Document access control
First Claim
Patent Images
1. A method comprising:
- associating a user with a first set of aliases;
associating a document with a second set of aliases; and
granting the user access to the document when the first and second sets of aliases have an alias in common.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of this invention control access to documents by identifying a user requesting a document, retrieving a membership list associated with the user, retrieving an access control list (ACL) associated with the document, and intersecting the user'"'"'s membership list and the document'"'"'s ACL to determine if the user has privileges to access to the document. Certain embodiments of this invention filter documents in a search result to return those documents (or a list of those documents) that are accessible to a user.
75 Citations
20 Claims
-
1. A method comprising:
-
associating a user with a first set of aliases;
associating a document with a second set of aliases; and
granting the user access to the document when the first and second sets of aliases have an alias in common. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
generating for a user a membership list to identify aliases having the user as a direct or indirect member;
assigning to a document in a plurality of documents an access control list (ACL) to identify aliases having access to the document;
receiving a request from the user for access to the document;
in response to the request, retrieving the membership list and the ACL;
intersecting the membership list and the ACL; and
granting the user access to the document when the intersection is not null. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a memory to store for each of a plurality of users a membership list to indicate aliases to which the user is a direct or indirect member;
an input device to receive from a user a request to search for a document meeting a certain criterion;
a search engine to search for the requested document;
a filter coupled to the search engine to prevent the search engine from returning documents inaccessible to the user, wherein a document is inaccessible to the user when an access control list (ACL) associated with the document fails to share an alias with a membership list associated with the user; and
an output device to transmit to the user a list of documents from the search engine passing the filter. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A machine-readable medium, having stored thereon a set of instructions, which when executed, perform a method comprising of:
-
defining a first data structure to map documents to at least one access control list (ACL), wherein the ACL is to identify aliases to have access to the documents;
defining a second data structure to map each of the aliases to a list of direct members, wherein each list of direct members is to include at least one of a user or another alias;
defining a third data structure to map each of the direct members to a list of aliases directly containing the direct member;
defining a fourth data structure to map each user to a membership list, wherein the membership list contains aliases to which the user as either a direct or indirect member;
in response to a user request for a document, retrieving a membership list mapping to the user and an ACL mapping to the document; and
granting the user access to the document when the membership list and the ACL have an alias in common. - View Dependent Claims (17, 18, 19, 20)
-
Specification