Enterprise entitlement framework
First Claim
1. A computer readable medium storing a data infrastructure for managing a privilege corresponding to a resource type, the data infrastructure comprising:
- a hierarchy object defining a hierarchy structure associated with the resource type, wherein the resource type corresponds to one or more applications to which the privilege applies and wherein the hierarchy structure includes a hierarchy node;
a hierarchy node object configured to store the hierarchy node; and
a resource attribute set object storing a set of one or more resource attributes, wherein the one or more attributes include at least one of a hierarchy attribute and a list item attribute,wherein a scope of the privilege is defined based on the one or more resource attributes, andwherein the scope of the privilege is automatically redefined in response to a modification to a component of the infrastructure.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for managing privilege information across multiple applications and/or databases is provided. A flexible and extensible privilege management infrastructure may be implemented to store and manage various types of privileges, access rights and resources. The privilege management infrastructure may include a variety of data objects and structures configured to store various components and/or aspects of a privilege. The data objects may include resource type objects, user objects, role objects, action objects, resource attribute objects, list item object and/or hierarchy objects. The data objects defined for a particular privilege may further be linked according to relationships between one or more objects. The privilege management infrastructure is extensible for use with new applications by defining new objects compatible with the privilege structures of the new applications.
109 Citations
20 Claims
-
1. A computer readable medium storing a data infrastructure for managing a privilege corresponding to a resource type, the data infrastructure comprising:
-
a hierarchy object defining a hierarchy structure associated with the resource type, wherein the resource type corresponds to one or more applications to which the privilege applies and wherein the hierarchy structure includes a hierarchy node; a hierarchy node object configured to store the hierarchy node; and a resource attribute set object storing a set of one or more resource attributes, wherein the one or more attributes include at least one of a hierarchy attribute and a list item attribute, wherein a scope of the privilege is defined based on the one or more resource attributes, and wherein the scope of the privilege is automatically redefined in response to a modification to a component of the infrastructure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable medium storing a data model for managing privileges, the data model comprising:
-
a privilege object storing a privilege corresponding to a resource type; a hierarchy object storing a hierarchy structure having a hierarchy node, wherein the hierarchy structure is defined based on the resource type; a list object storing a target item list, wherein a target item to which the privilege applies is selected from the target item list; and a privilege cascade object storing a privilege cascade that specifies a characteristic, wherein a scope of the privilege is modified based on the specified characteristic. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer readable medium storing a data model, the data model comprising:
-
a hierarchy object defining a hierarchy structure associated with a resource type, wherein the hierarchy structure includes one or more hierarchy nodes; a privilege object storing a privilege, wherein the privilege is at least one of user based and role based; a resource attribute set object storing a set of one or more resource attributes, wherein the one or more attributes include at least one of a hierarchy attribute and a list item attribute and wherein a scope of the privilege is defined based on the one or more attributes; and a privilege rule object defining a privilege rule that qualifies the scope of the privilege. - View Dependent Claims (18, 19, 20)
-
Specification