Method for delegation of administrative operations in user enrollment tasks

US 7,533,157 B2
Filed: 12/24/2002
Issued: 05/12/2009
Est. Priority Date: 12/24/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of controlling administrative operations in a data store, the data store comprised of a library server and a plurality of resource managers distributed with respect to the library server, the method comprising:

defining a domain among a plurality of domains for the data store;

specifying in the library server at least one of the resource managers to be associated with the domain;

designating a domain administrator, which is able to create, retrieve, update and delete objects in the domain, for the domain; and

enabling the domain administrator to perform administrative operations within the domain with respect to information stored in the library server and information objects stored in the at least one resource manager associated with the domain without enabling the domain administrator to access information in at least one other of the plurality of domains,wherein said at least one resource manager comprises;

an HTTP server which receives a request from a user to store an object in the resource manager and which receives a request from a user to retrieve an object stored in the resource manager, said request to store an object containing a location at which the object is to be stored in the resource manager and said request to retrieve an object containing a location at which the object is stored at in the resource manager;

a file system holding the information objects; and

an object server table identifying and mapping the information objects;

wherein the library server comprises a plurality of tables which maintain information on the plurality of resource managers, holds names of each collection for each resource manager, and holds information concerning users; and

wherein the data store comprises an administration domain table which lists at a given time, identifiers of the domains defined within the data store, a descriptive name associated with each of the identifiers, an access control list for each of the domains, and a privilege set code associated with each of the domains.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of controlling access in a content management system includes defining a domain among a plurality of domains for the content management system and designating a domain administrator for the domain. This enables the domain administrator to perform administrative tasks within the domain without revealing or affecting information in other domains of the content management system. For example, a domain administrator can view user information only for users associated with that domain. The domain administrator also can associate a user with only the defined domain, thereby limiting the user'"'"'s access to information in the system to information associated with the domain.

Citations

22 Claims

1. A method of controlling administrative operations in a data store, the data store comprised of a library server and a plurality of resource managers distributed with respect to the library server, the method comprising:
- defining a domain among a plurality of domains for the data store;
  
  specifying in the library server at least one of the resource managers to be associated with the domain;
  
  designating a domain administrator, which is able to create, retrieve, update and delete objects in the domain, for the domain; and
  
  enabling the domain administrator to perform administrative operations within the domain with respect to information stored in the library server and information objects stored in the at least one resource manager associated with the domain without enabling the domain administrator to access information in at least one other of the plurality of domains,wherein said at least one resource manager comprises;
  
  an HTTP server which receives a request from a user to store an object in the resource manager and which receives a request from a user to retrieve an object stored in the resource manager, said request to store an object containing a location at which the object is to be stored in the resource manager and said request to retrieve an object containing a location at which the object is stored at in the resource manager;
  
  a file system holding the information objects; and
  
  an object server table identifying and mapping the information objects;
  
  wherein the library server comprises a plurality of tables which maintain information on the plurality of resource managers, holds names of each collection for each resource manager, and holds information concerning users; and
  
  wherein the data store comprises an administration domain table which lists at a given time, identifiers of the domains defined within the data store, a descriptive name associated with each of the identifiers, an access control list for each of the domains, and a privilege set code associated with each of the domains.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the data store is a content management system storing multimedia content.
  - 3. The method of claim 2, wherein at least one of the administrative operations the domain administrator is enabled to perform is to associate a user with said domain among the plurality of domains, thereby preventing the user'"'"'s access to information in at least one other of said plurality of domains of the content management system.
  - 4. The method of claim 2, wherein the content management system includes the administration domain table that associates the domain with a set of privileges.
  - 5. The method of claim 4, wherein the administration domain table associates the domain with an access control list.
  - 6. The method of claim 5, wherein the content management system includes a user table having a row containing a user identifier, and a user is identified by adding an identifier for the domain in said row.
  - 7. The method of claim 1, wherein the library server and the at least one resource manager each execute as separate processes.
  - 8. The method of claim 1, wherein said at least one resource manager provides at least one of translation of the information from the library server, hierarchical storage of the information objects, and transport of the information objects.
  - 9. The method of claim 1, wherein the objects stored in said at least one resource manager are indexed by collections, and wherein said collections comprise units of storage where the objects are placed and rules regarding storage and handling of the objects.
  - 10. The method of claim 1, further comprising specifying in the library server at least one collection on the at least one of the associated resource managers to be associated with the domain, said at least one collection representing a plurality of objects to be associated with the domain.
  - 11. The method of claim 1, wherein said information on the plurality of resource managers comprises a resource manager code, a name of the resource manager, at least one domain associated with the resource manager, and a network address of the resource manager.

12. A method of limiting an administrator'"'"'s actions in a content management system, the content management system comprising a library server and a plurality of resource managers distributed with respect to the library server, wherein the administrator is associated with an administrative domain defined for the content management system, the method comprising:
- determining, in response to receiving a request by the administrator to take an action with respect to information stored in the library server and information objects stored in the at least one resource manager, the domain associated with the administrator; and
  
  limiting the requested action to the information and the information objects that are associated with a domain that matches the domain associated with the administrator,wherein the administrator associated with the administrative domain is able to create, retrieve, update and delete the information objects in the domain;
  
  wherein said at least one resource manager comprises;
  
  an HTTP server which receives a request from a user to store an object in the resource manager and which receives a request from a user to retrieve an object stored in the resource manager, said request to store an object containing a location at which the object is to be stored in the resource manager and said request to retrieve an object containing a location at which the object is stored at in the resource manager;
  
  a file system holding the information objects; and
  
  an object server table identifying and mapping the information objects;
  
  wherein the library server comprises a plurality of tables which maintain information on the plurality of resource managers, holds names of each collection for each resource manager, and holds information concerning users; and
  
  wherein the content management system comprises an administration domain table which lists at a given time, identifiers of the domains defined within the content management system, a descriptive name associated with each of the identifiers, an access control list for each of the domains, and a privilege set code associated with each of the domains.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein the requested action is a listing of users identifiers of the content management system, and said limiting the requested action lists only the users'"'"' identifiers associated with the domain associated with the administrator or a public domain.
  - 14. The method of claim 12, wherein the requested action is a listing of resource managers defined in the content management system for storing content objects and said limiting the request lists only the resource managers associated with the domain associated with the administrator or a public domain.
  - 15. The method of claim 12, wherein the requested action is a listing of collections of objects defined in the content management system and stored in a resource manager, and said limiting the request lists only the collections associated with the domain associated with the administrator or a public domain.
  - 16. The method of claim 12, further comprising defining a user in the content management system and associating with the user the domain associated with the administrator.
  - 17. The method of claim 16, wherein the content management system includes a user table having a row containing an identifier for the user, and the user is associated with the domain by adding an identifier of the domain to said row containing the user identifier.
  - 18. The method of claim 12, further comprising defining a resource manager in the content management system and associating with the resource manager the domain associated with the administrator.
  - 19. The method of claim 12, further comprising defining a collection of objects stored in a resource manager in the content management system and associating with the collection the domain associated with the administrator.
  - 20. The method of claim 12, further comprising defining a super administrator by associating a predetermined domain identifier designated to allow access to all domains defined in the content management system, wherein if said administrator is a super administrator, said limiting the requested action is not performed.
  - 21. The method of claim 12, the method further comprising:
    - determining the administrator'"'"'s rights within the domain associated with the administrator; and
      
      limiting the requested action in accordance with the administrator'"'"'s rights within the domain.
  - 22. The method of claim 12, wherein the library server and the at least one resource manager each execute as separate processes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Tao, Tracee, Wang, Yuping, Nelson, Kenneth Carlin, Hu, Tawei, Vo, Mimi Phuong-Thao
Primary Examiner(s)
BATES, KEVIN T

Application Number

US10/327,329
Publication Number

US 20040122946A1
Time in Patent Office

2,331 Days
Field of Search

709/225, 709/229, 709/217, 709/219, 707/9, 707/10, 726/3, 726/6, 726/28
US Class Current

709/219
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

H04L 67/5682   Policies or rules for updat...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Y10S 707/99939   Privileged access

Method for delegation of administrative operations in user enrollment tasks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method for delegation of administrative operations in user enrollment tasks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links