SYSTEMS AND METHODOLOGIES FOR MANAGING DOCUMENT ACCESS PERMISSIONS

US 20150033327A1
Filed: 07/29/2014
Published: 01/29/2015
Est. Priority Date: 07/29/2013
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for managing access to objects available via a file server by a user, the method including:

(i) authenticating the user;

(ii) based on data indicative of an organisational hierarchy, which provides data indicative of memberships of a plurality of users to a plurality of groups, determining a set of groups to which the user belongs; and

(iii) for each group to which the user belongs, and for each unique combination of groups to which the user belongs, defining a respective access token;

(iv) combining the defined access tokens into a set of access tokens, which a file server accesses thereby to determine whether or not to grant the user access to a given object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are systems and methodologies for managing document access permissions. Embodiments of the invention have been particularly developed for allowing group-based permission management in a file system. While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts.

25 Citations

View as Search Results

16 Claims

1. A computer implemented method for managing access to objects available via a file server by a user, the method including:
- (i) authenticating the user;
  
  (ii) based on data indicative of an organisational hierarchy, which provides data indicative of memberships of a plurality of users to a plurality of groups, determining a set of groups to which the user belongs; and
  
  (iii) for each group to which the user belongs, and for each unique combination of groups to which the user belongs, defining a respective access token;
  
  (iv) combining the defined access tokens into a set of access tokens, which a file server accesses thereby to determine whether or not to grant the user access to a given object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1 wherein the given object is associated with a parent group defined in the organisational hierarchy.
  - 3. A method according to claim 2 wherein, based on the parent group, the given object has defined for it a subtractive access token based upon the parent group.
  - 4. A method according to claim 1 including a step of identifying one or more security labels associated with the user, and wherein (iii) includes defining respective access tokens for each unique combination of groups and security labels.
  - 5. A method according to claim 4 wherein the given object is associated with a parent group defined in the organisational hierarchy and one or more security labels, and wherein, based on the parent group, the given object has defined for it a subtractive access token based upon the parent group and the security labels.
  - 6. A method according to claim 1 wherein, in each instance where a user belongs to a group, that user is associated with a permission set for that group.
  - 7. A method according to claim 5 wherein a permission set defines multiple access permission types.
  - 8. A method according to claim 1 including a step of delivering data indicative of the set of access tokens to a software application associated with the user, wherein the file server interacts with that software application when determining whether or not to grant access to a given object.
  - 9. A method according to claim 1 wherein the set of access tokens are provided to a Security Token Service.

10. A computer implemented method for managing access to objects available via a file server by a user, the method including:
- (i) receiving data indicative of an object for ingestion;
  
  (ii) receiving data indicative of a user selection of a parent group for the object, wherein the parent group is selected from an organisational hierarchy that includes a plurality of groups organised in a hierarchical framework;
  
  (iii) receiving data indicative of one or more security parameters for the document; and
  
  (iv) defining access requirements for the document based upon the parent group and the security parameters.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. A method according to claim 10 wherein access to the document by a user is determined by reference to a set of access tokens associated with the user, with access being granted a case that the user has an access token that corresponds to the defined access requirements.
  - 12. A method according to claim 11 wherein the set of access tokens for the user is defined by a method including:
    - (i) based on data indicative of an organisational hierarchy, which provides data indicative of memberships of a plurality of users to a plurality of groups, determining a set of groups to which the user belongs; and
      
      (ii) for each group to which the user belongs, and for each unique combination of groups to which the user belongs, defining a respective access token;
      
      (iii) combining the defined access tokens into th set of access tokens, which a file server accesses thereby to determine whether or not to grant the user access to a given object.
  - 13. A method according to claim 12 including a step of identifying one or more security labels associated with the user, and wherein (ii) includes defining respective access tokens for each unique combination of groups and security labels.
  - 14. A method according to claim 13 wherein the given object is associated with a parent group defined in the organisational hierarchy and one or more security labels, and wherein, based on the parent group, the given object has defined for it a subtractive access token based upon the parent group and the security labels.
  - 15. A method according to claim 12 wherein, in each instance where a user belongs to a group, that user is associated with a permission set for that group.
  - 16. A method according to claim 15 wherein a permission set defines multiple access permission types.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Berkeley Information Technology Pty Ltd.
Original Assignee
Berkeley Information Technology Pty Ltd.
Inventors
Naglost, Mark Peter, Coles, Scott David, Klein, David, Dahl, Justin

Granted Patent

US 9,805,209 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0884   by delegation of authentica...

H04L 63/101   Access control lists [ACL]

SYSTEMS AND METHODOLOGIES FOR MANAGING DOCUMENT ACCESS PERMISSIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODOLOGIES FOR MANAGING DOCUMENT ACCESS PERMISSIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links