Permission comparator
First Claim
1. A database system for comparing permissions, the database system comprising:
- a processor; and
one or more stored sequences of instructions stored on a non-transitory computer-readable media which, when executed by the processor, cause the processor to carry out the steps of;
receiving, at a first time, a first identifier associated with a first user;
retrieving, in response to receiving the first identifier, a first profile associated with the first identifier, the first profile associated with a first plurality of permission lists, wherein each permission list in the first plurality of permission lists includes one or more permissions;
creating, at a second time subsequent to the first time, a first group of permissions by combining together each permission list of the first plurality of permission lists for the first user, and displaying the first group of permissions on a user interface, wherein combining includes resolving conflicting permissions between each permission list in the first plurality of permission lists;
receiving, at a third time, a second identifier associated with a second user;
retrieving, in response to receiving the second identifier, a second profile associated with the second identifier, the second profile associated with a second plurality of permission lists, wherein each permission list in the second plurality of permission lists includes one or more permissions;
creating, at a fourth time subsequent to the third time, a second group of permissions by combining together each permission list of the second plurality of permission lists for the second user, and displaying the second group of permissions on the user interface, wherein the second group of permissions is created and displayed separately from the first group of permissions, and wherein combining includes resolving conflicting permissions between each permission list in the second plurality of permission lists;
receiving a comparator operator;
comparing the first group of permissions with the second group of permissions based on the comparator operator, the comparator operator determining how the comparison is to be carried out;
generating in real-time a new permission list resulting from the comparison of the first group of permissions and the second group of permissions, wherein the new permission list is different from the first group of permissions and the second group of permissions and not assigned to any users;
sending the new permission list as results of the comparison to the user interface to display separately from the first group of permissions and the second group of permissions;
receiving a permission assignment operator; and
assigning the new permission list to one of the first user or second user based on the permissions assignment operator.
2 Assignments
0 Petitions
Accused Products
Abstract
A permission management system enables a system administrator to more effectively manage the large number of permissions associated with database systems. The permission management system accumulates groups of permissions associated with selected users, profiles, or permission sets. The permission management system then performs selectable comparisons on the different groups of permissions, such as identifying common permissions, unique permissions, and differing permissions. The permission management system also may identify permissions in a first permission group that do not exist in a second permission group and assign the identified permissions to the second permission group.
-
Citations
20 Claims
-
1. A database system for comparing permissions, the database system comprising:
-
a processor; and one or more stored sequences of instructions stored on a non-transitory computer-readable media which, when executed by the processor, cause the processor to carry out the steps of; receiving, at a first time, a first identifier associated with a first user; retrieving, in response to receiving the first identifier, a first profile associated with the first identifier, the first profile associated with a first plurality of permission lists, wherein each permission list in the first plurality of permission lists includes one or more permissions; creating, at a second time subsequent to the first time, a first group of permissions by combining together each permission list of the first plurality of permission lists for the first user, and displaying the first group of permissions on a user interface, wherein combining includes resolving conflicting permissions between each permission list in the first plurality of permission lists; receiving, at a third time, a second identifier associated with a second user; retrieving, in response to receiving the second identifier, a second profile associated with the second identifier, the second profile associated with a second plurality of permission lists, wherein each permission list in the second plurality of permission lists includes one or more permissions; creating, at a fourth time subsequent to the third time, a second group of permissions by combining together each permission list of the second plurality of permission lists for the second user, and displaying the second group of permissions on the user interface, wherein the second group of permissions is created and displayed separately from the first group of permissions, and wherein combining includes resolving conflicting permissions between each permission list in the second plurality of permission lists; receiving a comparator operator; comparing the first group of permissions with the second group of permissions based on the comparator operator, the comparator operator determining how the comparison is to be carried out; generating in real-time a new permission list resulting from the comparison of the first group of permissions and the second group of permissions, wherein the new permission list is different from the first group of permissions and the second group of permissions and not assigned to any users; sending the new permission list as results of the comparison to the user interface to display separately from the first group of permissions and the second group of permissions; receiving a permission assignment operator; and assigning the new permission list to one of the first user or second user based on the permissions assignment operator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program stored in a non-transitory media for managing permissions in a database system, the computer program comprising a set of instructions operable to:
-
display, on a user interface, identifiers associated with different permission categories for different users; detect selection, at a first time, of a first one of the identifiers; generate, at a second time subsequent to the first time, a first group of permissions associated with the first one of the identifiers, wherein the first group of permissions include separately grantable read, edit, create, and view permissions for same objects in the database system; display the first group of permissions on the user interface; detect selection, at a third time, of a second one of the identifiers; generate, at a fourth time subsequent to the third time, a second group of permissions separate from the first group of permissions associated with the second one of the identifiers wherein the second group of permissions include separately grantable read, edit, create, and view permissions for the same objects in the database system; display, separately from the first group of permissions, the second group of permissions on the user interface; detect selection of a comparison operator; compare the first group of permissions with the second group of permissions based on the comparison operator, the comparison operator to determine how the comparison is to be carried out; generate a new group of permissions in real-time resulting from the comparison between the first group of permissions and the second group of permissions, the new group of permissions different from the first group of permissions and the second group of permissions and currently not assigned to any of the users; and send the new group of permissions as results of the comparison to a user device for displaying on the user interface separately from the first group of permissions and the second group of permissions. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for managing permissions in a database system comprising:
-
detecting, at a first time, selection of a first identifier for a first user, the first identifier associated with a first plurality of permission sets, each of the first plurality of permission sets including at least one permission; sending a request to a permission management server to automatically create, at a second time subsequent to the first time, and display a first group of permissions associated with the first identifier by combining together each permission set of the first plurality of permission sets, wherein combining includes resolving conflicting permissions between each permission set in the first plurality of permission sets; detecting, at a third time, selection of a second identifier for a second user, the second identifier associated with a second plurality of permission sets, each of the second plurality of permission sets including at least one permission; sending a request to the permission management server to automatically create, at a fourth time subsequent to the third time, and display a second group of permissions associated with the second identifier by combining together each permission set of the second pluralit of permission sets, wherein combining includes resolving conflicting permissions between each permission set in the second plurality of permission sets; detecting selection of a comparator operator; and sending a request to the permission management server to; automatically compare in real-time the first group of permissions for the first user with the second group of permissions for the second user based on the comparator operator, the comparator operator determining how the comparison is to be carried out; automatically generate in real-time a third group of permissions different from the first group of permission and the second group of permissions as results of the comparison between the first group of permissions and the second group of permissions, the third group of permissions not currently assigned to the first user or the second user; and display the third group of permissions on a user interface separately from the first group of permissions and the second group of permissions, wherein permissions include at least one of an object permission, an application permission, a code permission, and a page permission. - View Dependent Claims (20)
-
Specification