Managing user access to data
First Claim
1. A method of managing user access to data, the method comprising:
- detecting that a user seeks access to a data portion that belongs to a specified category;
evaluating one or more authorizations, each authorization having an authorization segment corresponding to the specified category; and
permitting the sought access to the data portion if at least one of the authorization segments corresponding to the specified category identifies the data portion to which access is sought.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of managing user access to data includes detecting that a user seeks access to a data portion that belongs to a specified category. One or more authorizations are evaluated, each authorization having an authorization segment corresponding to the specified category. The method includes permitting the sought access to the data portion if at least one of the authorization segments corresponding to the specified category identifies the data portion to which access is sought. The method may permit access to data that falls within a union of granted authorizations. An authorization segment may correspond to a data dimension or to a meta dimension, such as an authorized action or data source, that does not directly relate to a data dimension.
-
Citations
29 Claims
-
1. A method of managing user access to data, the method comprising:
-
detecting that a user seeks access to a data portion that belongs to a specified category;
evaluating one or more authorizations, each authorization having an authorization segment corresponding to the specified category; and
permitting the sought access to the data portion if at least one of the authorization segments corresponding to the specified category identifies the data portion to which access is sought. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product containing executable instructions that when executed cause a processor to perform operations comprising:
-
detect that a user seeks access to a data portion that belongs to a specified category;
evaluate one or more authorizations, each authorization having an authorization segment corresponding to the specified category; and
permit the sought access to the data portion if at least one of the authorization segments corresponding to the specified category identifies the data portion to which access is sought.
-
-
26. A method of managing user access to data, the method comprising:
-
detecting that a user seeks access to data that belongs to at least first and second specified categories;
evaluating one or more authorizations, each authorization having at least one authorization segment corresponding to one of the first and second specified categories; and
permitting the sought access to the data if the authorization segments in the one or more authorizations
1) correspond to the first and second specified categories and
2) identify the data to which access is sought. - View Dependent Claims (27, 28)
-
-
29. A computer program product containing executable instructions that when executed cause a processor to perform operations comprising:
-
detect that a user seeks access to data that belongs to at least first and second specified categories;
evaluate one or more authorizations, each authorization having at least one authorization segment corresponding to one of the first and second specified categories; and
permit the sought access to the data if the authorization segments in the one or more authorizations
1) correspond to the first and second specified categories and
2) identify the data to which access is sought.
-
Specification