System and method for hierarchical role-based entitlements
First Claim
Patent Images
1. A method for authorization to adaptively control access to a resource, comprising the steps of:
- providing for the mapping of a principal to at least one role, wherein the at least one role is hierarchically related to the resource, the resource being part of a resource hierarchy;
wherein the resource is a portal, a portlet or a page, the resource inheriting a role from another resource higher in the resource hierarchy;
providing for the evaluation of a policy based on the at least one role; and
providing for the determination of whether to grant the principal access to the resource based on the evaluation of the policy;
wherein roles are inherited by resources lower in the resource hierarchy unless the resources lower in the resource hierarchy are associated with roles of the same name, in which case, the role inheritance is overridden.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authorization to adaptively control access to a resource, comprising the steps of providing for the mapping of a principal to at least one role, wherein the at least one role is hierarchically related to the resource; providing for the evaluation of a policy based on the at least one role; and providing for the determination of whether to grant the principal access to the resource based on the evaluation of the policy.
322 Citations
51 Claims
-
1. A method for authorization to adaptively control access to a resource, comprising the steps of:
-
providing for the mapping of a principal to at least one role, wherein the at least one role is hierarchically related to the resource, the resource being part of a resource hierarchy;
wherein the resource is a portal, a portlet or a page, the resource inheriting a role from another resource higher in the resource hierarchy;providing for the evaluation of a policy based on the at least one role; and providing for the determination of whether to grant the principal access to the resource based on the evaluation of the policy; wherein roles are inherited by resources lower in the resource hierarchy unless the resources lower in the resource hierarchy are associated with roles of the same name, in which case, the role inheritance is overridden. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 51)
-
-
11. A method for authorization for adaptively controlling access to a resource, comprising the steps of:
-
providing for the evaluation of a policy based on at least one role applicable to a principal attempting to access the resource, the resource being part of a resource hierarchy;
wherein the resource is a portal, a portlet or a page, the resource inheriting a role from another resource higher in the resource hierarchy;providing for the granting of access to the resource based on the evaluation; and wherein the resource, the policy and the at least one role are hierarchically related; wherein roles are inherited by resources lower in the resource hierarchy unless the resources lower in the resource hierarchy are associated with roles of the same name, in which case, the role inheritance is overridden. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for authorization for adaptively controlling access to a resource, comprising the steps of:
-
providing to a security framework information pertaining to a principal and the resource, the resource being part of a resource hierarchy;
wherein the resource is a portal, a portlet or a page, the resource inheriting a role from another resource higher in the resource hierarchy; andutilizing the security framework to provide an authorization result based on evaluating at least one security policy by associating at least one role to the principal; and wherein the resource, the security policy, and the at least one role are hierarchically related; wherein roles are inherited by resources lower in the resource hierarchy unless the resources lower in the resource hierarchy are associated with roles of the same name, in which case, the role inheritance is overridden. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer-based system for authorization adapted for controlling access to a resource, comprising:
-
at least one processor and at least one memory, the at least one processor and at least one memory implementing; at least one role-mapper to map a principal to at least one role, wherein the at least one role is hierarchically related to the resource, the resource being part of a resource hierarchy;
wherein the resource is a portal, a portlet or a page, the resource inheriting a role from another resource higher in the resource hierarchy;at least one authorizer coupled to the at least one role-mapper, the at least one authorizer to determine if a policy is satisfied based on the at least one role; and an adjudicator coupled to the at least one authorizer, the adjudicator to render a final decision based on the determination of the at least one authorizer; wherein roles are inherited by resources lower in the resource hierarchy unless the resources lower in the resource hierarchy are associated with roles of the same name, in which case, the role inheritance is overridden. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method for authorization to adaptively control access to a resource in an enterprise application, comprising the steps of:
-
providing for the mapping of a principal to at least one role, wherein the at least one role is hierarchically related to the resource, the resource being part of a resource hierarchy;
wherein the resource is a portal, a portlet or a page, the resource inheriting a role from another resource higher in the resource hierarchy;providing for the evaluation of a policy based on the at least one role; and providing for the determination of whether to grant the principal access to the resource based on the evaluation of the policy; and wherein the at least one role, the policy and the resource are part of an enterprise application; wherein roles are inherited by resources lower in the resource hierarchy unless the resources lower in the resource hierarchy are associated with roles of the same name, in which case, the role inheritance is overridden. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50)
-
Specification