SYSTEM AND METHOD FOR HIERARCHICAL ROLE-BASED ENTITLEMENTS

US 20100037290A1
Filed: 08/05/2009
Published: 02/11/2010
Est. Priority Date: 02/14/2003
Status: Active Grant

First Claim

Patent Images

1-60. -60. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authorization to adaptively control access to a resource, comprising the steps of providing for the mapping of a principal to at least one role, wherein the at least one role is hierarchically related to the resource; providing for the evaluation of a policy based on the at least one role; and providing for the determination of whether to grant the principal access to the resource based on the evaluation of the policy.

Citations

80 Claims

1-60. -60. (canceled)

61. A machine readable medium having instructions stored thereon that when executed by a processor cause a system to:
- map a principal to at least one role, wherein the at least one role is hierarchically related to the resource, the resource being part of a resource hierarchy;
  
  wherein the resource is a portal, a portlet or a page, the resource inheriting a role from another resource higher in the resource hierarchy;
  
  evaluate a policy based on the at least one role; and
  
  determine whether to grant access to the resource based on the evaluation of the policy;
  
  wherein roles are inherited by resources lower in the resource hierarchy unless the resources lower in the resource hierarchy are associated with roles of the same name, in which case, the role inheritance is overridden.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70)
- - 62. The machine readable medium of claim 61 further comprising instructions which when executed cause the system to:
    - allow the principal to be an authenticated user, group or process.
  - 63. The machine readable medium of claim 61 wherein:
    - mapping includes determining whether or not the at least one role is satisfied by the principal.
  - 64. The machine readable medium of claim 61 further comprising instructions which when executed cause the system to:
    - evaluate the at least one role to true or false for the principal in a context.
  - 65. The machine readable medium of claim 61 wherein:
    - the at least one role is a Boolean expression that can include at least one of another Boolean expression and a predicate.
  - 66. The machine readable medium of claim 65 wherein:
    - the predicate is one of user, group, time and segment.
  - 67. The machine readable medium of claim 65 wherein:
    - the predicate is evaluated against the principal and a context.
  - 68. The machine readable medium of claim 66 wherein:
    - the segment predicate is specified in plain language.
  - 69. The machine readable medium of claim 61 wherein:
    - the policy is an association between the resource and a set of roles.
  - 70. The machine readable medium of claim 69 further comprising instructions which when executed cause the system to:
    - grant access to the resource if the at least one role is in the set of roles.

71. A machine-readable medium have sets of instructions stored thereon which, when executed by a machine, cause the machine to:
- evaluate a policy based on at least one role applicable to a principal attempting to access the resource, the resource being part of a resource hierarchy;
  
  wherein the resource is a portal, a portlet or a page, the resource inheriting a role from another resource higher in the resource hierarchy;
  
  grant access to the resource based on the evaluation; and
  
  wherein the resource, the policy and the at least one role are hierarchically related;
  
  wherein roles are inherited by resources lower in the resource hierarchy unless the resources lower in the resource hierarchy are associated with roles of the same name, in which case, the role inheritance is overridden.
- View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79, 80)
- - 72. The machine readable medium of claim 71, wherein the sets of instructions when further executed by the machine, cause the machine to allow the principal to be an authenticated user, group or process.
  - 73. The machine readable medium of claim 71, wherein the at least one role is applicable to a principal if the at least one role is satisfied by the principal.
  - 74. The machine readable medium of claim 71, wherein the sets of instructions when further executed by the machine, cause the machine to evaluate the at least one role to true or false for the principal in a context.
  - 75. The machine readable medium of claim 71, wherein the at least one role is a Boolean expression that includes at least one of (1) another Boolean expression and (2) a predicate.
  - 76. The machine readable medium of claim 75, wherein the predicate is one of user, group, time and segment.
  - 77. The machine readable medium of claim 75, wherein the sets of instructions when further executed by the machine, cause the machine to evaluate the predicate against the principal and a context.
  - 78. The machine readable medium of claim 76, wherein the segment predicate is specified in plain language.
  - 79. The machine readable medium of claim 71, wherein the policy is an association between the resource and a set of roles.
  - 80. The machine readable medium of claim 79, wherein the sets of instructions when further executed by the machine, cause the machine to grant access to the resource if the at least one role is in the set of roles.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Griffin, Philip B., McCauley, Rod, Toussaint, Alex, Devgan, Manish

Granted Patent

US 7,992,189 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2145   Inheriting rights or proper...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR HIERARCHICAL ROLE-BASED ENTITLEMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

80 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR HIERARCHICAL ROLE-BASED ENTITLEMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

80 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links