DATA DRIVEN ROLE BASED SECURITY
First Claim
1. At a computer system, a method for determining access to a computing object, the method comprising:
- accessing a data context in connection with potential access to the computing object by a user identity;
defining a derived role for the user identity based on at least one aspect of the data context;
receiving a request to access the computing object;
forming a set of permissions for the computing object by evaluating a control expression governing access to the computing object based on the derived role; and
determining the user identity'"'"'s access to the computing object in accordance with the set of permissions.
2 Assignments
0 Petitions
Accused Products
Abstract
Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access.
6 Citations
1 Claim
-
1. At a computer system, a method for determining access to a computing object, the method comprising:
-
accessing a data context in connection with potential access to the computing object by a user identity; defining a derived role for the user identity based on at least one aspect of the data context; receiving a request to access the computing object; forming a set of permissions for the computing object by evaluating a control expression governing access to the computing object based on the derived role; and determining the user identity'"'"'s access to the computing object in accordance with the set of permissions.
-
Specification