Extensible role based authorization for manageable resources

US 20070185875A1
Filed: 02/09/2006
Published: 08/09/2007
Est. Priority Date: 02/09/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for dynamically providing access to a plurality of resources in a computer based application, the method comprising:

detecting a change associated with the application potentially affecting an access scheme of the application, wherein the application includes a plurality of components;

determining which of said plurality of resources of the application are affected by the change;

determining which of said plurality of components of the application are affected by the change;

determining at least one user account among a plurality of user accounts affected by the change; and

modifying or creating a dynamic role of said one user account to accommodate the change.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for dynamically altering the access capabilities to the data resources for users of a computer based application. The access capabilities are defined by a dynamic role that specifies which of the resources a user may access, and a set of permissions associated with the dynamic role to define. New dynamic roles may be created when additional resources and components are added to an application. Methods and systems are provided for creating new dynamic roles to temporarily access resources, and for deleting a dynamic role after it is no longer needed.

87 Citations

View as Search Results

19 Claims

1. A method for dynamically providing access to a plurality of resources in a computer based application, the method comprising:
- detecting a change associated with the application potentially affecting an access scheme of the application, wherein the application includes a plurality of components;
  
  determining which of said plurality of resources of the application are affected by the change;
  
  determining which of said plurality of components of the application are affected by the change;
  
  determining at least one user account among a plurality of user accounts affected by the change; and
  
  modifying or creating a dynamic role of said one user account to accommodate the change.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - destroying the dynamic role upon determining that the dynamic role is no longer needed.
  - 3. The method of claim 1, wherein the dynamic role specifies which of said plurality of resources the user account is authorized to access.
  - 4. The method of claim 3, wherein a set of permissions associated with the dynamic role specifies access capabilities granted to the user account for accessing said plurality of resources.
  - 5. The method of claim 4, further comprising:
    - modifying the set of permissions to change the access capabilities.
  - 6. The method of claim 5, wherein said modifying of the set of permissions includes adding a new permission.
  - 7. The method of claim 4, further comprising:
    - storing the dynamic role and the set of permissions for the user account in said application.
  - 8. The method of claim 1, wherein said change includes at least one of:
    - adding additional resources to the application, adding additional components to the application, registering a new user account with the application, or receiving a request for additional access to be granted to an existing user account.
  - 9. The method of claim 1, wherein said access to resources is limited to a plurality of user accounts registered with the application.

10. A computer program product for dynamically providing access to a plurality of resources in a computer based application, the computer program product comprising a computer useable medium including a computer readable program, wherein the computer readable program upon being executed on a computer causes the computer to:
- detect a change associated with the application potentially affecting an access scheme of the application, wherein the application includes a plurality of components;
  
  determine which of said plurality of resources of the application are affected by the change;
  
  determine which of said plurality of components of the application are affected by the change;
  
  determine at least one user account among a plurality of user accounts affected by the change; and
  
  modify or create a dynamic role of said one user account to accommodate the change.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer program product of claim 10, further causing the computer to:
    - destroy the dynamic role upon determining that the dynamic role is no longer needed.
  - 12. The computer program product of claim 10, wherein the dynamic role specifies which of said plurality of resources the user account is authorized to access;
    - and wherein a set of permissions associated with the dynamic role specifies access capabilities granted to the user account for accessing said plurality of resources.
  - 13. The computer program product of claim 12, further causing the computer to:
    - modify the set of permissions to change the access capabilities.
  - 14. The computer program product of claim 13, wherein said modifying of the set of permissions includes adding a new permission.
  - 15. The computer program product of claim 12, further causing the computer to:
    - store the dynamic role and the set of permissions for the user account in said application.

16. A system for dynamically providing access to a plurality of resources in a computer based application, the system comprising:
- a memory configured to store the plurality of resources and the computer based application;
  
  logic for detecting a change associated with the application potentially affecting an access scheme of the application, wherein the application includes a plurality of components;
  
  logic for determining which of said plurality of resources of the application are affected by the change;
  
  logic for determining which of said plurality of components of the application are affected by the change;
  
  logic for determining at least one user account among a plurality of user accounts affected by the change; and
  
  logic for modifying or creating a dynamic role of said one user account to accommodate the change.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, wherein the dynamic role specifies which of said plurality of resources the user account is authorized to access;
    - and wherein a set of permissions associated with the dynamic role specifies access capabilities granted to the user account for accessing said plurality of resources.
  - 18. The system of claim 17, wherein said logic for modifying the dynamic role is configured to modify the set of permissions to change the access capabilities.
  - 19. The system of claim 16, wherein the memory is further configured to store the dynamic role and the set of permissions for the user account in said application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chang, John, Chang, David, Venkataramappa, Vishwanath

Application Number

US11/351,035
Publication Number

US 20070185875A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/604 Tools and structures for ma...

G06F 21/6218 to a system of files or obj...

Extensible role based authorization for manageable resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

87 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Extensible role based authorization for manageable resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links