| US 7,516,134 B2 | ||
| Controlling access to a database using database internal and external authorization information | ||
| Erwin Hom, Foster City, Calif. (US); and Clay Maeckel, San Jose, Calif. (US) | ||
| Assigned to Apple Inc., Cupertino, Calif. (US) | ||
| Filed on Feb. 01, 2005, as Appl. No. 11/48,834. | ||
| Prior Publication US 2006/0173810 A1, Aug. 03, 2006 | ||
| Int. Cl. G06F 17/30 (2006.01) | ||
| U.S. Cl. 707—9 [726/2] | 8 Claims |
| 1. A computer-implemented method for controlling access to data stored in a database that stores at least a plurality of records,
comprising:
receiving, from a remote location, authentication information associated with a request to access said database, wherein said
authentication information is for at least one database external account defined for an external system external to said database;
determining, based on said authentication information, whether said request can be authenticated;
obtaining, from said database, integrated authorization data that has been stored on said database for said authentication
information when said request can be authenticated, wherein said integrated authorization data includes one or more first
authorization identifiers for said at least one database internal account and one or more second authorization identifiers
for said at least one database external account, and wherein said first one or more authorization identifiers are different
than said second one or more identifiers;
searching, based on said integrated authorization data, an integrated access-privilege set associated with said integrated
authorization data, wherein said integrated access-privilege set has also been stored on said database and includes first
authorization information for said at least one database internal account and second authorization information for said at
least one database external account that has been defined based on said database external authorization information of said
external account defined for said external system, wherein said first and second authorization information define different
access-privileges for accessing said database;
determining, based on said searching of said integrated access-privilege set, whether access to said database should be granted
as said database internal account which has been defined for said database, or whether access to said database should be granted
based on database external authorization information of said external account defined for said external system, wherein said
external authorization information effectively defines at least one database external account for said database corresponding
to said external account defined for said external system;
authorizing access to said database based on access privilege information defined for a database internal account when said
determines that access to said database should be granted as a database internal account defined for said database; and
authorizing access to said database based on said external authorization information defined for said database external account
when said determines that access to said database should be granted based on database external authorization information,
thereby allowing said external account to be effectively used to access said database based on said external authorization
information defined by said external system.
|