Methods and Apparatus for Scoped Role-Based Access Control
First Claim
1. A method of providing role-based access control of a resource by a subject in an access control system comprising the steps of:
- determining if the resource is accessible by the subject;
determining if the resource is accessible by a role and an associated permission of the subject, when the resource is accessible by the subject;
permitting access control of the resource by the subject when the resource is accessible by the role and the associated permission of the subject; and
denying access control of the resource by the subject when the resource is not accessible by the subject or the role and the associated permission of the subject.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for providing role-based access control of a resource by a subject in an access control system are provided. The system comprises one or more roles capable of association with one or more subjects, and a plurality of permission sets. One or more of the plurality of permission sets are associated with each of the one or more roles. The system further comprises a plurality of resources. One or more of the plurality of resources are associated with each of the one or more permission sets, and each of the plurality of resources is associated with a set of one or more subjects. A given subject in a set of one or more subjects for a given resource and having a role-permission association with the given resource is provided access control of the given resource.
52 Citations
20 Claims
-
1. A method of providing role-based access control of a resource by a subject in an access control system comprising the steps of:
-
determining if the resource is accessible by the subject; determining if the resource is accessible by a role and an associated permission of the subject, when the resource is accessible by the subject; permitting access control of the resource by the subject when the resource is accessible by the role and the associated permission of the subject; and denying access control of the resource by the subject when the resource is not accessible by the subject or the role and the associated permission of the subject. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. Apparatus for providing role-based access control of a resource by a subject in an access control system, comprising:
-
a memory; and at least one processor coupled to the memory and operative to;
(i) determine if the resource is accessible by the subject;
(ii) determine if the resource is accessible by a role and an associated permission of the subject, when the resource is accessible by the subject;
(iii) permit access control of the resource by the subject when the resource is accessible by the role and the associated permission of the subject; and
(iv) deny access control of the resource by the subject when the resource is not accessible by the subject or the role and the associated permission of the subject. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. An article of manufacture for providing role-based access control of a resource by a subject in an access control system, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
-
determining if the resource is accessible by the subject; determining if the resource is accessible by a role and an associated permission of the subject, when the resource is accessible by the subject; permitting access control of the resource by the subject when the resource is accessible by the role and the associated permission of the subject; and denying access control of the resource by the subject when the resource is not accessible by the subject or the role and the associated permission of the subject.
-
-
18. A role-based access control system comprising:
-
one or more roles capable of association with one or more subjects; a plurality of permission sets, wherein one or more of the plurality of permission sets are associated with each of the one or more roles; a plurality of resources, wherein one or more of the plurality of resources are associated with each of the one or more permission sets, and each of the plurality of resources are associated with set of one or more subjects; wherein a given subject in a set of one or more subjects for a given resource and having a role-permission association with the given resource is provided access control of the given resource. - View Dependent Claims (19, 20)
-
Specification