DYNAMIC RULES-BASED SECURE DATA ACCESS SYSTEM FOR BUSINESS COMPUTER PLATFORMS

摘要

The invention provides a dynamic rules-based secure data access system that may be used in a variety of applications that include a requirement for controlled secure access to a database (100). The rules-based access system has several features. One of these is that each user be assigned a role, either as an individual or as part of the group (120). Access rights may be assigned based one roles, but these can be modified within the system by individual users, that have authority to do so. Further, the data resources that each user is allowed to access (130), based on his or her role, and the extent of viewing and of data manipulation allowed, is further controlled based on assigned "rights and privileges" (210). Another feature is that the database may be viewed as structured and organized into "business functions", which are useful in business enterprises, such as sales, marketing, customer supports, etc (200). Users may be restricted to only certain functions, based on their roles (160). Within the business function units, the resources may be regarded as are further subdivided into several hierarchy levels; such as business objects, and instances of these objects (190). Users may be allowed access to only a specific business function, and only specific levels within that functional unit, based on role (220). Further, data may be restricted within each of the hierarchy levels, so that a user with access may not be allowed to see or manipulate all resources on a particular level within the hierarchy.