| CPC G06F 21/6218 (2013.01) | 17 Claims |
|
1. A computer implemented method for conditional access to data of a database system, the database system comprising records, each record including a set of attributes, the database system comprising database views, each database view representing a subset of the set of attributes, the method comprising:
storing data purpose objects, respective ones of data purpose objects authorizing access to only a subset of attributes of the set of attributes for a processing purpose for processing said subset of attributes;
associating respective ones of processing purposes of a plurality of processing purposes with one or more respective entities that consented to data access based on the associated processing purposes by creating a consent table, wherein respective entries of the consent table comprise an entity identifier (ID) of an entity and an associated processing purpose that the entity consented to data access for;
receiving a request for data for a specific processing purpose and a selected view of the database views;
retrieving a data purpose object for the specific processing purpose that restricts access requests for selected views based on the subset of attributes the data purpose object authorizes access to;
comparing the subset of attributes represented by the selected view with the subset of the attributes that the retrieved data purpose object authorizes access to; and
providing, in response to determining that the subset of attributes represented by the requested selected view is a subset of the subset of the attributes that the retrieved data purpose object authorizes access to, values of the subset of attributes represented in the selected view by joining the consent table with the selected view to only include the values of the subset of attributes for the entities that consented to the specific processing purpose within the consent table.
|