Authorization model for administration
First Claim
1. A method for administering managed resources, comprising:
- defining a set of privileges for a managed resource; and
attaching an access control list to an object that represents the managed resource, wherein the access control list assigns at least one privilege from the set of privileges to an entity.
1 Assignment
0 Petitions
Accused Products
Abstract
An administration model is provided that uses access control lists to define permissions for users and groups of users. The model identifies a number of objects to be administered. Associated with each of these objects is a set of administrative operations that can be performed on the object. For each of these operations a permission in an access control list entry is defined. The protected resources are arranged in a hierarchical fashion and an access control list can be associated with any point in the hierarchy. The access control list provides fine-grained control over the protected resources. At the time an administrator requests to perform an operation, the administrator'"'"'s identification is used to look up the prevailing access control list to determine whether the operation is permitted.
127 Citations
35 Claims
-
1. A method for administering managed resources, comprising:
-
defining a set of privileges for a managed resource; and
attaching an access control list to an object that represents the managed resource, wherein the access control list assigns at least one privilege from the set of privileges to an entity. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for administering a plurality of managed resources including at least one first level resource and at least one second level resource, wherein each of the at least one second level resource is a subresource of a first level resource, comprising:
-
defining a first set of permissions for the at least one first level resource; and
attaching a first access control list to a first object that represents a first managed resource, wherein the first managed resource is a first level resource and the first access control list controls access to the first managed resource and at least one subresource of the first managed resource based on the first set of permissions. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for administering managed resources, comprising:
-
receiving a request from a user to perform an operation on a managed resource;
finding an access control list corresponding to the managed resource; and
determining whether the operation is permitted for the user based on the access control list. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. An apparatus for administering managed resources, comprising:
-
definition means for defining a set of privileges for a managed resource; and
attachment means for attaching an access control list to an object that represents the managed resource, wherein the access control list assigns at least one privilege from the set of privileges to an entity. - View Dependent Claims (18, 19, 20, 21)
-
-
22. An apparatus for administering a plurality of managed resources including at least one first level resource and at least one second level resource, wherein each of the at least one second level resource is a subresource of a first level resource, comprising:
-
definition means for defining a first set of permissions for the at least one first level resource; and
attachment means for attaching a first access control list to a first object that represents a first managed resource, wherein the first managed resource is a first level resource and the first access control list controls access to the first managed resource and at least one subresource of the first managed resource based on the first set of permissions. - View Dependent Claims (23, 24, 25, 26)
-
-
27. An apparatus for administering managed resources, comprising:
-
receipt means for receiving a request from a user to perform an operation on a managed resource;
search means for finding an access control list corresponding to the managed resource; and
determination means for determining whether the operation is permitted for the user based on the access control list. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A computer program product, in a computer readable medium, for administering managed resources, comprising:
-
instructions for defining a set of privileges for a managed resource; and
instructions for attaching an access control list to an object that represents the managed resource, wherein the access control list assigns at least one privilege from the set of privileges to an entity.
-
-
34. A computer program product, in a computer readable medium, for administering a plurality of managed resources including at least one first level resource and at least one second level resource, wherein each of the at least one second level resource is a subresource of a first level resource, comprising:
-
instructions for defining a first set of permissions for the at least one first level resource; and
instructions for attaching a first access control list to a first object that represents a first managed resource, wherein the first managed resource is a first level resource and the first access control list controls access to the first managed resource and at least one subresource of the first managed resource based on the first set of permissions.
-
-
35. A computer program product, in a computer readable medium, for administering managed resources, comprising:
-
instructions for receiving a request from a user to perform an operation on a managed resource;
instructions for finding an access control list corresponding to the managed resource; and
instructions for determining whether the operation is permitted for the user based on the access control list.
-
Specification