Disclosure of private or business-critical information can compromise an enterprise. Information disclosure threats expose information to individuals who are not supposed to see it. A user's ability to read a file to which she or he was not granted access is an example of a disclosure threat. Typical security systems rely on specifying the right of access to data based on membership of a particular security rights group. In some cases, the group membership is limited to one person. This approach means that it is complex to set up and maintain such security. Consequently, the security of access is often over-simplified, and in some cases ignored altogether in order to achieve the required data access for those who need it. What is needed is the ability to simplify the setting up and maintaining of security processes so that there is no disincentive to provide the desired security.
U.S. Pat. No. 6,662,188 “Metadata model”, Rasmussen, et al. issued Dec. 9, 2003, hereby incorporated by reference, describes a three level abstraction model for use in business intelligence environments. This is briefly described with reference to FIG. 2.
The lowest level in the database abstraction is the internal level 1. In the internal level 1, the database is viewed as a collection of files organized according to an internal data organization. The internal data organization may be anyone of several possible internal data organizations, such as B+-tree data organization and relational data organization.
The middle level in the database abstraction is the conceptual level 2. In the conceptual level 2, the database is viewed at an abstract level. The user of the conceptual level 2 is thus shielded from the internal storage details of the database viewed at the internal level 1.
The highest level in the database abstraction is the external level 3. In the external level 3, each group of users has their own perception or view of the database. Each view is derived from the conceptual level 2 and is designed to meet the needs of a particular group of users. To ensure privacy and security of data, each group of users only has access to the data specified by its particular view for the group.
The mapping between the three levels of database abstraction is the task of the Database Management System (DBMS). When the data structure or file organization of the database is changed, the internal level 1 is also changed. When changes to the internal level 1 do not affect the conceptual level 2 and external level 3, the DBMS is said to provide for physical data independence. When changes to the conceptual level 2 do not affect the external level 3, the DBMS is said to provide for logical data independence.
A typical DBMS uses a data model to describe the data and its structure, data relationships, and data constraints in the database. Some data models provide a set of operators that are used to update and query the database. DBMSs may be classified as either record-based systems or object-based systems. Both types of DBMSs use a data model to describe databases at the conceptual level 2 and external level 3.
Data models may also be called metadata models as they store metadata, i.e., data about (or describing) data in databases.
The previous invention, “Metadata Model—Rasmussen, et al”, describes a data model or metadata model which realizes the three abstraction levels and provides information that can be shared by multiple users who use different business intelligence tools or client applications.
This is done by providing a metadata model that defines model objects to represent one or more data sources. The metadata model comprises a data access layer, a business layer and a package layer. The data access layer contains data access model objects. The data access model objects include a data access model object that describes how to retrieve data from the data sources. The business layer contains business model objects. The business model objects include a business model object that describes a business view of data in the data sources. The package layer contains package model objects. The package model objects include a package model object that references a subset of business model objects.
It also provides for a metadata model to contain model objects representing one or more data sources. The data sources contain tables having columns. The metadata model comprises a data access layer, a business layer and a package layer. The data access layer contains data access model objects. The data access model objects include table objects that describe definitions of the tables contained in the data sources, and column objects that describe definitions of the columns of the tables contained in the data sources. The business layer contains business model objects. The business model objects include entities that are constructed based on the table objects in the data access layer, and attributes that are constructed based on the column objects in the data access layer. The package layer contains package model objects. The package model objects include a package model object that references a subset of the business model objects.
The applicant's co-pending application “Simplified Metadata Model for Reporting”, Potter et al, hereby incorporated by reference, modifies the metadata model by combining the data access layer and business layer of the previous invention and providing a new combined element, the query layer. This is possible because the entities and attributes used in defining the model have been replaced by the more powerful concepts of query subjects and query items. In other respects the operation is similar to the earlier invention. However, now when a database schema is imported, the system creates within the query layer a set of unified database query subjects that are directly tied to the underlying database, and are also directly usable in creating reports. This set of objects bring together all of the abstraction and mapping that the previous invention (Metadata Modeling) handled with ‘connections’ between physical and logical segments of the model. In contrast to a ‘view’, which is defined by the database administrator DBA, a query subject is abstracted and separate from the underlying database, is applicable to and able to translate different kinds of databases, and provides a translation of the data and metadata into the terminology of the user.
The query layer includes metadata that describes how to retrieve physical data from data sources. It is used to formulate and refine queries against the underlying data sources. The query layer contains those model objects that directly describe actual physical data in the data sources and their relationships. These model objects are called query subjects, and they in turn contain query items, which are attributes and relate the columns of the underlying databases. The query subjects may include, among other things, databases, catalogues, schemas, tables, files, columns, data access keys, indexes and data access joins, as well as Structured Query Language (SQL) code that assists in the transformation of the data. Each query subject has one or more columns. Typically, data access joins exist between query subjects. The query subjects in the query layer may be thought of as extended metadata, created as a result of importing metadata from data sources and metadata sources provided by users. The information of some data access objects may be available from the underlying data sources. The user can customize some objects in the query layer in order to create data access joins, i.e., relationships between objects that were imported from various data sources.
The query layer also describes the business view of the physical data in the underlying data sources. It is used to provide business abstractions of the physical data with which the query engine can formulate queries against the underlying data sources. Thus the query layer contains information encapsulated in the query subjects and query items that can be used to define in abstract terms the user's business entities and their inter-relationships. These query subjects are reusable objects that represent the concepts and structure of the business to be used in business intelligence environments. They present a single unified business model, with direct relationships to the underlying databases, and can be related to physical data in a number of different data sources. The query layer also includes business rules and display rules. As well as query subjects and query items, the query layer may include keys and joins. Since the query subjects within the query layer have the ability to incorporate SQL, they may be used directly in creating reports.
One of the most significant problems of providing data security at the modelling level is how to specify security flexibly, while minimising the complexity of maintenance. Other systems make use of the limited security provided through the DBMS.