Organizational role-based controlled access management system
First Claim
1. An organizational role-based controlled access management method, comprising:
- a. creating a logon dialog field for end-users to input logon names and passwords in order to enter the system;
b. determining whether the end-user'"'"'s department and appropriate end-user'"'"'s access role and privileges (functions permission) have been established;
c. determining whether the end-user is a department manager or designated system analyst who may select to set up departments and/or roles, and if so;
(a) opening a manager'"'"'s dialog field to display department(s) under the user'"'"'s current management, and to display department(s) and associated rights tree(s);
(b) entering a role set up dialog field to display the roles and privileges available for the manager to distribute, and allow the manager to set up end-users'"'"' roles, and delimit the roles and rights the end-user can manage;
(c) entering a role assignment field to assign departments, roles, and privileges (functions permission) to end-users; and
(d) entering a systems set up dialog field to assign application systems to access roles;
d. determining whether the end-user is a department manager, and, if so, allowing the department manager to select to add or modify roles, privileges or functions to a new system or a new end-user, and, if a selection is made, then;
(a) entering a modify department dialog field, entering department name and code, and upper department it belongs to, and continue on modification;
(b) entering a modify role dialog field, which allows entering access role description and code, and continue on modification;
(c) entering a modify system dialog field, which allows entering system name, and continue on modification;
(d) entering a modify rights dialog field, which allows entering right description, and continue on modification;
(e) entering a modify function dialog field, which allows entering function description and code, and continue on modification;
e. determining whether the user is a normal end-user, and, if so, then;
(a) entering an entry dialog field which allows entering end-user'"'"'s logon and password; and
activating system functions and privileges associated with the user;
(b) entering an end-user'"'"'s dialog field which allows selecting a desired application systems;
(c) entering the selected application systems, whereby the end-user can use the system with granted role and privileges, and predetermined functions.
2 Assignments
0 Petitions
Accused Products
Abstract
An Organizational Role-based Access Controlled Management System capable of controlling role-based access within an organization allows system analysts or managers to build and control access roles for the various application systems within an organization. This system can also allow an end-user to choose the functions of the application systems and logon rights associated with the role. The system includes one or more personal computers and a server based on an event-driven mechanism. System analysts and end-users access synchronized data to manage the end-users'"'"' access roles. This system allows a system analyst to build and limit “set and set” relationships, as well as “member and set” relationships to pass information and manage organizational networks, roles, functions, privileges, etc. Different roles under various application systems can have different access rights and functions assigned. This system breaks away from the limitation of the conventional RBAC (Role Based Access Control) and allows system analysts to manage and adapt access roles according to the practical needs of different users and their complicated relationships to the organization and one another.
118 Citations
45 Claims
-
1. An organizational role-based controlled access management method, comprising:
-
a. creating a logon dialog field for end-users to input logon names and passwords in order to enter the system;
b. determining whether the end-user'"'"'s department and appropriate end-user'"'"'s access role and privileges (functions permission) have been established;
c. determining whether the end-user is a department manager or designated system analyst who may select to set up departments and/or roles, and if so;
(a) opening a manager'"'"'s dialog field to display department(s) under the user'"'"'s current management, and to display department(s) and associated rights tree(s);
(b) entering a role set up dialog field to display the roles and privileges available for the manager to distribute, and allow the manager to set up end-users'"'"' roles, and delimit the roles and rights the end-user can manage;
(c) entering a role assignment field to assign departments, roles, and privileges (functions permission) to end-users; and
(d) entering a systems set up dialog field to assign application systems to access roles;
d. determining whether the end-user is a department manager, and, if so, allowing the department manager to select to add or modify roles, privileges or functions to a new system or a new end-user, and, if a selection is made, then;
(a) entering a modify department dialog field, entering department name and code, and upper department it belongs to, and continue on modification;
(b) entering a modify role dialog field, which allows entering access role description and code, and continue on modification;
(c) entering a modify system dialog field, which allows entering system name, and continue on modification;
(d) entering a modify rights dialog field, which allows entering right description, and continue on modification;
(e) entering a modify function dialog field, which allows entering function description and code, and continue on modification;
e. determining whether the user is a normal end-user, and, if so, then;
(a) entering an entry dialog field which allows entering end-user'"'"'s logon and password; and
activating system functions and privileges associated with the user;
(b) entering an end-user'"'"'s dialog field which allows selecting a desired application systems;
(c) entering the selected application systems, whereby the end-user can use the system with granted role and privileges, and predetermined functions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An organizational role-based controlled access computer management system, utilizing a public digital network, and including
one or more personal computers and a server connected by a public digital network; -
wherein each personal computer includes at least a memory, a display, and a data entry device that can communicate with application systems;
wherein the server includes at least one processor to connect to a public digital network, computer programs, and a database; and
wherein each personal computer also includes an event processing application to add, edit, delete, or modify access roles and privileges; and
when an event occurs, the personal computer synchronizes with the server to update a user'"'"'s access role and privileges;
the system comprising;
s. a dialog field for logon and password;
t. means for processing and recognition of an end-user'"'"'s department, role, and privileges;
u. means for access by manager(s) or system analyst(s) to set up organizational departments, role, privileges and limitations, including;
(a) a user function management field, display of the organizational department(s) and end-users subject to the current user'"'"'s management, production and display of an organizational structure tree and the functions the manager can distribute to each end-user;
(b) an access role set up dialog field, display of available roles available to the manager to set up end-users'"'"' role and privileges;
(c) a role assignment dialog field, for input of organizational positions, end-users, and allowable role assignment(s);
(d) a system selection dialog field, to designate application system(s) for controlled access management by a manager(s);
v. means for department managers to add or modify the department personnel list, and manage the role and privileges assigned to end-users within the department, including;
(a) a department modification dialog field, to input and modify department names for subordinate departments;
(b) a role modification dialog field, to input and modify access role codes, and names;
(c) a system modification dialog field, to input and modify system name(s);
(d) a privilege modification dialog field, to input and modify privilege description(s);
(e) a function modification dialog field, to input and modify function codes and description;
w. means for identification of normal end-users, and processing requests for application systems and functions, including;
(a) a logon and password dialog field;
(b) an end-user dialog field for selecting a system from those which are available to the end-user;
(c) after logon, access to all of the privileges and functions available to the end-user. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An access control management method, comprising:
-
hh. creation of different domains;
ii. creation of different kinds of sets within the domains;
jj. creation of different kinds of members within the domains;
kk. designation of the relations between sets within the domains, setup of the “
set and set”
relations and associated transmission attributes;
ll. creation of “
member and set”
relations and associated attributes within the domains;
mm. recalculation of attributes, transmission, and indirect relations according to changes to the direct relations among “
set and set”
or “
member and set”
relations (e.g. new, delete, update); and
nn. retrieving relations data through the result of direct and indirect relations after transmission by a method selected from the group consisting of retrieving the relations data between one set and the other sets connected to it via direct or indirect “
set and set”
relations;
retrieving the relations data between one set and members connected to it via direct or indirect “
set and set”
relations and “
member and set”
relations; and
retrieving the relations data between one member and other members connected to it via direct or indirect “
set and set”
relation and “
member and set”
relations. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification