Techniques for supporting application-specific access controls with a separate server
First Claim
1. A method for supporting access controls on application-specific operations performed by an application, comprising the steps of:
- receiving, at a server distinct from the application, first data that describes a first set of privileges for performing a first plurality of application-specific operations;
receiving, at the server, second data that associates a first user of the application with a privilege in the first set of privileges;
in response to receiving, at the server from the application, a request that indicates a particular user and a particular application-specific operation, determining whether the particular user may have the application perform the particular application-specific operation based on the first data and the second data; and
sending to the application a response that indicates whether the particular user may have the application perform the particular application-specific operation.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for supporting access controls on application-specific operations performed by an application include receiving first data at a server distinct from the application. The first data describes a first set of privileges for performing a first set of application-specific operations. Second data is also received at the server. The second data associates a first user of the application with a privilege in the first set of privileges. In response to receiving a request at the server from the application, it is determined whether a particular user may have the application perform a particular application-specific operation based on the first data and the second data. The request indicates the particular user and the particular application-specific operation. A response is sent to the application. The response indicates whether the particular user may have the application perform the particular application-specific operation.
-
Citations
22 Claims
-
1. A method for supporting access controls on application-specific operations performed by an application, comprising the steps of:
-
receiving, at a server distinct from the application, first data that describes a first set of privileges for performing a first plurality of application-specific operations;
receiving, at the server, second data that associates a first user of the application with a privilege in the first set of privileges;
in response to receiving, at the server from the application, a request that indicates a particular user and a particular application-specific operation, determining whether the particular user may have the application perform the particular application-specific operation based on the first data and the second data; and
sending to the application a response that indicates whether the particular user may have the application perform the particular application-specific operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for supporting access controls on application-specific operations performed by an application, comprising the steps of:
-
sending, to a server distinct from the application, first data that describes a first set of privileges for performing a first plurality of application-specific operations;
sending to the server second data that associates a first user of the application with a privilege in the first set of privileges;
receiving at the application a command from a particular user, which command involves the application performing a particular application-specific operation;
sending to the server a request that indicates the particular user and the particular application-specific operation;
in response to the request, receiving from the server a response that indicates whether the particular user may have the application perform the particular application-specific operation based on the first data and the second data; and
performing the particular application-specific operation only if the response indicates the particular user may have the application perform the particular application-specific operation. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable medium carrying one or more sequences of instructions for supporting access controls on application-specific operations performed by an application, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
receiving, at a server distinct from the application, first data that describes a first hierarchy of privileges for performing a first plurality of application-specific operations;
receiving, at the server, second data that associates a first user of the application with a privilege in the first hierarchy of privileges;
in response to receiving, at the server from the application, a request that indicates a particular user and a particular application-specific operation, determining whether the particular user may have the application perform the particular application-specific operation based on the first data and the second data; and
sending to the application a response that indicates whether the particular user may have the application perform the particular application-specific operation.
-
-
22. A computer-readable medium carrying one or more sequences of instructions for supporting access controls on application-specific operations performed by an application, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
sending, to a server distinct from the application, first data that describes a first hierarchy of privileges for performing a first plurality of application-specific operations;
sending to the server second data that associates a first user of the application with a privilege in the first hierarchy of privileges;
receiving at the application a command from a particular user, which command involves the application performing a particular application-specific operation;
sending to the server a request that indicates the particular user and the particular application-specific operation;
in response to the request, receiving from the server a response that indicates whether the particular user may have the application perform the particular application-specific operation based on the first data and the second data; and
performing the particular application-specific operation only if the response indicates the particular user may have the application perform the particular application-specific operation.
-
Specification