Method for implementing access control for queries to a content management system

Assignee

• International Business Machines Corporation · US

Inventors

• Rupa Bhaghavan · San Jose, US
• Tawei Hu · San Jose, US
• Kenneth Carlin Nelson · Hollister, US
• Randal J. Richardt · San Jose, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY10S707/99939
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method to generate an SQL sub-expression that implement access control rules stored in a library server. The SQL sub-expression is then merged with the SQL passed from an application program interface (API). The access control checking mechanism is implemented on the server side of the content management system. In this client/server environment, the query SQL statement is built in two layers: the API (client) layer and the server layer. The API sends the query string to the underlying stored procedure. The stored procedure then generates the access control logic based on the configuration parameters of the library server. This access control logic is dynamically added to the query string sent by the API. The stored procedure prepares, builds and executes this new query string as a dynamic SQL statement.