Resource manager system and method for access control to physical resources in an application hosting environment

US 20030221012A1
Filed: 05/22/2003
Published: 11/27/2003
Est. Priority Date: 05/22/2002
Status: Abandoned Application

First Claim

Patent Images

1. A server system in a client-server environment having a data link to clients, at least one server application for processing accesses to physical resources (PR), a resource manager for controlling access to said physical resources, wherein said resource manager has access to a database which stores at least a set of physical resources (PRs), a list of users, a set of logical resources (LRs), a set of organization units (OUs), and a set of roles (ROs), and wherein access to said physical resources is granted by said resource manager when said physical resources are part of at least one set of mapped physical resources at the intersections between said set of logical resources of RO-OU pairs assigned to a specific user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A resource system and method for controlling access to physical resources in an application hosting environment is based on a five dimensional resource and security model which extends the existing three-dimensional security model by adding logical resource (LR) and organization unit (OU) dimensions. The logical resources are an abstraction of physical resources. Organization units (OU) represent a set of logical resources without access attributes, a set of physical resources and a function which maps logical to physical resources for defined organizational entities. The implementation separates the physical system dependent resources from the components and access control using the resources.

68 Citations

View as Search Results

15 Claims

1. A server system in a client-server environment having a data link to clients, at least one server application for processing accesses to physical resources (PR), a resource manager for controlling access to said physical resources, wherein said resource manager has access to a database which stores at least a set of physical resources (PRs), a list of users, a set of logical resources (LRs), a set of organization units (OUs), and a set of roles (ROs), and wherein access to said physical resources is granted by said resource manager when said physical resources are part of at least one set of mapped physical resources at the intersections between said set of logical resources of RO-OU pairs assigned to a specific user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A server as claimed in claim 1 wherein said logical resources are abstractions of physical resources.
  - 3. A server as claimed in claim 1 wherein said set of logical resources is organized in a tree-structure.
  - 4. A server as claimed in claim 1 wherein each of said organization units represents a set of logical resources, a set of physical resources, and a function for mapping logical to physical resources.
  - 5. A server as claimed in claim 1 wherein said set of organization units is organized in a tree-structure.
  - 6. A server as claimed in claim 1 wherein each of said roles is assigned a set of logical resources.
  - 7. A server as claimed in claim 6 wherein each logical resource assigned to a role is assigned access attributes.
  - 8. A server as claimed in claim 1, wherein each user in said user list is assigned at least one RO-OU pair.
  - 9. A server as claimed in claim 1 further comprising a set of administration roles, wherein each administration role defines a specific administration task being assigned to at least one administrator.
  - 10. A server as claimed in claim 9 wherein said resource manager includes an interface for administration of data in said database and an interface for processing user requests for accessing physical resources by using said data in said database.
  - 11. A server as claimed in claim 9 wherein said administration roles are unchangeable.

12. A method for accessing of physical resources in a server system having a data link to clients, at least one server application for processing accesses to physical resources, a resource manager for controlling access to said physical resources, wherein said resource manager has access to a database which stores at least a set of physical resources, a list of users, a set of logical resources, a set of organization units (OUs), and a set of roles, said method comprising the steps of:
- receiving a request from a client system containing at least one user identifier, an OU-identifier and at least one logical resource identifier by said resource manager;
  
  determining the roles assigned to said user identifier for said OU;
  
  forming the intersections between the logical resources of said OU and said roles;
  
  mapping the logical resources contained in said request to the assigned physical resources of said OU contained in said request if each requested access to said logical resources is contained in at least one intersection; and
  
  accessing said physical resource.
- View Dependent Claims (13, 14)
- - 13. A method according to claim 12, wherein said a set of physical resources, said list of users, said set of logical resources, said set of organization units (OUs), and a set of roles are stored in tables or files in the database.
  - 14. A method according claim 13, wherein said access to said physical resource can be accomplished either by the server application or by the resource manager.

15. A method for accessing physical resources by a server system having a data link to clients, at least one server application for processing accesses to physical resources, a resource manager for controlling access to physical resources, wherein said resource control manager has access to a database which stores at least a set of physical resources, a list of users, a set of logical resources, a set of organization units (OUs), and a set of roles, said method comprising the steps of:
- receiving a request from a client system containing at least one user identifier, an OU-identifier, at least one logical resource identifier, and at least one physical resource identifier by said resource manager;
  
  determining the roles assigned to said user identifier for said OU identifier;
  
  forming the intersections between the logical resources of said OU and said determined roles;
  
  mapping logical resourses within said intersections to assigned physical resources including access rights of said OU contained in said request; and
  
  accessing said physical resources if each requested access to said physical resources contained in said request is contained in at least one intersection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Herrmann, Christian, Hoff, Harry

Application Number

US10/443,279
Publication Number

US 20030221012A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 9/5011 the resources being hardwar...

Resource manager system and method for access control to physical resources in an application hosting environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

68 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Resource manager system and method for access control to physical resources in an application hosting environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links