| 发明名称 | Authorization check of database query through matching of access rule to access path in application systems | ||
| 摘要 | A method is provided to check user authorization to access a database, the method comprising: receiving a database query; producing an execution plan for the query; receiving an access rule applicable to a user associated with the query; determining whether the access rules permits processing of the query according to the plan; and rejecting the query in response to a determination that the access rule does not allow processing of the query according to the plan. | ||
| 申请公布号 | US9075843(B2) | 申请公布日期 | 2015.07.07 |
| 申请号 | US201012851332 | 申请日期 | 2010.08.05 |
| 申请人 | SAP SE | 发明人 | Gimbel Matthias |
| 分类号 | G06F17/30;G06F21/62 | 主分类号 | G06F17/30 |
| 代理机构 | Schwegman Lundberg & Woessner, P.A. | 代理人 | Schwegman Lundberg & Woessner, P.A. |
| 主权项 | 1. A method of checking user authorization to access a database, the method comprising: receiving a query; producing an execution plan for the query, the execution plan indicating a type of access performed during execution of the query within the database according to the execution plan, the execution plan indicating a schema plan name of a schema containing a schema table used during execution of the query within the database according to the execution plan, and the execution plan indicating a table plan identity of a plan table used during execution of the query according to the execution plan; receiving an access rule applicable to a user associated with the query, the access rule indicating a second table identity of a second table, a second schema name identity of a second schema containing a second schema table, and a type of access; determining whether the access rule permits processing of the query according to the execution plan, the determining including: determining whether the type of access indicated by the execution plan matches the type of access indicated by the rule;determining whether the schema containing the schema table indicated by the schema plan name of the execution plan matches the second schema containing the second schema table indicated by the access rule; anddetermining whether the table plan identity indicated by the execution plan matches the second table identity of the second table indicated by the access rule; and rejecting the query in response to a determination that the table plan identity indicated by the execution plan does not match the second table identity of the second table indicated by the access rule, in response to a determination that the schema containing the schema table indicated by the schema plan name of the execution plan does not match the second schema containing the second schema table indicated by the second schema name of the access rule, or in response to a determination that the type of access indicated by the execution plan does not match the type of access indicated by the access rule. | ||
| 地址 | Walldorf DE | ||