公开(公告)号：US20060053106A1

公开(公告)日：2006-03-09

申请号：US10933917

申请日：2004-08-31

申请人： Rupa Bhaghavan ,  Wayne Miller ,  Kenneth Nelson ,  Sharon Sanders ,  Fang-Yi Wang

发明人： Rupa Bhaghavan ,  Wayne Miller ,  Kenneth Nelson ,  Sharon Sanders ,  Fang-Yi Wang

IPC分类号： G06F17/30

CPC分类号： G06F17/30421 ,  G06Q10/06

摘要： Various embodiments of a method, apparatus and article of manufacture provide a decision point in a workflow system comprising a server and at least a first client work node. A decision point work node is provided at the server. A SQL expression which is associated with the decision point work node and the first client work node is generated. The server determines whether to route a work package to the first client work node based on the SQL expression.

摘要翻译： 方法，装置和制品的各种实施例在包括服务器和至少第一客户端工作节点的工作流系统中提供决策点。 在服务器上提供了一个决策点工作节点。 生成与决策点工作节点和第一个客户端工作节点相关联的SQL表达式。 服务器根据SQL表达式确定是否将工作包路由到第一个客户端工作节点。

公开(公告)号：US09767146B2

公开(公告)日：2017-09-19

申请号：US10933917

申请日：2004-08-31

申请人： Rupa Bhaghavan ,  Wayne Frederick Miller ,  Kenneth Carlin Nelson ,  Sharon McKenna Sanders ,  Fang-Yi Wang

发明人： Rupa Bhaghavan ,  Wayne Frederick Miller ,  Kenneth Carlin Nelson ,  Sharon McKenna Sanders ,  Fang-Yi Wang

IPC分类号： G06F17/30 ,  G06Q10/06

CPC分类号： G06F17/30421 ,  G06Q10/06

摘要： Various embodiments of a method, apparatus and article of manufacture provide a decision point in a workflow system comprising a server and at least a first client work node. A decision point work node is provided at the server. A SQL expression which is associated with the decision point work node and the first client work node is generated. The server determines whether to route a work package to the first client work node based on the SQL expression.

公开(公告)号：US07392246B2

公开(公告)日：2008-06-24

申请号：US10367086

申请日：2003-02-14

申请人： Rupa Bhaghavan ,  Tawei Hu ,  Kenneth Carlin Nelson ,  Randal James Richardt

发明人： Rupa Bhaghavan ,  Tawei Hu ,  Kenneth Carlin Nelson ,  Randal James Richardt

IPC分类号： G06F17/30

CPC分类号： G06F17/30427 ,  G06F21/6218 ,  G06F21/6227 ,  Y10S707/99932 ,  Y10S707/99934 ,  Y10S707/99937 ,  Y10S707/99938 ,  Y10S707/99939

摘要： A method to generate an SQL sub-expression that implement access control rules stored in a library server. The SQL sub-expression is then merged with the SQL passed from an application program interface (API). The access control checking mechanism is implemented on the server side of the content management system. In this client/server environment, the query SQL statement is built in two layers: the API (client) layer and the server layer. The API sends the query string to the underlying stored procedure. The stored procedure then generates the access control logic based on the configuration parameters of the library server. This access control logic is dynamically added to the query string sent by the API. The stored procedure prepares, builds and executes this new query string as a dynamic SQL statement.

摘要翻译： 一种生成实现存储在库服务器中的访问控制规则的SQL子表达式的方法。 然后，SQL子表达式与从应用程序接口（API）传递的SQL合并。 访问控制检查机制在内容管理系统的服务器端实现。 在此客户端/服务器环境中，查询SQL语句分为两层：API（客户端）层和服务器层。 API将查询字符串发送到底层存储过程。 存储过程然后根据库服务器的配置参数生成访问控制逻辑。 该访问控制逻辑被动态添加到由API发送的查询字符串中。 存储过程准备，构建并执行此新查询字符串作为动态SQL语句。

公开(公告)号：US07171413B2

公开(公告)日：2007-01-30

申请号：US10651892

申请日：2003-08-29

申请人： Nicholas K. Puz ,  Randal J. Richardt ,  Rupa Bhaghavan ,  Vitaliy Bondar

发明人： Nicholas K. Puz ,  Randal J. Richardt ,  Rupa Bhaghavan ,  Vitaliy Bondar

IPC分类号： G06F17/30

CPC分类号： G06F17/30427 ,  G06F21/6227 ,  Y10S707/99939

摘要： A method, system and article of manufacture for two phase intermediate query security using access control. A networked client-server computer system having a plurality of users of the client-server system and including software performing database queries via a DBMS for users of the system implements the method. The method includes receiving a query string from one of the users by the client system, the query string including references to database objects. The received query string is transformed by the client system to an intermediate query string, and a first phase query security is performed by the client system including identifying the referenced database objects and inserting a security marker into the intermediate query string for each respective identified database object, and sending the intermediate query string to the server system. Access control checks are performed by the server system on the inserted security markers in the intermediate query string, and the inserted security markers are replaced with corresponding DBMS code to enforce access control.

摘要翻译： 一种使用访问控制的两阶段中间查询安全性的方法，系统和制造。 具有客户机 - 服务器系统的多个用户并且包括通过用于该系统的用户的DBMS执行数据库查询的软件的联网的客户端 - 服务器计算机系统实现该方法。 该方法包括由客户端系统从一个用户接收查询字符串，该查询字符串包括对数据库对象的引用。 所接收的查询字符串由客户端系统转换为中间查询字符串，并且客户端系统执行第一阶段查询安全性，包括识别引用的数据库对象，并将安全标记插入到每个相应的标识数据库对象的中间查询字符串中 ，并将中间查询字符串发送到服务器系统。 访问控制检查由服务器系统在中间查询字符串中插入的安全标记执行，插入的安全标记将替换为相应的DBMS代码，以实施访问控制。

公开(公告)号：US20050050046A1

公开(公告)日：2005-03-03

申请号：US10651892

申请日：2003-08-29

申请人： Nicholas Puz ,  Randal Richardt ,  Rupa Bhaghavan ,  Vitaliy Bondar

发明人： Nicholas Puz ,  Randal Richardt ,  Rupa Bhaghavan ,  Vitaliy Bondar

IPC分类号： G06F7/00 ,  G06F17/30 ,  G06F21/00

CPC分类号： G06F17/30427 ,  G06F21/6227 ,  Y10S707/99939

摘要： A method, system and article of manufacture for two phase intermediate query security using access control. A networked client-server computer system having a plurality of users of the client-server system and including software performing database queries via a DBMS for users of the system implements the method. The method includes receiving a query string from one of the users by the client system, the query string including references to database objects. The received query string is transformed by the client system to an intermediate query string, and a first phase query security is performed by the client system including identifying the referenced database objects and inserting a security marker into the intermediate query string for each respective identified database object, and sending the intermediate query string to the server system. Access control checks are performed by the server system on the inserted security markers in the intermediate query string, and the inserted security markers are replaced with corresponding DBMS code to enforce access control.

摘要翻译： 一种使用访问控制的两阶段中间查询安全性的方法，系统和制造。 具有客户机 - 服务器系统的多个用户并且包括通过用于该系统的用户的DBMS执行数据库查询的软件的联网的客户端 - 服务器计算机系统实现该方法。 该方法包括由客户端系统从一个用户接收查询字符串，该查询字符串包括对数据库对象的引用。 所接收的查询字符串由客户端系统转换为中间查询字符串，并且客户端系统执行第一阶段查询安全性，包括识别引用的数据库对象，并将安全标记插入到每个相应的标识数据库对象的中间查询字符串中 ，并将中间查询字符串发送到服务器系统。 访问控制检查由服务器系统在中间查询字符串中插入的安全标记执行，插入的安全标记将替换为相应的DBMS代码，以实施访问控制。

公开(公告)号：US07761443B2

公开(公告)日：2010-07-20

申请号：US12123723

申请日：2008-05-20

申请人： Rupa Bhaghavan ,  Tawei Hu ,  Kenneth Carlin Nelson ,  Randal James Richardt

发明人： Rupa Bhaghavan ,  Tawei Hu ,  Kenneth Carlin Nelson ,  Randal James Richardt

IPC分类号： G06F17/30

CPC分类号： G06F17/30427 ,  G06F21/6218 ,  G06F21/6227 ,  Y10S707/99932 ,  Y10S707/99934 ,  Y10S707/99937 ,  Y10S707/99938 ,  Y10S707/99939

摘要： A system to generate an SQL sub-expression that implement access control rules stored in a library server. The SQL sub-expression is then merged with the SQL passed from an application program interface (API). The access control checking mechanism is implemented on the server side of the content management system. In this client/server environment, the query SQL statement is built in two layers: the API (client) layer and the server layer. The API sends the query string to the underlying stored procedure. The stored procedure then generates the access control logic based on the configuration parameters of the library server. This access control logic is dynamically added to the query string sent by the API. The stored procedure prepares, builds and executes this new query string as a dynamic SQL statement.

摘要翻译： 用于生成实现存储在库服务器中的访问控制规则的SQL子表达式的系统。 然后，SQL子表达式与从应用程序接口（API）传递的SQL合并。 访问控制检查机制在内容管理系统的服务器端实现。 在此客户端/服务器环境中，查询SQL语句分为两层：API（客户端）层和服务器层。 API将查询字符串发送到底层存储过程。 存储过程然后根据库服务器的配置参数生成访问控制逻辑。 该访问控制逻辑被动态添加到由API发送的查询字符串中。 存储过程准备，构建并执行此新查询字符串作为动态SQL语句。