ACCESS CONTROL MANAGEMENT MAPPING RESOURCE/ACTION PAIRS TO PRINCIPALS

US 20110296523A1
Filed: 05/26/2010
Published: 12/01/2011
Est. Priority Date: 05/26/2010
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented process for managing access control to one or more resources, comprising:

using a computing device for;

mapping to each resource/action pair of a set of resource/action pairs a corresponding list of authorized principals that are authorized to perform the action on the resource; and

displaying names of the authorized principals mapped to each resource/action pair on a display device of the computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The access control management technique described herein manages access control to one or more resources. Rather than mapping individuals or groups to permissions, the technique maps each permission (the right to perform an action on a resource) to the list of authorized principals (the users and groups authorized to perform the action on the resource). These lists are written in text form just as one would write the list of recipients (individuals and groups) of an email composition window. The technique also provides various operations to allow a user to manage the list of authorized principals and the authorizations assigned to a principal to access the resource/action pair.

26 Citations

View as Search Results

20 Claims

1. A computer-implemented process for managing access control to one or more resources, comprising:
- using a computing device for;
  
  mapping to each resource/action pair of a set of resource/action pairs a corresponding list of authorized principals that are authorized to perform the action on the resource; and
  
  displaying names of the authorized principals mapped to each resource/action pair on a display device of the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-implemented process of claim 1, further comprising displaying the name of each authorized principal in text form next to the corresponding resource/action pair on the display device.
  - 3. The computer-implemented process of claim 1, further comprising using an in-line minus operator to visually indicate removal of authorization from one or more principals from the list of authorized principals.
  - 4. The computer-implemented process of claim 1 wherein the list of authorized principals comprises users and groups of users authorized to perform the action on the resource of the corresponding resource/action pair.
  - 5. The computer-implemented process of claim 4, further comprising displaying on the display device textual representations of authorized principals that expand and contract in line for as many levels are there are levels of groups of users.
  - 6. The computer-implemented process of claim 1 further comprising displaying an editable text box to manage the list of authorized principals on the display device.
  - 7. The computer-implemented process of claim 1, further comprising displaying on the display device a heuristic to encourage users to create new groups of authorized principals.
  - 8. The computer-implemented process of claim 1, further comprising displaying a visual cue to indicate that an authorized principal, while present on the list of authorized principals, does not have authorization to perform an action on a corresponding resource.
  - 9. The computer-implemented process of claim 8, wherein the visual cue is a strikethrough of the principal'"'"'s name that does not have authorization to perform the action on a corresponding resource.
  - 10. The computer-implemented process of claim 1, wherein an authorization to perform an action on a resource can be inherited or custom created.
  - 11. The computer-implemented process of claim 10, wherein an indicator is used to indicate whether an authorization to perform an action is inherited or custom created.
  - 12. The computer-implemented process of claim 11, wherein inherited and custom authorizations are displayed in a line on the display, and wherein inherited permissions are visually differentiated from custom authorization and are editable.

13. An access control management system for managing access control of one or more actions that a user is authorized to perform on a resource, comprising:
- a general purpose computing device;
  
  a computer program comprising program modules executable by the general purpose computing device, wherein the computing device is directed by upon execution of the program modules of the computer program to,map to a resource/action pair a list of one or more authorized principals authorized to perform the corresponding action of the resource/action pair on the resource of the resource/action pair.
- View Dependent Claims (14, 15, 16)
- - 14. The access control management system of claim 13, further comprising a module to display each list of authorized principals next to the corresponding resource/action pair.
  - 15. The access control management system of claim 13, further comprising a module to translate existing access control rules to create the list of authorized principals for each resource/action pair.
  - 16. The access control management system of claim 15, wherein the module to translate existing access control rules to create the list of authorized principals for each resource/action pair further comprises sub-modules configured to, upon execution:
    - set the list of authorized principals to empty;
      
      for each rule in the existing access control rules, from a lowest precedence to a highest precedence,for each authorization explicitly authorized to a principal via the existing access control rules, add the principal to the list of authorized principals for this authorization, andfor each authorization explicitly denied to a principal via the existing access control rules, add the principal to the list of authorized principals for this authorization using an exclusion operator.

17. A computer-implemented process for managing access control to one or more resources, comprising:
- using a computing device for;
  
  mapping to each resource/role pair of a set of resource/role pairs, wherein a role further comprises a set of authorized actions, a list of the names of one or more authorized principals that are authorized to perform the corresponding set of authorized actions of the resource/role pair on the corresponding resource;
  
  displaying the names of the authorized principals on the list of authorized principals next to the corresponding resource/role pairs on a display device of the computing device; and
  
  allowing a user to manipulate the displayed names of authorized principals on the list of authorized principals mapped to each resource/role pair in order to manage the action authorization an authorized principal has on the corresponding resource.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-implemented process of claim 17 wherein the resource comprises a file name or a directory name.
  - 19. The computer-implemented process of claim 17 wherein the actions further comprise read, write and delete.
  - 20. The computer-implemented process of claim 17 wherein the authorized principal is a user or a group of users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Reeder, Robert Wilson, Schechter, Stuart Edward

Application Number

US12/788,245
Publication Number

US 20110296523A1
Time in Patent Office

Days
Field of Search
US Class Current

726/21
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

ACCESS CONTROL MANAGEMENT MAPPING RESOURCE/ACTION PAIRS TO PRINCIPALS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS CONTROL MANAGEMENT MAPPING RESOURCE/ACTION PAIRS TO PRINCIPALS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links