Access control for business process data
First Claim
Patent Images
1. A method for controlling access to business process data, comprising:
- configuring a content management system (“
CMS”
) to store;
a first business process, the first business process comprising a definition of a first plurality of steps, the first plurality of steps comprising steps for editing instances of a first business process object and instances of a second business process object created by instances of the first business process;
a second business process, the second business process including a definition of a second plurality of steps, the second plurality of steps comprising steps for editing instances of the first business process object and instances of a third business process object created by instances of the second business process;
an association defined for the first business process between a first access control list (“
ACL”
) and the first business process object wherein the first ACL specifies a specific application and a type of access that the specific application has to the first business process object;
an association defined for the first business process between a second ACL and the second business process object, wherein the second ACL specifies the specific application and a type of access that the specific application has to the second business process object; and
an association defined for the second business process between a third ACL and the first business process object;
executing an instance of the first business process in the CMS;
creating, by the instance of the first business process, a first instance of the first business process object and an instance of the second business process object, the first instance of the first business process object and the instance of the second business process object configured to contain business process data of the instance of the first business process;
associating, by the instance of first business process, the first instance of the first business process object with the first ACL based on the association defined for the first business process between the first ACL and the first business process object;
associating, by the instance of first business process, the instance of the second business process object with the second ACL based on the association defined for the first business process between the second ACL and the second business process object;
executing an instance of the second business process;
creating, by the instance of the second business process, a second instance of the first business process object and an instance of the third business process object, the second instance of the first business process object and the instance of the third business process object configured to contain business process data of the instance of the second business process;
associating, by the instance of the second business process, the second instance of the first business process object with the third ACL based on the association defined for the second business process between the third ACL and the first business process object;
storing the first instance of the first business process object, the second instance of the first business process object, the instance of the second business process object and the instance of the third business process object in a CMS repository; and
using the CMS to control access to the first instance of the first business process object by the specific application in accordance with the first ACL, to control access to the second instance of the first business process object in accordance with the third ACL, and to control access to the instance of the second business process object by the specific application according to the second ACL.
2 Assignments
0 Petitions
Accused Products
Abstract
Controlling access to business process data is disclosed. An instance of a first business process object configured to contain business process data of a business process is created. An instance of a second business process object configured to contain business process data of the business process is created. A first access control list is associated with the instance of the first business process object and a second access control list is associated with the instance of the second business process object.
110 Citations
20 Claims
-
1. A method for controlling access to business process data, comprising:
-
configuring a content management system (“
CMS”
) to store;a first business process, the first business process comprising a definition of a first plurality of steps, the first plurality of steps comprising steps for editing instances of a first business process object and instances of a second business process object created by instances of the first business process; a second business process, the second business process including a definition of a second plurality of steps, the second plurality of steps comprising steps for editing instances of the first business process object and instances of a third business process object created by instances of the second business process; an association defined for the first business process between a first access control list (“
ACL”
) and the first business process object wherein the first ACL specifies a specific application and a type of access that the specific application has to the first business process object;an association defined for the first business process between a second ACL and the second business process object, wherein the second ACL specifies the specific application and a type of access that the specific application has to the second business process object; and an association defined for the second business process between a third ACL and the first business process object; executing an instance of the first business process in the CMS; creating, by the instance of the first business process, a first instance of the first business process object and an instance of the second business process object, the first instance of the first business process object and the instance of the second business process object configured to contain business process data of the instance of the first business process; associating, by the instance of first business process, the first instance of the first business process object with the first ACL based on the association defined for the first business process between the first ACL and the first business process object; associating, by the instance of first business process, the instance of the second business process object with the second ACL based on the association defined for the first business process between the second ACL and the second business process object; executing an instance of the second business process; creating, by the instance of the second business process, a second instance of the first business process object and an instance of the third business process object, the second instance of the first business process object and the instance of the third business process object configured to contain business process data of the instance of the second business process; associating, by the instance of the second business process, the second instance of the first business process object with the third ACL based on the association defined for the second business process between the third ACL and the first business process object; storing the first instance of the first business process object, the second instance of the first business process object, the instance of the second business process object and the instance of the third business process object in a CMS repository; and using the CMS to control access to the first instance of the first business process object by the specific application in accordance with the first ACL, to control access to the second instance of the first business process object in accordance with the third ACL, and to control access to the instance of the second business process object by the specific application according to the second ACL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for controlling access to business process data, comprising:
-
a processor; and a memory coupled to the processor and storing instructions that are executable by the processor to; configure a content management system (“
CMS”
) to store;a first business process, the first business process comprising a definition of a first plurality of steps, the first plurality of steps comprising steps for editing instances of a first business process object and instances of a second business process object created by instances of the first business process; a second business process, the second business process including a definition of a second plurality of steps, the second plurality of steps comprising steps for editing instances of the first business process object and instances of a third business process object created by instances of the second business process; an association defined for the first business process between a first access control list (“
ACL”
) and the first business process object, the first ACL specifying a specific application and a type access that the specific application has to the first business process object;an association defined for the first business process between a second ACL and the second business process object, the second ACL specifying the specific application and a type of access that the specific application has to the second business process object; and an association defined for the second business process between a third ACL and the first business process object; execute an instance of the first business process in the CMS; create, by the instance of the first business process, a first instance of the first business process object and an instance of the second business process object, the first instance of the first business process object and the instance of the second business process object configured to contain business process data of the instance of the first business process; associate, by the instance of first business process, the first instance of the first business process object with the first ACL based on the association defined for the first business process between the first ACL and the first business process object; associate, by the instance of first business process, the instance of the second business process object with the second ACL based on the association defined for the first business process between the second ACL and the second business process object; execute an instance of the second business process; create, by the instance of the second business process, a second instance of the first business process object and an instance of the third business process object that are configured to contain business process data of the instance of the second business process; associate, by the instance of the second business process, the second instance of the first business process object with the third ACL based on the association defined for the second business process between the third ACL and the first business process object; store the first instance of the first business process object, the second instance of the first business process object, the instance of the second business process object and the instance of the third business process object in a CMS repository; and use the CMS to control access to the first instance of the first business process object by the specific application in accordance with the first ACL, to control access to the second instance of the first business process object in accordance with the third ACL, and to control access to the instance of the second business process object by the specific application according to the second ACL. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product for controlling access to business process data, comprising:
-
a computer readable non-transitory medium storing instructions that are executable by a processor to; configure a content management system (“
CMS”
) to store;a first business process, the first business process comprising a definition of a first plurality of steps, the first plurality of steps comprising steps for editing instances of a first business process object and instances of a second business process object created by instances of the first business process; a second business process, the second business process including a definition of a second plurality of steps, the second plurality of steps comprising steps for editing instances of the first business process object and instances of a third business process object created by instances of the second business process; an association defined for the first business process between a first access control list (“
ACC) and the first business process object, the first ACL specifying a specific application and a type of access that the specific application has to the first business process object;an association defined for the first business process between a second ACL and the second business process object, the second ACL specifying the specific application and the type of access that the specific application has to the second business process object; and an association defined for the second business process between a third ACL and the first business process object; execute an instance of the first business process in the CMS; create, by the instance of the first business process, a first instance of the first business process object and an instance of the second business process object, the first instance of the first business process object and the instance of the second business process object configured to contain business process data of the instance of the first business process; associate, by the instance of first business process, the first instance of the first business process object with the first ACL based on the association defined for the first business process between the first ACL and the first business process object; associate, by the instance of first business process, the instance of the second business process object with the second ACL based on the association defined for the first business process between the second ACL and the second business process object; execute an instance of the second business process; create, by the instance of the second business process, a second instance of the first business process object and an instance of the third business process object that are configured to contain business process data of the instance of the second business process; associate, by the instance of the second business process, the second instance of the first business process object with the third ACL based on the association defined for the second business process between the third ACL and the first business process object; store the first instance of the first business process object, the second instance of the first business process object, the instance of the second business process object and the instance of the third business process object in a CMS repository; and use the CMS to control access to the first instance of the first business process object by the specific application in accordance with the first ACL, to control access to the second instance of the first business process object in accordance with the third ACL, and to control access to the instance of the second business process object by the specific application according to the second ACL. - View Dependent Claims (20)
-
Specification