公开(公告)号：US09852206B2

公开(公告)日：2017-12-26

申请号：US14707949

申请日：2015-05-08

Applicant: VMware, Inc.

Inventor： Leslie Muller ,  Michael Morris Wasser ,  Alberto Arias Maestro

IPC: G06F17/30 ,  G06F21/62 ,  G06F21/10

CPC classification number: G06F17/30595 ,  G06F17/30286 ,  G06F17/30289 ,  G06F17/30294 ,  G06F17/30368 ,  G06F17/30424 ,  G06F17/30474 ,  G06F17/3051 ,  G06F17/30545 ,  G06F17/30575 ,  G06F17/30592 ,  G06F17/30867 ,  G06F21/10 ,  G06F21/6218 ,  G06F21/6227

Abstract: In a method of controlling access to secured data, a repository operatively coupled to one or more databases storing secure data is employed to intercept a user query of one database of the one or more databases. A user who generated the user query and a user role assigned to the user is automatically determined from the intercepted query. The intercepted query is parsed. Security information of the identified objects is looked up in a metamodel stored in the one or more databases. Based on the determined user role and the identified objects to be filtered out of the user query, an expression tree to filter out secure data is automatically built and the user query is modified by appending the expression tree to the user query. The modified query is applied to the one database.