Computer access authorization
First Claim
1. A method for controlling access to objects in an application program, the method comprising storing authorization information for a plurality of protected objects in a common table.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for controlling access to functionality in an application program according to one embodiment includes registering at least one permission set in a database. The permission set includes a plurality of privileged actions relating to a functional category of the application program. The method further includes receiving information granting a principal authorization to at least one of the privileged actions in the permission set, and performing the authorized privileged action in accordance with the received information when initiated by the principal.
49 Citations
22 Claims
- 1. A method for controlling access to objects in an application program, the method comprising storing authorization information for a plurality of protected objects in a common table.
-
4. A computer-readable medium having stored thereon a data structure, the data structure including a plurality of entries each comprising:
-
a first data field containing data identifying a protected object; and
a second data field containing data representing at least one action for which a principal has been authorized relative to the protected object identified in the first data field of such entry. - View Dependent Claims (5, 6, 7)
-
-
8. A method for controlling access to functionality in an application program, the method comprising:
-
registering at least one permission set within the application program, the permission set including a plurality of privileged actions relating to a functional category of the application program;
receiving information granting a principal authorization to at least one of the privileged actions in the permission set; and
performing said at least one of the privileged actions in accordance with the received information when initiated by the principal. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable medium having stored thereon a data structure, the data structure including a plurality of entries each comprising:
-
a first data field containing data identifying a permission set, said permission set defining a plurality of privileged actions relating to a functional category of an application program; and
a second data field containing data representing at least one of the privileged actions in the permission set identified in the first data field for which a principal has been authorized. - View Dependent Claims (17, 18, 19)
-
-
20. A computer readable medium having stored thereon a data structure, the data structure including a plurality of entries each comprising:
-
a first data field containing data identifying one of a protected object and a permission set which defines a plurality of privileged actions relating to a functional category of an application program;
a second data field containing data representing at least one privileged action for which a principal has been authorized relative to said one of the protected object and the permission set identified in the first data field of such entry. - View Dependent Claims (21)
-
-
22. A computerized method for providing at least one principal categorical privileges for executing actions within an application program, the method comprising:
-
receiving information authorizing the principal to perform at least one privileged action with respect to a predefined functional category of the application program, wherein performance of the privileged action requires access to objects;
storing the received authorization information; and
permitting access to the multiple objects in accordance with the stored authorization information when performance of the privileged action is initiated by the principal.
-
Specification