Method for managing usage authorizations in a data processing network and a data processing network
First Claim
1. A method for managing usage authorizations in a data processing network, comprising:
- allocating to a user, upon the user logging in at a work station of the data processing network, at least one role stored in a central authorization register;
determining, upon an application being called up and via a local security module of the application, authorizations granted for the allocated at least one role of the user;
accessing via a central security module, if there is not sufficient authorization granted for an application-related action, a central collection of security rules indicating circumstances in which, when the granted authorizations are not sufficient to carry out the application-related action, the user can still carry out the application-related action;
determining whether, according to at least one of the security rules, a usage authority is possible for the application-related action and conveying the possibility, if determined, to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
To facilitate the work of a user with a data processing network with a number of security levels of the applications and functions to be executed, a method is proposed for managing usage authorizations in this data processing network. In at least one embodiment of the method, when a user logs in at a work station, at least one role stored in a central authorization register is allocated to the user; when an application is called up a local security module of the application determines which authorizations are granted for the role of the user; and if there is no authorization for an application-related action, a central security module accesses a central collection of security rules, the security rules indicating the circumstances, in which, when a user'"'"'s authorizations are not sufficient to carry out the application-related action, the user can still carry it out and determines whether according to at least one of the security rules a usage authority is possible for the application-related action and offers this to the user.
-
Citations
21 Claims
-
1. A method for managing usage authorizations in a data processing network, comprising:
-
allocating to a user, upon the user logging in at a work station of the data processing network, at least one role stored in a central authorization register; determining, upon an application being called up and via a local security module of the application, authorizations granted for the allocated at least one role of the user; accessing via a central security module, if there is not sufficient authorization granted for an application-related action, a central collection of security rules indicating circumstances in which, when the granted authorizations are not sufficient to carry out the application-related action, the user can still carry out the application-related action; determining whether, according to at least one of the security rules, a usage authority is possible for the application-related action and conveying the possibility, if determined, to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification