Method and system for controlling access to data via a data-centric security model

Assignee

• International Business Machines Corporation · US

Inventors

• Michael P. Bilger · Arlington, US
• Hyman D. Chantz · Scarsdale, US
• Nevenko Zunic · Wappingers Falls, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/6218
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method and system for controlling access to data via a data-centric security model. A business data classification scheme is defined as a hierarchy that includes data types aligned with business operations. A data element is labeled with a data label. The data label includes multiple attributes associated with a data-centric security model. A first attribute is a data type of the data element. A second attribute includes security requirements. Data control rules are automatically generated for an enforcement of the security requirements. The enforcement grants or denies to a user an access to the data element via a predefined action. The enforcement is based on a predefined association among the predefined action, a predefined role that includes the user, the data type and, optionally, a purpose for performing the predefined action.