Method and system for controlling public access to a plurality of data objects within a data processing system
First Claim
Patent Images
1. A method in a data processing system for controlling public access to a plurality of data objects stored therein, said data processing system having an access control profile associated with each data object stored therein, each access control profile including:
- an explicit authorization parameter listing the identity of a user and the authorization level granted to that user;
a shared authorization parameter setting forth a shared authorization list associated with the access control profile of each of a plurality of data objects and containing the identities of a plurality of users and the authorization level granted to each listed user; and
, a public authorization parameter listing the authorization level granted to each user not specifically identified within said access control profile, said method comprising the data processing system implemented steps of;
creating and storing within said shared authorization list a "public" user identity for users not specifically identified within the access control profiles of the plurality of data objects;
listing within said shared authorization list within said data processing system an authorization level for said "public" user identity for all of a plurality of data objects within said data processing system;
listing said shared authorization list within a shared authorization parameter within the access control profile of each of said plurality of data objects within said data processing system;
storing a reference within said public authorization parameter to said shared authorization parameter within the access control profile of each of said plurality of data objects within said data processing system; and
thereafter, controlling public access for each of said plurality of data objects by;
accessing said shared authorization parameter by accessing said reference to said shared authorization parameter stored within said public authorization parameter within the access control profile of a selected one of said plurality of data objects in response to an attempted access by a user after it is determined that the user is not listed within said explicit authorization parameter for said selected one of said plurality of data objects;
accessing said shared authorization list set forth within said shared authorization parameter within the access control profile of said selected one of said plurality of data objects; and
granting access to said selected one of said plurality of data objects by said user not listed within said explicit authorization parameter for said selected one of said plurality of data objects in accordance with an authorization level granted to said "public" user identity within said shared authorization list for said selected one of said plurality of data objects.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system is disclosed for efficiently controlling public access to a plurality of data objects stored within a data processing system. An access control profile is associated with each data object. Each access control profile preferably includes an explicit authorization parameter listing the identity of a particular user and the authorization level granted to that user; a shared authorization parameter listing the identities of a plurality of users and the authorization level granted to each listed user; and, a public authorization parameter listing the authorization level granted to each user not specifically set forth within the access control profile. A single "public" user identity is then defined for all users not specifically set forth within the access control profile, and that identity, as well as a public authorization level for an entire group of data objects is listed within a single shared authorization parameter. That shared authorization parameter is then placed within the access control profile of each data object within the group. Thereafter, a reference to the shared authorization parameter is placed within the public authorization parameter of each data object within the group so that public access to the entire group of data objects may be centrally controlled by means of a single shared authorization parameter.
-
Citations
4 Claims
-
1. A method in a data processing system for controlling public access to a plurality of data objects stored therein, said data processing system having an access control profile associated with each data object stored therein, each access control profile including:
- an explicit authorization parameter listing the identity of a user and the authorization level granted to that user;
a shared authorization parameter setting forth a shared authorization list associated with the access control profile of each of a plurality of data objects and containing the identities of a plurality of users and the authorization level granted to each listed user; and
, a public authorization parameter listing the authorization level granted to each user not specifically identified within said access control profile, said method comprising the data processing system implemented steps of;creating and storing within said shared authorization list a "public" user identity for users not specifically identified within the access control profiles of the plurality of data objects; listing within said shared authorization list within said data processing system an authorization level for said "public" user identity for all of a plurality of data objects within said data processing system; listing said shared authorization list within a shared authorization parameter within the access control profile of each of said plurality of data objects within said data processing system; storing a reference within said public authorization parameter to said shared authorization parameter within the access control profile of each of said plurality of data objects within said data processing system; and thereafter, controlling public access for each of said plurality of data objects by; accessing said shared authorization parameter by accessing said reference to said shared authorization parameter stored within said public authorization parameter within the access control profile of a selected one of said plurality of data objects in response to an attempted access by a user after it is determined that the user is not listed within said explicit authorization parameter for said selected one of said plurality of data objects; accessing said shared authorization list set forth within said shared authorization parameter within the access control profile of said selected one of said plurality of data objects; and granting access to said selected one of said plurality of data objects by said user not listed within said explicit authorization parameter for said selected one of said plurality of data objects in accordance with an authorization level granted to said "public" user identity within said shared authorization list for said selected one of said plurality of data objects. - View Dependent Claims (2)
- an explicit authorization parameter listing the identity of a user and the authorization level granted to that user;
-
3. A data processing system for controlling public access to a plurality of data objects stored therein, said data processing system having an access control profile associated with each data object stored therein, each access control profile including:
- an explicit authorization parameter listing the identity of a user and the authorization level granted to that user;
a shared authorization parameter setting forth a shared authorization list associated with the access control profile of each of a plurality of data objects and containing the identities of a plurality of users and the authorization level granted to each listed user; and
, a public authorization parameter listing the authorization level granted to each user not specifically identified within said access control profile, said data processing system comprising;a storage device; storage means for storing within said storage device within said shared authorization list a "public" user identity created for users not specifically identified within the access control profiles of the plurality of data objects, means for listing within said shared authorization list an authorization level for said "public" user identity for all of a plurality of data objects within said data processing system; means for listing said shared authorization list within a shared authorization parameter within the access control profile of each of said plurality of data objects within said data processing system; means for storing a reference within said public authorization parameter to said shared authorization parameter within the access control profile of each of said plurality of data objects within said data processing system; and control means for controlling public access for each of said plurality of data objects, the control means including; means for accessing said shared authorization parameter by accessing said reference to said shared authorization parameter stored within said public authorization parameter within the access control profile of a selected one of said plurality of data objects in response to an attempted access by a user after it is determined that the user is not listed within said explicit authorization parameter for said selected one of said plurality of data objects; means for accessing said shared authorization list set forth within said shared authorization parameter within the access control profile of said selected one of said plurality of data objects; and means for granting access to said selected one of said plurality of data objects in accordance with an authorization level granted to said "public" user identity within said shared authorization list for said selected one of said plurality of data objects. - View Dependent Claims (4)
- an explicit authorization parameter listing the identity of a user and the authorization level granted to that user;
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsWang, Diana S.
-
Primary Examiner(s)Kriess, Kevin A.
-
Assistant Examiner(s)Chaki, Kakali
-
Application NumberUS07/528,624Time in Patent Office1,811 DaysField of Search364/DIG. 1, 364/DIG. 2, 395/600, 395/700US Class Current726/21CPC Class CodesG06F 21/6218 to a system of files or obj...G06F 2221/2141 Access rights, e.g. capabil...
