System and method for configurable binding of access control lists in a content management system

US 20030200443A1
Filed: 04/23/2002
Published: 10/23/2003
Est. Priority Date: 04/23/2002
Status: Active Grant

First Claim

Patent Images

1. Method for authorizing access to a controlled entity by a user, comprising:

binding an access control list (ACL) to said controlled entity selectively at item type, item, mixed, or library level; and

responsive to said binding level, performing ACL checking for authorizing access to said controlled entity by said user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authorizing access to a controlled entity by a user. A set of user privileges is provided for user; and a content manager intersects an access control list (ACL) and the set of user privileges to authorize access. Binding level control indicia selectively binds an access control list (ACL) to the controlled entity at item type, item, mixed, or library binding level. An item type comprises one or more component items with each component item having one or more item views which together form an item type view. A content manager is responsive to the binding level to perform ACL checking for authorizing access to the controlled entity by the user.

Citations

19 Claims

1. Method for authorizing access to a controlled entity by a user, comprising:
- binding an access control list (ACL) to said controlled entity selectively at item type, item, mixed, or library level; and
  
  responsive to said binding level, performing ACL checking for authorizing access to said controlled entity by said user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, said item type comprising one or more component items with each component item having one or more item views which together form an item type view.
  - 3. The method of claim 2, further comprising:
    - specifying for said user a set of user privileges; and
      
      intersecting said ACL and said set of user privileges to authorize said access.
  - 4. The method of claim 2, further comprising responsive to said item type level:
    - checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view;
      
      for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted;
      
      for a get item request, enabling access to said items corresponding to said item type view for which said access is granted.
  - 5. The method of claim 2, further comprising responsive to said item level:
    - for a get item type request, returning all said item types and item type views; and
      
      for a get item request, checking said ACL for said item for selectively granting access to said item.
  - 6. The method of claim 2, further comprising:
    - configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; and
      
      responsive to said mixed level, for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view;
      
      for a get item type request, returning said item type and said item type view for an item type view granted said access;
      
      for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and
      
      for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
      
      for a get item request, executing said ACL check for each said item in said item type.
  - 7. The method of claim 2, further comprising:
    - providing a library level ACL, and responsive to said library level, for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and
      
      for a get item request, checking said library level ACL to selectively grant access to said item.
  - 8. The method of claim 3, further comprising:
    - providing a library level ACL;
      
      configuring ACL binding control level individually for each said item type selectively to item control level or item type control level;
      
      responsive to said item type level;
      
      checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view;
      
      for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; and
      
      for a get item request, enabling access to said items corresponding to said item type view for which said access is granted;
      
      responsive to said item level;
      
      for a get item type request, returning all said item types and item type views; and
      
      for a get item request, checking said ACL for said item for selectively granting access to said item;
      
      responsive to said mixed level, for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view;
      
      for a get item type request, returning said item type and said item type view for an item type view granted said access; and
      
      for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and
      
      for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
      
      for a get item request, executing said ACL check for each said item in said item type; and
      
      responsive to said library level, for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and
      
      for a get item request, checking said library level ACL to selectively grant access to said item.

9. System for authorizing access to a controlled entity by a user, comprising:
- binding level control indicia selectively binding an access control list (ACL) to said controlled entity at item type, item, mixed, or library binding level; and
  
  a content manager responsive to said binding level for performing ACL checking for authorizing access to said controlled entity by said user.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, said item type comprising one or more component items with each component item having one or more item views which together form an item type view.
  - 11. The system of claim 10, further comprising:
    - a set of user privileges for said user; and
      
      said content manager intersecting said ACL and said set of user privileges to authorize said access.
  - 12. The system of claim 10, further comprising:
    - said content manager responsive to said item type level, checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view;
      
      for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; and
      
      for a get item request, enabling access to said items corresponding to said item type view for which said access is granted.
  - 13. The system of claim 10, further comprising said content manager responsive to said item level:
    - for a get item type request, returning all said item types and item type views; and
      
      for a get item request, checking said ACL for said item for selectively granting access to said item.
  - 14. The system of claim 10, further comprising:
    - said binding level control indicia configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; and
      
      said content manager responsive to said mixed level;
      
      for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view;
      
      for a get item type request, returning said item type and said item type view for an item type view granted said access;
      
      for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and
      
      for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
      
      for a get item request, executing said ACL check for each said item in said item type.
  - 15. The system of claim 10, further comprising:
    - a library level ACL, and said content manager responsive to said library level, for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and
      
      for a get item request, checking said library level ACL to selectively grant access to said item.

16. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access to a controlled entity by a user, according to a method comprising:
- binding an access control list (ACL) to said controlled entity selectively at item type, item, mixed, or library level; and
  
  responsive to said binding level, performing ACL checking for authorizing access to said controlled entity by said user.
- View Dependent Claims (17, 18, 19)
- - 17. The program storage device of claim 16, said item type comprising one or more component items with each component item having one or more item views which together form an item type view.
  - 18. The program storage device of claim 17, said method further comprising:
    - specifying for said user a set of user privileges; and
      
      intersecting said ACL and said set of user privileges to authorize said access.
  - 19. The program storage device of claim 18, said method further comprising:
    - providing a library level ACL;
      
      configuring ACL binding control level individually for each said item type selectively to item control level or item type control level;
      
      responsive to said item type level;
      
      checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view;
      
      for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; and
      
      for a get item request, enabling access to said items corresponding to said item type view for which said access is granted;
      
      responsive to said item level;
      
      for a get item type request, returning all said item types and item type views; and
      
      for a get item request, checking said ACL for said item for selectively granting access to said item;
      
      responsive to said mixed level, for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view;
      
      for a get item type request, returning said item type and said item type view for an item type view granted said access; and
      
      for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and
      
      for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
      
      for a get item request, executing said ACL check for each said item in said item type; and
      
      responsive to said library level, for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and
      
      for a get item request, checking said library level ACL to selectively grant access to said item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wang, Yuping, Yaung, Alan Tsu-I, Liang, Lily, Hu, Tawei, Chen, An Feng-I, Perry, Edward Joseph, Zhang, Howard Hao, James Lin, Jy-Jine

Granted Patent

US 7,272,550 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Y10S 707/99942 Manipulating data structure...

System and method for configurable binding of access control lists in a content management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for configurable binding of access control lists in a content management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links