Fine-grained authorization by authorization table associated with a resource
First Claim
1. A method for determining access rights to a resource managed by an application, the method comprising:
- receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;
locating, based on the request, the resource in a structure having groupings of resources;
reading an authorization table associated with a grouping having the resource in the groupings; and
determining whether to grant the access rights for performing the action on the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource. Further, the embodiment includes locating, based on the request, the resource in a structure having groupings of resources, wherein the groupings include a grouping having the resource. Typically the groupings comprise files having mappings of resources to assigned groups, and each group has an associated authorization table mapping roles or policies to users. Further still, the embodiment includes reading an authorization table associated with the grouping having the resource, and determining whether to grant the access rights for performing the action on the resource.
116 Citations
30 Claims
-
1. A method for determining access rights to a resource managed by an application, the method comprising:
-
receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;
locating, based on the request, the resource in a structure having groupings of resources;
reading an authorization table associated with a grouping having the resource in the groupings; and
determining whether to grant the access rights for performing the action on the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device for determining access rights to a resource managed by an application, the device comprising:
-
an input module for receiving a request from a user in order to perform an action on a resource;
a locator module for locating, based on the request, the resource in a structure having groupings of resources;
a reader module for reading an authorization table associated with a grouping having the resource in the groupings; and
a decision module for determining whether to grant the access rights for performing the action on the resource. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
21. A machine-accessible medium containing instructions, which when executed by a machine, cause the machine to perform operations for determining access rights to a resource managed by an application, comprising:
-
receiving a request by the application, wherein the request comprises an action to be performed on the resource;
a locator module for locating, based on the request, the resource in a structure having groupings of resources;
a reader module for reading an authorization table associated with a grouping having the resource in the groupings; and
determining whether to grant the access rights for performing the action on the resource.
-
Specification