DYNAMIC AUTHORIZATION TO FEATURES AND DATA IN JAVA-BASED ENTERPRISE APPLICATIONS
First Claim
1. A computer-implemented method of controlling access to enterprise applications, the method comprising the steps of:
- storing information for a plurality of users in a user table, identifying each user by a unique login used as a primary key;
storing information for a plurality of roles in a role table, identifying each role by a unique name as a primary key;
storing information for a plurality of features in a feature table, identifying each feature by a unique name as a primary key;
creating a first join-table for mapping users to roles, using their respective primary keys and predetermined assignments of users to roles;
creating a second join-table for mapping features to roles, using their respective primary keys and predetermined assignments of features to roles; and
permitting a user to access a requested feature if and only if the requested feature is associated with a role assigned to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are presented for dynamically controlling role-based access to enterprise applications. The access includes both a user'"'"'s ability to access a requested functionality (hereinafter referred to as “features”) in an enterprise applications, as well as the user'"'"'s ability to access the specific data (and request filtering of the data) within the enterprise applications. The systems and methods provide dynamic control by utilizing a number of separate tables for identifying each element (user, role and feature), with join-tables used to define, on an active/customized basis, the association of each user with respect to a particular role (user_role join-table) and association of each feature with the listing of roles (feature_role join-table). The join-tables and specific element tables may be modified during runtime to modify any of the associations or listings.
44 Citations
13 Claims
-
1. A computer-implemented method of controlling access to enterprise applications, the method comprising the steps of:
-
storing information for a plurality of users in a user table, identifying each user by a unique login used as a primary key; storing information for a plurality of roles in a role table, identifying each role by a unique name as a primary key; storing information for a plurality of features in a feature table, identifying each feature by a unique name as a primary key; creating a first join-table for mapping users to roles, using their respective primary keys and predetermined assignments of users to roles; creating a second join-table for mapping features to roles, using their respective primary keys and predetermined assignments of features to roles; and permitting a user to access a requested feature if and only if the requested feature is associated with a role assigned to the user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for providing dynamic management of roles and features in enterprise applications comprising
a memory module for storing information for a plurality of users in a user table, identifying each user by a unique login used as a primary key, and information for a plurality of roles in a role table, identifying each role by a unique name as a primary key and information for a plurality of features in a feature table, identifying each feature by a unique name as a primary key; - and
a processor for creating a first join-table for mapping users onto selected roles and a second join-table for mapping features onto selected roles, the first and second join-tables then stored in the memory module, wherein when a user requests access to a selected feature, the processor is queried to determine if the selected feature is associated with a role assigned to the user. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- and
Specification