System and method for configurable binding of access control lists in a content management system
First Claim
Patent Images
1. Method for authorizing access to a controlled entity by a user, comprising:
- binding an access control list (ACL) to each said controlled entity to enforce an ACL binding level selectively at item type, item, mixed, and library level;
responsive to said ACL binding level, performing ACL checking for authorizing access to said controlled entity by said user;
said item type comprising one or more component items with each component item having one or more item views which together form an item type view;
configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; and
responsive to said mixed level,for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view;
for a get item type request, returning said item type and said item type view for an item type view granted said access;
for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and
for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
for a get item request, executing said ACL check for each said item in said item type.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authorizing access to a controlled entity by a user. A set of user privileges is provided for user; and a content manager intersects an access control list (ACL) and the set of user privileges to authorize access. Binding level control indicia selectively binds an access control list (ACL) to the controlled entity at item type, item, mixed, or library binding level. An item type comprises one or more component items with each component item having one or more item views which together form an item type view. A content manager is responsive to the binding level to perform ACL checking for authorizing access to the controlled entity by the user.
-
Citations
4 Claims
-
1. Method for authorizing access to a controlled entity by a user, comprising:
-
binding an access control list (ACL) to each said controlled entity to enforce an ACL binding level selectively at item type, item, mixed, and library level; responsive to said ACL binding level, performing ACL checking for authorizing access to said controlled entity by said user; said item type comprising one or more component items with each component item having one or more item views which together form an item type view; configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; and
responsive to said mixed level,for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view; for a get item type request, returning said item type and said item type view for an item type view granted said access;
for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; andfor said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
for a get item request, executing said ACL check for each said item in said item type.
-
-
2. Method for authorizing access to a controlled entity by a user, comprising:
-
binding an access control list (ACL) to each said controlled entity to enforce an ACL binding level selectively at item type item, mixed, and library level; and responsive to said ACL binding level, performing ACL checking for authorizing access to said controlled entity by said user; said item type comprising one or more component items with each component item having one or more item views which together form an item type view; specifying for said user a set of user privileges; intersecting said ACL and said set of user privileges to authorize said access; providing a library level ACL; configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; responsive to said item type level; checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view; for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; and for a get item request, enabling access to said items corresponding to said item type view for which said access is granted; responsive to said item level; for a get item type request, returning all said item types and item type views; and for a get item request, checking said ACL for said item for selectively granting access to said item; responsive to said mixed level, for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view;
for a get item type request, returning said item type and said item type view for an item type view granted said access; and
for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; andfor said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
for a get item request, executing said ACL check for each said item in said item type; andresponsive to said library level, for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and
for a get item request, checking said library level ACL to selectively grant access to said item.
-
-
3. System for authorizing access to a controlled entity by a user, comprising:
-
binding level control indicia selectively binding an access control list (ACL) to said controlled entity to enforce an ACL binding level selectively at item type, item, mixed, and library binding level; a content manager responsive to said binding level for performing ACL checking for authorizing access to said controlled entity by said user; said item type comprising one or more component items with each component item having one or more item views which together form an item type view; said binding level control indicia configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; and said content manager responsive to said mixed level;
for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view;
for a get item type request, returning said item type and said item type view for an item type view granted said access;
for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and
for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
for a get item request, executing said ACL check for each said item in said item type.
-
-
4. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access to a controlled entity by a user, according to a method comprising:
-
binding an access control list (ACL) to said controlled entity to enforce an ACL binding level selectively at item type, item, mixed, and library level; responsive to said ACL binding level, performing ACL checking for authorizing access to said controlled entity by said user; said item type comprising one or more component items with each component item having one or more item views which together form an item type view; specifying for said user a set of user privileges; intersecting said ACL and said set of user privileges to authorize said access; providing a library level ACL; configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; responsive to said item type level; checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view; for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; and for a get item request, enabling access to said items corresponding to said item type view for which said access is granted; responsive to said item level; for a get item type request, returning all said item types and item type views; and for a get item request, checking said ACL for said item for selectively granting access to said item; responsive to said mixed level, for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view;
for a get item type request, returning said item type and said item type view for an item type view granted said access; and
for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; andfor said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and
for a get item request, executing said ACL check for each said item in said item type; andresponsive to said library level, for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and
for a get item request, checking said library level ACL to selectively grant access to said item.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsWang, Yuping, Yaung, Alan Tsu-I, Liang, Lily, Hu, Tawei, Chen, An Feng-I, Lin, Jy-Jine James, Perry, Edward Joseph, Zhang, Howard Hao
-
Primary Examiner(s)Ferris; Fred
-
Assistant Examiner(s)PATEL, SHAMBHAVI K
-
Application NumberUS10/131,634Publication NumberTime in Patent Office1,974 DaysField of Search726/1, 726/4, 713/200, 713/201US Class Current703/27CPC Class CodesG06F 21/6218 to a system of files or obj...Y10S 707/99942 Manipulating data structure...
