DATA DRIVEN ROLE BASED SECURITY
First Claim
1. At a computer system, a method for determining access to a computing object, the method comprising:
- accessing a data context in connection with potential access to the computing object by a user identity;
defining a derived role for the user identity based on at least one aspect of the data context;
receiving a request to access the computing object;
forming a set of permissions for the computing object by evaluating a control expression governing access to the computing object based on the derived role; and
determining the user identity'"'"'s access to the computing object in accordance with the set of permissions.
2 Assignments
0 Petitions
Accused Products
Abstract
Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access.
6 Citations
1 Claim
-
1. At a computer system, a method for determining access to a computing object, the method comprising:
-
accessing a data context in connection with potential access to the computing object by a user identity; defining a derived role for the user identity based on at least one aspect of the data context; receiving a request to access the computing object; forming a set of permissions for the computing object by evaluating a control expression governing access to the computing object based on the derived role; and determining the user identity'"'"'s access to the computing object in accordance with the set of permissions.
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsIvanov, Sergei, Barrows, John August
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/3
-
CPC Class CodesG06F 21/604 Tools and structures for ma...G06F 21/6218 to a system of files or obj...G06F 2221/2141 Access rights, e.g. capabil...H04L 63/08 for authentication of entit...H04L 63/10 for controlling access to d...H04L 63/101 Access control lists [ACL]H04L 63/105 Multiple levels of security
