AUTHORITY VERIFICATION SYSTEM, AUTHORITY VERIFICATION METHOD, AND COMPUTER-READABLE STORAGE MEDIUM
First Claim
Patent Images
1. An authority verification system operable to verify an access authority for a resource, the system comprising:
- a per-resource user authority management unit configured to manage per-resource user authorities established for each resource;
a user authority management unit configured to manage user authorities;
a specification unit configured to, in accordance with an access request for a designated resource, specify, based on the per-resource user authorities managed by the per-resource user authority management unit, an authority necessary for the access request with respect to the designated resource, and to specify, based on the user authorities managed by the user authority management unit, a user authority held by a transmission source of the access request;
a refinement unit configured to decide an access authority by refining the specified user authority, by the authority necessary for the access request with respect to the designated resource that is specified by the specification unit;
a validation unit configured to determine whether access to the resource corresponding to the access request is permitted by the access authority refined by the refinement unit; and
a unit configured to permit the transmission source to access the resource in a case where it is determined that the access is permitted by the validation unit.
1 Assignment
0 Petitions
Accused Products
Abstract
A per-resource user authority management unit that manages user authorities per resource, a user authority refinement unit that refines authorities linked to a user by the per-resource user authorities, and an authority verification unit that determines whether execution of processing with respect to a resource is permitted by using an authority that has been refined by the user authority refinement unit are provided.
16 Citations
12 Claims
-
1. An authority verification system operable to verify an access authority for a resource, the system comprising:
-
a per-resource user authority management unit configured to manage per-resource user authorities established for each resource; a user authority management unit configured to manage user authorities; a specification unit configured to, in accordance with an access request for a designated resource, specify, based on the per-resource user authorities managed by the per-resource user authority management unit, an authority necessary for the access request with respect to the designated resource, and to specify, based on the user authorities managed by the user authority management unit, a user authority held by a transmission source of the access request; a refinement unit configured to decide an access authority by refining the specified user authority, by the authority necessary for the access request with respect to the designated resource that is specified by the specification unit; a validation unit configured to determine whether access to the resource corresponding to the access request is permitted by the access authority refined by the refinement unit; and a unit configured to permit the transmission source to access the resource in a case where it is determined that the access is permitted by the validation unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer readable medium storing a program for causing a computer to function as a resource server operable to provide access to a resource, the program comprising:
-
a per-resource user authority management unit configured to manage per-resource user authorities for each resource; a specification unit configured to, in accordance with an access request for a designated resource, specify, based on the per-resource user authorities managed by the per-resource user authority management unit, an authority necessary for the access request with respect to the designated resource; a unit configured to request an authentication server for determination of whether access to a resource in accordance with the access request is permitted, by an access authority based on a user authority for each user that the authentication server has, and the necessary authority specified by the specification unit; and a unit configured to permit the access to the resource when it is determined that the access is permitted on the basis of a response from the authentication server.
-
-
12. An authority verification method for verifying an access authority for a resource, which is performed by an information processing system, the method comprising:
-
managing per-resource user authorities established for each resource; managing user authorities; in accordance with an access request for a designated resource, specifying, based on the per-resource user authorities, an authority necessary for the access request with respect to the designated resource, and specifying, based on the user authorities, a user authority held by a transmission source of the access request; deciding an access authority by refining the specified user authority, by the authority necessary for the access request with respect to the designated resource; determining whether access to the resource corresponding to the access request is permitted by the access authority; and permitting the transmission source to access the resource in a case where it is determined that the access is permitted.
-
Specification