Fine-grained authorization by authorization table associated with a resource

US 20050132220A1
Filed: 12/10/2003
Published: 06/16/2005
Est. Priority Date: 12/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method for determining access rights to a resource managed by an application, the method comprising:

receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;

locating, based on the request, the resource in a structure having groupings of resources;

reading an authorization table associated with a grouping having the resource in the groupings; and

determining whether to grant the access rights for performing the action on the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource. Further, the embodiment includes locating, based on the request, the resource in a structure having groupings of resources, wherein the groupings include a grouping having the resource. Typically the groupings comprise files having mappings of resources to assigned groups, and each group has an associated authorization table mapping roles or policies to users. Further still, the embodiment includes reading an authorization table associated with the grouping having the resource, and determining whether to grant the access rights for performing the action on the resource.

116 Citations

View as Search Results

30 Claims

1. A method for determining access rights to a resource managed by an application, the method comprising:
- receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;
  
  locating, based on the request, the resource in a structure having groupings of resources;
  
  reading an authorization table associated with a grouping having the resource in the groupings; and
  
  determining whether to grant the access rights for performing the action on the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising prompting the user for security information to access the application.
  - 3. The method of claim 1, further comprising prompting the user for the request before the receiving a request.
  - 4. The method of claim 1, further comprising, prior to the receiving, arranging the groupings by similar authorization constraints for the resources, and associating each of the groupings with the authorization table tailored for each of the groupings.
  - 5. The method of claim 1, wherein the application comprises an application management server system.
  - 6. The method of claim 1, wherein the locating comprises searching the structure and finding within the structure the grouping having the resource.
  - 7. The method of claim 1, wherein the groupings and the attachment table comprise xml files.
  - 8. The method of claim 1, wherein the reading comprises reading a mapping of roles to users, wherein the roles comprise a collection of actions permitted by the user on the resource.
  - 9. The method of claim 8, wherein the action of the request is defined by one of the roles.
  - 10. The method of claim 1, wherein the determining whether to grant access rights for performing the action on the resource to a user comprises granting access if the authorization table associated with the grouping having the resource indicates the user has permission to perform the action.

11. A device for determining access rights to a resource managed by an application, the device comprising:
- an input module for receiving a request from a user in order to perform an action on a resource;
  
  a locator module for locating, based on the request, the resource in a structure having groupings of resources;
  
  a reader module for reading an authorization table associated with a grouping having the resource in the groupings; and
  
  a decision module for determining whether to grant the access rights for performing the action on the resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 12. The device of claim 11, further comprising a prompter for entering security information to access the application.
  - 13. The device of claim 11, further comprising a prompter for entering the request into the input module.
  - 14. The device of claim 11, further comprising an arrangement module for arranging the groupings of resources by similar authorization constraints, and an associator module for associating each of the groupings with the authorization table tailored for each of the groupings.
  - 15. The device of claim 11, wherein the application comprises an application management server system.
  - 16. The device of claim 11, wherein the locator module comprises a search module for searching the structure and a find module for finding in the structure the grouping having the resource.
  - 17. The device of claim 11, wherein the groupings and the attachment table comprise xml files.
  - 18. The device of claim 11, wherein the reader module comprises reading a mapping of roles to users, wherein the roles comprise a collection of actions permitted by the user on the resource.
  - 19. The device of claim 18, wherein the action of the request is defined by one of the roles.
  - 20. The device of claim 11, wherein the decision module for determining whether to grant access rights for performing the action on the resource to a user comprises granting access if the authorization table associated with the grouping having the resource indicates the user has permission to perform the action.
  - 22. The machine-accessible medium of claim 20, further comprising instructions to perform operations for prompting the user for security information to access the application.
  - 23. The machine-accessible medium of claim 20, further comprising instructions to perform operations for prompting a user for the request before the receiving a request.
  - 24. The machine-accessible medium of claim 20, further comprising, prior to the instructions to perform operations for receiving, instructions to perform operations for arranging the groupings by similar authorization constraints for the resources, and instructions to perform operations for associating each of the groupings with the authorization table tailored for each of the groupings.
  - 25. The machine-accessible medium of claim 20, wherein the application comprises an application management server system.
  - 26. The machine-accessible medium of claim 20, wherein the instructions for locating comprise instructions to perform operations for searching the structure and instructions to perform operations for finding within the structure the grouping having the resource.
  - 27. The machine-accessible medium of claim 20, wherein the groupings and the attachment table comprise xml files.
  - 28. The machine-accessible medium of claim 20, wherein instructions for reading comprise instructions for reading a mapping of roles to users, wherein the roles comprise a collection of actions permitted by the user on the resource.
  - 29. The machine-accessible medium of claim 28, wherein the action of the request is defined by one of the roles.
  - 30. The machine-accessible medium of claim 20, wherein the instructions for determining whether to grant access rights for performing the action on the resource to a user comprise instructions for granting access if the authorization table associated with the grouping having the resource indicates the user has permission to perform the action.

21. A machine-accessible medium containing instructions, which when executed by a machine, cause the machine to perform operations for determining access rights to a resource managed by an application, comprising:
- receiving a request by the application, wherein the request comprises an action to be performed on the resource;
  
  a locator module for locating, based on the request, the resource in a structure having groupings of resources;
  
  a reader module for reading an authorization table associated with a grouping having the resource in the groupings; and
  
  determining whether to grant the access rights for performing the action on the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Venkataramappa, Vishwanath, Chang, David Yu, Williamson, Leigh Allen

Granted Patent

US 7,546,640 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/101 Access control lists [ACL]

Fine-grained authorization by authorization table associated with a resource

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Fine-grained authorization by authorization table associated with a resource

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links