1. Field of the Invention
This invention relates to profiling systems, in particular, to profiling system employed to control access to objects located in one or more electronic databases.
2. Description of Related Art
Profiling systems have been developed to control access to objects located in electronic databases. The profiling systems commonly create and maintain profiles of users who are entitled to some level of access to objects in the electronic databases controlled by the system. The access to the object may be read-only or viewing access, limited modify or write access, or full access to read and write (view or modify) access to one or more objects in the databases.
Each profiling system generally includes a profile database, the profile database having a number of access records. Each access record may detail user access rights to objects located in databases whose access thereto is controlled by the profiling system. Accordingly, a profiling system may be employed to control one or more databases located on a single computer, network of computers, or network of network of computers (commonly called the Internet). For example, many companies have established Intranets, which are private, controlled access databases accessible via the Internet. In this case, an Intranet profiling system may include a record with a fixed number of attributes (or fields) for each employee or user entitled to access objects within the databases of the Intranet.
The attributes commonly represent three types of user data: security, identification, and preference. The security data is used to condition user access to or modification capabilities of one or more objects located in the databases of the Intranet. The identification data is primarily used for contact information. The preference data reflects application specific preferences for user where the application may be used to view or modify selected objects.
The security data information stored in each record ideally enables the profiling system to vary the level of access to objects altogether, in groups, or individually from employee to employee (or user to user). When a user needs multiple types of access or access to different objects in the profiling system, a second record may be added to the profiling database where the second record contains different security data for the user that enables the additional object access or modification capabilities. Because each record in the profiling system database has a fixed number of attributes the attributes related to user identification and user preference would be either duplicative or left empty. In such a case, the profiling database may contain duplicative information or unused data space. Multiple records for a user may also increase the profile system overhead, in particular when the system attempts to resolve whether a user can access or modify a particular object. Additionally, maintenance of records within the profile database would be complex.
With the advent of Extranets, the number of records required per user in the profile system may increase further. In order to provide an Extranet user access to an object located in a foreign Intranet, the Intranet profiling system would need to include security data that gives the user access to the needed object. For example, an employee of Company A may require access to an object located in a database of the Intranet of Company B (such as legitimate access to a report) where an Extranet is formed between the Intranet of Company A and B. Presently, the profiling system for the Intranet of Company B would need to include security data for the employee of Company A that enables the employee to have access to the object (such as a report) located in a database of the Intranet of Company B. This may cause replication of user information across several profiling systems. Consequently, a need exists for a profiling system that enables users to obtain access to different objects or different forms of access to objects in databases while not requiring duplicate information to be stored within a database of the profiling system.