Resource management with roles

US 20050138411A1
Filed: 02/07/2005
Published: 06/23/2005
Est. Priority Date: 02/14/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access to a resource in a distributed computing environment, comprising:

receiving a request for a principal to access the resource;

determining a role that is appropriate for the principal given the resource;

determining whether access to the resource is allowed given the role;

wherein the role is associated with a first resource in a hierarchy of resources; and

wherein the role can supersede a second role associated with a parent of the resource in the hierarchy of resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and media for controlling access to a resource in a distributed computing environment, comprising: receiving a request to access the resource for a principal; determining a role that is appropriate for the principal given the resource; determining whether access to the resource is allowed given the role.

122 Citations

View as Search Results

17 Claims

1. A method for controlling access to a resource in a distributed computing environment, comprising:
- receiving a request for a principal to access the resource;
  
  determining a role that is appropriate for the principal given the resource;
  
  determining whether access to the resource is allowed given the role;
  
  wherein the role is associated with a first resource in a hierarchy of resources; and
  
  wherein the role can supersede a second role associated with a parent of the resource in the hierarchy of resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein:
    - a role includes one or more expressions.
  - 3. The method of claim 1 wherein the step of determining whether to allow access to the resource includes:
    - evaluating the role.
  - 4. The method of claim 1 wherein:
    - a resource is part of an enterprise application.
  - 5. The method of claim 1 wherein:
    - a resource can inherit a role.
  - 6. The method of claim 1 wherein:
    - the role evaluates to true or false for the principal.
  - 7. The method of claim 1 wherein:
    - a role includes one or more predicates.
  - 8. The method of claim 1, further comprising:
    - responding to the request.

9. A machine readable medium having instructions stored thereon to cause a system to:
- receive a request for a principal to access a resource;
  
  determine a role that is appropriate for the principal given the resource;
  
  determine whether access to the resource is allowed given the role;
  
  wherein the role is associated with a first resource in a hierarchy of resources; and
  
  wherein the role can supersede a second role associated with a parent of the resource in the hierarchy of resources.

10. A system for controlling access to a resource in a distributed computing environment, comprising:
- a security framework capable of receiving a request for a principal to access the resource;
  
  a first component coupled to the security framework and capable of determining a role that is appropriate for the principal given the resource;
  
  a second component coupled to the security framework and capable of determining whether access to the resource is allowed given the role;
  
  wherein the role is associated with a first resource in a hierarchy of resources; and
  
  wherein the role can supersede a second role associated with a parent of the resource in the hierarchy of resources.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10 wherein:
    - a role includes one or more expressions.
  - 12. The system of claim 10 wherein:
    - determining whether to allow access to the resource includes evaluating the role.
  - 13. The system of claim 10 wherein:
    - a resource is part of an enterprise application.
  - 14. The system of claim 10 wherein:
    - a resource can inherit a role.
  - 15. The system of claim 10 wherein:
    - the role evaluates to true or false for the principal.
  - 16. The system of claim 10 wherein:
    - a role includes one or more predicates.
  - 17. The system of claim 10 wherein:
    - the security framework is capable of responding to the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Griffin, Philip B., McCauley, Rod, Toussaint, Alex, Devgan, Manish

Application Number

US11/052,148
Publication Number

US 20050138411A1
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 9/50 Allocation of resources, e....

Y10S 707/99939 Privileged access

Resource management with roles

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

122 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Resource management with roles

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links