Role-based access in a multi-customer computing environment

US 20080016580A1
Filed: 07/11/2006
Published: 01/17/2008
Est. Priority Date: 07/11/2006
Status: Active Grant

First Claim

Patent Images

1. A method for managing role-based access in a multi-customer computing environment, the method comprising:

associating an actor with a role;

associating a policy type with the role;

associating a role scope with the role;

receiving one or more values for one or more corresponding context parameters associated with the actor;

receiving a request for access to a resource from the actor;

determining a policy instance based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor;

determining one or more actor-role scope values based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor; and

determining a response to the request based on the policy instance and the actor-role scope values.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An actor is associated with a role, a policy type is associated with the role, and a role scope is associated with the role. One or more values are received for one or more corresponding context parameters associated with the actor. A request for access to a resource is received from the actor. A policy instance is determined based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor. One or more actor-role scope values are determined based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor. A response to the request is determined based on the policy instance and the actor-role scope values.

Citations

20 Claims

1. A method for managing role-based access in a multi-customer computing environment, the method comprising:
- associating an actor with a role;
  
  associating a policy type with the role;
  
  associating a role scope with the role;
  
  receiving one or more values for one or more corresponding context parameters associated with the actor;
  
  receiving a request for access to a resource from the actor;
  
  determining a policy instance based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor;
  
  determining one or more actor-role scope values based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor; and
  
  determining a response to the request based on the policy instance and the actor-role scope values.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein determining the response to the request comprises determining a resolved scope using the actor-role scope values.
  - 3. The method of claim 1, further comprising generating a role assignment record.
  - 4. The method of claim 3, wherein the role assignment record comprises the actor, the role, and the context parameters.
  - 5. The method of claim 3, wherein the role assignment record comprises the one or more actor-role scope values based on the role scope.
  - 6. The method of claim 1, wherein said resource comprises a database, a system application, a document, or any combination thereof.
  - 7. The method of claim 1, wherein said actor comprises a user, a system account, a system application, a computing device, or any combination thereof.
  - 8. The method of claim 1 wherein the policy type includes an access control policy element, a data view/presentation policy element, a function performance/update operation policy element, or any combination thereof.
  - 9. The method of claim 1 wherein determining the policy instance comprises employing a hierarchical priority of the one or more of the context parameters.
  - 10. The method of claim 1 comprising defining a default policy instance.
  - 11. The method of claim 10 wherein determining the policy instance comprises selecting the default policy instance when there is no match with the one or more of the context parameters.

12. A system for managing role-based access in a multi-customer computing environment, the system comprising:
- one or more servers configured to;
  
  associate an actor with a role;
  
  associate a policy type with the role;
  
  associate a role scope with the role;
  
  receive one or more values for one or more corresponding context parameters associated with the actor;
  
  receive a request for access to a resource from the actor;
  
  determine a policy instance based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor;
  
  determine one or more actor-role scope values based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor; and
  
  determine a response to the request based on the policy instance and the actor-role scope values.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the one or more servers are further configured to determine the response to the request comprises determining a resolved scope using the actor-role scope values.
  - 14. The system of claim 12, wherein the one or more servers are further configured to generate a role assignment record.
  - 15. The system of claim 14, wherein the role assignment record comprises the actor, the role, and the context parameters.
  - 16. The system of claim 14, wherein the role assignment record comprises the one or more actor-role scope values based on the role scope.
  - 17. The system of claim 12, wherein said resource comprises a database, a system application, a document, or any combination thereof.
  - 18. The system of claim 12, wherein said actor comprises a user, a system account, a system application, a computing device, or any combination thereof.
  - 19. The system of claim 12, wherein the policy type includes an access control policy element, a data view/presentation policy element, a function performance/update operation policy element, or any combination thereof.

20. A computer program product, tangibly embodied in an information carrier, for managing role-based access in a multi-customer computing environment, the computer program product including instructions being operable to cause data processing apparatus to:
- associate an actor with a role;
  
  associate a policy type with the role;
  
  associate a role scope with the role;
  
  receive one or more values for one or more corresponding context parameters associated with the actor;
  
  receive a request for access to a resource from the actor;
  
  determine a policy instance based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor;
  
  determine one or more actor-role scope values based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor; and
  
  determine a response to the request based on the policy instance and the actor-role scope values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FMR LLC
Original Assignee
FMR LLC
Inventors
Vetrano, Paul Michael, Dixit, Royyuru, Spellman, Timothy Prentiss, Hafeman, Joseph Edward

Granted Patent

US 8,336,078 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/604 Tools and structures for ma...

Role-based access in a multi-customer computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Role-based access in a multi-customer computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links