System and method for incremental refresh of a compiled access control table in a content management system
First Claim
1. A computer implemented method for authorizing access to an entity in a content management system by a user by reference to a single table which compiles access control information from a plurality of tables including an access control list table and a table of sets of user privileges, comprising:
- binding said access control list table to each said entity;
specifying for said user a set of user privileges;
intersecting said access control list and said set of user privileges in a computer generated access control list (ACL) table, columns of said table including user kind, user identifier, ACL code, a privilege set comprising a privilege set code and a privilege definition code, and a group user identifier;
incrementally refreshing said computer generated ACL table responsive to run time modification of said access control list or set of user privileges, said incrementally refreshing including, responsive to modification of said privilege set, accessing during on-line execution to affect only rows of said computer generated ACL table having a corresponding privilege set code.
3 Assignments
0 Petitions
Accused Products
Abstract
System and method for authorizing access to an entity by a user, by binding an access control list to each entity; specifying for the user a set of user privileges; intersecting the access control list and set of user privileges in a compiled ACL table; incrementally refreshing the compiled ACL table responsive to run time modification of relevant tables containing the access control list and set of user privileges; and referencing the compiled access control list to authorize a user request to access an entity.
-
Citations
25 Claims
-
1. A computer implemented method for authorizing access to an entity in a content management system by a user by reference to a single table which compiles access control information from a plurality of tables including an access control list table and a table of sets of user privileges, comprising:
-
binding said access control list table to each said entity; specifying for said user a set of user privileges; intersecting said access control list and said set of user privileges in a computer generated access control list (ACL) table, columns of said table including user kind, user identifier, ACL code, a privilege set comprising a privilege set code and a privilege definition code, and a group user identifier; incrementally refreshing said computer generated ACL table responsive to run time modification of said access control list or set of user privileges, said incrementally refreshing including, responsive to modification of said privilege set, accessing during on-line execution to affect only rows of said computer generated ACL table having a corresponding privilege set code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer system for authorizing access to an entity in content management system by a user by reference to a single table which compiles access control information from a plurality of tables including an access control list table and a table of sets of user privileges, comprising:
-
an access control list bound to said entity;
a set of user privileges;a computer generated access control list (ACL) table, columns of said ACL table including user kind, user identifier, ACL code, a privilege set comprising a privilege set code and privilege definition code, and a group user identifier; a content manager for intersecting said access control list and said set of user privileges in said computer generated ACL table, and for incrementally refreshing said computer generated ACL table responsive to run time modification of said access control list or said set of user privileges, said incrementally refreshing including, responsive to modification of said privilege set, accessing during on-line execution and affecting only rows of said computer generated ACL table having a corresponding privilege set code. - View Dependent Claims (21, 22)
-
-
23. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access to an entity in a content management system by a user by reference to a single table which compiles access control information from a plurality of tables including an access control list table and a table of sets of user privileges, comprising:
-
binding an access control list to each said entity; specifying for said user a set of user privileges; intersecting said access control list and said set of user privileges in a computer generated ACL table, columns of said table including user kind, user identifier, ACL code, a privilege set comprising a privilege set code and privilege definition code, and a group user identifier; incrementally refreshing said computer generated ACL table responsive to run time modification of said access control list or set of user privileges, said incrementally refreshing including, responsive to modification of said privilege set, accessing during on-line execution and affecting only rows of said computer generated ACL table having a corresponding privilege set code. - View Dependent Claims (24, 25)
-
Specification