Fine-grained authorization by traversing generational relationships
First Claim
1. A method for determining access rights to a resource managed by an application, the method comprising:
- receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;
locating, based on the request, the resource in a containment relationship graph and in a structure having groupings of resources;
traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource;
reading an authorization table associated with a grouping having the generational resource in the groupings; and
determining whether to grant the access rights for performing the action on the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource, and locating, based on the request, the resource in both a containment relationship graph and in a structure having groupings of resources, wherein the groupings comprise a grouping having the resource. Further, the embodiment includes traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource, and reading an authorization table associated with a grouping having the generational resource in the groupings. Further still, the embodiment includes determining whether to grant the access rights for performing the action on the resource.
55 Citations
30 Claims
-
1. A method for determining access rights to a resource managed by an application, the method comprising:
-
receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;
locating, based on the request, the resource in a containment relationship graph and in a structure having groupings of resources;
traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource;
reading an authorization table associated with a grouping having the generational resource in the groupings; and
determining whether to grant the access rights for performing the action on the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for determining access rights to a resource managed by an application, the system comprising:
-
an input module for receiving a request from a user for performing an action on a resource;
a locator module for locating the resource in a containment relationship graph and in a structure having groupings of resources;
a traversor module for traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource;
a reader module for reading the authorization table associated with the grouping having the generational resource; and
a decision module for determining whether to grant the access rights for performing the action on the resource. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
21. A machine-accessible medium containing instructions, which when executed by a machine, cause the machine to perform operations for determining access rights to a resource managed by an application, comprising:
-
receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;
locating, based on the request, the resource in a containment relationship graph and in a structure having groupings of resources;
traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource;
reading an authorization table associated with a grouping having the generational resource in the groupings; and
determining whether to grant the access rights for performing the action on the resource.
-
Specification