Method and apparatus for providing permission information in a security authorization mechanism
First Claim
1. An apparatus for use in a computer system including a plurality of users and a plurality of software products, each for performing at least one action with respect to an object, the apparatus comprising:
- a group service having a store of groups, each group including at least one of the plurality of users; and
an authorization service that determines permission for a user to perform an action with respect to an object based on a set of permission information representing permissible actions to be performed with respect to at least one object by at least one group or user;
wherein the authorization service is arranged to receive information from a plurality of software products that each specify an object or object type and actions that are performable with respect to the object or object type by the respective software product, and wherein authorization to perform an action with respect to an object is assignable to at least one group.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing an extensible grouping mechanism for security applications for use in a computer system. Groups may be established and maintained by non-system administrators and used to control actions that are taken with respect to objects, such as files and other resources. The groups and associated security functions may be implemented across a plurality of different software products and optionally integrated into an existing security mechanism maintained by system administrators. Software products used in the system may be arranged to request authorization to perform requested actions with respect to objects access to which is not controlled by a systems administrator, and/or provide information specifying an object or object type and actions that are performable with respect to the object or object type by the respective software product.
-
Citations
20 Claims
-
1. An apparatus for use in a computer system including a plurality of users and a plurality of software products, each for performing at least one action with respect to an object, the apparatus comprising:
-
a group service having a store of groups, each group including at least one of the plurality of users; and
an authorization service that determines permission for a user to perform an action with respect to an object based on a set of permission information representing permissible actions to be performed with respect to at least one object by at least one group or user;
wherein the authorization service is arranged to receive information from a plurality of software products that each specify an object or object type and actions that are performable with respect to the object or object type by the respective software product, and wherein authorization to perform an action with respect to an object is assignable to at least one group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable medium including instructions that constitute a software product for use in a computer system including a plurality of users, a group service having a store of groups, each group including at least one of the plurality of users, and an authorization service that determines permission for at least one user to perform an action with respect to an object based on permission information, the permission information indicating at least one action that may be performed with respect to an object by at least one group or user, the instructions, when executed, causing the computer system to perform a method comprising:
-
providing information to the authorization service regarding at least one object or object type and respective one or more actions that are performable by the software product with respect to each of the at least one object or object type; and
performing at least one action with respect to at least one object or object type. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for operating a computer system, the computer system including a plurality of users, the method comprising:
-
providing a group service having a store of groups, each group including at least one of the plurality of users;
providing an authorization service that determines permission for a user to perform an action with respect to an object based on permission information representing permissible actions to be performed with respect to at least one object or object type by at least one group or user;
providing one or more software products adapted to perform at least one action with respect to at least one object or object type; and
sending information, from at least one of the software products to the authorization service, specifying an object or object type and actions that are performable with respect to the object or object type by the respective software product. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification