Search

US-12626001-B1 - Column-level security for embedded workbooks

US12626001B1US 12626001 B1US12626001 B1US 12626001B1US-12626001-B1

Abstract

Column-level security for embedded workbooks including receiving, by a workbook manager from a third-party user computing system, a request for an embedded workbook, wherein the request comprises a user attribute, and wherein the workbook is generated using a dataset comprising a set of columns; selecting, by the workbook manager, a subset of the set of columns of the dataset to include in the workbook based on the user attribute; retrieving, by the workbook manager, the selected subset of columns from a cloud-based data warehouse; and presenting, by the workbook manager on the third-party user computing system, the workbook comprising the selected subset of columns.

Inventors

  • ZALAK H. TRIVEDI
  • I-Huei Huang
  • SAMUEL ANDRE ABRAHAM SOUBEYRAN

Assignees

  • SIGMA COMPUTING, INC.

Dates

Publication Date
20260512
Application Date
20240112

Claims (20)

  1. 1 . A method for column-level security for a workbook, the method comprising: receiving, by a workbook manager from a third-party user computing system, a request for the workbook, wherein the request comprises a user attribute, and wherein the workbook is generated using a dataset comprising a set of columns; selecting, by the workbook manager, a subset of the set of columns of the dataset to include in the workbook based on the user attribute; retrieving, by the workbook manager, the selected subset of the set of columns from a cloud-based data warehouse; and presenting, by the workbook manager on the third-party user computing system, the workbook comprising the selected subset of the set of columns and a plurality of workbook elements, wherein each workbook element of the plurality of workbook elements refers to one or more columns of the dataset, and wherein presenting the workbook includes: identifying workbook elements that reference columns excluded from the selected subset of the set of columns; and preventing the workbook elements from exposing the columns excluded from the subset of the set of columns to the third-party user computing system based on the user attribute associated with the third-party user computing system.
  2. 2 . The method of claim 1 , further comprising: receiving, from a client computing system separate from the third-party user computing system, a workbook configuration for the user attribute, wherein the workbook configuration identifies a column to exclude from the dataset underlying the workbook.
  3. 3 . The method of claim 1 , wherein preventing the third-party user computing system from accessing columns excluded from the subset of the set of columns includes removing workbook elements of the plurality of workbook elements that reference the columns excluded from the subset of the set of columns.
  4. 4 . The method of claim 1 , wherein the selected subset of the set of columns is retrieved from the cloud-based data warehouse without retrieving columns outside the subset of the set of columns.
  5. 5 . The method of claim 1 , wherein selecting the subset of the set of columns of the dataset to include in the workbook based on the user attribute comprises: excluding, from the subset of the set of columns of the dataset, columns identified in a workbook configuration for the user attribute; and excluding, from the subset of the set of columns of the dataset, columns dependent upon the columns identified in the workbook configuration for the user attribute.
  6. 6 . The method of claim 1 , wherein the user attribute is associated with a third-party entity, and wherein the subset of the set of columns comprises columns relevant to the third-party entity.
  7. 7 . The method of claim 1 , wherein the user attribute is associated with a first third-party entity, and wherein at least one column outside the subset of the set of columns is relevant to a second third-party entity.
  8. 8 . The method of claim 1 , wherein selecting the subset of the set of columns of the dataset to include in the workbook based on the user attribute comprises accessing a repository of user attributes each mapped to a workbook configuration that identifies columns to exclude from the dataset underlying the workbook.
  9. 9 . The method of claim 1 , wherein retrieving the selected subset of the set of columns from the cloud-based data warehouse comprises: issuing a database statement to the cloud-based data warehouse; and receiving, in response to issuing the database statement, query results comprising the selected subset of the set of columns.
  10. 10 . The method of claim 1 , wherein the workbook manager is hosted on an intermediary computing system between the third-party user computing system and the cloud-based data warehouse.
  11. 11 . An apparatus for column-level security for a workbook, the apparatus comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out: receiving, from a third-party user computing system, a request for the workbook, wherein the request comprises a user attribute, and wherein the workbook is generated using a dataset comprising a set of columns; selecting a subset of the set of columns of the dataset to include in the workbook based on the user attribute; retrieving the selected subset of the set of columns from a cloud-based data warehouse; and presenting, on the third-party user computing system, the workbook comprising the selected subset of the set of columns and a plurality of workbook elements, wherein each workbook element of the plurality of workbook elements refers to one or more columns of the dataset, and wherein presenting the workbook includes: identifying workbook elements that reference columns excluded from the selected subset of the set of columns; and preventing the workbook elements from exposing the columns excluded from the subset of the set of columns to the third-party user computing system based on the user attribute associated with the third-party user computing system.
  12. 12 . The apparatus of claim 11 , wherein the computer program instructions further cause the apparatus to carry out: receiving, from a client computing system separate from the third-party user computing system, a workbook configuration for the user attribute, wherein the workbook configuration identifies a column to exclude from the dataset underlying the workbook.
  13. 13 . The apparatus of claim 11 , wherein preventing the third-party user computing system from accessing columns excluded from the subset of the set of columns includes removing workbook elements of the plurality of workbook elements that reference the columns excluded from the subset of the set of columns.
  14. 14 . The apparatus of claim 11 , wherein the selected subset of the set of columns is retrieved from the cloud-based data warehouse without retrieving columns outside the subset of the set of columns.
  15. 15 . The apparatus of claim 11 , wherein selecting the subset of the set of columns of the dataset to include in the workbook based on the user attribute comprises: excluding, from the subset of the set of columns of the dataset, columns identified in a workbook configuration for the user attribute; and excluding, from the subset of the set of columns of the dataset, columns dependent upon the columns identified in the workbook configuration for the user attribute.
  16. 16 . The apparatus of claim 11 , wherein the user attribute is associated with a third-party entity, and wherein the subset of the set of columns comprises columns relevant to the third-party entity.
  17. 17 . The apparatus of claim 11 , wherein the user attribute is associated with a first third-party entity, and wherein at least one column outside the subset of the set of columns is relevant to a second third-party entity.
  18. 18 . The apparatus of claim 11 , wherein selecting the subset of the set of columns of the dataset to include in the workbook based on the user attribute comprises accessing a repository of user attributes each mapped to a workbook configuration that identifies columns to exclude from the dataset underlying the workbook.
  19. 19 . The apparatus of claim 11 , wherein retrieving the selected subset of the set of columns from the cloud-based data warehouse comprises: issuing a database statement to the cloud-based data warehouse; and receiving, in response to issuing the database statement, query results comprising the selected subset of the set of columns.
  20. 20 . A computer program product for column-level security for a workbook, the computer program product comprising a computer readable medium and computer program instructions stored therein that, when executed, cause a computer to carry out: receiving, from a third-party user computing system, a request for the workbook, wherein the request comprises a user attribute, and wherein the workbook is generated using a dataset comprising a set of columns; selecting a subset of the set of columns of the dataset to include in the workbook based on the user attribute; retrieving the selected subset of the set of columns from a cloud-based data warehouse; and presenting, on the third-party user computing system, the workbook comprising the selected subset of the set of columns and a plurality of workbook elements, wherein each workbook element of the plurality of workbook elements refers to one or more columns of the dataset, and wherein presenting the workbook includes: identifying workbook elements that reference columns excluded from the selected subset of the set of columns; and preventing the workbook elements from exposing the columns excluded from the subset of the set of columns to the third-party user computing system based on the user attribute associated with the third-party user computing system.

Description

BACKGROUND Field of the Invention The field of the invention is data processing, or, more specifically, methods, apparatus, and products for column-level security for embedded workbooks. Description of Related Art Modern businesses may store large amounts of data in remote databases within cloud-based data warehouses. This data may be accessed using database statement languages, such as structured query language (SQL). Manipulating the data stored in the database may require constructing complex queries beyond the abilities of most users. Further, composing and issuing database queries efficiently may also be beyond the abilities of most users. SUMMARY Methods, systems, and apparatus for column-level security for embedded workbooks including receiving, by a workbook manager from a third-party user computing system, a request for an embedded workbook, wherein the request comprises a user attribute, and wherein the workbook is generated using a dataset comprising a set of columns; selecting, by the workbook manager, a subset of the set of columns of the dataset to include in the workbook based on the user attribute; retrieving, by the workbook manager, the selected subset of columns from a cloud-based data warehouse; and presenting, by the workbook manager on the third-party user computing system, the workbook comprising the selected subset of columns. The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts of exemplary embodiments of the invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 sets forth a block diagram of an example system configured for column-level security for embedded workbooks according to embodiments of the present invention. FIG. 2 sets forth a block diagram of an example system configured for column-level security for embedded workbooks according to embodiments of the present invention. FIG. 3 sets forth a block diagram of an example system configured for column-level security for embedded workbooks according to embodiments of the present invention. FIG. 4 sets forth a flow chart illustrating an exemplary method for column-level security for embedded workbooks according to embodiments of the present invention. FIG. 5 sets forth a flow chart illustrating an exemplary method for column-level security for embedded workbooks according to embodiments of the present invention. DETAILED DESCRIPTION Example methods, apparatus, and products for column-level security for embedded workbooks in accordance with embodiments of the present disclosure are described with reference to the accompanying drawings, beginning with FIG. 1. FIG. 1 illustrates an exemplary computing device 100 that may be specifically configured to perform one or more of the processes described herein. As shown in FIG. 1, computing device 100 may include a communication interface 102, a processor 104, a storage device 106, and an input/output (“I/O”) module 108 communicatively connected one to another via a communication infrastructure 110. While an exemplary computing device 100 is shown in FIG. 1, the components illustrated in FIG. 1 are not intended to be limiting. Additional or alternative components may be used in other embodiments. Components of computing device 100 shown in FIG. 1 will now be described in additional detail. Communication interface 102 may be configured to communicate with one or more computing devices. Examples of communication interface 102 include, without limitation, a wired network interface (such as a network interface card), a wireless network interface (such as a wireless network interface card), a modem, an audio/video connection, and any other suitable interface. Processor 104 generally represents any type or form of processing unit capable of processing data and/or interpreting, executing, and/or directing execution of one or more of the instructions, processes, and/or operations described herein. Processor 104 may perform operations by executing computer-executable instructions 112 (e.g., an application, software, code, and/or other executable data instance) stored in storage device 106. Storage device 106 may include one or more data storage media, devices, or configurations and may employ any type, form, and combination of data storage media and/or device. For example, storage device 106 may include, but is not limited to, any combination of non-volatile media and/or volatile media. Electronic data, including data described herein, may be temporarily and/or permanently stored in storage device 106. For example, data representative of computer-executable instructions 112 configured to direct processor 104 to perform any of the operations described herein may be stored within storage device 106. In some examples, data may be arranged in one or more databases residing w