×

System and method for recursive propagating application access control

  • US 10,277,601 B1
  • Filed: 05/11/2015
  • Issued: 04/30/2019
  • Est. Priority Date: 05/11/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for managing access control of shared contents on a cloud storage system, the method comprising:

  • obtaining, from a user at the cloud storage system, an access authorization indication message indicating that an entity is granted access to a parent folder in a folder hierarchy containing a first file and a child folder, the parent folder being stored at the cloud storage system, the entity being different from a creator of the first file and the entity being a third party application;

    modifying, by a processor at the cloud storage system, an access control rule associated with the parent folder, the access control rule specifying that the entity has access to the parent folder based on the access authorization indication message, specifying a file type associated with the first file, and including an application-specific data entry that indicates an access status of the entity; and

    asynchronously propagating, by the processor at the cloud storage system, the modified access control rule to the child folder, the asynchronously propagating of the modified access control rule comprising;

    receiving an access request from the entity to access a second file in the child folder of the parent folder in the folder hierarchy,responsive to the receiving of the access request from the entity to access the second file in the child folder and determining that an access control rule associated with the child folder does not specify access to files in the child folder for the entity, performing a fallback search based on the folder hierarchy by searching the folder hierarchy for an upper folder of the child folder with an access control rule specifying that the entity has access to the upper folder and also specifying a file type associated with the second file,responsive to finding the upper folder with the access control rule specifying that the entity has access to the upper folder and also specifying the file type associated with the second file, automatically granting, by the processor at the cloud storage system, the entity access to the second file in the child folder and modifying the access control rule associated with the child folder to specify that the entity has access to files in the child folder based on the access control rule of the upper folder, the upper folder being the parent folder, andresponsive to not finding the upper folder having the access control rule specifying that the entity has access to the upper folder and also specifying the file type associated with the second file, automatically denying, by the processor at the cloud storage system, the entity access to the second file in the child folder without user manual configuration of access denial for the second file.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×