ACCESS CONTROL FOR OBJECTS HAVING ATTRIBUTES DEFINED AGAINST HIERARCHICALLY ORGANIZED DOMAINS CONTAINING FIXED NUMBER OF VALUES
First Claim
1. A method of controlling access to objects having attributes defined against hierarchically organized domains, with each domain containing a corresponding fixed number of values, said method comprising:
- receiving data indicating a plurality of hierarchies of said hierarchically organized domains;
displaying the values of the corresponding domains in each hierarchy of said plurality of hierarchies;
enabling a user to select a first set of values from the displayed values of the corresponding domains;
enabling said user to specify a security rule for a combination of said first set of values and a user entity; and
enforcing said security rule when objects having attributes matching said first set of values are accessed by said user entity.
1 Assignment
0 Petitions
Accused Products
Abstract
An aspect of the present disclosure facilitates controlling access to objects having attributes defined against hierarchically organized domains, with each domain containing a corresponding fixed number of values. In one embodiment, in response to receiving data indicating specific hierarchies of the hierarchically organized domains, the corresponding fixed number of values of the corresponding domains in each hierarchy is displayed. Accordingly, a user is enabled to select a desired set of values from the corresponding fixed number of values of the corresponding domains, and to specify a security rule for a combination of the selected set of values and a user entity. The security rule is thereafter enforced when objects having attributes matching the selected set of values are accessed by the user entity.
22 Citations
20 Claims
-
1. A method of controlling access to objects having attributes defined against hierarchically organized domains, with each domain containing a corresponding fixed number of values, said method comprising:
-
receiving data indicating a plurality of hierarchies of said hierarchically organized domains; displaying the values of the corresponding domains in each hierarchy of said plurality of hierarchies; enabling a user to select a first set of values from the displayed values of the corresponding domains; enabling said user to specify a security rule for a combination of said first set of values and a user entity; and enforcing said security rule when objects having attributes matching said first set of values are accessed by said user entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory machine readable medium storing one or more sequences of instructions for enabling a system to control access to objects having attributes defined against hierarchically organized domains, with each domain containing a corresponding fixed number of values, wherein execution of said one or more instructions by one or more processors contained in said system enables said system to perform the actions of:
-
receiving data indicating a plurality of hierarchies of said hierarchically organized domains; displaying the values of the corresponding domains in each hierarchy of said plurality of hierarchies; enabling a user to select a first set of values from the displayed values of the corresponding domains; enabling said user to specify a security rule for a combination of said first set of values and a user entity; and enforcing said security rule when objects having attributes matching said first set of values are accessed by said user entity. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computing system comprising:
-
a relational database server to store a plurality of objects having attributes defined against hierarchically organized domains, with each domain containing a corresponding fixed number of values; an administrator system operable to; receive data indicating a plurality of hierarchies of said hierarchically organized domains; display the values of the corresponding domains in each hierarchy of said plurality of hierarchies; enable a user to select a first set of values from the displayed values of the corresponding domains; and enable said user to specify a security rule for a combination of said first set of values and a user entity; and a server system operable to; receive a user request from said user entity; determine that a first object having attributes matching said first set of values is to be accessed for processing said user request; and enforce said security rule as against said first object in processing said user request, as a response to said user having specified said security rule for said combination of said first set of values and said user entity. - View Dependent Claims (19, 20)
-
Specification