Access control apparatus, access control method, access control program, recording medium, access control data, and relation description data
First Claim
1. An access control apparatus that controls access to a predetermined resource, comprising:
- user relationship definition information defining a predetermined relationship of a user attempting to access the predetermined resource with a further user which is different from the user attempting to access;
indirect access control information defining an access right to the predetermined resource based on the predetermined relationship;
an indirect access right determining unit that detects the further user with which the user has the predetermined relationship based on the user relationship definition information, and determines an access right of the user based on the predetermined relationship with the detected further user and the indirect access control information,direct access control information defining the access right to the predetermined resource on a per user basis or on a per user category basis; and
a direct access right determining unit that determines the access right of the user based on the direct access control information,wherein the indirect access right determining unit determines the access right of the user based on an access right of the further user which further user access right is determined based on the direct access control information,wherein, if a determination result by the direct access right determining unit is negative, the indirect access right determining unit determines the access right of the user.
1 Assignment
0 Petitions
Accused Products
Abstract
An access control apparatus is disclosed that controls access to a predetermined resource. The access control apparatus includes entity relationship definition information defining a predetermined relationship of a first entity attempting to access the predetermined resource with a second entity, indirect access control information defining an access right to the predetermined resource based on the predetermined relationship, and an indirect access right determining unit that detects the second entity with which the first entity has the predetermined relationship based on the entity relationship definition information, and determines an access right of the first entity based on the predetermined relationship with the detected second entity and the indirect access control information.
25 Citations
16 Claims
-
1. An access control apparatus that controls access to a predetermined resource, comprising:
-
user relationship definition information defining a predetermined relationship of a user attempting to access the predetermined resource with a further user which is different from the user attempting to access; indirect access control information defining an access right to the predetermined resource based on the predetermined relationship; an indirect access right determining unit that detects the further user with which the user has the predetermined relationship based on the user relationship definition information, and determines an access right of the user based on the predetermined relationship with the detected further user and the indirect access control information, direct access control information defining the access right to the predetermined resource on a per user basis or on a per user category basis; and a direct access right determining unit that determines the access right of the user based on the direct access control information, wherein the indirect access right determining unit determines the access right of the user based on an access right of the further user which further user access right is determined based on the direct access control information, wherein, if a determination result by the direct access right determining unit is negative, the indirect access right determining unit determines the access right of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An access control method for use in an access control apparatus that controls access to a predetermined resource, comprising:
-
a further user detecting step of detecting, based on entity user relationship definition information defining a predetermined relationship of a user attempting to access the predetermined resource with a further user which is different from the user attempting to access, the further user with which the user has the predetermined relationship, and storing a result of the detecting in a computer memory; an indirect access right determining step of determining an access right of the user based on the predetermined relationship with the further user detected in the further user detecting step and indirect access control information defining an access right to the predetermined resource based on the predetermined relationship, and storing a result of the detecting in the computer memory; a direct access right determining step of determining the access right of the user based on the direct access control information; and accessing the predetermined resource in accordance with a result of the direct access right determining step, wherein, in the indirect access right determining step, the access right of the user is determined based on an access right of the further user which further user access right is determined based on direct access control information defining the access right to the predetermined resource on a per user basis or on a per user category basis, and wherein, if a determination result in the direct access right determining step is negative, the access right of the user is determined in the indirect access right determining step. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A tangible computer readable medium having stored thereon an access control program that causes a computer to control access to a predetermined resource, the program causing the computer to execute:
-
a further user detecting step of detecting, based on user relationship definition information defining a predetermined relationship of a user attempting to access the predetermined resource with a further user which is different from the user attempting to access, the further user with which the user has the predetermined relationship; an indirect access right determining step of determining an access right of the user based on the predetermined relationship with the further user detected in the further user detecting step and indirect access control information defining an access right to the predetermined resource based on the predetermined relationship; and a direct access right determining step of determining the access right of the user based on the direct access control information, wherein, in the indirect access right determining step, the access right of the user is determined based on an access right of the further user which further user access right is determined based on direct access control information defining the access right to the predetermined resource on a per user basis or on a per user category basis, and wherein, if a determination result in the direct access right determining step is negative, the access right of the user is determined in the indirect access right determining step.
-
Specification