Resource manager system and method for access control to physical resources in an application hosting environment
First Claim
1. A server system in a client-server environment having a data link to clients, at least one server application for processing accesses to physical resources (PR), a resource manager for controlling access to said physical resources, wherein said resource manager has access to a database which stores at least a set of physical resources (PRs), a list of users, a set of logical resources (LRs), a set of organization units (OUs), and a set of roles (ROs), and wherein access to said physical resources is granted by said resource manager when said physical resources are part of at least one set of mapped physical resources at the intersections between said set of logical resources of RO-OU pairs assigned to a specific user.
1 Assignment
0 Petitions
Accused Products
Abstract
A resource system and method for controlling access to physical resources in an application hosting environment is based on a five dimensional resource and security model which extends the existing three-dimensional security model by adding logical resource (LR) and organization unit (OU) dimensions. The logical resources are an abstraction of physical resources. Organization units (OU) represent a set of logical resources without access attributes, a set of physical resources and a function which maps logical to physical resources for defined organizational entities. The implementation separates the physical system dependent resources from the components and access control using the resources.
68 Citations
15 Claims
- 1. A server system in a client-server environment having a data link to clients, at least one server application for processing accesses to physical resources (PR), a resource manager for controlling access to said physical resources, wherein said resource manager has access to a database which stores at least a set of physical resources (PRs), a list of users, a set of logical resources (LRs), a set of organization units (OUs), and a set of roles (ROs), and wherein access to said physical resources is granted by said resource manager when said physical resources are part of at least one set of mapped physical resources at the intersections between said set of logical resources of RO-OU pairs assigned to a specific user.
-
12. A method for accessing of physical resources in a server system having a data link to clients, at least one server application for processing accesses to physical resources, a resource manager for controlling access to said physical resources, wherein said resource manager has access to a database which stores at least a set of physical resources, a list of users, a set of logical resources, a set of organization units (OUs), and a set of roles, said method comprising the steps of:
-
receiving a request from a client system containing at least one user identifier, an OU-identifier and at least one logical resource identifier by said resource manager;
determining the roles assigned to said user identifier for said OU;
forming the intersections between the logical resources of said OU and said roles;
mapping the logical resources contained in said request to the assigned physical resources of said OU contained in said request if each requested access to said logical resources is contained in at least one intersection; and
accessing said physical resource. - View Dependent Claims (13, 14)
-
-
15. A method for accessing physical resources by a server system having a data link to clients, at least one server application for processing accesses to physical resources, a resource manager for controlling access to physical resources, wherein said resource control manager has access to a database which stores at least a set of physical resources, a list of users, a set of logical resources, a set of organization units (OUs), and a set of roles, said method comprising the steps of:
-
receiving a request from a client system containing at least one user identifier, an OU-identifier, at least one logical resource identifier, and at least one physical resource identifier by said resource manager;
determining the roles assigned to said user identifier for said OU identifier;
forming the intersections between the logical resources of said OU and said determined roles;
mapping logical resourses within said intersections to assigned physical resources including access rights of said OU contained in said request; and
accessing said physical resources if each requested access to said physical resources contained in said request is contained in at least one intersection.
-
Specification