Cell level data accessibility

摘要

Methods, systems, and computer-readable media for determining access rights for stored data are presented. Data tables may store data that is accessible to users. A request for explicit access to data may be received from a user. The system may determine the user's identity and further determine combined access rights based on the request for explicit access to data and the identity of the user. For example, implicit access rights for a user may be based on the identity. Based on the determined access rights, the system may retrieve data from the data tables. In an embodiment, the access rights may define that a first portion of a column is to be retrieved while a second portion of the column is to be restricted, or that a first portion of a row is to be retrieved while a second portion of the row is to be restricted.

主权项

1. A computer implemented method, comprising:
receiving, at a computing device, a request from a user that comprises a request for explicit access to information associated with at least one employee from a data table, wherein explicit access rules define one or more rules for the explicit access; determining an identity for the user, the identity comprising a role in an organization, wherein the role in the organization is associated with one or more rules defining implicit access to the information associated with the at least one employee of the organization under a span of control of the user and one or more rules defining restrictions to the information associated with the at least one employee, wherein a determination is made whether the explicit access conflicts with the implicit access rules defining restrictions, and when a conflict occurs the implicit access rules take priority; responsive to the determination, determining combined access rights based on the determined identity of the user and the request for explicit access to the information, wherein the combined access rights include the one or more rules defining implicit access and the one or more rules defining the restrictions to the information associated with the at least one employee under the span of control of the user; upon the determining of the combined access rights, retrieving the information from the data table based on the combined access rights, wherein information is only retrieved after the combined access rights are determined and wherein the combined access rights allow an access to at least one of:
a first cell of a first column of the data table while restricting access to a second cell of the first column, anda third cell of a first row for the data table while restricting access to a fourth cell of the first row; and returning the retrieved information obtained from the first cell and the third cell to the user and identifying the second cell and the fourth cell as being restricted.