but access can be authorized using a database component (e.g., a server-side database component). Hence, databases can be integrated with various non-database entities, while authentication of non-database accounts is still performed by database external entities that are generally more preferred to authenticate their own accounts.
- As will be described below, the invention can be implemented to control access with respect to both database internal and external accounts, which can be used to seek access to the database. Moreover, access to the database can be controlled using the same authentication information (e.g., username and password of an operating system account) regardless of whether the database is internally or externally accessed. This can be achieved by defining and using database “internal” and “external” access-privileges in a manner that allows combining them together and using them as an integrated access-privilege set arranged in accordance with assigned priority of authorized access. As a result, database internal and external access privileges may be conveniently defined and maintained in a central location, by a single entity that does not have to be a database administrator (e.g., a system or server administrator). Yet, a database administrator can still access the database using an internal database account regardless of which server or external (“non-database”) authenticator has been chosen by the non-database administrator (e.g., a system or server administrator) to authenticate database users.
- Embodiments of these aspects of the invention are discussed below with reference to
FIGS. 1-8 . However, those skilled in the art will readily appreciate that the detailed description given herein with respect to these figures is for explanatory purposes as the invention extends beyond these limited embodiments. -
FIG. 1 depicts acomputing environment 100 in accordance with embodiment of the invention. As shown inFIG. 1 , a plurality ofclient computers server computer 108 via anetwork 106. As is known in the art, this communication may be established using a variety of existing wired or wireless communication protocols, hardware, and software components, which will not be discussed further. Theclient computer 102 includes a client-side database component 110 that can be used to initiate communication with a server-side database component 112 operating in theserver computer 108. Typically, the client-side database component 110 is used in order to access data stored in adatabase 114. By way of example, a user (or application) 116 can initiate a request to access data using the client-side database component 110. This request may, for example, be initiated as a result of the user 116 requesting to list or open one or more database files stored in thedatabase 114. The user 116 may, for example, use a monitor 110 or a wireless phone 142 to access theclient computer 102. - In any case, a request to access
database 114 can be initiated by the client-side database component 102, and transmitted vianetwork 106 to the server-side database component 112. In response, the server-side database component 112 can initiate an authentication process when it receives the request to accessdatabase 114. Typically, this authentication process authenticates the user 116 of theclient computer 102. By way of example, the user 116 may have used a [user-id and password] to login to theclient computer 102. In such cases, the server-side database component 112 initially authenticates the user 116 by sending the [user-id and password] to anexternal authenticator 118 for authentication before access to thedatabase 114 is granted. Theexternal authenticator 118 can, for example, be an operating system account manager (e.g., Active Directory in Windows operating environment, Open Directory in MAC operating environment). - It should be noted that the actual [user-id and password] do not need to be known by the client-
side database component 102. In general,authentication information 150 can be made available as a block of data that is forwarded to theexternal authenticator 118 for authentication. Theexternal authenticator 118 can, for example, decode and/or decrypt the block of data in order to authenticate the user 116. - In any case, if the user 116 is authenticated, the
external authenticator 118 notifies the server-side database component 112 that the user 116 has been authenticated. In addition, theexternal authenticator 118 can sendauthorization information 152, for example, as one or more privilege-identifiers, which are associated with the authentication-information 150 (e.g., user-id and password) of the authenticated user. By way of example, a privilege-identifier may be a group-name that is also used in operating system accounts of corporate computing environments. As such, a privilege-identifier may associate a user with a group that has certain privileges with respect to data stored in a database (e.g. a group name used in Active Directory in Windows operating environment). - After the authentication process, the server-
side database component 112 can initiate an authorization process, which determines the privileges, which have been assigned to the user 116 with respect to database 112 (i.e., access-level privileges). As will be discussed below, sets of database internal information 120 (e.g., database account information) and database external information 122 (e.g., database external authentication information) can be defined for thedatabase 114. In one embodiment described below, the databaseinternal information 120 is defined as a set of database internal accounts that include both authentication information (e.g., name and password) with associated authorization information (e.g., an access-privilege set), while the database external 122 information includes external authorization information (e.g., group-names with associated access-privileges). In other words, the databaseexternal information 122 does not need to include external authentication information. As such, there is no need to store external authentication information in a database, and external authentication may be independently performed by a database external entity (e.g., an external authenticator). Moreover, the set of database internal and external information can combined to generate an integrated access-privilege set 180 which is used to control access to the database. - Hence, the server-
side database component 112 can determine access-level privileges of user 116 even though the user may have been externally authenticated by theexternal authenticator 118. More particularly, the server-side database component 112 can be configured to use theauthorization information 152 sent by theexternal authenticator 118 and compare it with the generated integrated access-privilege set 160 in order to authorize the user 116 as a database internal or external account. Moreover, the server-side database component 112 can use theauthentication information 152 in a manner that allows integration of external accounts (e.g. corporate accounts) used by various environments with database internal accounts. As will be discussed below, this integration allows authorized use of both database internal and external accounts, which attempt to access the database. - It should also be noted that that an administrator-side database component (e.g., an administrative tool) 160 may also be provided to allow an
administrator 162 to administrate thedatabase 114 via server-side database component 112. Both users and administrators can be provided with authorized access in essentially the same manner. As such, authorization of user will be further discussed. - To further elaborate,
FIG. 2 depicts in greater detail the server-side database component 108 (shown inFIG. 1 ) in accordance with one embodiment of the invention. As shown inFIG. 2 , the server-side database component 108 includes anauthentication interface 202 which can communicate with the external authenticator 118 (also shown inFIG. 1 ). In addition, adatabase engine 204 is connected to theauthentication interface 202 anddatabase 114. - When a
request 220 to access thedatabase 114 is received by the server-side database component 108,authentication information 150 is forwarded, by theauthentication interface 202, to theexternal authenticator 118, which initiates an authentication process. If the authentication process successfully authenticates the user associated with theauthentication information 150, theexternal authenticator 118 determinesauthorization information 152 associated with the user and forwards it to theauthentication interface 202. By way of example,authentication information 150 may be in the form of a name and a password set (e.g., Bob and xx) which is forwarded by theauthentication interface 202 to theexternal authenticator 118. Again, it should be noted that the authentication information 150 (e.g., Bob, xx) may be explicitly known, or may be forwarded as a block of data without the server-side database component 108 (or authentication interface 202) having explicit knowledge of its content. - In any case, upon receipt of the
authentication information 150, theexternal authenticator 118 can initiate an authentication process, which if successful, may result in transmission ofauthorization information 152 to theauthentication interface 202. Typically, theauthorization information 152 includes database external privilege-identifiers associated with access privileges of the authenticated user. As such,authorization information 152 can provide access-level privileges that have been defined for the authenticated user for an operating system. - As will be appreciated, these access privileges for a database may also be defined in a similar manner as privileges defined in corporate accounts (e.g. operating system accounts) in accordance with one embodiment of the invention. By way of example, group-names may be defined and associated with various user names and passwords in a set of database
external authorization information 122, which is defined for thedatabase 114 and can be stored in thedatabase 114. As such, after authentication of a user's authentication information 150 (e.g., Bob and xx), group matches (e.g., Software, Manager Level-3 group), which have been defined in the operating system accounts for the user, may be identified by theexternal authenticator 118, and forwarded back to theauthentication interface 202. As will be appreciated, these group names may also be defined for thedatabase 114 and provided in the set of databaseexternal authorization information 122, which defines access privileges, assigned to each group-name. By way of example, group-names: “Software group” and “Manager Level-3” may respectively be associated with “read-only” and “Admin” access privileges. - As a result, a name and a password pair (e.g., Bob and xx) used to sign into a corporate computing system (e.g., operating system account) can effectively also be assigned privileges with respect to accessing a database. Furthermore, the same name and password pair may be assigned access privileges and be stored in the database
internal account 120. As shown inFIG. 2 , database internal authorization information may be defined, for example, to associate a name and a password pair (Bob, xx) with “read-only” access privilege. Moreover, both internal and external authorization information stored respectively in the databaseinternal accounts 120 and databaseexternal authorization information 122 can be used together to determine access-privileges of a user with respect to thedatabase 114. - As shown in
FIG. 2 , an order field 230 can be provided for both the databaseinternal accounts 120 and databaseexternal authorization information 122. The order field may be used to determine whether a user account should be considered as an internal or external database account. By way of example, when theauthorization information 152 includes a name, password, and one or more associated group-names (e.g., Bob, xx, Software, and Manager Level-3 group names), the internal andexternal authorization information database 114 can be searched in accordance with the particular order indicated by the order field. It should also be noted that the order field could be used to effectively generate an integrated access-privilege set 180, which, among other things, can be displayed, for a user to allow convenient creating and maintenance of an integrated access-privilege set. - In this example, authorization information 152 (Bob, xx), which is also associated with group names: Software and Manager Level-3, would be matched as an internal database account with “read-only” privilege (Order 2). However, authorization information (Tom, yy), associated with Hardware and Engineering Level-1 groups, may be matched to an external database account with access privilege of: “read-only” (Order 5).
- Although not depicted in
FIG. 2 , it should be noted that a plurality of different external authenticator interfaces associated with various external authenticators might be used to integrate a plurality of different operating systems and platforms with a database. Furthermore, much more complex algorithms may be used to determine priority. For example, each of the external accounts may additionally be assigned a weight which is added to individual priority assigned to each account (e.g., an order) in order to determine which access levels should be used. -
FIG. 3 . depicts an authorizingaccess method 300 for authorizing access to a database in accordance with one embodiment of the invention. Initially, a request to access the database is received (302). This request is typically received from a user on a local (or client) computer who is attempting to access a remote database via a server. When the request to access the database is received (302), it is determined (304) whether the user can be authenticated (304). If it is determined (304) that the user cannot be authenticated, an error is output (306) and the authorizingaccess method 300 ends. However, if it is determined (304) that the user can be authenticated, integrated authorization information is obtained or received (306). Again, the authorization is typically associated with a user on a local computer who is attempting to access data stored on a server in a remote location. Next, it is determined (308) whether authorization should be made as an external database account. - If it is determined (308) that authorization should not be made an external account, it is determined (310) whether authorization should be made as an internal account. If it is determined (310) that authorization should not be made as an internal account, error is output (306), and the authorizing
access method 300 ends. However, if it is determined (310) that authorization should be made as an internal account, access privileges are determined based on authorization information stored as internal account information and the authorizingaccess method 300 ends. On the other hand, if it is determined (308) that authorization should be made as an external account, access privileges are determined (314) based on database external authorization information. Theauthorization access method 300 ends following operations (314) or (312). Determination (314) will be described in greater detail below. The determination of whether authorization should be made as an external account (308) or an internal account (312) will also be described below. -
FIG. 4 depicts, in greater detail, an authorizingaccess method 400 for authorizing access to a database in accordance with another embodiment of the invention. Initially, a user on a local computer explicitly requests or triggers access (402) to a remote database. The remote database is typically accessed via a server. Next, authorization information associated with the users' account is obtained (404). By way of example, the authorization information can be a user name and a password. Typically, the same user-name (or user-id) and password are used by the user to sign into a local computer. As such, the user name and password may, for example, correspond to an operating system account. In any case, when the authorization information is obtained (404), the authorization information, (e.g., user name and password) are forwarded (406) to an external authenticator. Typically, the external authenticator is associated with the operating system or platform of the local computer that the user has signed into. - Next, it is determined (408) whether the external authentication was successful. If it is determined (408) that the external authentication was not successful, error is output (410), and the authorizing
access method 400 ends. However, if it is determined (408) that the external authentication was successful, it is determined (412) whether any group names have been assigned to the authentication information, (e.g., user name and password). If it is determined (412) that a group name has not been associated or assigned to the authentication information, a database internal account is used (414) in order to authorize access to the database. More particularly, a determination is made (414) as to which internal account matches the authentication information, (e.g., user name and password). As such, it is determined (416) whether an internal account matches the authentication information. Accordingly, if it is determined (416) that an internal database account matches the authentication information, access privileges are granted (418) based on the matching authorization information in the database internal account, and the authorizingaccess method 400 ends. However, if it is determined (416) that a database internal account which matches the authorization information was not found, an error is output (410), and the authorizingaccess method 400 ends. - On the other hand, if it is determined (412) that there is at least one group name associated with the authentication information, one or more group names associated with the authentication information is obtained (420), and forwarded (421). Thereafter, it is determined whether access privilege should be granted based on database external or internal authorization information. Determination (422) will be described in greater detail with respect to
FIG. 5 in accordance with one embodiment of the invention. Theauthorization access method 400 ends following determination (422) of whether access privileges should be granted from an external account or an internal account. In other words, upon successful validation of authorization information, access may be granted based on either internal or external account information. -
FIG. 5 depicts amethod 422 for determining whether access to a database should be granted based on database external or internal authorization information in accordance with one embodiment of the invention. Initially, authorization information is received (501). Typically, the authorization information is associated with a user seeking access to a database, and may include both internal authorization information (e.g., [name, password]), and external authorization information (e.g., one or more group-names). By way of example, authorization information may include: a user name: Bob, password: XX, and matching group-names: software and manager level-3 (also shown inFIG. 2 ). - In addition, an ordered list of all internal and external authorization information, which has been defined for the database, is initially obtained (502). As noted above, internal and external authorization information may, for example, be stored for each database that is made available to both local and remote users. Each of the internal and external authorization information may, for example, be provided in a table that includes an order or priority assigned (e.g.,
internal account information 120 andexternal authorization information 122 shown inFIG. 2 ). In any case, an ordered list of all internal and external authorization information (e.g., an integrated access privilege set) is obtained (502). As will be described below, themethod 422 operates to compare the authentication information received (501) with this ordered list (502). - More particularly, the first item in the ordered list (e.g., Sam, ZZ, order 1) is read (504). Generally, it is determined (506) whether an item, which has been read from the ordered list, is associated with an external account. The determination (506) may, for example, be made by providing an external or internal field or flag for each item in the ordered list. If it is determined (506) that the item is not associated with an external account (i.e., the item is associated with an internal account), it is determined (508) whether the item matches the portion of the authorization information that corresponds to an internal account. By way of example, it can be determined whether the [name, password] portion of the authorization information matches the [name, password] portion of the item obtained form the ordered list that corresponds to a database internal account.
- If it is determined (506) that the portion of the authorization information the corresponds to a database internal account matches the authorization information, access can be granted (510) based on the privileges associated with the matching item, and the
method 422 ends. However, if it is determined (506) that the item, which has been read (504) from the ordered list, is associated with a database external account, it is determined (512) whether the portion of the authorization information, corresponding to a database external account (e.g., one or more group-names), matches the authorization information received (501). As will be appreciated, the authorization information corresponding to an external account may also be arranged in order. By way of example, group-names may be arranged in accordance with an access-priority, and be considered in the order of access-priority. In any case, if it determined (512) that the portion of the authorization information, corresponding to database external accounts, matches the read item from the ordered list, access is granted (510) based on privileges defined in the item. On the other hand, if it is determined (508) that the internal authorization information does not match, or if it is determined (512) that the external authorization information does not match, the next item in the ordered list can be read (520, 522). If it is determined (530, 532) that last item in the ordered list has been read, but no match has been found, access is denied (540), and theauthorization method 422 ends. -
FIGS. 6 , 7 and 8 depict representative screens, which are generated by a graphical user interface provided for accessing a server-side database product (or program) in accordance with one aspect of the invention. More particularly, the graphical user interface can be used to manage internal and external authorization information respectively for database internal and external accounts. -
FIG. 6 depicts a “Define Accounts and Privileges” panel in accordance with one embodiment of the invention. As shown inFIG. 6 , several database internal accounts (labeled as FileMaker) and database external accounts (labeled as External Server) are displayed. As will be appreciated, both database internal and external accounts may be managed using the panel depicted inFIG. 6 . For example, authentication and/or authorization can occur based on the order, which appears in the panel, and so on. -
FIG. 7 andFIG. 8 respectively depict “Edit Account” panels used to edit (or create) database external and internal authorization information. Referring toFIG. 7 , an “Edit Account” panel may be used to define a group name and a privilege set when an external server is chosen for authentication. As depicted inFIG. 8 , the “Edit Account” panel may also be used to define a database internal account (i.e., FileMaker), which can be authenticated internally by the database server. In any case, various privileges (e.g., “Full Access, “Data Entry Only”) may be defined for different database internal or external accounts. - The advantages of the invention are numerous. Different embodiments or implementations may yield one or more of the following advantages. One advantage is that the invention that database and non-database access-privileges can be integrated and used to control access to a database. Another advantage of the invention is that is possible to externally authenticate non-database accounts by database external authenticator, while access to the database is authorized by a database component. Yet another advantage of the invention is that it is possible to define database internal accounts that can be used to access the database regardless of which database external server or authenticator is used. Still another advantage of the invention is that it is possible to use operating system account used in many existing corporate environments as external database accounts that are also authorized to access a database.
- The many features and advantages of the present invention are apparent from the written description, and thus, it is intended by the appended claims to cover all such features and advantages of the invention. Further, since numerous modifications and changes will readily occur to those skilled in the art, it is not desired to limit the invention to the exact construction and operation as illustrated and described. Hence, all suitable modifications and equivalents may be resorted to as falling within the scope of the invention.
Claims (20)
1. A computer-implemented method of controlling access to data stored in a computer readable storage medium of a database system that includes a computing system, wherein said computer-implemented method comprises:
obtaining, by said computing system, external authentication data indicative of an external authentication identifier, wherein said external authentication identifier is associated with a database external account defined for an external system external with respect to said database system;
obtaining, by said computing system, authorization data associated with said authentication data and stored on a computer readable storage medium of said database, wherein said authorization data includes group matching data indicative of one or more group identifiers defined for database external accounts including said database external account;
obtaining, by said computing system and based on said authorization data, an integrated access privilege set that includes both: (a) database external authorization information and (b) database internal authorization information, wherein said database external authorization information (a) includes a plurality of group identifiers each of which are associated with one or more defined access-privileges for accessing said database by said database external accounts, and wherein said database internal authorization information (b) includes a plurality of database internal authentication identifiers that are each associated with one or more defined access-privileges for accessing said database; and
determining, by said computing system and based on said integrated access privilege set, whether to allow access by effectively using said one or more group identifiers or by effectively using said one or more database internal authentication identifier, thereby effectively allowing access with appropriate access privileges as a database external account based one or more matching group identifiers defined for database external accounts or as a database internal account with one or more database internal authentication identifiers defined for database internal accounts of said database.
2. The computer-implemented method of claim 1 , wherein said authentication information is and/or includes a password.
3. The computer-implemented method of claim 1 , wherein said external system is located in a remote entity with respect to said database system.
4. The computer-implemented method of claim 1 , wherein said external system is owned and/or operated by an entity that does not own or operate said database system.
5. The computer-implemented method of claim 1 ,
wherein said integrated set includes an ordered list, and
wherein said determining of whether to allow access is determined based on said ordered list.
6. A computer system operable to access data stored in a computer readable storage medium of a database system, wherein said computing system is further operable to:
obtaining external authentication data indicative of an external authentication identifier, wherein said external authentication identifier is associated with a database external account defined for an external system external with respect to said database system;
obtaining authorization data associated with said authentication data and stored on a computer readable storage medium of said database, wherein said authorization data includes group matching data indicative of one or more group identifiers defined for database external accounts including said database external account;
obtaining, based on said authorization data, an integrated access privilege set that includes both: (a) database external authorization information and (b) database internal authorization information, wherein said database external authorization information (a) includes a plurality of group identifiers each of which are associated with one or more defined access-privileges for accessing said database by said database external accounts, and wherein said database internal authorization information (b) includes a plurality of database internal authentication identifiers that are each associated with one or more defined access-privileges for accessing said database; and
determining, based on said integrated access privilege set, whether to allow access by effectively using said one or more group identifiers or by effectively using said one or more database internal authentication identifier, thereby effectively allowing access with appropriate access privileges as a database external account based one or more matching group identifiers defined for database external accounts or as a database internal account with one or more database internal authentication identifiers defined for database internal accounts of said database.
7. A computer readable storage medium storing at least executable computer code embodied in a tangible form for controlling access to data stored in a database system that includes a computing system, wherein said computer readable storage medium includes:
executable computer program code operable to obtain external authentication data indicative of an external authentication identifier, wherein said external authentication identifier is associated with a database external account defined for an external system external with respect to said database system;
executable computer program code operable to obtain authorization data associated with said authentication data and stored on a computer readable storage medium of said database, wherein said authorization data includes group matching data indicative of one or more group identifiers defined for database external accounts including said database external account;
executable computer program code operable to obtain based on said authorization data, an integrated access privilege set that includes both: (a) database external authorization information and (b) database internal authorization information, wherein said database external authorization information (a) includes a plurality of group identifiers each of which are associated with one or more defined access-privileges for accessing said database by said database external accounts, and wherein said database internal authorization information (b) includes a plurality of database internal authentication identifiers that are each associated with one or more defined access-privileges for accessing said database; and
executable computer program code operable to determine based on said integrated access privilege set, whether to allow access by effectively using said one or more group identifiers or by effectively using said one or more database internal authentication identifier, thereby effectively allowing access with appropriate access privileges as a database external account based one or more matching group identifiers defined for database external accounts or as a database internal account with one or more database internal authentication identifiers defined for database internal accounts of said database.
8. The computer readable storage medium of claim 7 , wherein said authentication information is and/or includes a password.
9. The computer readable storage medium of claim 7 , wherein said external system is located in a remote entity with respect to said database system.
10. A database system that includes a computing system operable to control access to a database, wherein said database system is configured and/or operable for:
receiving a request, from a remote database client component, to access said database, wherein said authentication information is for at least one database external account defined for an external system external to said database;
sending authentication information associated with said request to an external authenticator for authentication;
determining whether said external authenticator has authenticated said authentication information;
obtaining, from said database, integrated authorization data that has been stored on said database for said authentication information when said external authenticator has authenticated said authentication information, wherein said integrated authorization data includes one or more first authorization identifiers for at least one database internal account and one or more second authorization identifiers for said at least one database external account defined for an external system that is external to said database, and wherein said first one or more authorization identifiers are different than said second one or more identifiers;
searching, based on said integrated authorization data, an integrated access-privilege set associated with said integrated authorization data, wherein said integrated access-privilege set has also been stored on said database and includes first authorization information for at least one database internal account and second authorization information for said at least one database external account, wherein said first and second authorization information define different access-privileges for accessing said database;
determining, based on said searching of said integrated access-privilege set, whether access to said database should be granted as said database internal account which has been defined for said database, or whether access to said database should be granted based on database external authorization information of said external account defined for said external system, wherein said external authorization information effectively defines at least one database external account for said database corresponding to said external account defined for said external system, thereby allowing said external account to be effectively used to access said database based on said external authorization information defined by said external system;
authorizing access to said database based on access privilege information defined for a database internal account when said determines that access to said database should be granted as a database internal account defined for said database; and
authorizing access to said database based on said external authorization information defined for said database external account when said determines that access to said database should be granted based on database external authorization information.
11. A database system as recited in claim 10 , wherein said database system further comprises:
an authentication interface that is capable of communicating with said external authenticator, wherein said external authenticator is operate to:
authenticate said authentication information; and
forward database external authorization information to said authentication interface of said database server component.
12. A database system as recited in claim 11 ,
wherein said database external authorization information includes one or more group names defined for said database system, and
one or more access-privileges have been associated with each one of said one or more groups and stored as database external authentication information for said database.
13. A database system as recited in claim 11 , wherein said integrated access-privilege set is an ordered list of access-privileges associated with both of said at least one database internal account and at least one database external account.
14. A database system as recited in claim 10 , wherein said authentication information includes a username and a password, and
wherein said external authenticator is associated with an operating system.
15. A database system as recited in claim 10 ,
wherein said database external privilege-identifiers are one or more group names defined for said database system, and
wherein one or more access-privileges are associated with each one of said one or more groups and stored as database external authentication information for said database.
16. A computer readable medium including at least executable computer program code embodied in a tangible form for controlling access to a database, comprising:
executable computer program code for receiving a request, from a database client component, to access said database, wherein said authentication information is for at least one database external account defined for an external system external to said database;
executable computer program code for sending authentication information associated with said request to an external authenticator for authentication;
executable computer program code for determining whether said external authenticator has authenticated said authentication information;
executable computer program code for obtaining from said database integrated authorization data that has been stored on said database for said authentication information when said external authenticator has authenticated said authentication information, wherein said integrated authorization data includes one or more first authorization identifiers for said at least one database internal account and one or more second authorization identifiers for said at least one database external account, and wherein said first one or more authorization identifiers are different than said second one or more identifiers;
executable computer program code for searching, based on said integrated authorization data, an integrated access-privilege set associated with said integrated authorization data, wherein said integrated access-privilege set has also been stored on said database and includes first authorization information for said at least one database internal account and second authorization information for said at least one database external account, wherein said first and second authorization information define different access-privileges for accessing said database;
executable computer program code for determining, based on said searching of said integrated access-privilege set, whether access to said database should be granted as said database internal account which has been defined for said database, or whether access to said database should be granted based on database external authorization information of said external account defined for said external system, wherein said external authorization information effectively defines at least one database external account for said database corresponding to said external account defined for said external system, thereby allowing said external account to be effectively used to access said database based on said external authorization information defined by said external system;
executable computer program code for authorizing access to said database based on access privilege information defined for a database internal account when said determines that access to said database should be granted as a database internal account which has been defined for said database; and
executable computer program code for authorizing access to said database based on said external authorization information defined for said database external account when said determines that access to said database should be granted based on database external authorization information.
17. A computer readable medium as recited in claim 16 , wherein said integrated access-privilege set is an ordered list of access-privileges associated with both of said at least one database internal account and at least one database external account.
18. A computer readable medium as recited in claim 16 , wherein said authentication information is and/or includes a password.
19. A computer readable medium as recited in claim 16 , wherein said external system is located in a remote entity with respect to said database system.
20. A computer readable medium as recited in claim 16 , wherein said external system is owned and/or operated by an entity that does not own or operate said database system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/390,184 US20090222449A1 (en) | 2005-02-01 | 2009-02-20 | Controlling access to a database using database internal and external authorization information |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/048,834 US7516134B2 (en) | 2005-02-01 | 2005-02-01 | Controlling access to a database using database internal and external authorization information |
US12/390,184 US20090222449A1 (en) | 2005-02-01 | 2009-02-20 | Controlling access to a database using database internal and external authorization information |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/048,834 Continuation US7516134B2 (en) | 2005-02-01 | 2005-02-01 | Controlling access to a database using database internal and external authorization information |
Publications (1)
Publication Number | Publication Date |
---|---|
US20090222449A1 true US20090222449A1 (en) | 2009-09-03 |
Family
ID=36757842
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/048,834 Expired - Fee Related US7516134B2 (en) | 2005-02-01 | 2005-02-01 | Controlling access to a database using database internal and external authorization information |
US12/390,184 Abandoned US20090222449A1 (en) | 2005-02-01 | 2009-02-20 | Controlling access to a database using database internal and external authorization information |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/048,834 Expired - Fee Related US7516134B2 (en) | 2005-02-01 | 2005-02-01 | Controlling access to a database using database internal and external authorization information |
Country Status (1)
Country | Link |
---|---|
US (2) | US7516134B2 (en) |
Cited By (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130110922A1 (en) * | 2011-10-31 | 2013-05-02 | Hearsay Labs, Inc. | Enterprise social media management platform with single sign-on |
US20130312068A1 (en) * | 2012-05-21 | 2013-11-21 | Salesforce.Com, Inc. | Systems and methods for administrating access in an on-demand computing environment |
US20150326580A1 (en) * | 2008-06-26 | 2015-11-12 | Experian Marketing Solutions, Inc. | Systems and methods for providing an integrated identifier |
US9972048B1 (en) | 2011-10-13 | 2018-05-15 | Consumerinfo.Com, Inc. | Debt services candidate locator |
US10025842B1 (en) | 2013-11-20 | 2018-07-17 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US10043214B1 (en) | 2013-03-14 | 2018-08-07 | Consumerinfo.Com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US10102570B1 (en) | 2013-03-14 | 2018-10-16 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US10115079B1 (en) | 2011-06-16 | 2018-10-30 | Consumerinfo.Com, Inc. | Authentication alerts |
US10169761B1 (en) | 2013-03-15 | 2019-01-01 | ConsumerInfo.com Inc. | Adjustment of knowledge-based authentication |
US10176233B1 (en) | 2011-07-08 | 2019-01-08 | Consumerinfo.Com, Inc. | Lifescore |
US10262364B2 (en) | 2007-12-14 | 2019-04-16 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US10262362B1 (en) | 2014-02-14 | 2019-04-16 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US10277659B1 (en) | 2012-11-12 | 2019-04-30 | Consumerinfo.Com, Inc. | Aggregating user web browsing data |
US10325314B1 (en) | 2013-11-15 | 2019-06-18 | Consumerinfo.Com, Inc. | Payment reporting systems |
US10366450B1 (en) | 2012-11-30 | 2019-07-30 | Consumerinfo.Com, Inc. | Credit data analysis |
US10373240B1 (en) | 2014-04-25 | 2019-08-06 | Csidentity Corporation | Systems, methods and computer-program products for eligibility verification |
US10437895B2 (en) | 2007-03-30 | 2019-10-08 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
US10453159B2 (en) | 2013-05-23 | 2019-10-22 | Consumerinfo.Com, Inc. | Digital identity |
US10482532B1 (en) | 2014-04-16 | 2019-11-19 | Consumerinfo.Com, Inc. | Providing credit data in search results |
US10580025B2 (en) | 2013-11-15 | 2020-03-03 | Experian Information Solutions, Inc. | Micro-geographic aggregation system |
US10621657B2 (en) | 2008-11-05 | 2020-04-14 | Consumerinfo.Com, Inc. | Systems and methods of credit information reporting |
US10642999B2 (en) | 2011-09-16 | 2020-05-05 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US10664936B2 (en) | 2013-03-15 | 2020-05-26 | Csidentity Corporation | Authentication systems and methods for on-demand products |
US10671749B2 (en) | 2018-09-05 | 2020-06-02 | Consumerinfo.Com, Inc. | Authenticated access and aggregation database platform |
US10685398B1 (en) | 2013-04-23 | 2020-06-16 | Consumerinfo.Com, Inc. | Presenting credit score information |
US10911234B2 (en) | 2018-06-22 | 2021-02-02 | Experian Information Solutions, Inc. | System and method for a token gateway environment |
US10963434B1 (en) | 2018-09-07 | 2021-03-30 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
US11227001B2 (en) | 2017-01-31 | 2022-01-18 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11238656B1 (en) | 2019-02-22 | 2022-02-01 | Consumerinfo.Com, Inc. | System and method for an augmented reality experience via an artificial intelligence bot |
US11315179B1 (en) | 2018-11-16 | 2022-04-26 | Consumerinfo.Com, Inc. | Methods and apparatuses for customized card recommendations |
US11356430B1 (en) | 2012-05-07 | 2022-06-07 | Consumerinfo.Com, Inc. | Storage and maintenance of personal data |
US11880377B1 (en) | 2021-03-26 | 2024-01-23 | Experian Information Solutions, Inc. | Systems and methods for entity resolution |
US11941065B1 (en) | 2019-09-13 | 2024-03-26 | Experian Information Solutions, Inc. | Single identifier platform for storing entity data |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4882671B2 (en) * | 2006-11-01 | 2012-02-22 | 富士通株式会社 | Access control method, access control system, and program |
US8326872B2 (en) * | 2008-02-22 | 2012-12-04 | Microsoft Corporation | Database sandbox |
US20110040793A1 (en) * | 2009-08-12 | 2011-02-17 | Mark Davidson | Administration Groups |
US9060278B2 (en) * | 2009-11-05 | 2015-06-16 | At&T Intellectual Property I, L.P. | Mobile subscriber device network access |
US10146955B2 (en) * | 2012-07-12 | 2018-12-04 | Salesforce.Com, Inc. | System and method for access control for data of heterogeneous origin |
CN104272287A (en) * | 2012-07-31 | 2015-01-07 | 惠普发展公司,有限责任合伙企业 | Managing an interface between an application and a network |
GB201517003D0 (en) * | 2015-09-25 | 2015-11-11 | Ibm | Secure invocation of a stored procedures in a dbms |
GB201517416D0 (en) | 2015-10-02 | 2015-11-18 | Ibm | Task-execution in a DBMS using stored procedures |
CN111079131A (en) * | 2019-12-20 | 2020-04-28 | 金卡智能集团股份有限公司 | Method and system for authorization and control of authority of cross-company service |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030087629A1 (en) * | 2001-09-28 | 2003-05-08 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks |
US20080172366A1 (en) * | 1998-06-29 | 2008-07-17 | Clifford Lee Hannel | Query Interface to Policy Server |
US7934257B1 (en) * | 2005-01-07 | 2011-04-26 | Symantec Corporation | On-box active reconnaissance |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6292904B1 (en) * | 1998-12-16 | 2001-09-18 | International Business Machines Corporation | Client account generation and authentication system for a network server |
JP2002149468A (en) * | 2000-11-06 | 2002-05-24 | Hitachi Ltd | Method for managing access right of multi-database integrated system |
CA2428385A1 (en) * | 2000-11-13 | 2002-05-16 | Attachmate Corporation | System and method for transaction access control |
US7552222B2 (en) * | 2001-10-18 | 2009-06-23 | Bea Systems, Inc. | Single system user identity |
US7051036B2 (en) * | 2001-12-03 | 2006-05-23 | Kraft Foods Holdings, Inc. | Computer-implemented system and method for project development |
US7120785B1 (en) * | 2002-11-25 | 2006-10-10 | Apple Computer, Inc. | Method and apparatus rendering user accounts portable |
-
2005
- 2005-02-01 US US11/048,834 patent/US7516134B2/en not_active Expired - Fee Related
-
2009
- 2009-02-20 US US12/390,184 patent/US20090222449A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080172366A1 (en) * | 1998-06-29 | 2008-07-17 | Clifford Lee Hannel | Query Interface to Policy Server |
US20030087629A1 (en) * | 2001-09-28 | 2003-05-08 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks |
US7934257B1 (en) * | 2005-01-07 | 2011-04-26 | Symantec Corporation | On-box active reconnaissance |
Cited By (83)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10437895B2 (en) | 2007-03-30 | 2019-10-08 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
US11308170B2 (en) | 2007-03-30 | 2022-04-19 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
US10262364B2 (en) | 2007-12-14 | 2019-04-16 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US10878499B2 (en) | 2007-12-14 | 2020-12-29 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US10614519B2 (en) | 2007-12-14 | 2020-04-07 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US11379916B1 (en) | 2007-12-14 | 2022-07-05 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US10075446B2 (en) * | 2008-06-26 | 2018-09-11 | Experian Marketing Solutions, Inc. | Systems and methods for providing an integrated identifier |
US20220027853A1 (en) * | 2008-06-26 | 2022-01-27 | Experian Marketing Solutions, Llc | Systems and methods for providing an integrated identifier |
US20180343265A1 (en) * | 2008-06-26 | 2018-11-29 | Experian Marketing Solutions, Inc. | Systems and methods for providing an integrated identifier |
US11769112B2 (en) * | 2008-06-26 | 2023-09-26 | Experian Marketing Solutions, Llc | Systems and methods for providing an integrated identifier |
US11157872B2 (en) * | 2008-06-26 | 2021-10-26 | Experian Marketing Solutions, Llc | Systems and methods for providing an integrated identifier |
US20150326580A1 (en) * | 2008-06-26 | 2015-11-12 | Experian Marketing Solutions, Inc. | Systems and methods for providing an integrated identifier |
US10621657B2 (en) | 2008-11-05 | 2020-04-14 | Consumerinfo.Com, Inc. | Systems and methods of credit information reporting |
US10719873B1 (en) | 2011-06-16 | 2020-07-21 | Consumerinfo.Com, Inc. | Providing credit inquiry alerts |
US10685336B1 (en) | 2011-06-16 | 2020-06-16 | Consumerinfo.Com, Inc. | Authentication alerts |
US10115079B1 (en) | 2011-06-16 | 2018-10-30 | Consumerinfo.Com, Inc. | Authentication alerts |
US11954655B1 (en) | 2011-06-16 | 2024-04-09 | Consumerinfo.Com, Inc. | Authentication alerts |
US11232413B1 (en) | 2011-06-16 | 2022-01-25 | Consumerinfo.Com, Inc. | Authentication alerts |
US10176233B1 (en) | 2011-07-08 | 2019-01-08 | Consumerinfo.Com, Inc. | Lifescore |
US11665253B1 (en) | 2011-07-08 | 2023-05-30 | Consumerinfo.Com, Inc. | LifeScore |
US10798197B2 (en) | 2011-07-08 | 2020-10-06 | Consumerinfo.Com, Inc. | Lifescore |
US11087022B2 (en) | 2011-09-16 | 2021-08-10 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US10642999B2 (en) | 2011-09-16 | 2020-05-05 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US11790112B1 (en) | 2011-09-16 | 2023-10-17 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US9972048B1 (en) | 2011-10-13 | 2018-05-15 | Consumerinfo.Com, Inc. | Debt services candidate locator |
US11200620B2 (en) | 2011-10-13 | 2021-12-14 | Consumerinfo.Com, Inc. | Debt services candidate locator |
US9311679B2 (en) * | 2011-10-31 | 2016-04-12 | Hearsay Social, Inc. | Enterprise social media management platform with single sign-on |
US20130110922A1 (en) * | 2011-10-31 | 2013-05-02 | Hearsay Labs, Inc. | Enterprise social media management platform with single sign-on |
US11356430B1 (en) | 2012-05-07 | 2022-06-07 | Consumerinfo.Com, Inc. | Storage and maintenance of personal data |
US9237156B2 (en) * | 2012-05-21 | 2016-01-12 | Salesforce.Com, Inc. | Systems and methods for administrating access in an on-demand computing environment |
US20130312068A1 (en) * | 2012-05-21 | 2013-11-21 | Salesforce.Com, Inc. | Systems and methods for administrating access in an on-demand computing environment |
US10277659B1 (en) | 2012-11-12 | 2019-04-30 | Consumerinfo.Com, Inc. | Aggregating user web browsing data |
US11863310B1 (en) | 2012-11-12 | 2024-01-02 | Consumerinfo.Com, Inc. | Aggregating user web browsing data |
US11012491B1 (en) | 2012-11-12 | 2021-05-18 | ConsumerInfor.com, Inc. | Aggregating user web browsing data |
US10963959B2 (en) | 2012-11-30 | 2021-03-30 | Consumerinfo. Com, Inc. | Presentation of credit score factors |
US11651426B1 (en) | 2012-11-30 | 2023-05-16 | Consumerlnfo.com, Inc. | Credit score goals and alerts systems and methods |
US10366450B1 (en) | 2012-11-30 | 2019-07-30 | Consumerinfo.Com, Inc. | Credit data analysis |
US11308551B1 (en) | 2012-11-30 | 2022-04-19 | Consumerinfo.Com, Inc. | Credit data analysis |
US11132742B1 (en) | 2012-11-30 | 2021-09-28 | Consumerlnfo.com, Inc. | Credit score goals and alerts systems and methods |
US11113759B1 (en) | 2013-03-14 | 2021-09-07 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US10043214B1 (en) | 2013-03-14 | 2018-08-07 | Consumerinfo.Com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US10102570B1 (en) | 2013-03-14 | 2018-10-16 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US10929925B1 (en) | 2013-03-14 | 2021-02-23 | Consumerlnfo.com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US11769200B1 (en) | 2013-03-14 | 2023-09-26 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US11514519B1 (en) | 2013-03-14 | 2022-11-29 | Consumerinfo.Com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US10169761B1 (en) | 2013-03-15 | 2019-01-01 | ConsumerInfo.com Inc. | Adjustment of knowledge-based authentication |
US11790473B2 (en) | 2013-03-15 | 2023-10-17 | Csidentity Corporation | Systems and methods of delayed authentication and billing for on-demand products |
US10740762B2 (en) | 2013-03-15 | 2020-08-11 | Consumerinfo.Com, Inc. | Adjustment of knowledge-based authentication |
US11775979B1 (en) | 2013-03-15 | 2023-10-03 | Consumerinfo.Com, Inc. | Adjustment of knowledge-based authentication |
US11164271B2 (en) | 2013-03-15 | 2021-11-02 | Csidentity Corporation | Systems and methods of delayed authentication and billing for on-demand products |
US10664936B2 (en) | 2013-03-15 | 2020-05-26 | Csidentity Corporation | Authentication systems and methods for on-demand products |
US11288677B1 (en) | 2013-03-15 | 2022-03-29 | Consumerlnfo.com, Inc. | Adjustment of knowledge-based authentication |
US10685398B1 (en) | 2013-04-23 | 2020-06-16 | Consumerinfo.Com, Inc. | Presenting credit score information |
US11803929B1 (en) | 2013-05-23 | 2023-10-31 | Consumerinfo.Com, Inc. | Digital identity |
US11120519B2 (en) | 2013-05-23 | 2021-09-14 | Consumerinfo.Com, Inc. | Digital identity |
US10453159B2 (en) | 2013-05-23 | 2019-10-22 | Consumerinfo.Com, Inc. | Digital identity |
US10325314B1 (en) | 2013-11-15 | 2019-06-18 | Consumerinfo.Com, Inc. | Payment reporting systems |
US10580025B2 (en) | 2013-11-15 | 2020-03-03 | Experian Information Solutions, Inc. | Micro-geographic aggregation system |
US11461364B1 (en) | 2013-11-20 | 2022-10-04 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US10628448B1 (en) | 2013-11-20 | 2020-04-21 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US10025842B1 (en) | 2013-11-20 | 2018-07-17 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US11107158B1 (en) | 2014-02-14 | 2021-08-31 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US11847693B1 (en) | 2014-02-14 | 2023-12-19 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US10262362B1 (en) | 2014-02-14 | 2019-04-16 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US10482532B1 (en) | 2014-04-16 | 2019-11-19 | Consumerinfo.Com, Inc. | Providing credit data in search results |
US11074641B1 (en) | 2014-04-25 | 2021-07-27 | Csidentity Corporation | Systems, methods and computer-program products for eligibility verification |
US10373240B1 (en) | 2014-04-25 | 2019-08-06 | Csidentity Corporation | Systems, methods and computer-program products for eligibility verification |
US11587150B1 (en) | 2014-04-25 | 2023-02-21 | Csidentity Corporation | Systems and methods for eligibility verification |
US11227001B2 (en) | 2017-01-31 | 2022-01-18 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11681733B2 (en) | 2017-01-31 | 2023-06-20 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11588639B2 (en) | 2018-06-22 | 2023-02-21 | Experian Information Solutions, Inc. | System and method for a token gateway environment |
US10911234B2 (en) | 2018-06-22 | 2021-02-02 | Experian Information Solutions, Inc. | System and method for a token gateway environment |
US11265324B2 (en) | 2018-09-05 | 2022-03-01 | Consumerinfo.Com, Inc. | User permissions for access to secure data at third-party |
US10671749B2 (en) | 2018-09-05 | 2020-06-02 | Consumerinfo.Com, Inc. | Authenticated access and aggregation database platform |
US11399029B2 (en) | 2018-09-05 | 2022-07-26 | Consumerinfo.Com, Inc. | Database platform for realtime updating of user data from third party sources |
US10880313B2 (en) | 2018-09-05 | 2020-12-29 | Consumerinfo.Com, Inc. | Database platform for realtime updating of user data from third party sources |
US10963434B1 (en) | 2018-09-07 | 2021-03-30 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
US11734234B1 (en) | 2018-09-07 | 2023-08-22 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
US11315179B1 (en) | 2018-11-16 | 2022-04-26 | Consumerinfo.Com, Inc. | Methods and apparatuses for customized card recommendations |
US11842454B1 (en) | 2019-02-22 | 2023-12-12 | Consumerinfo.Com, Inc. | System and method for an augmented reality experience via an artificial intelligence bot |
US11238656B1 (en) | 2019-02-22 | 2022-02-01 | Consumerinfo.Com, Inc. | System and method for an augmented reality experience via an artificial intelligence bot |
US11941065B1 (en) | 2019-09-13 | 2024-03-26 | Experian Information Solutions, Inc. | Single identifier platform for storing entity data |
US11880377B1 (en) | 2021-03-26 | 2024-01-23 | Experian Information Solutions, Inc. | Systems and methods for entity resolution |
Also Published As
Publication number | Publication date |
---|---|
US20060173810A1 (en) | 2006-08-03 |
US7516134B2 (en) | 2009-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7516134B2 (en) | Controlling access to a database using database internal and external authorization information | |
US7613794B2 (en) | Identifying dynamic groups | |
US8959613B2 (en) | System and method for managing access to a plurality of servers in an organization | |
US9477832B2 (en) | Digital identity management | |
KR100986568B1 (en) | Persistent authorization context based on external authentication | |
US7512585B2 (en) | Support for multiple mechanisms for accessing data stores | |
US7660880B2 (en) | System and method for automated login | |
US8839456B2 (en) | System and method for data and request filtering | |
US6851113B2 (en) | Secure shell protocol access control | |
US7353542B2 (en) | Storage system, computer system, and method of authorizing an initiator in the storage system or the computer system | |
US20050027713A1 (en) | Administrative reset of multiple passwords | |
US20110214165A1 (en) | Processor Implemented Systems And Methods For Using Identity Maps And Authentication To Provide Restricted Access To Backend Server Processor or Data | |
US20040024764A1 (en) | Assignment and management of authentication & authorization | |
US20060036868A1 (en) | User authentication without prior user enrollment | |
US8051168B1 (en) | Method and system for security and user account integration by reporting systems with remote repositories | |
US7647628B2 (en) | Authentication to a second application using credentials authenticated to a first application | |
JP2002539538A (en) | System, method and computer program product for enabling access to corporate resources using a biometric device | |
US8104076B1 (en) | Application access control system | |
US7428748B2 (en) | Method and system for authentication in a business intelligence system | |
US7801967B1 (en) | Method and system for implementing database connection mapping for reporting systems | |
US8631319B2 (en) | Document databases managed by first and second authentication methods | |
JP2005107984A (en) | User authentication system | |
US11057389B2 (en) | Systems and methods for authorizing access to computing resources | |
US11954195B2 (en) | Multi-level authentication for shared device | |
US7702787B1 (en) | Configurable user management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |