×

Method for gradual deployment of user-access security within a data processing system

  • US 5,991,879 A
  • Filed: 10/23/1997
  • Issued: 11/23/1999
  • Est. Priority Date: 10/23/1997
  • Status: Expired due to Term
First Claim
Patent Images

1. A process for arbitrating an attempted access to a data processing system in which a new security system incorporating a normal validation process has been invoked, which new security system requires the submission by a requesting user of at least an identification of the requesting user, a token and an identification of the data processing system objects to which access is sought, the process comprising steps A), B), B)1), B)2), C), C)1), C)2), D), D)1), D)2), E), E)1), E)2), F), F)1), F)2), G), G)1), G)2), H), H)1), H)2), Y) and Z), which steps respectively perform the following operations when invoked:

  • A) receives a user'"'"'s request in a user-supplied data format to access a requested object in the data processing system;

    B) determines if the user-supplied data format is valid under the new security system;

    1) if the user-supplied data format is valid under the new security system, directs process flow to step C);

    2) if the user-supplied data format is not valid under the new security system, directs process flow to step D);

    C) performs the normal validation process under the new security system;

    1) if the normal validation process is successful, directs process flow to step Y);

    2) if the normal validation process is unsuccessful, directs process flow to step Z);

    D) determines if an object profile exists in the new security system for the requested object;

    1) if an object profile does not exist for the requested object, directs process flow to step C);

    2) if an object profile exists for the requested object, directs process flow to step E);

    E) determines if the profile of the requested object is locked;

    1) if the profile of the requested object is locked, directs process flow to step F);

    2) if the profile of the requested object is not locked, directs process flow to step G);

    F) determines if the object profile is application controlled;

    1) if the object profile is application controlled;

    directs process flow to step Z);

    2) if the object profile is not application controlled;

    directs process flow to step C);

    G) determines if the object profile is application controlled;

    1) if the object profile is application controlled;

    directs process flow to step Y);

    2) if the object profile is not application controlled;

    directs process flow to step H);

    H) determines if the object profile is limited;

    1) if the object profile is limited;

    directs process flow to step Z);

    2) if the object profile is not limited, directs process flow to step Y);

    Y) grants to the requesting user access to the requested object and exits the process;

    Z) denies access to the requested object and exits the process.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×