File access control in a multi-protocol file server

US 20020019936A1
Filed: 08/10/2001
Published: 02/14/2002
Est. Priority Date: 03/03/1998
Status: Abandoned Application

First Claim

Patent Images

1. A method of operating a file server, said method including steps for identifying a first file on said file server with a first security style selected from among a plurality of security styles;

and enforcing said first security style for all accesses to said first file.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method and system for enforcing file access control among client devices using multiple diverse access control models and multiple diverse file server protocols. A multi-protocol file server identifies each file with one particular access control model out of a plurality of possible models, and enforces that one particular model for all accesses to that file. When the file server receives a file server request for that file using a different access control model, the file server translates the access control limits for that file into no-less-restrictive limits in the different model. The file server restricts access by the client device using the translated access control limits. Each file is assigned the access control model of the user who created the file or who last set access control limits for the file. When a user having a different access control model sets access control limits, the access control model for the file is changed to the new model. Files are organized in a tree hierarchy, in which each tree is limited to one or more access control models (which can limit the ability of users to set access control limits for files in that tree). Each tree can be limited to NT-model-only format, Unix-model-only format, or mixed NT-or-Unix-models format.

85 Citations

View as Search Results

30 Claims

1. A method of operating a file server, said method including steps for identifying a first file on said file server with a first security style selected from among a plurality of security styles;
- and enforcing said first security style for all accesses to said first file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 29, 30)
- - 2. A method as in claim 1, wherein said plurality of security styles includes a Windows NT security style.
  - 3. A method as in claim 1, wherein said plurality of security styles includes a Unix security style.
  - 4. A method as in claim 1, including steps for associating said first file with a subset of files in a file system;
    - and limiting said subset of files to a security subset of said plurality of security styles;
      
      wherein attempts to set permissions in said file system tree are restricted to said security subset.
  - 5. A method as in claim 4, wherein said security subset includes a Windows NT security style.
  - 6. A method as in claim 4, wherein said security subset includes a Unix security style.
  - 7. A method as in claim 1, including steps for identifying said first file with a second security style in response to a file server request.
  - 8. A method as in claim 7, including steps for associating said second security style with a file server request for setting permissions for said first file when said file server request is successful.
  - 9. A method as in claim 7, wherein said steps for identifying include steps for translating a first set of permissions associated with said first file in said first security style to a second set of permissions in said second security style, wherein said second set of permissions is no less restrictive than said first set of permissions.
  - 10. A method as in claim 1, wherein said steps for enforcing include steps for recognizing a first set of permissions associated with said first file in said first security style;
    - defining a first user type associated with said first security style;
      
      translating a user from a second user type associated with a second security style into said first user type; and
      
      enforcing a file server request from said second user type using said first user type and said first set of permissions.
  - 11. A method as in claim 10, wherein said steps for translating are performed with regard to access control limits applicable to said first file at a time of said steps for enforcing.
  - 12. A method as in claim 10, wherein said steps for translating are performed with regard to access control limits applicable to said first file at a time said access control limits are set.
  - 13. A method as in claim 1, wherein said steps for enforcing include steps for translating a first set of permissions associated with said first file in said first security style to a second set of permissions in a second security style, wherein said second set of permissions is no less restrictive than said first set of permissions;
    - and enforcing a file server request in said second security style using said second set of permissions.
  - 14. A method as in claim 13, wherein said steps for translating are performed with regard to access control limits applicable to said first file at a time of said steps for enforcing.
  - 15. A method as in claim 13, wherein said steps for translating are performed with regard to access control limits applicable to said first file at a time said access control limits are set.
  - 17. A file server as in claim 16, wherein said plurality of security styles includes a Windows NT security style.
  - 18. A file server as in claim 16, wherein said plurality of security styles includes a Unix security style.
  - 19. A file server as in claim 16, including a subtree of files in said file system associated with a security subset of said plurality of security styles;
    - wherein said file server restricts attempts to set permissions in said subtree to said security subset.
  - 20. A file server as in claim 19, wherein said security subset includes a Windows NT security style.
  - 21. A file server as in claim 19, wherein said security subset includes a Unix security style.
  - 22. A file server as in claim 16, wherein said file server is capable of altering the security style associated with said file in response to a file server request.
  - 23. A file server as in claim 22, wherein said file server is capable of altering the security style associated with said file in response to a file server request when said file server request is successful.
  - 24. A file server as in claim 22, wherein said file server is capable of translating a first set of permissions associated with said file in a first security style to a second set of permissions in a second security style, wherein said second set of permissions is no less restrictive than said first set of permissions.
  - 26. A data structure as in claim 25, wherein said plurality of security styles includes a Windows NT security style.
  - 27. A data structure as in claim 25, wherein said plurality of security styles includes a Unix security style.
  - 29. A data structure as in claim 28, wherein said security subset includes a Windows NT security style.
  - 30. A data structure as in claim 28, wherein said security subset includes a Unix security style.

16. A file server including a set of files available said file server, each said file having an associated security style selected from among a plurality of security styles available on said file server;
- wherein said file server enforces said associated security style for all accesses to said file.

25. In a file server having a plurality of files, a data structure associating a security style with each said file, said security style being selected from among a plurality of security styles available on said file server.

28. In a file server having a plurality of files and a security style associated with each said file, said security style being selected from among a plurality of security styles available on said file server, a data structure associating a security subset of said plurality of security styles with a subtree of said files available on said file server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Andrea Borr, David Hitz, Joan Pearson, Mark Muhlestein, Robert James Hawley
Original Assignee
Andrea Borr, David Hitz, Joan Pearson, Mark Muhlestein, Robert James Hawley
Inventors
Hawley, Robert James, Pearson, Joan, Hitz, David, Muhlestein, Mark, Borr, Andrea

Application Number

US09/927,409
Publication Number

US 20020019936A1
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

G06F 21/6236   between heterogeneous systems

G06F 2221/2141   Access rights, e.g. capabil...

File access control in a multi-protocol file server

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

File access control in a multi-protocol file server

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links