System and method for selectivety defining access to application features

US 6,430,549 B1
Filed: 07/17/1998
Issued: 08/06/2002
Est. Priority Date: 07/17/1998
Status: Expired due to Term

First Claim

Patent Images

1. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:

assigning at least two attributes to said user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;

storing said at least two attributes in a first table in said database;

running an application having at least two features in said computer system, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;

retrieving from said first table two or more of said at least two attributes assigned to the user, one of the retrieved attributes relating to the ability to access data and one of the retrieved attributes relating to the ability to manipulate accessed data; and

enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the retrieved attributes.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are described for defining a user'"'"'s access to one or more features of an application. One or more “attributes” are assigned to users of a computer system and stored in a data table. Each attribute has a name which designates the feature to which access is being defined, (e.g, the ability to access data within the database), and a value defining the limits of access. Attributes may be assigned in groups to eliminate the burden of preparing attribute assignments one by one for each user. When an application is run, the attributes are retrieved and enforced such that the user'"'"'s access to the features of the application is defined in accordance with the retrieved attributes.

78 Citations

View as Search Results

28 Claims

1. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
- assigning at least two attributes to said user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
  
  storing said at least two attributes in a first table in said database;
  
  running an application having at least two features in said computer system, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
  
  retrieving from said first table two or more of said at least two attributes assigned to the user, one of the retrieved attributes relating to the ability to access data and one of the retrieved attributes relating to the ability to manipulate accessed data; and
  
  enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the retrieved attributes.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein more than one of the at least two features relate to the ability to access data.
  - 3. The method of claim 1 comprising, prior to the running step, the additional steps of:

4. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
- assigning at least two attributes to said user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
  
  storing said at least two attributes in a first table in said database;
  
  running an application having at least two features in said computer system, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
  
  retrieving from said first table in the database two or more of said at least two attributes assigned to the user, one of the retrieved attributes relating to the ability to access data and one of the retrieved attributes relating to the ability to manipulate accessed data;
  
  providing the retrieved attributes to said running application; and
  
  enforcing the attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the retrieved attributes.
- View Dependent Claims (5, 6, 7)
- - 5. The method of claim 4 further comprising, prior to the running step, the additional step of providing to said user a choice of one or more applications to run in accordance with the at least two attributes assigned to said user.
  - 6. The method of claim 4 wherein more than one of the at least two features relate to the ability to access data.
  - 7. The method of claim 4 comprising, prior to the running step, the additional steps of:

8. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
- assigning at least two attributes to a group, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
  
  assigning said group to at least one user;
  
  storing said group in a table in said database;
  
  running an application having at least two features in said computer system, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
  
  retrieving said group assigned to said user from said data table; and
  
  enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with said at least two attributes assigned to said group retrieved from said data table.
- View Dependent Claims (9)
- - 9. The method of claim 8 wherein said at least two attributes assigned to said group defines access only to said application.

10. A computer system comprising:
- means for running an application, said application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
  
  means for maintaining a database;
  
  means for assigning at least two attributes to a user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
  
  means for storing said at least two attributes in a first table in said database;
  
  means for retrieving from said first table said at least two attributes assigned to the user; and
  
  means for enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with said at least two attributes assigned to the user.
- View Dependent Claims (11, 12)
- - 11. The system of claim 10 wherein more than one of the at least two features relate to the ability to access data.
  - 12. The system of claim 10 further comprising:

13. A computer system comprising:
- means for running an application, said application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
  
  means for maintaining a database;
  
  means for assigning at least two attributes to a user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
  
  means for storing said at least two attributes in a first table in said database;
  
  means for retrieving from said first table said at least two attributes assigned to the user;
  
  means for providing the retrieved attributes to said application; and
  
  means for enforcing the attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with at least two attributes assigned to the user.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13 further comprising means for providing to said user a choice of one or more applications to run in accordance with said at least two attributes assigned to said user.
  - 15. The system of claim 13 wherein more than one of the least two features relate to the ability to access data.
  - 16. The system of claim 13 further comprising:

17. A computer system comprising:
- means for running an application, said application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
  
  means for maintaining a database;
  
  means for assigning at least two attributes to a group, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
  
  means for assigning said group to a user;
  
  means for storing said group in a table in said database;
  
  means for retrieving from said data table said group assigned to said user; and
  
  means for enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with said at least two attributes assigned to said group retrieved from said data table.
- View Dependent Claims (18)
- - 18. The system of claim 17 wherein said at least two attributes assigned to said group defines access only to said application.

19. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
- assigning at least one attribute to said user;
  
  storing said at least one attribute in a first table in said database;
  
  assigning a parent value for each actual value of said at least one attribute, whereby one or more parent-child relationships are created;
  
  storing said one or more parent-child value relationships in a second table in said database;
  
  running an application in said computer system;
  
  receiving from said first table one or more of said at least one attribute assigned to the user;
  
  retrieving said one or more parent-child value relationships from said second table;
  
  determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships; and
  
  enforcing the retrieved attributes, whereby the user'"'"'s access to said at least one feature of said application is defined in accordance with the retrieved attributes.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein one or more of the at least one feature relates to the ability to access data.

21. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature comprising the steps of:
- assigning at least one attribute to said user;
  
  storing said at least one attribute in a first table in said database;
  
  assigning a parent value for each actual value of said at least one attribute; and
  
  storing parent-child value relationships in a second table in said database;
  
  running an application in said computer system;
  
  retrieving from said first table in the database one or more of said at least one attribute assigned to the user;
  
  providing the retrieved attributes to said running application;
  
  retrieving said parent-child value relationships from said second table;
  
  determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships; and
  
  enforcing the attributes, whereby the user'"'"'s access to said at least one feature of said application is defined in accordance with the retrieved attributes.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, further comprising, prior to the running step, the additional step of providing to said user a choice of one or more applications to run in accordance with the at least one attribute assigned to said user.
  - 23. The method of claim 21, wherein one or more of at least one feature relates to the ability to access data.

24. A computer system comprising:
- means for running an application, said application having at least one feature;
  
  means for maintaining a database;
  
  means for assigning at least one attribute to a user;
  
  means for storing said at least one attribute in a first table in said database;
  
  means for assigning a parent value for each actual value of said at least one attribute, whereby one or more parent-child relationships are created;
  
  means for storing said one or more parent-child value relationships in a second table in said database;
  
  means for retrieving from said first table said at least one attribute assigned to the user;
  
  means for retrieving said one or more parent-child value relationships from said second table;
  
  means for determining whether any of the retrieved attributes may be discarded in accordance with said parent-child value relationships; and
  
  means for enforcing the retrieved attributes, whereby the user'"'"'s access to said at least one feature of said application is defined in accordance with said at least one attribute assigned to the user.
- View Dependent Claims (25)
- - 25. The system of claim 24, wherein one or more of the at least one feature relates to the ability to access data.

26. A computer system comprising:
- means for running an application, said application having at least one feature;
  
  means for maintaining a database;
  
  means for assigning at least one attribute to a user;
  
  means for storing said at least one attribute in a first table in said database;
  
  means for assigning a parent value for each actual value of said at least one attribute;
  
  means for storing parent-child value relationships in a second table in said database;
  
  means for retrieving from said first table said at least one attribute assigned to the user;
  
  means for retrieving said parent-child value relationships from said second table;
  
  means for determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships;
  
  means for providing the retrieved attributes to said application; and
  
  means for enforcing the attributes, whereby the user'"'"'s access to at least one feature of said application is defined in accordance with at least one attribute assigned to the user.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26, further comprising means for providing to said user a choice of one or more applications to run in accordance with said at least one attribute assigned to said user.
  - 28. The system of claim 26, wherein one or more of the least one feature relates to the ability to access data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Electronic Data Systems Corporation (Perspecta, Inc.)
Inventors
Gershfield, James N., Barger, Shawn G.
Primary Examiner(s)
Shah, Sanjiv

Application Number

US09/118,621
Time in Patent Office

1,481 Days
Field of Search

707/2, 707/9, 707/200-201, 709/225, 709/229, 370/254
US Class Current

1/1
CPC Class Codes

G06F 12/1491   in a hierarchical protectio...

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

G06F 2221/2141   Access rights, e.g. capabil...

Y10S 707/99931   Database or file accessing

Y10S 707/99932   Access augmentation or opti...

System and method for selectivety defining access to application features

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

System and method for selectivety defining access to application features

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others