Refined permission constraints using internal and external data extraction in a role-based access control system
First Claim
1. An RBAC method for a controlled computer system wherein permission constraints may be set on the access permissions of a role according to each and every type or combination of information including subject information, object information, and environment information before access to a requested object is granted.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention can enable increasing refinement of role-based permission to access data within a Role Based Access Control (RBAC) controlled computer system by enabling constraints to be written on the role-based permissions. The constraints may utilize each and every type or combination of subject, object, or environment information extracted from sources internal or external to the controlled computer system and may evaluate the content or context of the information extracted to enable refined and dynamic access after the role permission assignment and immediately before every access grant without the reassignment of roles.
83 Citations
26 Claims
- 1. An RBAC method for a controlled computer system wherein permission constraints may be set on the access permissions of a role according to each and every type or combination of information including subject information, object information, and environment information before access to a requested object is granted.
Specification