Fine-grained authorization by authorization table associated with a resource
First Claim
1. A method for determining access rights to a resource managed by an application, the method comprising:
- receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;
locating, based on the request, the resource in a structure having groupings of resources, wherein each of the groupings have similar authorization constraints for the resources therein;
reading an authorization table associated with a grouping having the resource among the groupings, wherein the authorization table comprises a mapping of one or more roles to each user, and the roles comprise one or more permitted actions;
determining, based on the reading, whether to grant the access rights for performing the action on the resource; and
whereby, assigning users to one or more of the groupings permits enhanced scalability and limited storage requirements.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource. Further, the embodiment includes locating, based on the request, the resource in a structure having groupings of resources, wherein the groupings include a grouping having the resource. Typically the groupings comprise files having mappings of resources to assigned groups, and each group has an associated authorization table mapping roles or policies to users. Further still, the embodiment includes reading an authorization table associated with the grouping having the resource, and determining whether to grant the access rights for performing the action on the resource.
-
Citations
30 Claims
-
1. A method for determining access rights to a resource managed by an application, the method comprising:
-
receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource; locating, based on the request, the resource in a structure having groupings of resources, wherein each of the groupings have similar authorization constraints for the resources therein; reading an authorization table associated with a grouping having the resource among the groupings, wherein the authorization table comprises a mapping of one or more roles to each user, and the roles comprise one or more permitted actions; determining, based on the reading, whether to grant the access rights for performing the action on the resource; and whereby, assigning users to one or more of the groupings permits enhanced scalability and limited storage requirements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device for determining access rights to a resource managed by an application, the device comprising:
-
the application operable on a computer system having a processor; an input module associated with the application for receiving a request from a user in order to perform an action on a resource; a locator module associated with the application for locating, based on the request, the resource in a structure having groupings of resources, wherein each of the groupings have similar authorization constraints for the resources therein; a reader module associated with the application for reading an authorization table associated with a grouping having the resource among the groupings, wherein the authorization table comprises a mapping of one or more roles to each user, and the roles comprise one or more permitted actions; a decision module associated with the application for determining whether to grant the access rights for performing the action on the resource; and whereby, enhanced scalability and limited storage requirements result from assigning users to one or more of the groupings. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A machine-accessible storage medium containing instructions, which when executed by a machine, cause the machine to perform operations for determining access rights to a resource managed by an application, comprising:
-
receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource; locating, based on the request, the resource in a structure having groupings of resources, wherein each of the groupings have similar authorization constraints for the resources therein; reading an authorization table associated with a grouping having the resource among the groupings, wherein the authorization table comprises a mapping of one or more roles to each user, and the roles comprise one or more permitted actions; determining, based on the reading, whether to grant the access rights for performing the action on the resource; and whereby, assigning users to one or more of the groupings permits enhanced scalability and limited storage requirements. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification