Method for role and resource policy management
First Claim
Patent Images
1. A method for adaptively managing entitlements, comprising the steps of:
- providing for the association of a role with a first resource; and
providing for the association of a policy with a second resource, wherein the policy is based at least partially on the role; and
providing for hierarchically relating the role and the policy; and
wherein the role is hierarchically equal or superior to the policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for adaptively managing entitlements, comprising the steps of providing for the association of a role with a first resource; and providing for the association of a policy with a second resource, wherein the policy is based at least partially on the role; and providing for hierarchically relating the role and the policy; and wherein the role is hierarchically equal or superior to the policy.
-
Citations
79 Claims
-
1. A method for adaptively managing entitlements, comprising the steps of:
-
providing for the association of a role with a first resource; and
providing for the association of a policy with a second resource, wherein the policy is based at least partially on the role; and
providing for hierarchically relating the role and the policy; and
wherein the role is hierarchically equal or superior to the policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for adaptively managing entitlements in an enterprise application, comprising the steps of:
-
providing for the association of a role with a first enterprise application resource;
providing for the association of a policy with a second enterprise application resource, wherein the policy is based at least partially on the role;
providing for mapping the role to a principal in order to specify whether or not the principal can access the second resource;
providing for hierarchically relating the role and the policy; and
wherein the role is hierarchically equal or superior to the policy. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method adapted for managing entitlements, comprising the steps of:
-
providing for the association of a first role with a first resource in a hierarchy of resources;
providing for the association of a first policy with a second resource in the hierarchy of resources, wherein the first policy is based at least partially on the first role; and
wherein the first role can supercede a second role associated with a parent of the first resource if the first role and the second role have the same identity; and
wherein the first policy can supercede a second policy associated with a parent of the second resource if the first policy and the second policy have the same identity. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method adapted for managing entitlements, comprising the steps of:
-
providing for the association of a role with a first resource in a hierarchy of resources;
providing for the association of a policy with a second resource in the hierarchy of resources, wherein the policy is based at least partially on the role; and
wherein the role blocks a less local role; and
wherein the policy blocks a less local policy. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method adapted for managing entitlements, comprising the steps of:
-
providing for the association of a role with a first resource in a hierarchy of resources;
providing for the association of a policy with a second resource in the hierarchy of resources, wherein the policy is based at least partially on the role; and
wherein the role blocks a less local role. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A computer data signal embodied in a transmission medium, comprising:
a code segment including instructions for;
associating a role with a first resource; and
associating a policy with a second resource, wherein the policy is based partially on the role; and
hierarchically relating the role and the policy; and
wherein the role is hierarchically equal or superior to the policy. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60)
-
61. A memory for storing data to be accessed by an application program being executed on a data processing system, comprising:
a data structure stored in the memory, the data structure including;
an object adapted for representing at least one resource and adapted to be connected to at least one other like object to represent a hierarchy of resources; and
wherein the object and the at least one other like object can be associated with at least one of (a) a security policy and (b) a role such that a hierarchy of security policies and roles is established. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69)
-
70. A machine readable medium having instructions stored thereon that when executed by a processor cause a system to:
-
provide for the association of a role with a first resource; and
provide for the association of a policy with a second resource, wherein the policy is based at least partially on the role; and
provide for hierarchically relating the role and the policy; and
wherein the role is hierarchically equal or superior to the policy. - View Dependent Claims (71, 72, 73, 74, 75, 76, 77, 78, 79)
-
Specification