Device and method for controlling access to resources

US 20010056494A1
Filed: 03/09/2001
Published: 12/27/2001
Est. Priority Date: 12/21/1999
Status: Abandoned Application

First Claim

Patent Images

1. Method for controlling access by a requester (7) to resources (2d) in a computer system (1) in which the requester is assigned one or more roles based on an access control list that defines the conditions for obtaining a right to a resource, characterized in that it consists of restricting the resources accessible for a given role to only part of the resources, by means of a validity domain of the role.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method for controlling access by a requestor (7) to resources (2d) in a computer system (1), consisting of defining roles that overlay one or more privileges and representing the requestor'"'"'s authorization to perform specific tasks, of storing the defined roles in storage means (10, 12), and of storing an access control list that defines the conditions for obtaining a right to a resource type, i.e., a configured permission, in terms of privileges in said means (10, 12).

The present invention also relates to the device for implementing said method.

66 Citations

View as Search Results

10 Claims

1. Method for controlling access by a requester (7) to resources (2d) in a computer system (1) in which the requester is assigned one or more roles based on an access control list that defines the conditions for obtaining a right to a resource, characterized in that it consists of restricting the resources accessible for a given role to only part of the resources, by means of a validity domain of the role.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 9, 10)
- - 2. Method according to claim 1, characterized in that it stores an additional piece of information relative to the need to consult the validity domain of the role in the access control list.
  - 3. Method according to claim 2, characterized in that it consults the additional information relative to the need to consult the validity domain of the role and verifies that the resource in question belongs to the validity domain only if said information requires it.
  - 4. Method according to claim 2, characterized in that it performs an access check on two levels:
    - a first level on the type of the resource (2d);
      
      a second level on the identifier of the resource (2d).
  - 5. Method according to claim 4, characterized in that it performs a first-level check verifying the existence of at least one entry of the access control list that satisfies the conditions for obtaining the requested right, and if the entry exists, the existence of a validity domain for said entry.
  - 6. Method according to claim 5, characterized in that it performs a second-level check verifying, if the requested permission contains a resource identifier, the existence of at least one configured permission corresponding to the requested permission, and the value of the additional information relative to the need to consult the validity domain.
  - 7. Method according to any of claims 1 through 5, characterized in that it consists of grouping rights or resources into generic groups represented by special characters or keywords or other symbols.
  - 9. Device for implementing the method according to any of claims 1 through 6.
  - 10. Software module for implementing the method according to any of claims 1 through 6.

8. Device for controlling access by a requester to resources (2d) in a computer system (1), characterized in that it comprises a management machine (2a) comprising an access control service, the RAC (6), and means for storing (10) roles, access control lists and validity domains

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Evidian SA (Atos SE)
Original Assignee
Bull Sas (Atos SE)
Inventors
Trabelsi, Hatem

Application Number

US09/740,800
Publication Number

US 20010056494A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 9/468 Specific access rights for ...

Device and method for controlling access to resources

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Device and method for controlling access to resources

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links