System and method for selectively defining access to application features
First Claim
Patent Images
1. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature, comprising:
- running an application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
retrieving from a database two or more attributes assigned to a user, one of the retrieved attributes relating to the ability to access data and one of the retrieved attributes relating to the ability to manipulate accessed data; and
enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the retrieved attributes.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system are described for defining a user'"'"'s access to one or more features of an application. One or more “attributes” are assigned to users of a computer system and stored in a data table. Each attribute has a name which designates the feature to which access is being defined, (e.g., the ability to access data within the database), and a value defining the limits of access. Attributes may be assigned in groups to eliminate the burden of preparing attribute assignments one by one for each user. When an application is run, the attributes are retrieved and enforced such that the user'"'"'s access to the features of the application is defined in accordance with the retrieved attributes.
42 Citations
28 Claims
-
1. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature, comprising:
-
running an application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data;
retrieving from a database two or more attributes assigned to a user, one of the retrieved attributes relating to the ability to access data and one of the retrieved attributes relating to the ability to manipulate accessed data; and
enforcing the retrieved attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the retrieved attributes. - View Dependent Claims (2, 3, 4, 5)
retrieving one or more parent-child value relationships from said database; and
determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships.
-
-
4. The method of claim 1 further comprising, providing a user a choice of applications to run in accordance with the at least two attributes assigned to said user.
-
5. The method of claim 4 wherein the applications provide access to different data based on the same attribute.
-
6. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature, comprising:
-
assigning at least two attributes to a user, one of the attributes relating to the ability to access data and one of the attributes relating to the ability to manipulate accessed data;
running an application having at least two features, one of the features relating to the ability to access data and one of the features relating to the ability to manipulate accessed data; and
enforcing the attributes, whereby the user'"'"'s access to data and ability to manipulate accessed data is defined in accordance with the assigned attributes. - View Dependent Claims (7, 8, 9, 10)
assigning a parent value for at least one actual value of said at least two attributes; and
determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships.
-
-
11. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature, comprising:
-
running an application;
retrieving from a database at least one attribute assigned to a user and a parent-child value relationship for at least one of the attributes;
determining whether any of the retrieved attributes may be discarded in accordance with any of the retrieved parent-child value relationships; and
enforcing the retrieved attributes, whereby the user'"'"'s access to said at least one feature of said application is defined in accordance with the retrieved attributes. - View Dependent Claims (12, 13, 14)
-
-
15. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature, comprising:
-
assigning at least one attribute to a user and a parent-child value relationship to at least one of the attributes;
running an application in said computer system;
determining whether any of the attributes may be discarded in accordance with any of the parent-child value relationships; and
enforcing the assigned attributes, whereby the user'"'"'s access to said at least one feature of said application is defined in accordance with the assigned attributes. - View Dependent Claims (16, 17, 18)
-
-
19. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature, comprising:
-
running an application having a feature relating to the ability to manipulate accessed data;
retrieving from a database at least one attribute assigned to a user, at least one of the retrieved attributes relating to the ability to manipulate accessed data; and
enforcing the retrieved attributes, whereby the user'"'"'s ability to manipulate accessed data is defined in accordance with the retrieved attributes. - View Dependent Claims (20, 21, 22, 23)
retrieving at least one parent-child value relationship from said database; and
determining whether any of the retrieved attributes may be discarded in accordance with the retrieved parent-child value relationships.
-
-
22. The method of claim 19 further comprising providing a user a choice of applications to run in accordance with the attributes assigned to a user.
-
23. The method of claim 22 wherein the applications provide access to different data based on the same attribute.
-
24. In a computer system capable of running at least one application and maintaining a database, each application having at least one feature, a method for defining a user'"'"'s access to said at least one feature, comprising:
-
assigning at least one attribute to a user, at least one of the attributes relating to the ability to manipulate accessed data;
running an application having a feature relating to the ability to manipulate accessed data; and
enforcing the assigned attributes, whereby the user'"'"'s ability to manipulate accessed data is defined in accordance with the assigned attributes. - View Dependent Claims (25, 26, 27, 28)
assigning a parent value for at least one actual value of said at least one attribute, whereby one or more parent-child relationships are created; and
determining whether any of the assigned attributes may be discarded in accordance with the assigned parent-child value relationships.
-
-
27. The method of claim 24 further comprising, providing to said user a choice of one or more applications to run in accordance with the at least two attributes assigned to said user.
-
28. The method of claim 27 wherein the applications provide access to different data based on the same attribute.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
-
Original AssigneeElectronic Data Systems Corporation (Perspecta, Inc.)
-
InventorsGershfield, James N., Barger, Shawn G.
-
Primary Examiner(s)Shah, Sanjiv
-
Application NumberUS10/164,511Publication NumberTime in Patent Office369 DaysField of Search707/2, 707/200, 707/9, 707/201, 707/1, 709/225, 709/229, 370/254US Class Current1/1CPC Class CodesG06F 12/1491 in a hierarchical protectio...G06F 21/6218 to a system of files or obj...G06F 21/629 to features or functions of...G06F 2221/2141 Access rights, e.g. capabil...Y10S 707/99931 Database or file accessingY10S 707/99932 Access augmentation or opti...
