System and method for administering security in a corporate portal
First Claim
1. A method for administering portal security for an object, comprising:
- extracting a native security setting comprising identities of external users or external groups, or both, from a native environment of the object;
mapping, according to a predetermined process that is executed according to information maintained in a portal database, the native security setting into a portal security setting associated with a portal that comprises a metadata object;
associating in the portal said portal security setting with the object according to a predetermined security relationship;
instantiating the predetermined security relationship between the metadata object and the corresponding native security setting;
granting viewing or exposure access to the object by a particular user or group, or combinations thereof, andwherein said information maintained in the portal database comprises;
portal user and portal group information including membership information relating the portal users to portal groups; and
one or more synchronization maps that maps external groups or domains, or both, to one or more intermediate sets of identifiers.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and computer program product for corporate portal security are provided, wherein security information corresponding to an external object imported into the corporate portal is automatically mapped from the object'"'"'s native security system into the corporate portal system. For each external object imported, the corporate portal maps external users and external groups identified by the native security into corresponding portal users and portal groups according to a predefined mapping process, and stores the results in a manner that associates the external object with those portal users and portal groups. A plurality of database tables and maps determines the outcome of the predefined mapping process. Advantageously, when new external users or groups are added, they are detected by a synchronization agent which then automatically updates the database tables and maps. When custom group security configurations are desired, or when new domains are added, the portal administrator may manipulate a subset of the database tables and maps to achieve the desired configuration. Advantageously, manually intensive operations such as object-by-object security stampings, and/or re-manipulation of individual security settings associated with re-instantiated crawls, are avoided.
-
Citations
18 Claims
-
1. A method for administering portal security for an object, comprising:
-
extracting a native security setting comprising identities of external users or external groups, or both, from a native environment of the object; mapping, according to a predetermined process that is executed according to information maintained in a portal database, the native security setting into a portal security setting associated with a portal that comprises a metadata object; associating in the portal said portal security setting with the object according to a predetermined security relationship; instantiating the predetermined security relationship between the metadata object and the corresponding native security setting; granting viewing or exposure access to the object by a particular user or group, or combinations thereof, and wherein said information maintained in the portal database comprises; portal user and portal group information including membership information relating the portal users to portal groups; and one or more synchronization maps that maps external groups or domains, or both, to one or more intermediate sets of identifiers. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A corporate portal apparatus, comprising one or more processor readable storage devices having processor readable code embodied thereon for programming a one or more processors to perform a method of administering portal security for an object, said processor readable code comprising component modules including:
-
a crawler for accessing external objects in external domains; a security extraction utility for extracting native security information, comprising identities of external users or external groups, or both, corresponding to the external objects from one or more security systems of the external domains; and a database comprising information for mapping, according to a predetermined process that is executed according to information maintained in a portal database, the extracted native security information into a security system of the corporate portal that comprises a metadata object; and wherein the apparatus comprises said one or more processors for performing said method which further includes instantiating the predetermined security relationship between the metadata object and the corresponding native security setting, and wherein said information maintained in the portal database comprises; portal user and portal group information including membership information relating the portal users to portal groups; and one or more synchronization maps that maps external groups or domains, or both, to one or more intermediate sets of identifiers, and wherein the security system of the corporate portal regulates exposure of portal metadata objects corresponding to the external objects based on the mapped security information. - View Dependent Claims (9, 10, 11)
-
-
12. One or more computer readable media encoded with a processor-readable computer program product for implementing a method of administering portal security for an object, the method comprising:
-
extracting a native security setting comprising identities of external users or external groups, or both, from a native environment of the object; mapping, according to a predetermined process that is executed according to information maintained in a portal database, the native security setting into a portal security setting associated with a portal that comprises a metadata object; associating in the portal said portal security setting with the object according to a predetermined security relationship; instantiating the predetermined security relationship between the metadata object and the corresponding native security setting; and granting viewing or exposure access to the object by a particular user or group, or combinations thereof, and wherein said information maintained in the portal database comprises; portal user and portal group information including membership information relating the portal users to portal groups; and one or more synchronization maps that maps external groups or domains, or both, to one or more intermediate sets of identifiers. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification