Computer security system
First Claim
Patent Images
1. A security system for a computer system, comprising:
- a plurality of assets within the computer system;
a plurality of members registered to use the computer system;
a plurality of roles defining user rights, each member having at least one role;
a plurality of access control lists corresponding to the assets, each list defining at least one privilege for accessing the asset according to a member'"'"'s role; and
at least one domain, each domain having a subset of the assets and corresponding access control lists, and a subset of the members;
wherein access is allowed by a member to a requested asset within a domain when that member has a role corresponding to a privilege for that asset.
15 Assignments
0 Petitions
Accused Products
Abstract
A security system for a computer system provides one or more security domains. Access to assets registered to the security system is controlled by rights and privileges. Rights are derived from roles, and each user is assigned one or more roles. Privileges are attached to assets, and an appropriate combination of rights and privileges is required before a user is granted the specified type of access to the asset.
182 Citations
9 Claims
-
1. A security system for a computer system, comprising:
-
a plurality of assets within the computer system;
a plurality of members registered to use the computer system;
a plurality of roles defining user rights, each member having at least one role;
a plurality of access control lists corresponding to the assets, each list defining at least one privilege for accessing the asset according to a member'"'"'s role; and
at least one domain, each domain having a subset of the assets and corresponding access control lists, and a subset of the members;
wherein access is allowed by a member to a requested asset within a domain when that member has a role corresponding to a privilege for that asset. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for providing secure access to assets within a computer system, comprising the steps of:
-
when a user attempts to access an asset within a domain, determining a at least one role assigned to the user;
comparing rights corresponding to the role assigned to the user to a list of privileges corresponding to the asset;
if the attempted access is allowed for a role assigned to the user, allowing the user to access the asset. - View Dependent Claims (8, 9)
-
Specification