DATA DRIVEN ROLE BASED SECURITY
First Claim
Patent Images
1. A method, comprising:
- querying for a data context in connection with potential access to one or more computing objects of a computing system by at least one computing device on behalf of a user identity;
receiving, by the at least one computing device, a request for access to at least one computing object of the one or more computing objects;
evaluating a control expression of an object governing access to the at least one computing object based on the data context to form a set of permissions; and
granting access to the at least one computing object if the set of permissions includes a permission for the request for access.
2 Assignments
0 Petitions
Accused Products
Abstract
Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access.
55 Citations
20 Claims
-
1. A method, comprising:
-
querying for a data context in connection with potential access to one or more computing objects of a computing system by at least one computing device on behalf of a user identity; receiving, by the at least one computing device, a request for access to at least one computing object of the one or more computing objects; evaluating a control expression of an object governing access to the at least one computing object based on the data context to form a set of permissions; and granting access to the at least one computing object if the set of permissions includes a permission for the request for access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented system, comprising:
-
a login component configured to query for a data context for access requests to data objects of a computing system in response to a user login, the data context is retrieved based on the data objects; an access control component configured to dynamically evaluate, in response to a request for access to at least one data object of the data objects, at least one control expression of an access control object that controls whether the access is granted to determine a set of permissions and configured to grant permission based on the set of permissions. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
receiving first input via a user interface of at least one computing device regarding an application function of an application for which role based security control is to be applied for users of the application function; receiving second input via the user interface regarding at least one data field of a data set applicable to carrying out the application function; receiving third input via the user interface regarding data instances to be extracted from the data set to establish a data context applicable to a given user at a time of login in connection with potential use of the application function; and based on the first, second and third inputs, receiving fourth input via the user interface defining at least one control expression for a role based access control object for dynamic evaluation in connection with the potential use of the application function.
-
Specification