Systems and methods of access control enabling ownership of access control lists to users or groups
First Claim
1. A method of creating access control lists that can be used by a plurality of users, said method comprising:
- receiving, from a first user, information for an access control list;
receiving, from the first user, a set of privileges for the access control list that have been granted to a second user; and
permitting the second user to use the access control list based on the set of privileges that were granted by the first user.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention support a flexible access control design that includes flexible ownership and assignment of access control lists (ACLs). The ACLs can be assigned to one or more resources, or items, or types of resources or items. A creator or owner of an ACL can grant privileges to others such that they may modify or assign the ACL. Each ACL can have one or more owners, i.e., users that can exercise control over the ACL. Any owner of an ACL can designate certain privileges to other users. These other users may then use the ACL based on the privileges granted to them.
125 Citations
24 Claims
-
1. A method of creating access control lists that can be used by a plurality of users, said method comprising:
-
receiving, from a first user, information for an access control list;
receiving, from the first user, a set of privileges for the access control list that have been granted to a second user; and
permitting the second user to use the access control list based on the set of privileges that were granted by the first user. - View Dependent Claims (2, 3, 4)
-
-
5. A computer system for creating access control lists that can be used by a plurality of users, said apparatus comprising:
-
a memory having program instructions; and
a processor, responsive to the programming instructions, configured to;
receive, from a first user, information for an access control list;
receive, from the first user, a set of privileges for the access control list that have been granted to a second user; and
permit the second user to use the access control list based on the set of privileges that were granted by the first user.
-
-
6. A computer program product embodied on a computer usable medium, the computer program product for creating access control lists that can be used by a plurality of users, comprising:
-
means for receiving, from a first user, information for an access control list;
means for receiving, from the first user, a set of privileges for the access control list that have been granted to a second user; and
means for permitting the second user to use the access control list based on the set of privileges that were granted by the first user.
-
-
7. A computer-readable medium on which is stored instructions, which when executed performs steps in a method of creating access control lists that can be used by a plurality of users, the steps comprising:
-
receiving, from a first user, information for an access control list;
receiving, from the first user, a set of privileges for the access control list that have been granted to a second user, and permitting the second user to use the access control list based on the set of privileges that were granted by the first user.
-
-
8. A method of assigning an access control list to a protected resource, wherein said access control list has been created by a first user and at least one additional user is permitted use of the access control list, said method comprising:
-
receiving a request from the at least one additional user to assign the access control list to the protected resource;
determining a set of privileges that have been granted from the first user to the at least one additional user for the access control list; and
permitting the at least one additional user to assign the access control list to the protected resource based on the set of privileges. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system for assigning an access control list to a protected resource, wherein said access control list has been created by a first user and at least one additional user is permitted use or the access control list, said system comprising:
-
a memory having program instructions; and
a processor, responsive to the programming instructions, configured to;
receive a request from the at least one additional user to assign the access control list to the protected resource;
determine a set of privileges that have been granted from the first user to the at least one additional user for the access control list; and
permit the at least additional user to assign the access control list to the protected resource based on the set of privileges. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A computer program product embodied on a computer usable medium, the computer program product for assigning an access control list to a protected resource, wherein said access control list has been created by a first user and at least one additional user is permitted use of the access control list comprising:
-
means for receiving a request from the at least one additional user to assign the access control list to the protected resource;
means for determining a set of privileges that have been granted from the first user to the at least one additional user for the access control list; and
means for permitting the at least one additional user to assign the access control list to the protected resource based on the set of privileges.
-
-
24. A computer-readable medium on which is stored instructions, which when executed performs steps in a method of assigning an access control list to a protected resource, wherein said access control list has been created by a first user and at least one additional user is permitted use of the access control list, the steps comprising:
-
receiving a request from the at least one additional user to assign the access control list to the protected resource;
determining a set of privileges that have been granted from the first user to the at least one additional user for the access control list; and
permitting the at least one additional user to assign the access control list to the protected resource based on the set of privileges.
-
Specification