Access control for enterprise knowledge
First Claim
1. A method implemented in a data processing apparatus, comprising:
- receiving documents of an enterprise, each document having a respective access control list specifying access privileges to the document for one or more members of the enterprise, and the documents including data describing entities related to the enterprise and relationships among the entities;
deriving entity facts of the entities from the documents of the enterprise, each entity fact describing at least one feature of an entity of the entities from the documents, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein deriving the entity facts comprises selecting each document from the documents, and for the selected document;
determining a first entity identified within the document;
determining a second entity identified within the document;
determining a relationship between the first entity and the second entity that is described within the document; and
generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document;
wherein multiple entity facts are derived from a selected document;
determining, for each entity fact, from the respective access control list of each document from which the entity fact is derived, an entity fact access control list, wherein;
each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and
at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified;
storing data describing the entities, entity facts and the respective entity fact access control lists in a searchable index, wherein each entity fact is associated with its corresponding entity fact access control list; and
providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for access control for enterprise information. In one aspect, a method includes receiving resources of an enterprise, each resource having a respective access control list specifying access privileges to the resource for one or more members, and the resources including entities related to the enterprise and relationships; identifying entity facts of the entities from the resources; determining, for each entity fact, an entity fact access control list; storing data describing the entities, entity facts and the respective entity fact access control lists, wherein each entity fact is associated with its corresponding entity fact access control list; and providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts according to the respective entity fact access control lists.
-
Citations
20 Claims
-
1. A method implemented in a data processing apparatus, comprising:
-
receiving documents of an enterprise, each document having a respective access control list specifying access privileges to the document for one or more members of the enterprise, and the documents including data describing entities related to the enterprise and relationships among the entities; deriving entity facts of the entities from the documents of the enterprise, each entity fact describing at least one feature of an entity of the entities from the documents, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein deriving the entity facts comprises selecting each document from the documents, and for the selected document; determining a first entity identified within the document;
determining a second entity identified within the document;determining a relationship between the first entity and the second entity that is described within the document; and generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document; wherein multiple entity facts are derived from a selected document;
determining, for each entity fact, from the respective access control list of each document from which the entity fact is derived, an entity fact access control list, wherein;each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified; storing data describing the entities, entity facts and the respective entity fact access control lists in a searchable index, wherein each entity fact is associated with its corresponding entity fact access control list; and providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
- a processor; and
a non-transitory computer-readable medium coupled to the processor and having instructions stored thereon, which, when executed by the processor, cause the processor to perform operations comprising; receiving documents of an enterprise, each document having a respective access control list specifying access privileges to the document for one or more members of the enterprise, and the documents including data describing entities related to the enterprise and relationships among the entities; deriving entity facts of the entities from the documents of the enterprise, each entity fact describing at least one feature of an entity of the entities from the documents, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein deriving the entity facts comprises selecting each document from the documents, and for the selected document; determining a first entity identified within the document;
determining a second entity identified within the document;determining a relationship between the first entity and the second entity that is described within the document; and generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document; wherein multiple entity facts are derived from a selected document;
determining, for each entity fact, from the respective access control list of each document from which the entity fact is derived, an entity fact access control list, wherein;each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified; storing data describing the entities, entity facts and the respective entity fact access control lists in a searchable index, wherein each entity fact is associated with its corresponding entity fact access control list; and providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists. - View Dependent Claims (9, 10, 11, 12, 13, 14)
- a processor; and
-
15. A non-transitory computer-readable medium having instructions stored thereon, which, when executed by a processor, cause the processor to perform operations, comprising:
-
receiving documents of an enterprise, each document having a respective access control list specifying access privileges to the document for one or more members of the enterprise, and the documents including data describing entities related to the enterprise and relationships among the entities; deriving entity facts of the entities from the documents of the enterprise, each entity fact describing at least one feature of an entity of the entities from the documents, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein deriving the entity facts comprises selecting each document from the documents, and for the selected document; determining a first entity identified within the document; determining a second entity identified within the document; determining a relationship between the first entity and the second entity that is described within the document; and generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document; wherein multiple entity facts are derived from a selected document;
determining, for each entity fact, from the respective access control list of each document from which the entity fact is derived, an entity fact access control list, wherein;each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified; storing data describing the entities, entity facts and the respective entity fact access control lists in a searchable index, wherein each entity fact is associated with its corresponding entity fact access control list; and providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification