System and method for inheriting access control rules
First Claim
Patent Images
1. A computer-implemented method, comprising:
- inserting at least one data item associated with first access control rules into at least one data container associated with second access control rules;
selecting which access control rules to apply to the item; and
applying one of;
the first access control rules, and the second access control rules, to the item, based on the selecting act, the item being contained in plural containers, each container being associated with a respective set of access control rules, wherein access to the item is possible via plural access paths, wherein the first access control rules apply only to the item and the second access control rules can apply to all items in the container, the access control rules being selected from the group including read access control rules, insertion access control rules, update access control rules, and delete access control rules.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are provided for an information management system (IMS) having an underlying relational database system (RDBMS) that allows an item to be associated with plural containers, and one of the containers is designated as the item'"'"'s primary container. Inheritance of the primary container'"'"'s access control rules can be activated, and when it is, the container'"'"'s access control rules are automatically used to access the item. Otherwise, the item'"'"'s access control rules are used. The container'"'"'s rules can be propagated through many levels of containers/items.
83 Citations
13 Claims
-
1. A computer-implemented method, comprising:
-
inserting at least one data item associated with first access control rules into at least one data container associated with second access control rules;
selecting which access control rules to apply to the item; and
applying one of;
the first access control rules, and the second access control rules, to the item, based on the selecting act, the item being contained in plural containers, each container being associated with a respective set of access control rules, wherein access to the item is possible via plural access paths, whereinthe first access control rules apply only to the item and the second access control rules can apply to all items in the container, the access control rules being selected from the group including read access control rules, insertion access control rules, update access control rules, and delete access control rules. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer programmed with instructions to selectively apply at least one access control rule associated with a container to at least one item associated with the container, the instructions embodying method acts comprising:
-
selecting whether to activate inheritance of the container'"'"'s access control rule; and
applying the container'"'"'s access control rule to the item only when inheritance is activated, wherein the container'"'"'s access control rule pertain to all items in the container for which inheritance is activated, and individual item access control rules are applied to items in the container for which inheritance is not activated, the access control rules being selected from the group including read access control rules, insertion access control rules, update access control rules, and delete access control rules. - View Dependent Claims (7, 8, 9, 10)
designating one of the containers as a primary container; and
applying the access control rules of the primary container to the item.
-
-
10. The computer of claim 9, wherein the method acts embodied by the instructions further comprise propagating the container access control rules through plural levels of containers.
-
11. A computer program product including computer usable code means programmed with logic for establishing access control rules for an item in an information management system (IMS) for an application directly communicating with a relational database management system (RDBMS) associated with the IMS, the program product comprising:
-
computer readable code means for selecting a primary container for the item;
computer readable code means for activating inheritance of access control from container to item; and
computer readable code means for applying container access control rules to the item when the application seeks to access the item, wherein the container'"'"'s access control rules pertain to all items in the container for which inheritance is activated, and individual item access control rules are applied to items in the container for which inheritance is not activated, the access control rules being selected from the group including read access control rules, insertion access control rules, update access control rules, and delete access control rules. - View Dependent Claims (12, 13)
computer readable code means for inserting the item into plural containers; and
computer readable code means for selecting which container is the primary container.
-
-
13. The computer program product of claim 12, further comprising computer readable code means for propagating the container access control rules through plural levels of containers.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsChoy, David Mun-Hien
-
Primary Examiner(s)Pardo, Thuy N.
-
Application NumberUS09/609,810Time in Patent Office1,457 DaysField of Search707/4, 707/9, 707/10, 707/104, 707/203, 707/102, 707/103, 707/166, 707/206, 345/727, 706/45, 709/201US Class Current1/1CPC Class CodesG06F 16/21 Design, administration or m...G06F 21/6227 where protection concerns t...G06F 2221/2145 Inheriting rights or proper...Y10S 707/99934 Query formulation, input pr...Y10S 707/99939 Privileged accessY10S 707/99943 Generating database or data...
