System and method for selectivety defining access to application features
First Claim
1. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
- assigning at least two attributes to said user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
storing said at least two attributes in a first table in said database;
running an application having at least two features in said computer system, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
retrieving from said first table two or more of said at least two attributes assigned to the user, one of the retrieved attributes relating to the ability to access data and one of the retrieved attributes relating to the ability to manipulate accessed data; and
enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the retrieved attributes.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system are described for defining a user'"'"'s access to one or more features of an application. One or more “attributes” are assigned to users of a computer system and stored in a data table. Each attribute has a name which designates the feature to which access is being defined, (e.g, the ability to access data within the database), and a value defining the limits of access. Attributes may be assigned in groups to eliminate the burden of preparing attribute assignments one by one for each user. When an application is run, the attributes are retrieved and enforced such that the user'"'"'s access to the features of the application is defined in accordance with the retrieved attributes.
78 Citations
28 Claims
-
1. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
-
assigning at least two attributes to said user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
storing said at least two attributes in a first table in said database;
running an application having at least two features in said computer system, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
retrieving from said first table two or more of said at least two attributes assigned to the user, one of the retrieved attributes relating to the ability to access data and one of the retrieved attributes relating to the ability to manipulate accessed data; and
enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the retrieved attributes. - View Dependent Claims (2, 3)
assigning a parent value for each actual value of said at least two attributes, whereby one or more parent-child relationships are created; and
storing said one or more parent-child value relationships in a second table in said database;
said method further comprising, prior to the enforcing step, the additional steps of;
retrieving said one or more parent-child value relationships from said second table; and
determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships.
-
-
4. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
-
assigning at least two attributes to said user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
storing said at least two attributes in a first table in said database;
running an application having at least two features in said computer system, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
retrieving from said first table in the database two or more of said at least two attributes assigned to the user, one of the retrieved attributes relating to the ability to access data and one of the retrieved attributes relating to the ability to manipulate accessed data;
providing the retrieved attributes to said running application; and
enforcing the attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the retrieved attributes. - View Dependent Claims (5, 6, 7)
assigning a parent value for each actual value of said at least two attributes; and
storing parent-child value relationships in a second table in said database;
said method further comprising, prior to the enforcing step, the additional steps of;
retrieving said parent-child value relationships from said second table; and
determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships.
-
-
8. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
-
assigning at least two attributes to a group, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
assigning said group to at least one user;
storing said group in a table in said database;
running an application having at least two features in said computer system, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
retrieving said group assigned to said user from said data table; and
enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with said at least two attributes assigned to said group retrieved from said data table. - View Dependent Claims (9)
-
-
10. A computer system comprising:
-
means for running an application, said application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
means for maintaining a database;
means for assigning at least two attributes to a user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
means for storing said at least two attributes in a first table in said database;
means for retrieving from said first table said at least two attributes assigned to the user; and
means for enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with said at least two attributes assigned to the user. - View Dependent Claims (11, 12)
means for assigning a parent value for each actual value of said at least two attributes, whereby one or more parent-child relationships are created;
means for storing said one or more parent-child value relationships in a second table in said database;
means for retrieving said one or more parent-child value relationships from said second table; and
means for determining whether any of the retrieved attributes may be discarded in accordance with said parent-child value relationships.
-
-
13. A computer system comprising:
-
means for running an application, said application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
means for maintaining a database;
means for assigning at least two attributes to a user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
means for storing said at least two attributes in a first table in said database;
means for retrieving from said first table said at least two attributes assigned to the user;
means for providing the retrieved attributes to said application; and
means for enforcing the attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with at least two attributes assigned to the user. - View Dependent Claims (14, 15, 16)
means for assigning a parent value for each actual value of said at least two attributes;
means for storing parent-child value relationships in a second table in said database;
means for retrieving said parent-child value relationships from said second table; and
means for determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships.
-
-
17. A computer system comprising:
-
means for running an application, said application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
means for maintaining a database;
means for assigning at least two attributes to a group, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
means for assigning said group to a user;
means for storing said group in a table in said database;
means for retrieving from said data table said group assigned to said user; and
means for enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with said at least two attributes assigned to said group retrieved from said data table. - View Dependent Claims (18)
-
-
19. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
-
assigning at least one attribute to said user;
storing said at least one attribute in a first table in said database;
assigning a parent value for each actual value of said at least one attribute, whereby one or more parent-child relationships are created;
storing said one or more parent-child value relationships in a second table in said database;
running an application in said computer system;
receiving from said first table one or more of said at least one attribute assigned to the user;
retrieving said one or more parent-child value relationships from said second table;
determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships; and
enforcing the retrieved attributes, whereby the user'"'"'s access to said at least one feature of said application is defined in accordance with the retrieved attributes. - View Dependent Claims (20)
-
-
21. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
-
assigning at least one attribute to said user;
storing said at least one attribute in a first table in said database;
assigning a parent value for each actual value of said at least one attribute; and
storing parent-child value relationships in a second table in said database;
running an application in said computer system;
retrieving from said first table in the database one or more of said at least one attribute assigned to the user;
providing the retrieved attributes to said running application;
retrieving said parent-child value relationships from said second table;
determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships; and
enforcing the attributes, whereby the user'"'"'s access to said at least one feature of said application is defined in accordance with the retrieved attributes. - View Dependent Claims (22, 23)
-
-
24. A computer system comprising:
-
means for running an application, said application having at least one feature;
means for maintaining a database;
means for assigning at least one attribute to a user;
means for storing said at least one attribute in a first table in said database;
means for assigning a parent value for each actual value of said at least one attribute, whereby one or more parent-child relationships are created;
means for storing said one or more parent-child value relationships in a second table in said database;
means for retrieving from said first table said at least one attribute assigned to the user;
means for retrieving said one or more parent-child value relationships from said second table;
means for determining whether any of the retrieved attributes may be discarded in accordance with said parent-child value relationships; and
means for enforcing the retrieved attributes, whereby the user'"'"'s access to said at least one feature of said application is defined in accordance with said at least one attribute assigned to the user. - View Dependent Claims (25)
-
-
26. A computer system comprising:
-
means for running an application, said application having at least one feature;
means for maintaining a database;
means for assigning at least one attribute to a user;
means for storing said at least one attribute in a first table in said database;
means for assigning a parent value for each actual value of said at least one attribute;
means for storing parent-child value relationships in a second table in said database;
means for retrieving from said first table said at least one attribute assigned to the user;
means for retrieving said parent-child value relationships from said second table;
means for determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships;
means for providing the retrieved attributes to said application; and
means for enforcing the attributes, whereby the user'"'"'s access to at least one feature of said application is defined in accordance with at least one attribute assigned to the user. - View Dependent Claims (27, 28)
-
Specification