While the present invention was developed for use in connection with Web pages and is described in connection with the Internet, it is to be understood that the invention may also find use in other environments.
A computing device, such as a personal computer, personal digital assistant (PDA), cell phone, or similar device, which can be connected to the Internet, has access to a vast number of Web pages distributed by Internet Web sites. A typical Web page presents a plurality of discrete visual items to a user. Some types of visual items (also called documents because they are stored in separate identifiable files) include, but are not limited to, text labels, pictorial icons, buttons, menus and menu items, text entry fields, and windows.
A Web server is a software program that provides, or serves, Web pages to computing devices that are able to access the Web server via the Internet or other network connection. In many implementations, a Web server is a single instance of a single program running on a single computing device; however, a more capable and robust Web server may be implemented as multiple coordinated instances of the same program running on one or more computing devices. However a Web server is implemented, a Web server takes in requests received via the Internet and processes these requests. If a request contains appropriate information arranged in a proper, predetermined format, the Web server uses the information in the request to determine what action or actions to take in response to the user's request.
Web server action often involves collecting information from the data stores that support the Web server. Such information may be assembled to form a “response.” The response is passed back to the requesting computer via the Internet or other network. The response is normally in the form of a Web page. In the Web browser running on the requesting computer, i.e., the host computing device, this new Web page may replace the original Web page or a new page may be presented in another browser window.
Some Web servers and the data stores that support Web servers are used to allow “teams” of users to share documents, in particular text documents. An example of such Web server products is the Microsoft® SharePoint product and associated technologies. A SharePoint team Web site is a customizable Web site with features that help a team work together. The Web site has pages for document libraries, announcements, team events, etc. Only users or groups of users specified by the Web site creator can use a SharePoint Web site. Teams can take various forms. For example, a team may include a supervisor and a plurality of employees devoted to a particular product or business function such as the sales or accounting department of a corporation.
For various reasons, including but not limited to, security and user convenience, it is often useful to restrict access to some of the documents available in a given Web site, such as a SharePoint Web site. For example, a particular Web page site, or collection of Web sites may include a variety of employee information documents, such as an employee address document that lists employee addresses, an employee home telephone number document that lists employee home telephone numbers, and an employee pay document that lists the salaries of employees. While it may be desirable for a team “leader” to have access to all three documents, it may be undesirable for other members of the team to have access to the employee pay document, for example. In this example, the members of the team other than the leader are only allowed access to two of the three documents. Access enforcement, which takes place on the Web server, results in the non-accessible document not being returned to members of the team, other than the team leader.
In order for the Web server software to enforce the access, e.g., security, measure, the Web server software must gather security rights information about the three documents. The information about the documents is often in another data store, usually a database, which may be on another computer. In the past, gathering such information has required the Web server to send a query to the database for each of the three documents in order to determine the access rights for each document. Each query requires a finite amount of computing resources. Since Web servers often distribute hundreds or even thousands of Web page responses within a few seconds, the cumulative negative effect of these queries on computing resources can be significant. The cumulative negative effect can severely overload the memory, computing, and communication capacity of the Web server, thereby reducing the performance of the Web server.
What is needed is a way of reducing the number of queries required to determine the security or other access restrictions applicable to requested documents. While this result can be achieved by changing how a database operates, changing how a database operates is undesirable. A more efficient and desirable solution is to change how the data stored in a database is obtained without changing the operation of the database itself. The present invention is directed to providing such a solution.