The invention relates to determination and granting of access to data and files by the file or database creator, owner or manager or by group or user access profiles.
Current database management applications and especially the access subsystems thereof support what could be called a xe2x80x9cSingle Organization Modelxe2x80x9d. This means that all users of a system, even though they may work in various divisions of a company or various channels of a marketing organization, or even different entities leasing portions of the same database through a common vendor or service organization, are deemed to ultimately work for the same organization, and that organization is at the root of the organizational hierarchy.
Present access control mechanisms, built on the xe2x80x9cSingle Organization Model,xe2x80x9d are cumbersome when applied to multi-divisional or multi-channel organizations or to multi-tenant databases.
This is because present access authorization systems are adapted to: (1) partition data to show users only those records that they or their position have been granted visibility to, and (2) show users all xe2x80x9cglobalxe2x80x9d data in a particular dataset. However, absent cumbersome xe2x80x9cwork aroundsxe2x80x9d present access authorization subsystems do not have the ability to partition data at the organizational or channel level. This makes it impossible, for instance, for companies using the xe2x80x9ce-channel marketingxe2x80x9d paradigm that do business in multiple countries in Europe to maintain separate price lists for each country and have only those price lists that are appropriate for a region or country be accessible. This cumbersome access control also makes it difficult for multiple small financial service organizations to outsource database and telephone support operations to a common vendor while preserving customer confidentiality.
The invention is a database management system and a method of using the system. The system has an access control subsystem, and is characterized by a plurality of user entries representing users seeking access to data items, where each of the user entries has at least one organizational access attribute. The data stored in the underlying database has a plurality of data items. Each of the data items may be a data file, a data field within a data file, or a view of a data items. Selected ones of the data items have at least one organizational access attribute. This organization attribute is used by the access control subsystem. The access control subsystem receives a database query from a user requesting access to one or more of the data items. The access control subsystem reads the user""s organizational access attributes, and reads the data item""s organizational access attributes. The access control subsystem then presents data items to the user to which the user has access authorization.
In one embodiment of the invention, particularly useful in channel marketing and in multi-divisional enterprises, the database files have a plurality of fields, and the users have personal, positional, and organizational attributes, and are divisible into multiple membership sets based upon organizational attributes. The database views are visible to users based upon the personal, positional, and organizational attributes of the users.
The data files and fields may extend across organizations, or they may be disjoint, extending to only one organization. Likewise, the users may be in overlapping organizations, or in only one organization.
According to this embodiment of the invention, the views visible to a user are determined by the user""s organizational and positional attributes, and the view files are determined by a user""s organizational and/or positional attributes. In a still further embodiment, the view files are determined by a user""s organizational attributes, and view fields are determined by a user""s positional attributes.
In an alternative embodiment of the invention a plurality of organizations exclusively own individual data files in the database management system. An individual data file has a single owner. The access control subsystem is configured to authorize a customer of the owner organization to have access to their own data items and to grant access to their own data items to an additional user, for example, a telephone service representative, while the customer accesses the data items. The customer can authorize the additional user to access and update the data item.
In this embodiment, the database system may be regarded as a partitionable database with a plurality of separate virtual databases. Each of the separate virtual databases may have a unique database owner, and a user can only access files in a virtual database to which the user has access authorization from the database owner.
The separate virtual databases may be disjoint, for example with common ownership or separate and unique owners. Access may depend upon authorization from the database owner to access either the database or a file within the database, and where the user requesting access is not the owner of the file, access may require authorization from the owner of the file. This situation typically occurs in a multi-tenant database having a plurality of tenants, where each tenant is the owner of a separate virtual database, and at least two of the tenants utilize a common call center service, as is the case with a large financial institution servicing the customer accounts of other financial institutions.