Access control for business process data

US 10,474,837 B2
Filed: 05/17/2018
Issued: 11/12/2019
Est. Priority Date: 12/22/2006
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to business process data, comprising:

configuring a content management system (“

CMS”

) to store;

a first business process, the first business process comprising a definition of a first plurality of steps, the first plurality of steps comprising steps for editing instances of a first business process object and instances of a second business process object created by instances of the first business process;

a second business process, the second business process including a definition of a second plurality of steps, the second plurality of steps comprising steps for editing instances of the first business process object and instances of a third business process object created by instances of the second business process;

an association defined for the first business process between a first access control list (“

ACL”

) and the first business process object wherein the first ACL specifies a specific application and a type of access that the specific application has to the first business process object;

an association defined for the first business process between a second ACL and the second business process object, wherein the second ACL specifies the specific application and a type of access that the specific application has to the second business process object; and

an association defined for the second business process between a third ACL and the first business process object;

executing an instance of the first business process in the CMS;

creating, by the instance of the first business process, a first instance of the first business process object and an instance of the second business process object, the first instance of the first business process object and the instance of the second business process object configured to contain business process data of the instance of the first business process;

associating, by the instance of first business process, the first instance of the first business process object with the first ACL based on the association defined for the first business process between the first ACL and the first business process object;

associating, by the instance of first business process, the instance of the second business process object with the second ACL based on the association defined for the first business process between the second ACL and the second business process object;

executing an instance of the second business process;

creating, by the instance of the second business process, a second instance of the first business process object and an instance of the third business process object, the second instance of the first business process object and the instance of the third business process object configured to contain business process data of the instance of the second business process;

associating, by the instance of the second business process, the second instance of the first business process object with the third ACL based on the association defined for the second business process between the third ACL and the first business process object;

storing the first instance of the first business process object, the second instance of the first business process object, the instance of the second business process object and the instance of the third business process object in a CMS repository; and

using the CMS to control access to the first instance of the first business process object by the specific application in accordance with the first ACL, to control access to the second instance of the first business process object in accordance with the third ACL, and to control access to the instance of the second business process object by the specific application according to the second ACL.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Controlling access to business process data is disclosed. An instance of a first business process object configured to contain business process data of a business process is created. An instance of a second business process object configured to contain business process data of the business process is created. A first access control list is associated with the instance of the first business process object and a second access control list is associated with the instance of the second business process object.

110 Citations

20 Claims

1. A method for controlling access to business process data, comprising:
- configuring a content management system (“
  
  CMS”
  
  ) to store;
  
  a first business process, the first business process comprising a definition of a first plurality of steps, the first plurality of steps comprising steps for editing instances of a first business process object and instances of a second business process object created by instances of the first business process;
  
  a second business process, the second business process including a definition of a second plurality of steps, the second plurality of steps comprising steps for editing instances of the first business process object and instances of a third business process object created by instances of the second business process;
  
  an association defined for the first business process between a first access control list (“
  
  ACL”
  
  ) and the first business process object wherein the first ACL specifies a specific application and a type of access that the specific application has to the first business process object;
  
  an association defined for the first business process between a second ACL and the second business process object, wherein the second ACL specifies the specific application and a type of access that the specific application has to the second business process object; and
  
  an association defined for the second business process between a third ACL and the first business process object;
  
  executing an instance of the first business process in the CMS;
  
  creating, by the instance of the first business process, a first instance of the first business process object and an instance of the second business process object, the first instance of the first business process object and the instance of the second business process object configured to contain business process data of the instance of the first business process;
  
  associating, by the instance of first business process, the first instance of the first business process object with the first ACL based on the association defined for the first business process between the first ACL and the first business process object;
  
  associating, by the instance of first business process, the instance of the second business process object with the second ACL based on the association defined for the first business process between the second ACL and the second business process object;
  
  executing an instance of the second business process;
  
  creating, by the instance of the second business process, a second instance of the first business process object and an instance of the third business process object, the second instance of the first business process object and the instance of the third business process object configured to contain business process data of the instance of the second business process;
  
  associating, by the instance of the second business process, the second instance of the first business process object with the third ACL based on the association defined for the second business process between the third ACL and the first business process object;
  
  storing the first instance of the first business process object, the second instance of the first business process object, the instance of the second business process object and the instance of the third business process object in a CMS repository; and
  
  using the CMS to control access to the first instance of the first business process object by the specific application in accordance with the first ACL, to control access to the second instance of the first business process object in accordance with the third ACL, and to control access to the instance of the second business process object by the specific application according to the second ACL.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as in claim 1, wherein each of the first access control, list and the second access control list is determined prior to the execution of the instance of the first business process and the third access control list is determined prior to the execution of the instance of the second business process.
  - 3. The method as in claim 1, wherein:
    - the association defined for the first business process between the first ACL and the first business process object and the association defined for the first business process between the second ACL and the second business process object are defined during development of the first business process; and
      
      the association defined for the second business process between the third ACL and the first business process object is defined during development of the second business process.
  - 4. The method as in claim 1, wherein each of the first access control list, the second access control list, and third access control list indicates a type of access that a user, or a group of users is allowed.
  - 5. The method as in claim 1, wherein the type of access that the specific application has to the first business process object specifies a permission or a restriction for the specific application.
  - 6. The method as in claim 1, wherein at least one of the first access control list, the second access control list or the third access control list specifies that an accessing party be the specific application, a specific user, or a specific group of users.
  - 7. The method as in claim 1, wherein at least one of the first access control list, the second access control list or the third access control list specifies that access is restricted if an accessing party is the specific application, a specific user, or a specific group of users.
  - 8. The method as in claim 1, wherein at least one of the first access control list or the second access control list includes a permission for the specific application, the permission including one or more of the following:
    - none, browse, read, relate, version, write, change location, change owner, change state, change permission, delete, execute, annotate, or approve.
  - 9. The method as in claim 1, wherein at least one of the first access control list or the second access control list includes a restriction for the specific application, the restriction including one or more of the following:
    - none, browse, read, relate, version, write, change location, change owner, change state, change permission, delete, execute, annotate, or approve.

10. A system for controlling access to business process data, comprising:
- a processor; and
  
  a memory coupled to the processor and storing instructions that are executable by the processor to;
  
  configure a content management system (“
  
  CMS”
  
  ) to store;
  
  a first business process, the first business process comprising a definition of a first plurality of steps, the first plurality of steps comprising steps for editing instances of a first business process object and instances of a second business process object created by instances of the first business process;
  
  a second business process, the second business process including a definition of a second plurality of steps, the second plurality of steps comprising steps for editing instances of the first business process object and instances of a third business process object created by instances of the second business process;
  
  an association defined for the first business process between a first access control list (“
  
  ACL”
  
  ) and the first business process object, the first ACL specifying a specific application and a type access that the specific application has to the first business process object;
  
  an association defined for the first business process between a second ACL and the second business process object, the second ACL specifying the specific application and a type of access that the specific application has to the second business process object; and
  
  an association defined for the second business process between a third ACL and the first business process object;
  
  execute an instance of the first business process in the CMS;
  
  create, by the instance of the first business process, a first instance of the first business process object and an instance of the second business process object, the first instance of the first business process object and the instance of the second business process object configured to contain business process data of the instance of the first business process;
  
  associate, by the instance of first business process, the first instance of the first business process object with the first ACL based on the association defined for the first business process between the first ACL and the first business process object;
  
  associate, by the instance of first business process, the instance of the second business process object with the second ACL based on the association defined for the first business process between the second ACL and the second business process object;
  
  execute an instance of the second business process;
  
  create, by the instance of the second business process, a second instance of the first business process object and an instance of the third business process object that are configured to contain business process data of the instance of the second business process;
  
  associate, by the instance of the second business process, the second instance of the first business process object with the third ACL based on the association defined for the second business process between the third ACL and the first business process object;
  
  store the first instance of the first business process object, the second instance of the first business process object, the instance of the second business process object and the instance of the third business process object in a CMS repository; and
  
  use the CMS to control access to the first instance of the first business process object by the specific application in accordance with the first ACL, to control access to the second instance of the first business process object in accordance with the third ACL, and to control access to the instance of the second business process object by the specific application according to the second ACL.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein each of the first access control list and the second access control list is determined prior to the execution of the instance of the first business process and the third access control list is determined prior to the execution of the instance of the second business process.
  - 12. The system of claim 10 wherein the instructions are further executable to:
    - create the association for the first business process between the first ACL and the first business process object and the association defined for the first business process between the second ACL and the second business process object during development of the first business process; and
      
      create the association defined for the second business process between the third ACL and the first business process object during development of the second business process.
  - 13. The system of claim 10, wherein each of the first access control list, the second access control list, and third access control list indicates a type of access that a user, or a group of users is allowed.
  - 14. The system of claim 10, wherein the type of access that the specific application has to the first business process object specifies a permission or a restriction for the specific application.
  - 15. The system of claim 10, wherein at least one of the first access control list, the second access control list or the third access control list specifies that an accessing party be the specific application, a specific user, or a specific group of users.
  - 16. The system of claim 10, wherein at least one of the first access control list, the second access control list or the third access control list specifies that access is restricted if an accessing party is the specific application, a specific user, or a specific group of users.
  - 17. The system of claim 10, wherein at least one of the first access control list, the second access control list or the third access control list includes a permission for the specific application, the permission including one or more of the following:
    - none, browse, read, relate, version, write, change location, change owner, change state, change permission, delete, execute, annotate, or approve.
  - 18. The system of claim 10, wherein at least one of the first access control list, the second access control list or the third access control list includes a restriction for the specific application, the restriction including one or more of the following:
    - none, browse, read, relate, version, write, change location, change owner, change state, change permission, delete, execute, annotate, or approve.

19. A computer program product for controlling access to business process data, comprising:
- a computer readable non-transitory medium storing instructions that are executable by a processor to;
  
  configure a content management system (“
  
  CMS”
  
  ) to store;
  
  a first business process, the first business process comprising a definition of a first plurality of steps, the first plurality of steps comprising steps for editing instances of a first business process object and instances of a second business process object created by instances of the first business process;
  
  a second business process, the second business process including a definition of a second plurality of steps, the second plurality of steps comprising steps for editing instances of the first business process object and instances of a third business process object created by instances of the second business process;
  
  an association defined for the first business process between a first access control list (“
  
  ACC) and the first business process object, the first ACL specifying a specific application and a type of access that the specific application has to the first business process object;
  
  an association defined for the first business process between a second ACL and the second business process object, the second ACL specifying the specific application and the type of access that the specific application has to the second business process object; and
  
  an association defined for the second business process between a third ACL and the first business process object;
  
  execute an instance of the first business process in the CMS;
  
  create, by the instance of the first business process, a first instance of the first business process object and an instance of the second business process object, the first instance of the first business process object and the instance of the second business process object configured to contain business process data of the instance of the first business process;
  
  associate, by the instance of first business process, the first instance of the first business process object with the first ACL based on the association defined for the first business process between the first ACL and the first business process object;
  
  associate, by the instance of first business process, the instance of the second business process object with the second ACL based on the association defined for the first business process between the second ACL and the second business process object;
  
  execute an instance of the second business process;
  
  create, by the instance of the second business process, a second instance of the first business process object and an instance of the third business process object that are configured to contain business process data of the instance of the second business process;
  
  associate, by the instance of the second business process, the second instance of the first business process object with the third ACL based on the association defined for the second business process between the third ACL and the first business process object;
  
  store the first instance of the first business process object, the second instance of the first business process object, the instance of the second business process object and the instance of the third business process object in a CMS repository; and
  
  use the CMS to control access to the first instance of the first business process object by the specific application in accordance with the first ACL, to control access to the second instance of the first business process object in accordance with the third ACL, and to control access to the instance of the second business process object by the specific application according to the second ACL.
- View Dependent Claims (20)
- - 20. The computer program product as in claim 19, wherein each of the first access control list and the second access control list is determined prior to execution of the instance of the first business process and the third access control list is determined prior to execution of the instance of the second business process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Text Corporation
Original Assignee
Open Text Corporation
Inventors
Tsai, Kenwood, Rawat, Harish, Tang, Xiaoting, Shahidi, Payam
Primary Examiner(s)
Dwivedi, Mahesh H

Application Number

US15/982,782
Publication Number

US 20180293404A1
Time in Patent Office

544 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

Y10S 707/944   Business related

Y10S 707/955   Object-oriented

Access control for business process data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

110 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Access control for business process data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links