Policy inheritance through nested groups
First Claim
1. A computer-implemented method for policy inheritance, comprising:
- defining a first group wherein the first group refers to at least one of;
a user and a group different from the first group;
defining a second group wherein the second group is nested within the first group;
defining a first policy wherein the first policy includes a resource, a subject and one of;
an action and a role, and wherein the subject includes the first group;
inheriting the first policy by the second group;
wherein the resource is part of a resource hierarchy; and
wherein the first policy can be used to control access to the resource.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented system and method for policy inheritance, comprising, defining a first group wherein the first group refers to at least one of: a user and a group different from the first group, defining a second group wherein the second group is nested within the first group, defining a first policy wherein the first policy includes a resource, a subject and one of, an action and a role, and wherein the subject includes the first group, inheriting the first policy by the second group, wherein the resource is part of a resource hierarchy, and wherein the first policy can be used to control access to the resource.
-
Citations
27 Claims
-
1. A computer-implemented method for policy inheritance, comprising:
-
defining a first group wherein the first group refers to at least one of;
a user and a group different from the first group;
defining a second group wherein the second group is nested within the first group;
defining a first policy wherein the first policy includes a resource, a subject and one of;
an action and a role, and wherein the subject includes the first group;
inheriting the first policy by the second group;
wherein the resource is part of a resource hierarchy; and
wherein the first policy can be used to control access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method for policy inheritance, comprising:
-
defining a first group wherein the first group refers to at least one of;
a user and a group different from the first group;
defining a second group wherein the second group is nested within the first group;
defining a first policy wherein the first policy includes a resource, a subject and one of;
an action and a role, and wherein the subject includes the first group;
inheriting the first policy by the second group;
wherein the resource is part of a resource hierarchy;
wherein the first policy can be used to control access to the resource; and
wherein the resource hierarchy represents an application. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A machine readable medium having instructions stored thereon to cause a system to:
-
define a first group wherein the first group refers to at least one of;
a user and a group different from the first group;
define a second group wherein the second group is nested within the first group;
define a first policy wherein the first policy includes a resource, a subject and one of;
an action and a role, and wherein the subject includes the first group;
inherit the first policy by the second group;
wherein the resource is part of a resource hierarchy; and
wherein the first policy can be used to control access to the resource. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer signal embodied in a transmission medium, comprising:
-
a code segment including instructions for defining a first group wherein the first group refers to at least one of;
a user and a group different from the first group;
a code segment including instructions for defining a second group wherein the second group is nested within the first group;
a code segment including instructions for defining a first policy wherein the first policy includes a resource, a subject and one of;
an action and a role, and wherein the subject includes the first group;
a code segment including instructions for inheriting the first policy by the second group;
wherein the resource is part of a resource hierarchy; and
wherein the first policy can be used to control access to the resource.
-
Specification