WO2015174977A1 - Accessing data content using closures - Google Patents

Accessing data content using closures Download PDF

Info

Publication number
WO2015174977A1
WO2015174977A1 PCT/US2014/038059 US2014038059W WO2015174977A1 WO 2015174977 A1 WO2015174977 A1 WO 2015174977A1 US 2014038059 W US2014038059 W US 2014038059W WO 2015174977 A1 WO2015174977 A1 WO 2015174977A1
Authority
WO
WIPO (PCT)
Prior art keywords
closure
access
data
data content
tenant
Prior art date
Application number
PCT/US2014/038059
Other languages
French (fr)
Inventor
Patrick Goldsack
Qianhui LIANG
Granville BARNETT
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to PCT/US2014/038059 priority Critical patent/WO2015174977A1/en
Publication of WO2015174977A1 publication Critical patent/WO2015174977A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • Figure 1 illustrates a network implementation of an access control system for controlling access to an object, according to an example of the present subject matter.
  • Figure 2 illustrates components of the access control system, according an example of the present subject matter.
  • Figure 3 illustrates components of the access control system, according to another example of the present subject matter.
  • Figure 4 illustrates the interaction of components of the access control system, according to an example of the present subject matter.
  • Figure 5 illustrates object graphs depicting the controlling access to an object, according to an example of the present subject matter.
  • Figure 6 illustrates a method for controlling access to an object, according to an example of the present subject matter.
  • Figure 7 illustrates a method for controlling access to an object, according to another example of the present subject matter.
  • Figure 8 illustrates a computer readable medium storing instructions for providing an access to an object in a database, according to an example of the present subject matter.
  • an enterprise may maintain a database to store data created by its users, for example, employees and stakeholders.
  • the data may be stored in such databases in the form of objects.
  • Such databases also referred to as object databases, allow objects to be accessed by multiple users depending on the user's associated rights and privileges. These objects may be linked with other objects within the database.
  • the data may be stored in complex linked structures such as, lists, trees, and graphs.
  • the objects in turn may include raw data, documents or any digital content.
  • the objects may be linked to one or more objects in different ways.
  • the users are either granted or denied access to the objects depending upon the access rights associated with the users.
  • the access rights in turn may be prescribed based on the associated role of user within the enterprise organization or the requirements assigned by the enterprise. In this manner, security of the objects is ensured in the multi-tenanted database to prevent unauthorized access.
  • the access rights may be further implemented in conjunction with security policies implemented within an enterprise. However, such mechanisms only control and regulate access at a broad level or a higher level. Such mechanisms may not be suitable for implementing control at object level.
  • closures are defined using closures.
  • a closure may be understood as function or an object definition which either include certain data or a reference to such data. As a result, such data may be considered as bound within the closure.
  • the closure may also be implementable as executable code. In such a case, the data (e.g., the data either included within the closure or referenced by the closure) is not accessible directly. The data within such closures may be accessible only when the closure referencing such data, is executed.
  • Data content may include any type of content generated and maintained by a computing system, such as a database. Such data content may include database entries within the database, maintained in the form of tables. Furthermore, data content may also include content created by an individual, such as documents, and the like. It should be noted that the following are only provided as examples of data content, and should not be construed as a limitation. In other examples, the data content may be bound within a plurality of closures, without deviating from the scope of the present description.
  • closures may be further parameterized while providing the function definition for the closure using one or more formal parameters.
  • formal parameters include identity parameters of tenants requesting access.
  • Closures may be implemented in various ways. For example, it can be implemented based on a functional programming language used (e.g., Lisp, ML, .NET, etc.)
  • the closure as implemented either includes the data content or is referenced by the data content for which a tenant is requesting access.
  • the closure and therefore the data content to be accessed, may be stored in an object database.
  • the tenant requesting access to data content may be directed to the closure.
  • various namespaces may be defined which transparently make the closure accessible in response to access requests, instead of the data content, to the requesting tenant.
  • a system for evaluating and providing access for data content may be implemented.
  • a tenant may request access to data content.
  • the system may provide the closure to which the data content is bound, with the tenant data.
  • the tenant data associated with the tenant in turn may be obtained based on the access request.
  • the tenant data may include information relating to the tenant requesting access.
  • An example of tenant data includes credential information of the tenant.
  • the tenant data may also include information associated with user devices used by the tenants for requesting data content.
  • the tenant data may then be subsequently used for invoking the closure by the system. While invoking the closure, the tenant data is passed as actual parameters to the closure by the system. Once passed, the closure is executed based on the tenant data.
  • the execution of the closure may evaluate the access to the data content and further determine the extent of the access which may be provided to the tenant for the data content. In such a manner, access to the data content may be evacuated and provided through the system, and without further invention from the tenant requesting access.
  • execution of the closure may be affected at runtime.
  • a runtime environment may be provided by the system which executes the closure based on the tenant data obtained from the access request, and also based on the parameterized function definitions of the closures.
  • the runtime environment may evaluate and determine the appropriate access which is to be provided to the tenant requesting access. For example, based on the tenant data, the runtime environment may evaluate whether the entire data content is to be made available, or whether only a portion of data content is to be made available to the requesting tenant.
  • the requested data content may transform the data content before the data content may be provided to the requesting tenant.
  • portions of data content may be obfuscated to conceal information which may otherwise be confidential or proprietary.
  • execution of the closure may also result in error indicating a security violation. In such circumstance, access to the requested data may altogether be denied.
  • the data content may be made available to the tenant using a mediated view.
  • a mediated view may depict a portion or a subset of the data which is being fetched. The portion or the subset of the data may include a plurality of data elements.
  • data content may be transformed before being provided using a mediated view. The mediated view as such does not provide a direct access to the data of the object, but only provides the data content for which access is permitted as determined by the execution of the closure.
  • the multiple closures may be associated with the data content for which access is sought.
  • the runtime environment may provide the tenant data to any one of such multiple closures.
  • one closure from amongst the multiple closures may be determined based on the tenant data.
  • the tenant data may be passed to the identified closure.
  • the closure may be executed to provide a mediated view of the data content which is based on the execution of the closure under consideration.
  • an appropriate mediated view may be generated.
  • different mediated views can be generated depending on the tenant data.
  • the closure may be implemented using functions and executable codes.
  • the closure may be implemented using higher-order functions.
  • a higher-order function may be considered as a function which returns another function.
  • a closure within which the data content is bound when executed by the runtime environment may provide another function to which the data, or a portion of thereof, is bound.
  • the resulting function since being bound to the data content, or portion thereof, is also a closure. Therefore, the closure may thus be dynamically formed over either the entire data content, or a portion of the data, for which access is sought.
  • Such formation of dynamic closures provide the flexibility of creating access controls at specific and granular levels for the data content for which access is sought.
  • the closures may be implemented as functions or may be implemented as object defections.
  • a closure when determining the access which is to be provided to the requesting tenant, only the function is executed based on which a mediated view is provided.
  • either or all functions associated with the closures may be executed to provide a mediated view.
  • a closure In cases where a closure is implemented as an object, it may include multiple methods or functions. Therefore, whether an access is to provide to a tenant, would be based on the execution of all methods or functions which are included within the closure object.
  • a mediated view may be generated which is based on the execution of the different functions or methods included within the closure. It would be understood that in such example implementations, a coordinated mediated view is generated as a result of different functions or methods being executed.
  • a closure may be nested within another closure.
  • a closure may be provided as means for controlling access to another closure.
  • each closure may be nested within another closure.
  • each closure may be further encoded as functions within the code of the nesting closure.
  • closures binding to the data content is implemented so as to dynamically provide a flexible control for accessing the object.
  • the present subject matter provides an easy to scale and secure access control system in the database.
  • the closures can be dynamically created, and applied on the data so that the data is safe and secure allowing access to the data content to be controlled even when the data content has been distributed to other parties.
  • flexibility of the closure's code allows aspects such as sampling and transformation of the data to obfuscate information such as personal information, and so on.
  • the access control rights of an object graph can be composed with the access control rights of another object graph.
  • Figure 1 illustrates a network environment 100 implementing an access control system 102 for controlling access to data content in a database in response to a user request, according to an example of the present subject matter.
  • the data content is further stored in the database as objects.
  • the network environment 100 includes a plurality of user devices 104-1 , 104- 2...104-N. Each of the user devices 104-1 , 104-2...104-N (collectively referred to as user devices 104), are in communication with the access control system 102 through a network 106.
  • the system 102 is further coupled to a database 108 which persistently stores a plurality of objects 1 10-1 , 2, N, linked with each other.
  • the user devices 104 are each operated through users who in turn may require access to one or more objects within the database 108.
  • the access control system 102 may be coupled to the database 108 through network 106 as well, without deviating from the scope of the present subject matter.
  • the database 108 may be implemented as a persistent storage of data content, with the data content being referenced through objects 1 10-1 , 2,...., N.
  • the database 108 stores the objects 1 10-1 , 2,...., N (collectively referred to as objects 1 10) as a linked structure.
  • data content represented by each of the objects 1 10 may be considered as nodes within the linked structure.
  • An example linked structure 1 12 is depicted in Figure 1 .
  • the linked structure 1 12 includes one or more nodes, each of which may correspond to one of the objects 1 10.
  • each of the objects 1 10 may be linked to each other.
  • the object 1 10-1 is a parent node to the objects 1 10-2 and 1 10-3.
  • an access of data content would be achievable through accessing any one or more of the objects 1 10.
  • One or more users or tenant may seek access to the data content and in turn the objects 1 10 stored in the database 108.
  • the tenant may use any of the user devices 104.
  • the user devices 104 are in turn coupled to the database 108 through the access control system 102. Therefore, for accessing data content all the requests from user devices 104 would be routed through the access control system 102.
  • the access control system 102 hereinafter referred to as system 102, may be implemented using one or more systems or computing devices, such as a desktop computer, cloud servers, mainframe computers, workstation, a multiprocessor system, a laptop computer, a network computer, a minicomputer, and a server.
  • the user devices 104 may be one or more computing devices, such as personal computers, desktop computers, minicomputers, laptops, wireless devices, a personal digital assistant, a smart phone, and a mobile phone.
  • the system 102 may also be implemented as part of the database 108, as per another example of the present subject.
  • the network 106 may be a wireless network, a wired network, or a combination thereof.
  • the network 106 can also be an individual network or a collection of many such individual networks, interconnected with each other and functioning as a single large network, e.g., the Internet or an intranet.
  • the network 106 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, and such.
  • the network 106 may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP),, etc., to communicate with each other.
  • HTTP Hypertext Transfer Protocol
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the network 106 may include network devices, such as network switches, hubs, routers, HBAs, for providing a link between the system 102, the database 108, and the user devices 104.
  • the network devices within the network 106 may interact with the system 102 and the user devices 104 through communication links.
  • the access to one or more objects 1 10 within the database 108 is controlled and mediated through access controls implemented as closures 1 14.
  • the closures 1 14 may include the objects 1 10 or may be referenced by the objects 1 10, with which they are associated with.
  • the linked structure 1 12 includes one or more objects 1 10, each of which are associated or bound within respective closures 1 14.
  • all access requests for accessing an object, say object 1 10-1 will be routed to the respective access control, such as the closure 1 14-1 .
  • the closures 1 14 and the objects 1 10 which are bound within the closures 1 14 are stored in the database 108.
  • a tenant wishing to access any of the objects 1 10 is provided access to the closures 1 14.
  • the access control system 102 controls access of data content using the closures 1 14 associated with the objects 1 10.
  • the closures 1 14 may further include encoded access policies for the object, say object 1 10-1 , with which the access control is associated with.
  • the access control system 102 receives one or more request from one or more of the user devices 104 for accessing objects 1 10 within the database 108.
  • the objects 1 10 are bound within the closures 1 14 in such a manner, such that the closures 1 14 either include or are referenced by the data content represented by the objects 1 14.
  • any access to the data content within the objects 1 10 is not possible directly, but is possible only through the closures 1 14.
  • the closures 1 14 may be made public to tenants and the respective user devices 104.
  • control module 1 16 may render the closures 1 14 accessible through object related namespaces.
  • named references within the object related namespace may refer directly to the closures 1 14 and not the bound data content, i.e., the objects 1 10.
  • the closures 1 14 are made accessible to tenants transparently. Therefore, the tenants attempting to access the data content, in turn access the closures 1 14.
  • the access control system 102 further includes a control module 1 16.
  • the control module 1 16 may determine the object, say object 1 10-1 , for which the access request is intended. In an example, the control module 1 16 may monitor the incoming requests originating from one or more tenants. On obtaining the access request, the control module 1 16 may further determine tenant data from the access request.
  • the tenant data may include identity information of the tenant requesting access or the device being used by the user, say user device 104-1 .
  • the tenant information may also include other associated metadata such as information indicating rights or privileges of the user for accessing data within the database 108.
  • the tenant data may also include device information, such as port address and IP address, associated with the user devices 104 requesting access.
  • the control module 1 16 may further obtain object information.
  • the objection information may indicate object specific information such as the identity of the creator of the object, date of creation, and other provenance information.
  • the object information may further include various policy level information prescribing one or more access control parameters.
  • the corresponding object may be identified based on one or more identifications of the object provided in the user request for access.
  • control module 1 16 passes the tenant data and the object information to the closure 1 14-1 .
  • the tenant data and the object information may be passed to the closure 1 14-1 through function call.
  • the control module 1 16 may further execute the closure 1 14- 1 by providing the tenant data and the object information at runtime.
  • the control module 1 16 may evaluate access to the data content. For evaluating the access, the control module 1 16 executes the closure 1 14-1 and obtains the data content which is to be provided in response to the access request. As mentioned previously, each of the closures 1 14 may implement a plurality of functions. The functions within each such closures 1 14 may further be parameterized based on identity of the requesting tenant. While parameterization, one or more formal parameters defining one or more variables within function definitions of each of the closures 1 14, are specified within the respective closures 1 14.
  • control module 1 16 may pass the tenant data as actual parameters to any one of the closures 1 14, e.g., closure 1 14-1 and determine whether the parameters specified in the closure 1 14-1 are conformed with. Only when the tenant information having the exact parameters are passed, is the access to the data content, and in turn the objects 1 10, is provided.
  • the control module 1 16 may further evaluate whether the entire data content or a portion of the data content is to be provided to the tenant based on the execution of the closure 1 14-1 . In another example, the control module 1 16 may further process the data content obtained, to provide a transformed version of the data content. For example, while transforming portion of the data content may be obfuscated or changed depending on whether the data content relates to confidential information. In one example, the control module 1 16 evaluates the access to the data content based on the encoded polices defined within the closure 1 14-1 .
  • the control module 1 16 may further generate a mediated view 1 18 of the requested data content. Since the closure 1 14-1 executed based on the tenant data and the object information, the mediated view 1 18 may be considered as being in context with the access related and object information. As illustrated, the mediated view 1 18 depicts the linked structure 1 12 partially, with only a portion of the linked structure 1 12 depicted as visible (as shown by the solid lines). In such a case, data elements of object for which access was not permitted may either be withheld from the accessing user or may be transformed into another form.
  • the access control system 102 may determine, a mediated view in which the requested object is provided.
  • the table may be presented to the user device 104-1 in a read-only format. As a result, the user device 104-1 would only be in a position to read the data provided in the object.
  • the control module 1 16 executes the one or more of the closures 1 14 at runtime.
  • the control module 1 16 monitors and tracks the access requests from one or more of the user devices 104 and routes the access requests to appropriate any one of the closures 1 14, e.g., closure 1 14-1 , depending on which of the objects 1 10, is to be accessed.
  • the closure 1 14-1 is executed by the control module 1 16, which provide the access to any of the desired objects 1 10, e.g., object 1 10-1 .
  • an object such as object 1 10-1
  • the control module 1 16 passes the tenant data to any one of the closures 1 14, such as closure 1 14-1 , and at runtime executes the closure 1 14-1 associated with the object 1 10-1 using the tenant data. Based on the execution of all such closures 1 14, the control module 1 16 may provide a mediated view of the data content, for which access was requested.
  • closures 1 14 may be implemented as a closure object.
  • the closure under consideration e.g., closure 1 14-2
  • the closure under consideration e.g., closure 1 14-2
  • the closure under consideration may include multiple functions or methods.
  • the control module 1 16 passes the tenant data to the closure 1 14-2.
  • the closure 1 14-2 is executed by the control module 1 16 at runtime.
  • each of the methods or functions are executed and a mediated view is generated.
  • the mediated view provides a coordinated view of the data content for access by the tenant.
  • FIG. 2 illustrates the components of the access control system 102, according to an example of the present subject matter.
  • the access control system 102 includes a processor(s) 202, and module(s) 204 communicatively coupled to the processor(s) 202.
  • the module(s) 204 include routines, programs, objects, components, and data structures, which perform particular tasks or implement particular abstract data types for providing access control for objects.
  • the processor(s) 202 may also be implemented as signal processor(s), state machine(s), logic circuitries, and/or any other device or component that manipulate signals based on operational instructions.
  • the module(s) 204 may be implemented by hardware, by computer-readable instructions executed by a processing unit, or by a combination thereof.
  • the module(s) 204 includes the control module 1 16 and the control module 1 16.
  • the access of the data content, and thus the objects 1 10 is achieved by using the closures 1 14, and is implemented using the access control system 102.
  • the control module 1 16 may track user requests originating from tenants using one or more user devices 104. Based on the access request, the control module 1 16 may obtain tenant data, which in one example, passes the tenant data as actual parameters to any one of the closures 1 14, such as closure 1 14-1 .
  • the control module 1 16 executes the closure 1 14-1 and determines the manner in which the data as prescribed through object 1 10-1 , is to be provided to the tenant.
  • the control module 1 16 determines a mediated view based on object information associated with the object being accessed.
  • a mediated view such as the mediated view 1 18, depicted in Figure 1 , may be considered as a representation of the object data in a specified manner.
  • the object data may be rendered as one of readonly, read-write, or as an image of a linked structure in which the objects are arranged. It should be noted that the type of mediated views are only provided as examples, and should not be construed as limitations. These and other example implementations are further described in conjunction with Figure 3.
  • FIG. 3 illustrates the components of the access control system 102, according to another example of the present subject matter.
  • the access control system 102 includes processor(s) 202, module(s) 204, interface(s) 302 and a memory 304.
  • the memory 304 is coupled to the processor(s) 202.
  • the processor(s) 202 may be further coupled to interface(s) 302 and data 306.
  • the interface(s) 302 may include a variety of software and hardware interfaces, for example, interface for peripheral device(s), such as a keyboard, a mouse, an external memory, a printer, etc.
  • the interface(s) 302 may enable the access control system 102 to communicate over the network 106, and may include one or more ports for connecting the access control system 102 with other computing devices, such as web servers and external databases, such as the database 108.
  • the interface(s) 302 may facilitate multiple communications within a wide variety of protocols and networks such as a network, including wired networks, e.g., LAN, cable, etc., and wireless networks, e.g., WLAN, cellular, satellite, etc.
  • the memory 304 may include any non-transitory computer- readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
  • volatile memory such as static random access memory (SRAM) and dynamic random access memory (DRAM)
  • DRAM dynamic random access memory
  • non-volatile memory such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
  • the module(s) 204 include the control module
  • the other module(s) 312 may include programs or coded instructions that supplement applications and functions, for example, programs within the operating system of the access control system 102.
  • the data 306 may serve as a repository for storing data processed, received, and generated by one or more of the module(s) 204.
  • data 306 stores tenant data 314, object information 316 and other data 318.
  • the other data 318 may include data generated as a result of the execution of one or more modules in the other module(s) 312.
  • the access control system 102 implements access control for objects stored within a database, such as database 108.
  • the objects 1 10 further reference data content for which access is requested.
  • the objects, such as the objects 1 10 within the database 108 may be stored as a linked structure.
  • the objects 1 10 are linked with each other.
  • the different objects 1 10 may be arranged in different layers within the linked structure, with nodes in higher layers being parent nodes to objects present in lower layers.
  • each of the objects 1 10 are associated with at least one closure 1 14.
  • a closure such as closure 1 14-1
  • the object 1 10-1 is bound within the closure 1 14-1 .
  • the objects 1 10 may be understood as bound within the closures 1 14, when the closures 1 14 either explicitly include or reference the respective objects 1 10. This allows the objects 1 10 to be accessed only through the closures 1 14.
  • the closures 1 14 may be parameterized and encoded with identity related information.
  • the closures 1 14 may further include object related attributes such as identity of the object's creator, creation data or other provenance information.
  • Figure 4 illustrates, in an example, the interaction of the different components of the access control system 102.
  • one or more tenants through user devices 104 may wish to access data content within database 108.
  • the user devices 104 may generate access requests for accessing the database 108.
  • the access requests are communicated over network 106 and are obtained by the session manager 308 within the access control system 102.
  • the session manager 308 passes the access request to the authorization engine 310.
  • the authorization engine 310 on receiving the access request obtains the tenant credentials. Based on the tenant credentials, various permissions and other tenant related information is passed onto the session manager 308.
  • the session manager 308 on obtaining such tenant related information creates a session during which the access to the desired data content may be sought.
  • the session manager 308 retains the tenant related information as tenant data 314.
  • the tenant data 314 may be stored permanently within the access control system 102, or may be retained temporarily till the session persists. Besides the tenant data 314 metadata providing one or more permissions, user identities, etc., may also be stored within the tenant data 314.
  • the tenant data 314 may also include the information associated with the user device, such as device ID of user device 104-1 , which had generated the access request.
  • the tenant data 314 may further include metadata prescribing various rights or permissions already associated with the user requesting access.
  • the tenant data 314 may be obtained and stored by the control module 1 16 at runtime.
  • the control module 1 16 continuously tracks and monitors the incoming access requests. Based on the access request, the control module 1 16 may identify an object, for example the object 1 10-1 , which the accessing tenant wishes to access. On identifying the object 1 10-1 , the control module 1 16 may determine whether the desired object 1 10-1 is associated with a corresponding access control, such as the closure 1 14-1 . In case no access control is determined to be associated with the object 1 10-1 , the control module 1 16 may allow the data content to be provided to the tenant requesting access.
  • a corresponding access control such as the closure 1 14-1
  • the control module 1 16 creates a runtime environment 400 for the execution of the closure 1 14-1 .
  • the control module 1 16 subsequently executes the closure 1 14-1 within the runtime environment 400.
  • the session manager 308 may further obtain the tenant data 314 and pass the same to the closure 1 14-1 at runtime.
  • the control module 1 16 executes the closure 1 14-1 based on the tenant data 314. In an example, during execution the tenant data 314 may be passed as actual parameters to the closure 1 14-1 .
  • the control module 1 16 may determine the privileges which would be provided to the tenant requesting access to the data content.
  • the closure 1 14- 1 executes and returns data content in conformance with the access request.
  • the data returned may be either unamended, or may be filtered or modified depending on the identity of the requesting tenant. For example, a first user may be provided with unlimited access to the data content. However another user may be provided only access to specific entries, with also restrictive permissions while viewing such data.
  • control module 1 16 may further obtain a mediated view of the data content associated with the object 1 10-1 .
  • the control module 1 16 may generate the mediated view based on the execution of the closure 1 14-1 . Accordingly, the data content may be provided to the tenant in a modified or in an unmodified form.
  • the mediated view may be understood as only a projection or representation of the object data, and not the actual object data.
  • the control module 1 16 may determine that only read-access should be provided to the object 1 10-1 associated with a database table.
  • the view module 206 may provide the database table as an image. Since an image would not allow any editing or copying of the object 1 10-1 , adequate access control is achieved.
  • a mediated view may also indicate that the user is not authorized for accessing the object 1 10-1 by providing an indication or a message indicating that an accessing user is not authorized to access the object 1 10-1 .
  • the control module 1 16 may determine the initial data type the object 1 10-1 . Upon execution of the closure 1 14-1 , the control module 1 16 may further determine a second data type for the data content for which access is evaluated. The control module 1 16 may subsequently generate a mediated view providing data content having the second data type.
  • each of the objects 1 10 may be further associated with multiple closures 1 14.
  • the multiple closures 1 14 may be nested within each other.
  • a closure e.g., closure 1 14-1 may be provided as means for controlling access to another closure, e.g., closure 1 14- 2.
  • the closure 1 14-2 may be further encoded within the code of the nesting closure 1 14-1 .
  • each of the closures 1 14 would be executed within the runtime environment by the control module 1 16.
  • the closure 1 14-1 may further reference another closure, say 1 14-2.
  • the closures 1 14-1 and 1 14-2 may be so encoded such that they are invocable for different tenant data 314.
  • the closure 1 14-1 may be so encoded such that a first set of appropriate functions would be executable for specific tenants, such as a user device 104-1 , but the referenced closure 1 14-2 is invoked if another tenant, for example using user device 104-2, requests access for the data content.
  • the data content may be made available to user device 104-1 in its unamended form.
  • the referenced closure 1 14-2 would be invoked, and a correspondingly different view of the data content would be made available. In such a case, even if the data content obtained by user device 104-1 was shared with another user, the referenced closure 1 14-1 would still determine to what extent the data is to be provided to the requesting user.
  • any one of the closures 1 14, such as the closure 1 14-1 may be used to dynamically create and bind additional closures onto the returned data.
  • the closure 1 14-1 may be implemented using higher-order functions. As would be understood, higher-order functions are functions which return another function.
  • a closure bound to data content when executed by the runtime environment may return another closure to which the objects 1 10, or a portion of thereof, may be further bound.
  • a closure 1 14-1 implemented as a higher-order function over a list may return sub-closures implemented over elements of the list.
  • the control module 1 16 may further generate a mediated view which includes such returned elements with the additional closure.
  • the mediated view having the elements with the additional closure may provide access to the tenant.
  • the closure applied to the retrained data would be executed to determine whether the other tenants are permitted to view or access said data.
  • granular access to specific elements of the data content may be further provided.
  • such a mechanism also provides continual control of access to data content, even when it has been distributed to other tenants.
  • the closures 1 14 may be further implemented using syntax describing the specific functions. It should be noted that the closures 1 14 are defined using functions which are invocable not based on input provided by the tenant but by the control module 1 16. The control module 1 16 provides the tenant data 314 based on which the closures 1 14 may be executed.
  • Figure 5 provide object graph 502 and 504 which depict the manner in which access control is implemented for two different tenants intending to access an object, such as object 1 10-1 .
  • object graphs provided in Figure 4 are as per an example of the present subject matter, and should not be construed as a limitation.
  • Figure 5 depicts the objects, such as objects 1 10 arranged in a linked structure represented as an object graph 502.
  • the object graph 502 is composed of three tiers namely, tier 506, 508 and 510.
  • the node lying in tier 506 may be considered as a root node 512.
  • the root node 512 further is associated with other nodes in the tier 508 and 510.
  • the nodes within the tier 508 are child nodes to the root node 512, whereas the nodes within the tier 510 are in turn child nodes of the nodes lying in tier 508.
  • the object graph 502 depicts data corresponding to event logs collected from one or more networked devices within an enterprise network. Besides various event logs and other network related information, such event logs may also include user sensitive data such as IP addresses and host names. Such information is sensitive and confidential in nature, and is generally expected to be kept secure.
  • closures 514-1 , 2,..., n are defined. It should be noted that not all objects 1 10 are bound within the closures 1 14. Some objects 1 10 may be referenced and thus also accessible directly.
  • Each of the closures 514-1 , 2,..., n (collectively referred to as closures 514) is implemented as executable code, and either includes the associated objects 1 10 or may be referenced by the related objects. The closures 514 thus implemented bind the data content represented through objects 1 10 in such a manner, such that the objects 1 10 are not accessible directly, but only through the closures 514.
  • the closures 514 are executed depending on whether the requests for accessing their associated objects 1 10 are received.
  • the root node 512 may be associated with a Log object with the other nodes providing IP object, and other objects.
  • Figure 5 depicts an example in which the event log data is being accessed by a first and a second user through two user devices 104-1 , 2.
  • both users have privileges to access the Log data, but only the user operating through the user devices 104-1 may access the IP related objects included within the Log data.
  • an access request is received by the access control system 102.
  • the control module 1 16 within the access control system 102 obtains the related tenant data 314.
  • the control module 1 16 determines that the IP object as the object for which access is sought, based on the tenant data 314. Once identified, the control module 1 16 passes the tenant data 314 to the associated closure 514-1 .
  • the user identity information obtained from the tenant data 314, is passed by control module 1 16 to the closure 514-1 .
  • the control module 1 16 may execute the closure 514-1 , and at runtime determine whether the access request against the Log object is satisfied.
  • the closure 514-1 is so configured so as to return the log data with or without data for predefined number of users.
  • the control further progresses to the object at node 516.
  • the control module 1 16 at runtime may further determine whether the access is to be provided based on the received request.
  • the control module 1 16 passes the tenant data 314 to closure 514- 2, based on which it is executed.
  • the view module 206 may determine and provide the mediating view, such as depicted by the object graph 502.
  • Figure 5 additionally depicts another example where a user, for example a user using the user device 104-2, attempts to access the IP related objects within the same linked structure. Since the user has the necessary privileges to access the Log object, access is allowed by the closures 514-1 . However, as the control progresses to the IP objects, the closure 514-2, based on the tenant data 314 associated with the second user at runtime controls the access to the IP related information based on the tenant data 314. As a result, only a portion of the IP object data may be provided to the second user. For example, an image representing only the portion of the object data as object graph 404, as depicted by solid lines, is made available to the second user.
  • control module 1 16 may generate a mediated view which only provides a portion of IP object data corresponding to the graph depicted by solid lines, and not the portion of the object graph depicted by dotted lines.
  • the data requested was in the form of a table, entries providing the IP address information would not be provided as part of the mediated view.
  • Figure 6 illustrates a method 600 for providing an access to one or more object 1 10 in the database 108, according to an example of the present subject matter.
  • the order in which the method 600 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement method 600, or an alternative method. Additionally, individual blocks may be deleted from the method 600 without departing from the spirit and scope of the subject matter described herein.
  • the method 600 may be implemented in any suitable hardware, machine readable instructions, firmware, or combination thereof.
  • tenant data associated with an access request is obtained.
  • the control module 1 16 receives an access request for accessing data content from a user using any one of the user devices 104. Based on the access request, information associated with the user requesting access is obtained and stored in tenant data 314.
  • the tenant data 314 may include identity information, such as user credentials, associated with the user requesting access to an object. Besides the user credentials, the tenant data 314 may also provide an identification of the object, say object 1 10-1 , which is to be accessed.
  • the tenant data is passed to one or more closures to which the data content to be accessed is bound.
  • the control module 1 16 on obtaining the tenant data 314 passes the same to the closure 1 14-1 associated with the object 1 10-1 .
  • the data content, i.e., the object 1 10-1 , to be access is bound within the closure 1 14-1 .
  • the closure 1 14-1 further is parameterized using one or more identity related parameters.
  • the control module 1 16 further implements a runtime environment within which the tenant data 314 is passed as actual parameters to the parameterized closure 1 14-1 .
  • the closure is executed based on the tenant data at runtime.
  • the control module 1 16 invokes and executes the closure 1 14-1 at runtime based on the tenant data 314.
  • the control module 1 16 may determine the extent of the data content which may be provided to the requesting tenant.
  • the data content may be provided either completely, or may be provided in a modified or abridged form.
  • a mediated view may be generated providing the data content to the requesting tenant.
  • the mediated view may be understood as only a projection or representation of the object data, and not the actual object data. Examples of a mediated view include a snapshot of object graph or data portions of object data which are obfuscated.
  • Figure 7 illustrates a method 700 for providing access to one or more object 1 10 in the database 108, according to another example of the present subject matter.
  • the order in which the method 700 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement method 700, or an alternative method.
  • an access request is received from a tenant for accessing data content.
  • the access request may be received from a tenant using any one of the user devices 104, for accessing one or more objects 1 10.
  • the access request may be intercepted by the control module 1 16.
  • Each of the objects 1 10 are further bound within one or more closures 1 14.
  • the closures 1 14 on the other hand, either include the objects 1 10, or are referenced by the objects 1 10.
  • the closures 1 14 are parameterized using parameters related to identity of tenants requesting access to data content.
  • the objects 1 10 may be stored in persistent storage, such as a database 108.
  • tenant data associated with the access request is obtained.
  • the control module 1 16 obtains the access request and obtains information pertaining to the tenant requesting access to data content.
  • the tenant information is stored as tenant data 314.
  • the tenant data 314 may include user identity information, such as credential information. Besides the user credentials, the tenant data 314 may also provide an identification of the object, say object 1 10-1 , which is to be accessed.
  • a closure to which the data content is bound is identified.
  • named references within the object related namespace may refer directly to the closures 1 14 and not the bound data content, i.e., the objects 1 10.
  • the control module 1 16 Based on the access request, the control module 1 16 identifies the closure, such as closure 1 14-1 , associated with the data content which is to be accessed.
  • the tenant data is passed as an actual parameter to a closure with which the object for which access is requested, is bound.
  • the control module 1 16 may pass the tenant data 314 to the closure 1 14-1 .
  • the tenant data 314 may be maintained within a session, maintained by the session manager 308.
  • the closures are executed using the tenant data to evaluate access to be applied to the data content.
  • the control module 1 16 invokes and executes the closures 1 14, such as closure 1 14-1 .
  • data content for which access was sought is obtained.
  • the data content may be further processed to determine whether the entire data content should be provided or whether a modified or an abridged version of the data content is to be made available to the requesting tenant.
  • the execution of the closure 1 14-1 based on the tenant data 314 may also limit or altogether prohibit access to the data content.
  • a mediated view is provided based on the evaluation of the access control for the data content.
  • the control module 1 16 may generate a mediated view, such as the mediated view 1 18, based on the tenant data 314.
  • the mediated view only provides a projection or representation of the object data but does not make the actual data available to the requesting user.
  • the extent of access provided to the user over the object data may also be controlled.
  • Figure 8 illustrates a network environment 800 for providing access controls to one or more objects in a database, according to an example of the present subject matter.
  • the network environment 800 may be a public networking environment or a private networking environment.
  • the network environment 800 includes a processing resource 802 communicatively coupled to a computer readable medium 804 through a communication link 810.
  • the computer readable medium 804 is communicatively coupled to a processing resource 802 over the communication link 810.
  • the processing resource 802 can be a computing device, such as a server, a laptop, a desktop, a mobile device, and the like.
  • the computer readable medium 804 can be, for example, an internal memory device or an external memory device or any commercially available non transitory computer readable medium.
  • the communication link 810 may be a direct communication link, such as any memory read/write interface.
  • the communication link 810 may be an indirect communication link, such as a network interface.
  • the processing resource 802 can access the computer readable medium 804 through a network 806.
  • the network 806, like the network 106 may be a single network or a combination of multiple networks and may use a variety of different communication protocols.
  • the processing resource 802 and the computer readable medium 804 may also be communicatively coupled to data sources 808 over the network.
  • the data sources 808 can include, for example, databases and computing devices.
  • the data sources 808 may be used by an enterprise to store data generated by various employees and stakeholders associated with the enterprise.
  • the computer readable medium 804 includes a set of computer readable instructions, such as control module 1 16 and control module 1 16.
  • the set of computer readable instructions can be accessed by the processing resource 802 through the communication link 810 and subsequently executed to provide an access control of an object 1 10 stored in the data source 708 to a user.
  • the control module 1 16 controls access of one or more objects, such as objects 1 10.
  • objects 1 10 are further bound within one or more closures 1 14.
  • the closures 1 14 allow a mechanism by which the objects 1 10 are not accessible. Access to the objects 1 10 may be permitted only through the closures 1 14.
  • the closures 1 14 may include executable functions having function definition for the closure using one or more formal parameters.
  • the control module 1 16 may track and intercept access requests originating from one or more user devices 104. Based on the access request, the control module 1 16 may obtain tenant data, which may be stored as tenant data 314.
  • the tenant data 314 may include information pertaining to the user requesting access of an object, say user device 104-2.
  • An example of tenant data 314 includes, but not restricted to, identity information in the form of user credentials, and one or more access rights or privileges associated with the user.
  • the control module 1 16 may further also obtain object information.
  • the control module 1 16 passes the information as a functional parameter to the access control, such as closure 1 14-1 , associated with an object 1 10-1 , which is to be accessed. Accordingly, when the access request is being processed, the control module 1 16 may invoke and execute the closure 1 14-1 based on the values from the tenant data 314. On executing the closure 1 14-1 , the access control is evaluated and data content is returned. The extent of the data content returned is dependent on the closure 1 14-1 and the tenant data 314, based on which the closure 1 14-1 was executed. For example, the control module 1 16 may apply the functions included within the closure 1 14-1 onto the data content. The data content may be further processed, depending on the tenant data 314. Accordingly, either the data content may be provided to the tenant in either an abridged, unabridged format. In another example, the data content may be further transformed as a result of the execution of functions within the closure 1 14-1 .
  • the control module 1 16 may generate a mediated view of the object for which access was requested. Based on the mediated view, the control module 1 16 provides a representation of the object data in a manner depending on the permissions allocated for the access request. For example, in a mediated view, the object data may be rendered as one of readonly, read-write, or as an image.
  • the mediated view thus provides the user, e.g., the user device 104-2, to either view the data in either read-only form, read-write form, or as an image. In the manner, access to one or more object is controlled.

Abstract

Systems and methods for controlling access to data content are described. In an example, tenant data associated with the access request provided by the tenant, is obtained. Once obtained, the tenant data is passed to a closure within which the data content is bound. The closure further includes one or more formal parameters based on identity information of tenants requesting access. The closure receives the tenant data as a parameter. Based on the tenant data, the access control is executed to evaluate access to the data content.

Description

ACCESSING DATA CONTENT USING CLOSURES
BACKGROUND
[0001] Large amounts of data are routinely created and persistently stored in databases. Generally, this data is created and accessed by various users. For example, an organization may maintain a database for storing the data of or generated by members of an organization. Further, the users are assigned access rights which allow only the authorized users to access the data, and denying any access to users who are not authorized, i.e., do not have the requisite access rights.
BRIEF DESCRIPTION OF DRAWINGS
[0002] The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the figures to reference like features and components:
[0003] Figure 1 illustrates a network implementation of an access control system for controlling access to an object, according to an example of the present subject matter.
[0004] Figure 2 illustrates components of the access control system, according an example of the present subject matter.
[0005] Figure 3 illustrates components of the access control system, according to another example of the present subject matter. [0006] Figure 4 illustrates the interaction of components of the access control system, according to an example of the present subject matter.
[0007] Figure 5 illustrates object graphs depicting the controlling access to an object, according to an example of the present subject matter.
[0008] Figure 6 illustrates a method for controlling access to an object, according to an example of the present subject matter.
[0009] Figure 7 illustrates a method for controlling access to an object, according to another example of the present subject matter.
[0010] Figure 8 illustrates a computer readable medium storing instructions for providing an access to an object in a database, according to an example of the present subject matter.
DETAILED DESCRIPTION
[0011 ] Typically, an enterprise may maintain a database to store data created by its users, for example, employees and stakeholders. The data may be stored in such databases in the form of objects. Such databases, also referred to as object databases, allow objects to be accessed by multiple users depending on the user's associated rights and privileges. These objects may be linked with other objects within the database. In some cases, owing to size of the data stored within such databases, the data may be stored in complex linked structures such as, lists, trees, and graphs. The objects in turn may include raw data, documents or any digital content. Within the hierarchical structure, the objects may be linked to one or more objects in different ways.
[0012] The users are either granted or denied access to the objects depending upon the access rights associated with the users. The access rights in turn may be prescribed based on the associated role of user within the enterprise organization or the requirements assigned by the enterprise. In this manner, security of the objects is ensured in the multi-tenanted database to prevent unauthorized access. The access rights may be further implemented in conjunction with security policies implemented within an enterprise. However, such mechanisms only control and regulate access at a broad level or a higher level. Such mechanisms may not be suitable for implementing control at object level.
[0013] Systems and methods for providing access to data content are described. As per an example of the present subject matter, access controls are defined using closures. A closure may be understood as function or an object definition which either include certain data or a reference to such data. As a result, such data may be considered as bound within the closure. The closure may also be implementable as executable code. In such a case, the data (e.g., the data either included within the closure or referenced by the closure) is not accessible directly. The data within such closures may be accessible only when the closure referencing such data, is executed.
[0014] As per example implementations of the present subject matter, data content sought to be accessed by one or more tenants is bound within a closure. As a result, such data content would be accessible by tenants only through the closure. Data content may include any type of content generated and maintained by a computing system, such as a database. Such data content may include database entries within the database, maintained in the form of tables. Furthermore, data content may also include content created by an individual, such as documents, and the like. It should be noted that the following are only provided as examples of data content, and should not be construed as a limitation. In other examples, the data content may be bound within a plurality of closures, without deviating from the scope of the present description.
[0015] Continuing with the present example implementation, besides the data content, for which access may be requested, the closures may be further parameterized while providing the function definition for the closure using one or more formal parameters. Examples of such formal parameters include identity parameters of tenants requesting access. Closures may be implemented in various ways. For example, it can be implemented based on a functional programming language used (e.g., Lisp, ML, .NET, etc.)
[0016] The closure as implemented either includes the data content or is referenced by the data content for which a tenant is requesting access. The closure, and therefore the data content to be accessed, may be stored in an object database. In the present example, the tenant requesting access to data content may be directed to the closure. For example, within the database, various namespaces may be defined which transparently make the closure accessible in response to access requests, instead of the data content, to the requesting tenant.
[0017] In one example, a system for evaluating and providing access for data content may be implemented. In operation, a tenant may request access to data content. On receiving such a request, the system may provide the closure to which the data content is bound, with the tenant data. The tenant data associated with the tenant in turn may be obtained based on the access request. The tenant data may include information relating to the tenant requesting access. An example of tenant data includes credential information of the tenant. Besides the tenant credentials, the tenant data may also include information associated with user devices used by the tenants for requesting data content. The tenant data may then be subsequently used for invoking the closure by the system. While invoking the closure, the tenant data is passed as actual parameters to the closure by the system. Once passed, the closure is executed based on the tenant data. The execution of the closure may evaluate the access to the data content and further determine the extent of the access which may be provided to the tenant for the data content. In such a manner, access to the data content may be evacuated and provided through the system, and without further invention from the tenant requesting access.
[0018] In an example, execution of the closure may be affected at runtime. During runtime, a runtime environment may be provided by the system which executes the closure based on the tenant data obtained from the access request, and also based on the parameterized function definitions of the closures. Depending on the tenant data and the parameterized closures, the runtime environment may evaluate and determine the appropriate access which is to be provided to the tenant requesting access. For example, based on the tenant data, the runtime environment may evaluate whether the entire data content is to be made available, or whether only a portion of data content is to be made available to the requesting tenant. In another example, the requested data content, either wholly or partially, may transform the data content before the data content may be provided to the requesting tenant. In such a case, portions of data content may be obfuscated to conceal information which may otherwise be confidential or proprietary. In another example, execution of the closure may also result in error indicating a security violation. In such circumstance, access to the requested data may altogether be denied.
[0019] In one example, the data content may be made available to the tenant using a mediated view. A mediated view may depict a portion or a subset of the data which is being fetched. The portion or the subset of the data may include a plurality of data elements. In another example, data content may be transformed before being provided using a mediated view. The mediated view as such does not provide a direct access to the data of the object, but only provides the data content for which access is permitted as determined by the execution of the closure.
[0020] In another example, the multiple closures may be associated with the data content for which access is sought. In such cases, the runtime environment may provide the tenant data to any one of such multiple closures. In one example, one closure from amongst the multiple closures may be determined based on the tenant data. Once the appropriate closure is identified, the tenant data may be passed to the identified closure. Subsequently, the closure may be executed to provide a mediated view of the data content which is based on the execution of the closure under consideration. Depending on the closure which was executed, an appropriate mediated view may be generated. As should be understood, with the multiple closures, different mediated views can be generated depending on the tenant data.
[0021] As mentioned previously, the closure may be implemented using functions and executable codes. In another example, the closure may be implemented using higher-order functions. A higher-order function may be considered as a function which returns another function. In such a case, a closure within which the data content is bound, when executed by the runtime environment may provide another function to which the data, or a portion of thereof, is bound. The resulting function since being bound to the data content, or portion thereof, is also a closure. Therefore, the closure may thus be dynamically formed over either the entire data content, or a portion of the data, for which access is sought. Such formation of dynamic closures provide the flexibility of creating access controls at specific and granular levels for the data content for which access is sought.
[0022] As also mentioned, the closures may be implemented as functions or may be implemented as object defections. In case a closure is implemented as a function, when determining the access which is to be provided to the requesting tenant, only the function is executed based on which a mediated view is provided. Where multiple closures are used, either or all functions associated with the closures may be executed to provide a mediated view. In cases where a closure is implemented as an object, it may include multiple methods or functions. Therefore, whether an access is to provide to a tenant, would be based on the execution of all methods or functions which are included within the closure object. Furthermore, a mediated view may be generated which is based on the execution of the different functions or methods included within the closure. It would be understood that in such example implementations, a coordinated mediated view is generated as a result of different functions or methods being executed.
[0023] In yet another example, a closure may be nested within another closure. In such a way, a closure may be provided as means for controlling access to another closure. In another example involving multiple closure, each closure may be nested within another closure. For nesting, each closure may be further encoded as functions within the code of the nesting closure.
[0024] It should also be noted that the closures binding to the data content, as described above, is implemented so as to dynamically provide a flexible control for accessing the object. The present subject matter provides an easy to scale and secure access control system in the database. The closures can be dynamically created, and applied on the data so that the data is safe and secure allowing access to the data content to be controlled even when the data content has been distributed to other parties. Further, flexibility of the closure's code allows aspects such as sampling and transformation of the data to obfuscate information such as personal information, and so on. Also, with the present subject matter, the access control rights of an object graph can be composed with the access control rights of another object graph.
[0025] The various systems and the methods are further described in conjunction with the following figures. It should be noted that the description and figures merely illustrate the principles of the present subject matter. Further, various arrangements may be devised that, although not explicitly described or shown herein, embody the principles of the present subject matter and are included within its scope.
[0026] The manner in which the systems and the methods for providing an access to an object in a database are implemented, are explained in detail with respect to Figures 1 to 8. While aspects of described systems and methods for providing access control to an object in a database can be implemented in any number of different computing systems, environments, and/or implementations, the examples and implementations are described in the context of the following system(s).
[0027] Figure 1 illustrates a network environment 100 implementing an access control system 102 for controlling access to data content in a database in response to a user request, according to an example of the present subject matter. The data content is further stored in the database as objects. The network environment 100 includes a plurality of user devices 104-1 , 104- 2...104-N. Each of the user devices 104-1 , 104-2...104-N (collectively referred to as user devices 104), are in communication with the access control system 102 through a network 106. The system 102 is further coupled to a database 108 which persistently stores a plurality of objects 1 10-1 , 2, N, linked with each other. The user devices 104 are each operated through users who in turn may require access to one or more objects within the database 108.
[0028] The access control system 102 may be coupled to the database 108 through network 106 as well, without deviating from the scope of the present subject matter. The database 108 may be implemented as a persistent storage of data content, with the data content being referenced through objects 1 10-1 , 2,...., N. As mentioned previously, the database 108 stores the objects 1 10-1 , 2,...., N (collectively referred to as objects 1 10) as a linked structure. In such a case, data content represented by each of the objects 1 10 may be considered as nodes within the linked structure. An example linked structure 1 12 is depicted in Figure 1 . In the present example, the linked structure 1 12 includes one or more nodes, each of which may correspond to one of the objects 1 10. Within the linked structure 1 12, each of the objects 1 10 may be linked to each other. For example, the object 1 10-1 is a parent node to the objects 1 10-2 and 1 10-3. As would be appreciated, an access of data content would be achievable through accessing any one or more of the objects 1 10.
[0029] One or more users or tenant may seek access to the data content and in turn the objects 1 10 stored in the database 108. In order to access the database 108, the tenant may use any of the user devices 104. The user devices 104 are in turn coupled to the database 108 through the access control system 102. Therefore, for accessing data content all the requests from user devices 104 would be routed through the access control system 102. In one example, the access control system 102, hereinafter referred to as system 102, may be implemented using one or more systems or computing devices, such as a desktop computer, cloud servers, mainframe computers, workstation, a multiprocessor system, a laptop computer, a network computer, a minicomputer, and a server. Further, the user devices 104 may be one or more computing devices, such as personal computers, desktop computers, minicomputers, laptops, wireless devices, a personal digital assistant, a smart phone, and a mobile phone. The system 102 may also be implemented as part of the database 108, as per another example of the present subject.
[0030] The network 106 may be a wireless network, a wired network, or a combination thereof. The network 106 can also be an individual network or a collection of many such individual networks, interconnected with each other and functioning as a single large network, e.g., the Internet or an intranet. The network 106 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, and such. The network 106 may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP),, etc., to communicate with each other. Further, the network 106 may include network devices, such as network switches, hubs, routers, HBAs, for providing a link between the system 102, the database 108, and the user devices 104. The network devices within the network 106 may interact with the system 102 and the user devices 104 through communication links.
[0031] The access to one or more objects 1 10 within the database 108 is controlled and mediated through access controls implemented as closures 1 14. The closures 1 14 may include the objects 1 10 or may be referenced by the objects 1 10, with which they are associated with. For example, as depicted in Figure 1 , the linked structure 1 12 includes one or more objects 1 10, each of which are associated or bound within respective closures 1 14. Correspondingly all access requests for accessing an object, say object 1 10-1 , will be routed to the respective access control, such as the closure 1 14-1 . As should be noted, the closures 1 14 and the objects 1 10 which are bound within the closures 1 14 are stored in the database 108. A tenant wishing to access any of the objects 1 10 is provided access to the closures 1 14.
[0032] The access control system 102 controls access of data content using the closures 1 14 associated with the objects 1 10. The closures 1 14 may further include encoded access policies for the object, say object 1 10-1 , with which the access control is associated with. In operation, the access control system 102 receives one or more request from one or more of the user devices 104 for accessing objects 1 10 within the database 108. The objects 1 10 are bound within the closures 1 14 in such a manner, such that the closures 1 14 either include or are referenced by the data content represented by the objects 1 14. As a result, any access to the data content within the objects 1 10 is not possible directly, but is possible only through the closures 1 14. The closures 1 14 may be made public to tenants and the respective user devices 104. For example, the control module 1 16 may render the closures 1 14 accessible through object related namespaces. As a result, named references within the object related namespace may refer directly to the closures 1 14 and not the bound data content, i.e., the objects 1 10. In such a manner, the closures 1 14 are made accessible to tenants transparently. Therefore, the tenants attempting to access the data content, in turn access the closures 1 14.
[0033] The access control system 102 further includes a control module 1 16. On receiving the user request, the control module 1 16 may determine the object, say object 1 10-1 , for which the access request is intended. In an example, the control module 1 16 may monitor the incoming requests originating from one or more tenants. On obtaining the access request, the control module 1 16 may further determine tenant data from the access request. In one example, the tenant data may include identity information of the tenant requesting access or the device being used by the user, say user device 104-1 . The tenant information may also include other associated metadata such as information indicating rights or privileges of the user for accessing data within the database 108. In another example, the tenant data may also include device information, such as port address and IP address, associated with the user devices 104 requesting access.
[0034] On receiving the tenant data, the control module 1 16 may further obtain object information. The objection information, amongst other types of information, may indicate object specific information such as the identity of the creator of the object, date of creation, and other provenance information. The object information may further include various policy level information prescribing one or more access control parameters. The corresponding object may be identified based on one or more identifications of the object provided in the user request for access.
[0035] Once determined, the control module 1 16 passes the tenant data and the object information to the closure 1 14-1 . The tenant data and the object information may be passed to the closure 1 14-1 through function call. As the values are passed, the control module 1 16 may further execute the closure 1 14- 1 by providing the tenant data and the object information at runtime.
[0036] Depending on the tenant data, the control module 1 16 may evaluate access to the data content. For evaluating the access, the control module 1 16 executes the closure 1 14-1 and obtains the data content which is to be provided in response to the access request. As mentioned previously, each of the closures 1 14 may implement a plurality of functions. The functions within each such closures 1 14 may further be parameterized based on identity of the requesting tenant. While parameterization, one or more formal parameters defining one or more variables within function definitions of each of the closures 1 14, are specified within the respective closures 1 14. Upon execution, the control module 1 16 may pass the tenant data as actual parameters to any one of the closures 1 14, e.g., closure 1 14-1 and determine whether the parameters specified in the closure 1 14-1 are conformed with. Only when the tenant information having the exact parameters are passed, is the access to the data content, and in turn the objects 1 10, is provided.
[0037] The control module 1 16 may further evaluate whether the entire data content or a portion of the data content is to be provided to the tenant based on the execution of the closure 1 14-1 . In another example, the control module 1 16 may further process the data content obtained, to provide a transformed version of the data content. For example, while transforming portion of the data content may be obfuscated or changed depending on whether the data content relates to confidential information. In one example, the control module 1 16 evaluates the access to the data content based on the encoded polices defined within the closure 1 14-1 .
[0038] Once obtained, the control module 1 16 may further generate a mediated view 1 18 of the requested data content. Since the closure 1 14-1 executed based on the tenant data and the object information, the mediated view 1 18 may be considered as being in context with the access related and object information. As illustrated, the mediated view 1 18 depicts the linked structure 1 12 partially, with only a portion of the linked structure 1 12 depicted as visible (as shown by the solid lines). In such a case, data elements of object for which access was not permitted may either be withheld from the accessing user or may be transformed into another form. For example, if the user device 104-1 has requested access to an object 1 10-1 , say a table within the database 108, the access control system 102 may determine, a mediated view in which the requested object is provided. In one example, the table may be presented to the user device 104-1 in a read-only format. As a result, the user device 104-1 would only be in a position to read the data provided in the object.
[0039] In one example, the control module 1 16 executes the one or more of the closures 1 14 at runtime. When implemented at runtime, the control module 1 16 monitors and tracks the access requests from one or more of the user devices 104 and routes the access requests to appropriate any one of the closures 1 14, e.g., closure 1 14-1 , depending on which of the objects 1 10, is to be accessed. The closure 1 14-1 is executed by the control module 1 16, which provide the access to any of the desired objects 1 10, e.g., object 1 10-1 .
[0040] Although not depicted in Figure 1 an object, such as object 1 10-1 , may be associated with multiple closures 1 14. In such a case, the control module 1 16 passes the tenant data to any one of the closures 1 14, such as closure 1 14-1 , and at runtime executes the closure 1 14-1 associated with the object 1 10-1 using the tenant data. Based on the execution of all such closures 1 14, the control module 1 16 may provide a mediated view of the data content, for which access was requested.
[0041] Any one or more of the closures 1 14 may be implemented as a closure object. In such a case, the closure under consideration, e.g., closure 1 14-2, may include multiple functions or methods. At runtime, the control module 1 16 passes the tenant data to the closure 1 14-2. Once the tenant data is passed, the closure 1 14-2 is executed by the control module 1 16 at runtime. During execution each of the methods or functions are executed and a mediated view is generated. As a result of multiple functions executing within the closure object 1 14-2, the mediated view provides a coordinated view of the data content for access by the tenant.
[0042] Figure 2 illustrates the components of the access control system 102, according to an example of the present subject matter. In one implementation, the access control system 102 includes a processor(s) 202, and module(s) 204 communicatively coupled to the processor(s) 202. The module(s) 204, amongst other things, include routines, programs, objects, components, and data structures, which perform particular tasks or implement particular abstract data types for providing access control for objects. The processor(s) 202 may also be implemented as signal processor(s), state machine(s), logic circuitries, and/or any other device or component that manipulate signals based on operational instructions. Further, the module(s) 204 may be implemented by hardware, by computer-readable instructions executed by a processing unit, or by a combination thereof. In one implementation, the module(s) 204 includes the control module 1 16 and the control module 1 16.
[0043] The access of the data content, and thus the objects 1 10 is achieved by using the closures 1 14, and is implemented using the access control system 102. In one example, the control module 1 16 may track user requests originating from tenants using one or more user devices 104. Based on the access request, the control module 1 16 may obtain tenant data, which in one example, passes the tenant data as actual parameters to any one of the closures 1 14, such as closure 1 14-1 .
[0044] Depending on the tenant data and the object information, the control module 1 16 executes the closure 1 14-1 and determines the manner in which the data as prescribed through object 1 10-1 , is to be provided to the tenant. In one example, the control module 1 16 determines a mediated view based on object information associated with the object being accessed. A mediated view, such as the mediated view 1 18, depicted in Figure 1 , may be considered as a representation of the object data in a specified manner. For example, in a mediated view, the object data may be rendered as one of readonly, read-write, or as an image of a linked structure in which the objects are arranged. It should be noted that the type of mediated views are only provided as examples, and should not be construed as limitations. These and other example implementations are further described in conjunction with Figure 3.
[0045] Figure 3 illustrates the components of the access control system 102, according to another example of the present subject matter. The access control system 102 includes processor(s) 202, module(s) 204, interface(s) 302 and a memory 304. The memory 304 is coupled to the processor(s) 202. Along with the memory 304, the processor(s) 202 may be further coupled to interface(s) 302 and data 306. [0046] The interface(s) 302 may include a variety of software and hardware interfaces, for example, interface for peripheral device(s), such as a keyboard, a mouse, an external memory, a printer, etc. Further, the interface(s) 302 may enable the access control system 102 to communicate over the network 106, and may include one or more ports for connecting the access control system 102 with other computing devices, such as web servers and external databases, such as the database 108. The interface(s) 302 may facilitate multiple communications within a wide variety of protocols and networks such as a network, including wired networks, e.g., LAN, cable, etc., and wireless networks, e.g., WLAN, cellular, satellite, etc.
[0047] The memory 304 may include any non-transitory computer- readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
[0048] In one example, the module(s) 204 include the control module
1 16, session manager 308, authorization engine 310, and other module(s) 312. The other module(s) 312 may include programs or coded instructions that supplement applications and functions, for example, programs within the operating system of the access control system 102.
[0049] The data 306 may serve as a repository for storing data processed, received, and generated by one or more of the module(s) 204. In one implementation, data 306 stores tenant data 314, object information 316 and other data 318. The other data 318 may include data generated as a result of the execution of one or more modules in the other module(s) 312.
[0050] As mentioned in conjunction with previous examples, the access control system 102 implements access control for objects stored within a database, such as database 108. The objects 1 10 further reference data content for which access is requested. The objects, such as the objects 1 10 within the database 108 may be stored as a linked structure. As part of the linked structure, the objects 1 10 are linked with each other. The different objects 1 10 may be arranged in different layers within the linked structure, with nodes in higher layers being parent nodes to objects present in lower layers.
[0051] Within the database 108, each of the objects 1 10 are associated with at least one closure 1 14. A closure, such as closure 1 14-1 , may be understood as one or more functions or an object definition which either include certain data or is as such referenced by such data. In one example of the present subject matter, the object 1 10-1 is bound within the closure 1 14-1 . The objects 1 10 may be understood as bound within the closures 1 14, when the closures 1 14 either explicitly include or reference the respective objects 1 10. This allows the objects 1 10 to be accessed only through the closures 1 14. The closures 1 14 may be parameterized and encoded with identity related information. In one example, the closures 1 14 may further include object related attributes such as identity of the object's creator, creation data or other provenance information.
[0052] The manner in which the access control system 102 controls access to the objects 1 10 is further described in conjunction with Figure 4. Figure 4 illustrates, in an example, the interaction of the different components of the access control system 102.
[0053] In operation, one or more tenants through user devices 104 may wish to access data content within database 108. To this end, the user devices 104 may generate access requests for accessing the database 108. The access requests are communicated over network 106 and are obtained by the session manager 308 within the access control system 102. The session manager 308 passes the access request to the authorization engine 310. The authorization engine 310 on receiving the access request obtains the tenant credentials. Based on the tenant credentials, various permissions and other tenant related information is passed onto the session manager 308. The session manager 308 on obtaining such tenant related information creates a session during which the access to the desired data content may be sought. Once the session is created, the session manager 308 retains the tenant related information as tenant data 314. The tenant data 314 may be stored permanently within the access control system 102, or may be retained temporarily till the session persists. Besides the tenant data 314 metadata providing one or more permissions, user identities, etc., may also be stored within the tenant data 314.
[0054] Besides the user credentials, the tenant data 314 may also include the information associated with the user device, such as device ID of user device 104-1 , which had generated the access request. In another example, the tenant data 314 may further include metadata prescribing various rights or permissions already associated with the user requesting access. The tenant data 314 may be obtained and stored by the control module 1 16 at runtime.
[0055] In operation, the control module 1 16 continuously tracks and monitors the incoming access requests. Based on the access request, the control module 1 16 may identify an object, for example the object 1 10-1 , which the accessing tenant wishes to access. On identifying the object 1 10-1 , the control module 1 16 may determine whether the desired object 1 10-1 is associated with a corresponding access control, such as the closure 1 14-1 . In case no access control is determined to be associated with the object 1 10-1 , the control module 1 16 may allow the data content to be provided to the tenant requesting access.
[0056] However, on determining that the closure 1 14-1 is associated with the object 1 10-1 , the control module 1 16 creates a runtime environment 400 for the execution of the closure 1 14-1 . The control module 1 16 subsequently executes the closure 1 14-1 within the runtime environment 400. At runtime, the session manager 308 may further obtain the tenant data 314 and pass the same to the closure 1 14-1 at runtime. At runtime, the control module 1 16 executes the closure 1 14-1 based on the tenant data 314. In an example, during execution the tenant data 314 may be passed as actual parameters to the closure 1 14-1 . On execution, and depending on the tenant data 314 and the information encoded within the closure 1 14-1 , the control module 1 16 may determine the privileges which would be provided to the tenant requesting access to the data content.
[0057] On execution within the runtime environment 400, the closure 1 14- 1 executes and returns data content in conformance with the access request. The data returned may be either unamended, or may be filtered or modified depending on the identity of the requesting tenant. For example, a first user may be provided with unlimited access to the data content. However another user may be provided only access to specific entries, with also restrictive permissions while viewing such data.
[0058] In another example, the control module 1 16 may further obtain a mediated view of the data content associated with the object 1 10-1 . The control module 1 16 may generate the mediated view based on the execution of the closure 1 14-1 . Accordingly, the data content may be provided to the tenant in a modified or in an unmodified form.
[0059] The mediated view may be understood as only a projection or representation of the object data, and not the actual object data. For example, the control module 1 16 may determine that only read-access should be provided to the object 1 10-1 associated with a database table. In such a case, the view module 206 may provide the database table as an image. Since an image would not allow any editing or copying of the object 1 10-1 , adequate access control is achieved. A mediated view may also indicate that the user is not authorized for accessing the object 1 10-1 by providing an indication or a message indicating that an accessing user is not authorized to access the object 1 10-1 . In one example, the control module 1 16 may determine the initial data type the object 1 10-1 . Upon execution of the closure 1 14-1 , the control module 1 16 may further determine a second data type for the data content for which access is evaluated. The control module 1 16 may subsequently generate a mediated view providing data content having the second data type.
[0060] As would be understood, each of the objects 1 10 may be further associated with multiple closures 1 14. The multiple closures 1 14 may be nested within each other. In such a way, a closure, e.g., closure 1 14-1 may be provided as means for controlling access to another closure, e.g., closure 1 14- 2. For nesting, the closure 1 14-2 may be further encoded within the code of the nesting closure 1 14-1 . In such a case, each of the closures 1 14 would be executed within the runtime environment by the control module 1 16.
[0061] In another example, the closure 1 14-1 may further reference another closure, say 1 14-2. The closures 1 14-1 and 1 14-2 may be so encoded such that they are invocable for different tenant data 314. For example, the closure 1 14-1 may be so encoded such that a first set of appropriate functions would be executable for specific tenants, such as a user device 104-1 , but the referenced closure 1 14-2 is invoked if another tenant, for example using user device 104-2, requests access for the data content. In such a case, the data content may be made available to user device 104-1 in its unamended form. Consequently, when the user device 104-2 attempts access, the referenced closure 1 14-2 would be invoked, and a correspondingly different view of the data content would be made available. In such a case, even if the data content obtained by user device 104-1 was shared with another user, the referenced closure 1 14-1 would still determine to what extent the data is to be provided to the requesting user.
[0062] Furthermore, any one of the closures 1 14, such as the closure 1 14-1 , may be used to dynamically create and bind additional closures onto the returned data. In an example, the closure 1 14-1 may be implemented using higher-order functions. As would be understood, higher-order functions are functions which return another function. In such an example, a closure bound to data content when executed by the runtime environment may return another closure to which the objects 1 10, or a portion of thereof, may be further bound. For example, a closure 1 14-1 implemented as a higher-order function over a list may return sub-closures implemented over elements of the list. In the present example, the control module 1 16 may further generate a mediated view which includes such returned elements with the additional closure. Depending on the tenant data 314, the mediated view having the elements with the additional closure may provide access to the tenant. However, if such returned data is shared with other tenants, the closure applied to the retrained data would be executed to determine whether the other tenants are permitted to view or access said data. In such a way, granular access to specific elements of the data content may be further provided. Furthermore, such a mechanism also provides continual control of access to data content, even when it has been distributed to other tenants. [0063] In another example, the closures 1 14 may be further implemented using syntax describing the specific functions. It should be noted that the closures 1 14 are defined using functions which are invocable not based on input provided by the tenant but by the control module 1 16. The control module 1 16 provides the tenant data 314 based on which the closures 1 14 may be executed.
[0064] The manner in which access control is implemented using the access control system 102, is further explained in conjunction with Figure 5. Figure 5 provide object graph 502 and 504 which depict the manner in which access control is implemented for two different tenants intending to access an object, such as object 1 10-1 . The object graphs provided in Figure 4 are as per an example of the present subject matter, and should not be construed as a limitation.
[0065] Figure 5 depicts the objects, such as objects 1 10 arranged in a linked structure represented as an object graph 502. As depicted, the objects appear as nodes within the linked structure. The object graph 502 is composed of three tiers namely, tier 506, 508 and 510. The node lying in tier 506 may be considered as a root node 512. The root node 512 further is associated with other nodes in the tier 508 and 510. The nodes within the tier 508 are child nodes to the root node 512, whereas the nodes within the tier 510 are in turn child nodes of the nodes lying in tier 508.
[0066] In the present example, the object graph 502 depicts data corresponding to event logs collected from one or more networked devices within an enterprise network. Besides various event logs and other network related information, such event logs may also include user sensitive data such as IP addresses and host names. Such information is sensitive and confidential in nature, and is generally expected to be kept secure.
[0067] With each of the nodes, i.e., with one or more of the objects 1 10, closures 514-1 , 2,..., n are defined. It should be noted that not all objects 1 10 are bound within the closures 1 14. Some objects 1 10 may be referenced and thus also accessible directly. Each of the closures 514-1 , 2,..., n (collectively referred to as closures 514) is implemented as executable code, and either includes the associated objects 1 10 or may be referenced by the related objects. The closures 514 thus implemented bind the data content represented through objects 1 10 in such a manner, such that the objects 1 10 are not accessible directly, but only through the closures 514. One or more of the closures 514 are executed depending on whether the requests for accessing their associated objects 1 10 are received. In the present implementation, for the purposes of the explanation only, the root node 512 may be associated with a Log object with the other nodes providing IP object, and other objects.
[0068] Figure 5 depicts an example in which the event log data is being accessed by a first and a second user through two user devices 104-1 , 2. For the purposes of the present example, it is assumed that both users have privileges to access the Log data, but only the user operating through the user devices 104-1 may access the IP related objects included within the Log data.
[0069] In case of first user attempting to access the data, an access request is received by the access control system 102. Based on the access request received, the control module 1 16 within the access control system 102 obtains the related tenant data 314. The control module 1 16 determines that the IP object as the object for which access is sought, based on the tenant data 314. Once identified, the control module 1 16 passes the tenant data 314 to the associated closure 514-1 .
[0070] In the present example, the user identity information obtained from the tenant data 314, is passed by control module 1 16 to the closure 514-1 . Based on the tenant data 314, the control module 1 16 may execute the closure 514-1 , and at runtime determine whether the access request against the Log object is satisfied. The closure 514-1 is so configured so as to return the log data with or without data for predefined number of users. At node 512, since the user has the necessary privileges to conform to the access policies encoded within closure 514-1 , the control further progresses to the object at node 516.
[0071] At node 516, the control module 1 16 at runtime may further determine whether the access is to be provided based on the received request. At this stage, the control module 1 16 passes the tenant data 314 to closure 514- 2, based on which it is executed. At runtime, based on the execution of the closure 514-2 with the accessing user may be provided access to the entire set of IP objects. In the present example, the view module 206 may determine and provide the mediating view, such as depicted by the object graph 502.
[0072] Figure 5 additionally depicts another example where a user, for example a user using the user device 104-2, attempts to access the IP related objects within the same linked structure. Since the user has the necessary privileges to access the Log object, access is allowed by the closures 514-1 . However, as the control progresses to the IP objects, the closure 514-2, based on the tenant data 314 associated with the second user at runtime controls the access to the IP related information based on the tenant data 314. As a result, only a portion of the IP object data may be provided to the second user. For example, an image representing only the portion of the object data as object graph 404, as depicted by solid lines, is made available to the second user. Subsequently, the control module 1 16 may generate a mediated view which only provides a portion of IP object data corresponding to the graph depicted by solid lines, and not the portion of the object graph depicted by dotted lines. In case the data requested was in the form of a table, entries providing the IP address information would not be provided as part of the mediated view.
[0073] Figure 6 illustrates a method 600 for providing an access to one or more object 1 10 in the database 108, according to an example of the present subject matter. The order in which the method 600 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement method 600, or an alternative method. Additionally, individual blocks may be deleted from the method 600 without departing from the spirit and scope of the subject matter described herein. Furthermore, the method 600 may be implemented in any suitable hardware, machine readable instructions, firmware, or combination thereof.
[0074] With reference to method 600 as illustrated in Figure 6, at block 602, tenant data associated with an access request, is obtained. For example, the control module 1 16 receives an access request for accessing data content from a user using any one of the user devices 104. Based on the access request, information associated with the user requesting access is obtained and stored in tenant data 314. The tenant data 314 may include identity information, such as user credentials, associated with the user requesting access to an object. Besides the user credentials, the tenant data 314 may also provide an identification of the object, say object 1 10-1 , which is to be accessed.
[0075] At block 604, the tenant data is passed to one or more closures to which the data content to be accessed is bound. For example, the control module 1 16 on obtaining the tenant data 314, passes the same to the closure 1 14-1 associated with the object 1 10-1 . The data content, i.e., the object 1 10-1 , to be access is bound within the closure 1 14-1 . The closure 1 14-1 further is parameterized using one or more identity related parameters. The control module 1 16 further implements a runtime environment within which the tenant data 314 is passed as actual parameters to the parameterized closure 1 14-1 .
[0076] At block 606, the closure is executed based on the tenant data at runtime. For example, the control module 1 16 invokes and executes the closure 1 14-1 at runtime based on the tenant data 314. Based on the closure 1 14-1 , the control module 1 16 may determine the extent of the data content which may be provided to the requesting tenant. In such an example, based on the execution of the closure 1 14-1 using the tenant data 314, the data content may be provided either completely, or may be provided in a modified or abridged form. In another example, a mediated view may be generated providing the data content to the requesting tenant. The mediated view may be understood as only a projection or representation of the object data, and not the actual object data. Examples of a mediated view include a snapshot of object graph or data portions of object data which are obfuscated.
[0077] Figure 7 illustrates a method 700 for providing access to one or more object 1 10 in the database 108, according to another example of the present subject matter. The order in which the method 700 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement method 700, or an alternative method.
[0078] At block 702, an access request is received from a tenant for accessing data content. For example, the access request may be received from a tenant using any one of the user devices 104, for accessing one or more objects 1 10. The access request may be intercepted by the control module 1 16. Each of the objects 1 10 are further bound within one or more closures 1 14. As a result of the closures 1 14, the objects 1 10 are not accessible directly. The closures 1 14 on the other hand, either include the objects 1 10, or are referenced by the objects 1 10. In another example, the closures 1 14 are parameterized using parameters related to identity of tenants requesting access to data content. The objects 1 10 may be stored in persistent storage, such as a database 108.
[0079] At block 704, tenant data associated with the access request is obtained. For example, the control module 1 16 obtains the access request and obtains information pertaining to the tenant requesting access to data content. The tenant information is stored as tenant data 314. In one example, the tenant data 314 may include user identity information, such as credential information. Besides the user credentials, the tenant data 314 may also provide an identification of the object, say object 1 10-1 , which is to be accessed.
[0080] At block 706, a closure to which the data content is bound, is identified. For example, within the database 108, named references within the object related namespace may refer directly to the closures 1 14 and not the bound data content, i.e., the objects 1 10. Based on the access request, the control module 1 16 identifies the closure, such as closure 1 14-1 , associated with the data content which is to be accessed.
[0081] At block 708, the tenant data is passed as an actual parameter to a closure with which the object for which access is requested, is bound. For example, the control module 1 16 may pass the tenant data 314 to the closure 1 14-1 . In one example, the tenant data 314 may be maintained within a session, maintained by the session manager 308.
[0082] At block 710, the closures are executed using the tenant data to evaluate access to be applied to the data content. For example, at runtime the control module 1 16 invokes and executes the closures 1 14, such as closure 1 14-1 . Based on the execution of the closure 1 14-1 , data content for which access was sought, is obtained. In an example, the data content may be further processed to determine whether the entire data content should be provided or whether a modified or an abridged version of the data content is to be made available to the requesting tenant. In another example, the execution of the closure 1 14-1 based on the tenant data 314 may also limit or altogether prohibit access to the data content.
[0083] At block 712, a mediated view is provided based on the evaluation of the access control for the data content. For example, the control module 1 16 may generate a mediated view, such as the mediated view 1 18, based on the tenant data 314. As also described previously, the mediated view only provides a projection or representation of the object data but does not make the actual data available to the requesting user. Depending on the mediated view, the extent of access provided to the user over the object data may also be controlled.
[0084] Figure 8 illustrates a network environment 800 for providing access controls to one or more objects in a database, according to an example of the present subject matter. The network environment 800 may be a public networking environment or a private networking environment. In an example, the network environment 800 includes a processing resource 802 communicatively coupled to a computer readable medium 804 through a communication link 810. In one example, the computer readable medium 804 is communicatively coupled to a processing resource 802 over the communication link 810.
[0085] In one example, the processing resource 802 can be a computing device, such as a server, a laptop, a desktop, a mobile device, and the like. The computer readable medium 804 can be, for example, an internal memory device or an external memory device or any commercially available non transitory computer readable medium. In one implementation, the communication link 810 may be a direct communication link, such as any memory read/write interface. In another implementation, the communication link 810 may be an indirect communication link, such as a network interface. In such a case, the processing resource 802 can access the computer readable medium 804 through a network 806. The network 806, like the network 106, may be a single network or a combination of multiple networks and may use a variety of different communication protocols.
[0086] The processing resource 802 and the computer readable medium 804 may also be communicatively coupled to data sources 808 over the network. The data sources 808 can include, for example, databases and computing devices. The data sources 808 may be used by an enterprise to store data generated by various employees and stakeholders associated with the enterprise.
[0087] In one example, the computer readable medium 804 includes a set of computer readable instructions, such as control module 1 16 and control module 1 16. The set of computer readable instructions can be accessed by the processing resource 802 through the communication link 810 and subsequently executed to provide an access control of an object 1 10 stored in the data source 708 to a user.
[0088] On execution by the processing resource 802, the control module 1 16 controls access of one or more objects, such as objects 1 10. Each of the objects 1 10 is further bound within one or more closures 1 14. The closures 1 14 allow a mechanism by which the objects 1 10 are not accessible. Access to the objects 1 10 may be permitted only through the closures 1 14. In implementation, the closures 1 14 may include executable functions having function definition for the closure using one or more formal parameters.
[0089] In one example, the control module 1 16 may track and intercept access requests originating from one or more user devices 104. Based on the access request, the control module 1 16 may obtain tenant data, which may be stored as tenant data 314. The tenant data 314 may include information pertaining to the user requesting access of an object, say user device 104-2. An example of tenant data 314 includes, but not restricted to, identity information in the form of user credentials, and one or more access rights or privileges associated with the user. The control module 1 16 may further also obtain object information.
[0090] Depending on the tenant data 314, the control module 1 16 at runtime passes the information as a functional parameter to the access control, such as closure 1 14-1 , associated with an object 1 10-1 , which is to be accessed. Accordingly, when the access request is being processed, the control module 1 16 may invoke and execute the closure 1 14-1 based on the values from the tenant data 314. On executing the closure 1 14-1 , the access control is evaluated and data content is returned. The extent of the data content returned is dependent on the closure 1 14-1 and the tenant data 314, based on which the closure 1 14-1 was executed. For example, the control module 1 16 may apply the functions included within the closure 1 14-1 onto the data content. The data content may be further processed, depending on the tenant data 314. Accordingly, either the data content may be provided to the tenant in either an abridged, unabridged format. In another example, the data content may be further transformed as a result of the execution of functions within the closure 1 14-1 .
[0091] Accordingly, the control module 1 16 may generate a mediated view of the object for which access was requested. Based on the mediated view, the control module 1 16 provides a representation of the object data in a manner depending on the permissions allocated for the access request. For example, in a mediated view, the object data may be rendered as one of readonly, read-write, or as an image. The mediated view thus provides the user, e.g., the user device 104-2, to either view the data in either read-only form, read-write form, or as an image. In the manner, access to one or more object is controlled.
[0092] Although examples for controlling access to one or more objects have been described in language specific to structural features and/or methods, it is to be understood that the appended claims are not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as few examples of such systems and methods implementing the present subject matter.

Claims

I/We claim:
1 . A method for controlling access to data content, the method comprising: obtaining, by an access control system, tenant data associated with an access request received from a tenant requesting access to the data content; identifying a closure associated with the data content, wherein the data content is bound within the closure, and wherein the closure is parameterized using formal parameters relating to identity of the tenant requesting access to the data content;
passing, by the access control system, the tenant data to the closure as actual parameters; and
executing the closure based on the tenant data to evaluate access to the data content.
2. The method as claimed in claim 1 , wherein in response to executing the closure, the method further comprises:
obtaining a portion of the data content for which access is provided; and generating a mediated view of the data content based on the obtaining.
3. The method as claimed in claim 2, wherein the mediated view provides one of the portion of the data content and a transformed data content.
4. The method as claimed in claim 1 , wherein the identifying of the closure is based on namespace references associated with the closure.
5. The method as claimed in claim 1 , wherein the closure is implemented as a higher-order function.
6. The method as claimed in claim 5, wherein executing the closure returns an additional closure, wherein at least a portion of the data content is bound within the additional closure.
7. The method as claimed in claim 1 , wherein the closure further includes a second closure, wherein the second closure is nested within the closure.
8. The method as claimed in claim 7, wherein the controlling access to the data content further comprises:
in response to invoking the closure, further invoking and executing the second closure based on the tenant data; and
providing access to the data content based on the further invoking.
9. A secure access system for controlling access to at least one object from a plurality of objects, the secure access system comprising:
a processor;
a control module coupled to the processor, the control module to:
obtain tenant data associated with an access request to access data content, wherein the access request is received from a tenant;
on obtaining the tenant data, identify at least one closure based on the data content to be accessed, the data content being bound within the closure, and wherein the closure includes formal parameters as function definitions, the formal parameters relating to identity of the tenant requesting access to the data content;
pass the tenant data as parameters to the at least one closure; and
execute, using the tenant data passed as parameter, at least one closure to evaluate access to the data content.
10. The system as claimed in claim 9, wherein the control module, to evaluate access to the data content, is to further:
determine portion of the data content for which access is to be provided in response to the access request; and
generate a mediated view for presenting the portion of the data content onto a computing device, based on the portion of the data content and the tenant data.
1 1 . The secure access system as claimed in claim 10, wherein the control module is to further:
determine another access control further assigned to the portion of the data content; and
generate the mediated view, based on invoking the at least one access control and the another access control.
12. The secure access system as claimed in claim 9, further comprising a session manager, wherein the session manager is to create a session, wherein the session retains the tenant data obtained from the access request.
13. The secure access system as claimed in claim 9, wherein the at least one closure is implemented as one of a function and an closure object, wherein the closure object further includes a plurality of executable methods.
14. A non-transitory computer-readable medium having a set of computer readable instructions that, when executed, cause an access control system to: upon receiving an access request for accessing data content from a tenant computing device, obtain tenant data based on the received access request ;
determine a closure, wherein the closure,
one of includes and references the data content to be accessed, and
further includes tenant related parameters defined as formal parameters;
provide the tenant data as a parametric value to the closure; and invoke the closure based on the tenant data to evaluate access to at least a portion of the data content, wherein the portion of the data content for which access is provided is determined based on the tenant data.
15. The non-transitory computer-readable medium as claimed in claim 14, further comprising executable instructions which when executed, cause the access control system to:
in response to the invoking, determine an initial data type of the data content; and
return the portion of the data content in another data type different from the initial data type.
PCT/US2014/038059 2014-05-15 2014-05-15 Accessing data content using closures WO2015174977A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2014/038059 WO2015174977A1 (en) 2014-05-15 2014-05-15 Accessing data content using closures

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2014/038059 WO2015174977A1 (en) 2014-05-15 2014-05-15 Accessing data content using closures

Publications (1)

Publication Number Publication Date
WO2015174977A1 true WO2015174977A1 (en) 2015-11-19

Family

ID=54480350

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/038059 WO2015174977A1 (en) 2014-05-15 2014-05-15 Accessing data content using closures

Country Status (1)

Country Link
WO (1) WO2015174977A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1505594A2 (en) * 2003-07-31 2005-02-09 Sony United Kingdom Limited Access control for digital content
US7333987B2 (en) * 1999-06-30 2008-02-19 Raf Technology, Inc. Controlled-access database system and method
US20080082540A1 (en) * 2006-10-03 2008-04-03 Salesforce.Com, Inc. Methods and systems for controlling access to custom objects in a database
US20120096521A1 (en) * 2010-10-13 2012-04-19 Salesforce.Com, Inc. Methods and systems for provisioning access to customer organization data in a multi-tenant system
US8627072B1 (en) * 2007-07-30 2014-01-07 Intuit Inc. Method and system for controlling access to data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7333987B2 (en) * 1999-06-30 2008-02-19 Raf Technology, Inc. Controlled-access database system and method
EP1505594A2 (en) * 2003-07-31 2005-02-09 Sony United Kingdom Limited Access control for digital content
US20080082540A1 (en) * 2006-10-03 2008-04-03 Salesforce.Com, Inc. Methods and systems for controlling access to custom objects in a database
US8627072B1 (en) * 2007-07-30 2014-01-07 Intuit Inc. Method and system for controlling access to data
US20120096521A1 (en) * 2010-10-13 2012-04-19 Salesforce.Com, Inc. Methods and systems for provisioning access to customer organization data in a multi-tenant system

Similar Documents

Publication Publication Date Title
US10367821B2 (en) Data driven role based security
US20220021711A1 (en) Security Platform and Method for Efficient Access and Discovery
US8381306B2 (en) Translating role-based access control policy to resource authorization policy
US8010991B2 (en) Policy resolution in an entitlement management system
CN108475288B (en) System, method and equipment for unified access control of combined database
US10395050B2 (en) Policy storage using syntax graphs
US8613108B1 (en) Method and apparatus for location-based digital rights management
US8341694B2 (en) Method and system for synchronized access control in a web services environment
US11636220B2 (en) Data management systems and methods
US20120131646A1 (en) Role-based access control limited by application and hostname
US20140007178A1 (en) Model for managing hosted resources using logical scopes
Bierman et al. Network configuration protocol (netconf) access control model
DE102011077218B4 (en) Access to data stored in a cloud
CN113711561A (en) Intent-based abatement service
DE112021002245T5 (en) PREVENTING UNAUTHORIZED PACKAGE DEPLOYMENT IN CLUSTERS
AU2022341301A1 (en) Data management and governance systems and methods
US20080270413A1 (en) Client-Specific Transformation of Distributed Data
Karjoth et al. Implementing ACL-based policies in XACML
Chen et al. Towards scalable, fine-grained, intrusion-tolerant data protection models for healthcare cloud
WO2015174977A1 (en) Accessing data content using closures
US20100043049A1 (en) Identity and policy enabled collaboration
Zou et al. Multi-tenancy access control strategy for cloud services
KR100833973B1 (en) Meta access control system
WO2015150788A1 (en) Improved access control mechanism for databases
Bierman et al. RFC 8341: Network Configuration Access Control Model

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14891720

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14891720

Country of ref document: EP

Kind code of ref document: A1