Inherited role-based access control system, method and program product
First Claim
1. An inherited role-based access control system, comprising:
- a role definition system for defining a set of permissible actions for a role type;
a role binding system for binding the role type to a node of a hierarchical tree of nodes, wherein the nodes represent computer-based resources, and wherein instances of the role type are inherited by hierarchical descendants of the node; and
a role blocking system for establishing a role type block for the role type, wherein the role type block limits inheritance of the instances of the role type.
1 Assignment
0 Petitions
Accused Products
Abstract
Under the present invention, role types are defined by association with certain permissible actions. Once defined in this manner, a role type can then be bound to “nodes” of a hierarchical tree that represent computer-based resources such as dynamic object spaces. Once bound to a node, instances of this role type are created that will be inherited by hierarchical descendants of that node unless a role type block (e.g., inheritance or propagation) has been established for the corresponding role type. The present invention also allows the computer-based resources to be defined as virtual or private. Virtual resources represent general protected concepts in the system instead of computer-based resources and are subject to be bound with roles, while private resources are not. That is, the private resources remain the “property” of the creating user or group.
-
Citations
26 Claims
-
1. An inherited role-based access control system, comprising:
-
a role definition system for defining a set of permissible actions for a role type;
a role binding system for binding the role type to a node of a hierarchical tree of nodes, wherein the nodes represent computer-based resources, and wherein instances of the role type are inherited by hierarchical descendants of the node; and
a role blocking system for establishing a role type block for the role type, wherein the role type block limits inheritance of the instances of the role type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An inherited role-based access control method, comprising:
-
providing a hierarchical tree of nodes, wherein the nodes represent computer-based resources;
binding a role type to a node of the hierarchical tree to create a role-based domain, wherein instances of the role type are inherited by hierarchical descendants of the node; and
establishing a role type block for the role type, wherein the role type block limits inheritance of the instances of the role type. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A program product stored on a recordable medium for inherited role-based access control, which when executed, comprises:
-
program code for defining a set of permissible actions for a role type;
program code for binding the role type to a node of a hierarchical tree of nodes, wherein the nodes represent computer-based resources, and wherein instances of the role type are inherited by hierarchical descendants of the node; and
program code for establishing a role type block for the role type, wherein the role type block limits inheritance of the instances of the role type. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for deploying an application for inherited role-based access control comprising:
a computer infrastructure being operable to;
define a set of permissible actions for a role type;
bind the role type to a node of a hierarchical tree of nodes, wherein the nodes represent computer-based resources, and wherein instances of the role type are inherited by hierarchical descendants of the node; and
establish a role type block for the role type, wherein the role type block limits inheritance of the instances of the role type.
-
26. Computer software embodied in a propagated signal for inherited role-based access control, the computer software comprising instructions to cause a computer system to perform the following functions:
-
define a set of permissible actions for a role type;
bind the role type to a node of a hierarchical tree of nodes, wherein the nodes represent computer-based resources, and wherein instances of the role type are inherited by hierarchical descendants of the node; and
establish a role type block for the role type, wherein the role type block limits inheritance of the instances of the role type.
-
Specification