DYNAMIC AUTHORIZATION TO FEATURES AND DATA IN JAVA-BASED ENTERPRISE APPLICATIONS

US 20150026208A1
Filed: 07/22/2013
Published: 01/22/2015
Est. Priority Date: 07/22/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of controlling access to enterprise applications, the method comprising the steps of:

storing information for a plurality of users in a user table, identifying each user by a unique login used as a primary key;

storing information for a plurality of roles in a role table, identifying each role by a unique name as a primary key;

storing information for a plurality of features in a feature table, identifying each feature by a unique name as a primary key;

creating a first join-table for mapping users to roles, using their respective primary keys and predetermined assignments of users to roles;

creating a second join-table for mapping features to roles, using their respective primary keys and predetermined assignments of features to roles; and

permitting a user to access a requested feature if and only if the requested feature is associated with a role assigned to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are presented for dynamically controlling role-based access to enterprise applications. The access includes both a user'"'"'s ability to access a requested functionality (hereinafter referred to as “features”) in an enterprise applications, as well as the user'"'"'s ability to access the specific data (and request filtering of the data) within the enterprise applications. The systems and methods provide dynamic control by utilizing a number of separate tables for identifying each element (user, role and feature), with join-tables used to define, on an active/customized basis, the association of each user with respect to a particular role (user_role join-table) and association of each feature with the listing of roles (feature_role join-table). The join-tables and specific element tables may be modified during runtime to modify any of the associations or listings.

44 Citations

View as Search Results

13 Claims

1. A computer-implemented method of controlling access to enterprise applications, the method comprising the steps of:
- storing information for a plurality of users in a user table, identifying each user by a unique login used as a primary key;
  
  storing information for a plurality of roles in a role table, identifying each role by a unique name as a primary key;
  
  storing information for a plurality of features in a feature table, identifying each feature by a unique name as a primary key;
  
  creating a first join-table for mapping users to roles, using their respective primary keys and predetermined assignments of users to roles;
  
  creating a second join-table for mapping features to roles, using their respective primary keys and predetermined assignments of features to roles; and
  
  permitting a user to access a requested feature if and only if the requested feature is associated with a role assigned to the user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as defined in claim 1 wherein the method is dynamic by permitting the first and second join-tables to be updated during run time to modify the associations between the objects.
  - 3. The method as defined in claim 1 wherein the method is dynamic by permitting the user table, role table and feature table to be updated during run time.
  - 4. The method as defined in claim 1 wherein the method is further capable of controlling presentation of queries to enterprise applications and includes the steps of:
    - storing information regarding a plurality of attributes in an attribute table, identifying each attributed by a unique name as a primary key; and
      
      creating a third join-table for mapping attributes to roles, using their respective primary keys;
      
      permitting a user to submit a query based on a selected attribute if and only if the selected attribute is associated with a role assigned to the user.
  - 5. The method as defined in claim 4 wherein the method further comprises an ability to filter a submitted query to eliminate unwanted information from being returned in response to a query, the method further comprising the steps of:
    - storing a plurality of filtering options in a filter table, identifying each query filter by a unique name as a primary key; and
      
      creating a fourth join-table for mapping filters to roles, using their respective primary keys; and
      
      permitting a user to submit a filtered query based on a selected filter and query if and only if the selected filter is associated with a role assigned to the user.

6. A system for providing dynamic management of roles and features in enterprise applications comprisinga memory module for storing information for a plurality of users in a user table, identifying each user by a unique login used as a primary key, and information for a plurality of roles in a role table, identifying each role by a unique name as a primary key and information for a plurality of features in a feature table, identifying each feature by a unique name as a primary key;
- anda processor for creating a first join-table for mapping users onto selected roles and a second join-table for mapping features onto selected roles, the first and second join-tables then stored in the memory module, wherein when a user requests access to a selected feature, the processor is queried to determine if the selected feature is associated with a role assigned to the user.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The system as defined in claim 6 wherein the memory module is updated as required to modify listings of the users, roles and features.
  - 8. The system as defined in claim 6 wherein the memory module is updated as required to modify the mappings between the users and the roles.
  - 9. The system as defined in claim 6 wherein the memory module is updated as required to modify the mappings between the features and the roles.
  - 10. The system as defined in claim 6 wherein the memory module further comprises a table of predefined attributes and a join-table mapping the predefined attributes to the roles.
  - 11. The system as defined in claim 10 wherein the memory module further comprises a table of query filters and a join-table mapping the query filters to the roles.
  - 12. The system as defined in claim 11 wherein the system further comprises a cache for storing executed query filters.
  - 13. The system as defined in claim 12 wherein the executed query filters are hashed and a hash value is used to query the cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens Corp. (Siemens AG)
Inventors
Kuhmuench, Christoph

Granted Patent

US 9,430,665 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/769
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 21/629 to features or functions of...

DYNAMIC AUTHORIZATION TO FEATURES AND DATA IN JAVA-BASED ENTERPRISE APPLICATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC AUTHORIZATION TO FEATURES AND DATA IN JAVA-BASED ENTERPRISE APPLICATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links