System and method for incremental refresh of a compiled access control table in a content management system

US 20030200467A1
Filed: 04/23/2002
Published: 10/23/2003
Est. Priority Date: 04/23/2002
Status: Active Grant

First Claim

Patent Images

1. Method for authorizing access to an entity by a user, comprising:

binding an access control list to each said entity;

specifying for said user a set of user privileges;

intersecting said access control list and said set of user privileges in a compiled ACL table;

incrementally refreshing said compiled ACL table responsive to run time modification of said access control list or set of user privileges.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for authorizing access to an entity by a user, by binding an access control list to each entity; specifying for the user a set of user privileges; intersecting the access control list and set of user privileges in a compiled ACL table; incrementally refreshing the compiled ACL table responsive to run time modification of relevant tables containing the access control list and set of user privileges; and referencing the compiled access control list to authorize a user request to access an entity.

55 Citations

View as Search Results

25 Claims

1. Method for authorizing access to an entity by a user, comprising:
- binding an access control list to each said entity;
  
  specifying for said user a set of user privileges;
  
  intersecting said access control list and said set of user privileges in a compiled ACL table;
  
  incrementally refreshing said compiled ACL table responsive to run time modification of said access control list or set of user privileges.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. Method of claim 1, further comprising:
    - deriving said compiled ACL table from a set of relevant tables; and
      
      said incrementally refreshing being selectively executed to update said compiled ACL table responsive to run time modification said relevant tables.
  - 3. Method of claim 2, said relevant tables comprising:
    - an users table containing user identification indicia and corresponding user privilege set indicia for at least one said user;
      
      an user groups table containing group user indicia and for each group user indicia at least one corresponding user identification indicia;
      
      an access codes table containing ACL code indicia uniquely identifying each said access control list;
      
      an access lists table containing access specifications, each said specification comprising said user identification indicia, said privilege set indicia, and said ACL code indicia;
      
      a privilege sets codes table containing privilege sets code indicia;
      
      a privilege definitions table containing privilege definition indicia; and
      
      a privilege sets table containing privilege indicia, each said privilege indicia including corresponding said privilege sets code indicia and said privilege definition indica.
  - 4. The method of claim 2, further comprising maintaining as one of said set of relevant tables an access lists table of access specifications, said specification comprising a row including user identification indicia, privilege set indicia, and ACL code indicia;
    - responsive to insertion of a row to said access lists table, adding row entries to said compiled ACL table based on said ACL code indicia and said user identification indicia.
  - 5. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an access lists table of access specifications, each said specification comprising a row including user identification indicia, privilege set indicia, and ACL code indicia;
      
      responsive to updating of a row in said access lists table to change said ACL code indicia for a given user, removing and then adding entries in said compiled ACL table for said given user.
  - 6. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an access lists table of access specifications, said specification comprising a row including user identification indicia, privilege set indicia, and ACL code indicia;
      
      responsive to removal of a given row from said access lists table, removing entries from said compiled ACL table corresponding to said ACL code indicia and said user identification indicia of said given row.
  - 7. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an access codes table containing ACL code indicia uniquely identifying each said access control list;
      
      responsive to insertion of an ACL code indicia into said access codes table that impacts to a user who has super access capability, inserting a corresponding row to said compiled ACL table.
  - 8. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an access codes table containing ACL code indicia uniquely identifying each said access control list;
      
      responsive to deletion of a given ACL code indicia from said access codes table, removing entries from said compiled ACL table with said given ACL code indicia.
  - 9. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an user groups table containing group user indicia and for each group user indicia at least one corresponding user identification indicia;
      
      responsive to insertion of a group member row for a group used in any ACL rules to said users group table, adding a corresponding entry to said compiled ACL table based on said group user indicia and said user identification indicia.
  - 10. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an user groups table containing group user indicia and for each group user indicia at least one corresponding user identification indicia;
      
      responsive to deletion of a given row from said user groups table, removing entries from said compiled ACL table corresponding to said group user indicia and said user identification indicia for said given row.
  - 11. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an users table containing user identification indicia and corresponding user privilege set indicia for at least one said user;
      
      responsive to insertion of a row to said users table for a new individual user who has super access capability, adding a corresponding entry to said compiled ACL table.
  - 12. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an users table containing user identification indicia and corresponding user privilege set indicia for at least one said user;
      
      responsive to updating of a row in said users table for an individual user whose general privilege set has changed, removing and then adding corresponding entries in said compiled ACL table.
  - 13. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an users table containing user identification indicia and corresponding user privilege set indicia for at least one said user;
      
      responsive to deletion of a row for a given individual user from said users table, removing entries in said compiled ACL table corresponding to said given individual user.
  - 14. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables an users table containing user identification indicia and corresponding user privilege set indicia for at least one said user;
      
      removing from said compiled ACL table entries for groups removed from said users table.
  - 15. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables a privilege sets table containing privilege indicia, each said privilege indicia including corresponding said privilege sets code indicia and said privilege definition indica;
      
      responsive to insertion of a row to said privilege sets table, for a user who does not have super access capability and for privilege sets used in any ACL rules, adding entries to said compiled ACL table for an existing privilege set with a new inserted privilege set member privilege definition indicia; and
      
      for a user who has super access capability, removing and then adding corresponding entries to said compiled ACL table.
  - 16. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables a privilege sets table containing privilege indicia, each said privilege indicia including corresponding said privilege sets code indicia and said privilege definition indica. responsive to deletion of a given row from said privilege sets table, for a user without super access capability, removing from said compiled ACL table entries corresponding to said given row; and
      
      for a user for which super access capability has changed, removing and then adding entries corresponding to said given row.
  - 17. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables a privilege sets codes table containing privilege sets code indicia;
      
      responsive to deletion of a row from said privilege sets codes table, removing entries from said compiled ACL table for deleted privilege sets code indicia.
  - 18. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables a privilege definitions table containing privilege definition indicia;
      
      maintaining as one of said set of relevant tables a privilege set s table containing privilege indicia, each said privilege indicia including corresponding said privilege sets code indicia and said privilege definition indica;
      
      providing a system pre-defined all privilege set privilege indicia in said privilege sets table; and
      
      responsive to insertion into a row of said privilege sets table of newly defined privilege code indicia included in said all privilege set privilege indicia, adding a corresponding entry to said compiled ACL table.
  - 19. The method of claim 2, further comprising:
    - maintaining as one of said set of relevant tables a privilege definitions table containing privilege definition indicia;
      
      maintaining as one of said set of relevant tables a privilege sets table containing privilege indicia, each said privilege indicia including corresponding said privilege sets code indicia and said privilege definition indica;
      
      providing a system pre-defined all privilege set privilege indicia in said privilege sets table; and
      
      responsive to removal of given privilege sets code indicia from said all privilege set privilege indicia, deleting entries from said compiled ACL table corresponding to said given privilege sets code indicia.

20. System for authorizing access to an entity by a user, comprising:
- an access control list bound to said entity;
  
  a set of user privileges;
  
  a compiled access control list (ACL) table;
  
  a content manager for intersecting said access control list and said set of user privileges in said compiled ACL table, and for incrementally refreshing said compiled ACL table responsive to run time modification of said access control list or said set of user privileges.
- View Dependent Claims (21, 22)
- - 21. System of claim 20, further comprising:
    - a set of relevant tables referenced by said content manager for deriving said compiled ACL table; and
      
      said content manager incrementally refreshing said compiled ACL table responsive to run time modification of said relevant tables.
  - 22. System of claim 21, said relevant tables comprising:
    - an users table containing user identification indicia and corresponding user privilege set indicia for at least one said user;
      
      an user groups table containing group user indicia and for each group user indicia at least one corresponding user identification indicia;
      
      an access codes table containing ACL code indicia uniquely identifying each said access control list;
      
      an access lists table containing access specifications, each said specification comprising said user identification indicia, said privilege set indicia, and said ACL code indicia;
      
      a privilege sets codes table containing privilege sets code indicia;
      
      a privilege definitions table containing privilege definition indicia; and
      
      a privilege sets table containing privilege indicia, each said privilege indicia including corresponding said privilege sets code indicia and said privilege definition indica.

23. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access to an entity by a user, comprising:
- binding an access control list to each said entity;
  
  specifying for said user a set of user privileges;
  
  intersecting said access control list and said set of user privileges in a compiled ACL table;
  
  incrementally refreshing said compiled ACL table responsive to run time modification of said access control list or set of user privileges.
- View Dependent Claims (24, 25)
- - 24. The program storage device of claim 23, said method further comprising:
    - deriving said compiled ACL table from a set of relevant tables; and
      
      said incrementally refreshing being selectively executed to update said compiled ACL table responsive to run time modification said relevant tables.
  - 25. The program storage device of claim 24, said relevant tables comprising:
    - an users table containing user identification indicia and corresponding user privilege set indicia for at least one said user;
      
      an user groups table containing group user indicia and for each group user indicia at least one corresponding user identification indicia;
      
      an access codes table containing ACL code indicia uniquely identifying each said access control list;
      
      an access lists table containing access specifications, each said specification comprising said user identification indicia, said privilege set indicia, and said ACL code indicia;
      
      a privilege sets codes table containing privilege sets code indicia;
      
      a privilege definitions table containing privilege definition indicia; and
      
      a privilege sets table containing privilege indicia, each said privilege indicia including corresponding said privilege sets code indicia and said privilege definition indica.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Wang, Yuping, Yaung, Alan Tsu-I, Hu, Tawei, Choy, David Mun-Hien, Lin, Jy-Jine James

Granted Patent

US 7,284,265 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/6218 to a system of files or obj...

System and method for incremental refresh of a compiled access control table in a content management system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

System and method for incremental refresh of a compiled access control table in a content management system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others