System and method for granting access to resources
First Claim
1. System for authorizing access to a resource requested by a user, said system comprising:
- a first table entry listing a userID and a first name of said user as an individual which validly corresponds to said userID;
a second table entry listing said userID and a second, different name of said user as an individual which validly corresponds to said userID;
a third table entry indicating that said first user name is part of a first group of individuals;
a fourth table entry indicating that said second user name is part of a second, different group of individuals;
fifth table entries listing;
said first name and a first resource accessible to said first name,said second name and a second resource accessible to said second name,said first group and a third resource accessible to said first group, andsaid second group and a fourth resource accessible to said second group; and
authorization means, responsive to receipt of a request based on said userID to access a resource and authentication of said userID, for determining based on said first table entry that said userID corresponds to said first user name, determining based on said second table entry that said userID also corresponds to said second user name, determining based on said third table entry that said first user name is part of said first group, determining based on said fourth table entry that said second user name is part of said second group, and determining based on said fifth table entries whether any of said first name, said second name, said first group or said second group is authorized to access the requested resource, and if so, granting said userID access to said requested resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for authorizing access to resources requested by a first user. To begin the process, the first user submits an ID of the first user as an individual requesting access to one of the resources. The first user is also a member of a group comprising a plurality of individual users. A first table indicates at least one group of a plurality of individual users. A second table indicates which resources are accessible by which of the users and which resources are accessible by which of the groups. An authorization program compares the first user to entries in the first table to determine which group or groups the first user is a member. Next, the authorization program compares the first user and the group or groups in which the first user is a member to entries in the second table to determine which resources the first user is authorized to access. Thus, the resources that the user ID is authorized to access are based not only on the user as an individual, but the group or groups in which the user is a member. The user need submit only one ID of the user as an individual to access both sets of resources.
60 Citations
18 Claims
-
1. System for authorizing access to a resource requested by a user, said system comprising:
-
a first table entry listing a userID and a first name of said user as an individual which validly corresponds to said userID; a second table entry listing said userID and a second, different name of said user as an individual which validly corresponds to said userID; a third table entry indicating that said first user name is part of a first group of individuals; a fourth table entry indicating that said second user name is part of a second, different group of individuals; fifth table entries listing; said first name and a first resource accessible to said first name, said second name and a second resource accessible to said second name, said first group and a third resource accessible to said first group, and said second group and a fourth resource accessible to said second group; and authorization means, responsive to receipt of a request based on said userID to access a resource and authentication of said userID, for determining based on said first table entry that said userID corresponds to said first user name, determining based on said second table entry that said userID also corresponds to said second user name, determining based on said third table entry that said first user name is part of said first group, determining based on said fourth table entry that said second user name is part of said second group, and determining based on said fifth table entries whether any of said first name, said second name, said first group or said second group is authorized to access the requested resource, and if so, granting said userID access to said requested resource. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Method for authorizing access to a resource requested by a user, said method comprising the steps of:
-
generating a first table entry listing a userID and a first name of said user as an individual which validly corresponds to said userID; generating a second table entry listing said userID and a second, different name of said user as an individual which validly corresponds to said userID; generating a third table entry indicating that said first user name is part of a first group of individuals; generating a fourth table entry indicating that said second user name is part of a second, different group of individuals; generating fifth table entries listing; said first name and a first resource accessible to said first name, said second name and a second resource accessible to said second name, said first group and a third resource accessible to said first group, and said second group and a fourth resource accessible to said second group; and in response to receipt of a request based on said userID to access a resource and authentication of said userID, automatically determining based on said first table entry that said userID corresponds to said first user name, automatically determining based on said second table entry that said userID also corresponds to said second user name, automatically determining based on said third table entry that said first user name is part of said first group, automatically determining based on said fourth table entry that said second user name is part of said second group, and automatically determining based on said fifth table entries whether any of said first name, said second name, said first group or said second group is authorized to access the requested resource, and if so, granting said userID access to said requested resource. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product for authorizing access to a resource requested by a user, said computer program product comprising:
-
a computer readable medium; first program instructions to generate a first table entry listing a userID and a first name of said user as an individual which validly corresponds to said userID; second program instructions to generate a second table entry listing said userID and a second, different name of said user as an individual which validly corresponds to said userID; third program instructions to generate a third table entry indicating that said first user name is part of a first group of individuals; fourth program instructions to generate a fourth table entry indicating that said second user name is part of a second, different group of individuals; fifth program instructions to generate fifth table entries listing; said first name and a first resource accessible to said first name, said second name and a second resource accessible to said second name, said first group and a third resource accessible to said first group, and said second group and a fourth resource accessible to said second group; and sixth program instructions, responsive to receipt of a request based on said userID to access a resource and authentication of said userID, to determine based on said first table entry that said userID corresponds to said first user name, determine based on said second table entry that said userID also corresponds to said second user name, determine based on said third table entry that said first user name is part of said first group, determine based on said fourth table entry that said second user name is part of said second group, and determine based on said fifth table entries whether any of said first name, said second name, said first group or said second group is authorized to access the requested resource, and if so, grant said userID access to said requested resource; and
whereinsaid first, second, third, fourth, fifth and sixth program instructions are recorded on said computer readable medium. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification