Techniques for fine grained protection of resources in an access management environment
First Claim
1. A computer-implemented method for providing fine-grained access protection of resources, the method comprising:
- receiving, by an access management service, a request from a requester for a resource in a content management system, wherein the resource comprises a plurality of resource parts;
determining, by the access management service, a type of the resource;
invoking, by the access management service, a resource type-specific plugin based on the type of the resource in the request;
for each resource part of the plurality of resource parts, determining, by the type-specific plugin, whether the requester is authorized to access the resource part based on one or more access policies;
providing access to the requester, by the access management service, to the resource parts the requester is authorized to access; and
blocking access to the requester, by the access management service, to the resource parts the requester is not authorized to access.
1 Assignment
0 Petitions
Accused Products
Abstract
In certain embodiments, techniques are provided (e.g., a method, a system, non-transitory computer-readable medium storing code or instructions executable by one or more processors) to provide fine grained protection of resources in an access management environment. An access management service can intercept requests for resources (e.g., content in a content management system) and provide fine-grained authorization service for content management systems, such as Microsoft Office Sharepoint Server. The access management service can provide external policy management, evaluation and enforcement for content management systems. The access management service can include a plurality of plugins associated with different types of resources available through the content management systems. Integrating an access management service with content management systems provides both user and administrator efficiencies while enforcing a consistent level of access security across an enterprise system.
-
Citations
20 Claims
-
1. A computer-implemented method for providing fine-grained access protection of resources, the method comprising:
-
receiving, by an access management service, a request from a requester for a resource in a content management system, wherein the resource comprises a plurality of resource parts; determining, by the access management service, a type of the resource; invoking, by the access management service, a resource type-specific plugin based on the type of the resource in the request; for each resource part of the plurality of resource parts, determining, by the type-specific plugin, whether the requester is authorized to access the resource part based on one or more access policies; providing access to the requester, by the access management service, to the resource parts the requester is authorized to access; and blocking access to the requester, by the access management service, to the resource parts the requester is not authorized to access. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for providing fine-grained access protection of resources, the system comprising:
-
an access management service, including a plurality of resource type-specific plugins; and a content management service, including a plurality of resources; wherein a request for a resource comprising a plurality of resource parts in a content management system is received from a requester, the access management service is configured to; intercept the request for the resource in the content management system; determine a type of the resource; invoke one of the resource type-specific plugins based on the type of the resource in the request; for each resource part of the plurality of resource parts, determine, by the type-specific plugin, whether the requester is authorized to access the resource part based on one or more access policies; provide access to the requester to the resource parts the requester is authorized to access; and block access to the requester to the resource parts the requester is not authorized to access. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium including instructions stored thereon which, when executed by a processor, cause the processor to perform a method for providing fine-grained access protection of resources, the method comprising:
-
receiving, by an access management service, a request from a requester for a resource in a content management system, wherein the resource comprises a plurality of resource parts; determining, by the access management service, a type of the resource; invoking, by the access management service, a resource type-specific plugin based on the type of the resource in the request; for each resource part of the plurality of resource parts, determining, by the type-specific plugin, whether the requester is authorized to access the resource part based on one or more access policies; providing access to the requester to the resource parts the requester is authorized to access; and blocking access to the requester to the resource parts the requester is not authorized to access. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification