Computer access authorization

US 20040088563A1
Filed: 11/01/2002
Published: 05/06/2004
Est. Priority Date: 11/01/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access to objects in an application program, the method comprising storing authorization information for a plurality of protected objects in a common table.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling access to functionality in an application program according to one embodiment includes registering at least one permission set in a database. The permission set includes a plurality of privileged actions relating to a functional category of the application program. The method further includes receiving information granting a principal authorization to at least one of the privileged actions in the permission set, and performing the authorized privileged action in accordance with the received information when initiated by the principal.

49 Citations

View as Search Results

22 Claims

1. A method for controlling access to objects in an application program, the method comprising storing authorization information for a plurality of protected objects in a common table.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein storing includes storing, for each of the plurality of protected objects, information identifying one or more actions for which a principal is authorized relative to that protected object.
  - 3. The method of claim 2 wherein storing includes storing, for each of the plurality of protected objects, information identifying the principal to which authorization has been granted relative to that protected object.

4. A computer-readable medium having stored thereon a data structure, the data structure including a plurality of entries each comprising:
- a first data field containing data identifying a protected object; and
  
  a second data field containing data representing at least one action for which a principal has been authorized relative to the protected object identified in the first data field of such entry.
- View Dependent Claims (5, 6, 7)
- - 5. The computer-readable medium of claim 4, wherein each of the plurality of entries further comprises a third data field containing data identifying the principal authorized to perform the action represented in the second data field of such entry.
  - 6. The computer-readable medium of claim 4, wherein the plurality of entries include at least a first entry and a second entry, and wherein the protected object identified in the first data field of the first entry is different than the protected object identified in the first data field of the second entry.
  - 7. The computer-readable medium of claim 4, wherein the data structure is configured such that one more additional entries can be dynamically added to the data structure.

8. A method for controlling access to functionality in an application program, the method comprising:
- registering at least one permission set within the application program, the permission set including a plurality of privileged actions relating to a functional category of the application program;
  
  receiving information granting a principal authorization to at least one of the privileged actions in the permission set; and
  
  performing said at least one of the privileged actions in accordance with the received information when initiated by the principal.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8 further comprising storing the received information in a table.
  - 10. The method of claim 9 wherein the table includes a first data field for identifying the permission set, a second data field for identifying the principal, and a third data field for identifying said at least one of the privileged actions for which the principal is authorized.
  - 11. The method of claim 8 wherein performance of said at least one of the privileged actions requires access to a plurality of objects.
  - 12. The method of claim 8 wherein the permission set includes substantially all privileged actions supported by the application program.
  - 13. The method of claim 8 wherein the permission set includes substantially all privileged actions supported by a component of the application program.
  - 14. The method of claim 13 wherein said component is an add-in component.
  - 15. The method of claim 14 wherein the permission set includes substantially all privileged actions supported by a plurality of add-in components of the application program.

16. A computer-readable medium having stored thereon a data structure, the data structure including a plurality of entries each comprising:
- a first data field containing data identifying a permission set, said permission set defining a plurality of privileged actions relating to a functional category of an application program; and
  
  a second data field containing data representing at least one of the privileged actions in the permission set identified in the first data field for which a principal has been authorized.
- View Dependent Claims (17, 18, 19)
- - 17. The computer-readable medium of claim 16, wherein each of the plurality of entries further comprises a third data field containing data identifying the principal authorized to perform the privileged action represented in the second data field of such entry.
  - 18. The computer-readable medium of claim 16, wherein the plurality of entries include at least a first entry and a second entry, and wherein the permission set identified in the first data field of the first entry is different than the permission set identified in the first data field of the second entry.
  - 19. The computer-readable medium of claim 18, wherein the data structure is configured such that one more additional entries can be dynamically added to the data structure.

20. A computer readable medium having stored thereon a data structure, the data structure including a plurality of entries each comprising:
- a first data field containing data identifying one of a protected object and a permission set which defines a plurality of privileged actions relating to a functional category of an application program;
  
  a second data field containing data representing at least one privileged action for which a principal has been authorized relative to said one of the protected object and the permission set identified in the first data field of such entry.
- View Dependent Claims (21)
- - 21. The computer-readable medium of claim 20, wherein each of the plurality of entries further comprises a third data field containing data identifying the principal authorized to perform the privileged action represented in the second data field of such entry.

22. A computerized method for providing at least one principal categorical privileges for executing actions within an application program, the method comprising:
- receiving information authorizing the principal to perform at least one privileged action with respect to a predefined functional category of the application program, wherein performance of the privileged action requires access to objects;
  
  storing the received authorization information; and
  
  permitting access to the multiple objects in accordance with the stored authorization information when performance of the privileged action is initiated by the principal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Cox, David, Hogan, Dirk J.

Application Number

US10/286,720
Publication Number

US 20040088563A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/629   to features or functions of...

G06F 2221/2141   Access rights, e.g. capabil...

Computer access authorization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Computer access authorization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links