Method for controlling access to the resources of a data processing system, data processing system, and computer program
First Claim
Patent Images
1. A method for controlling access to resources of a data processing system with at least one data processing device, comprising:
- linking together a plurality of databases having user-specific data and being allocated to the data processing system to form a single resulting metadirectory database;
eliminating redundant user-specific data among the plurality of databases during the linking together;
predefining user roles using memberships of users in organization units or regions of responsibility of the users for business processes;
awarding access permissions for resources provided by the at least one data processing device by the predefined user roles stored in the single resulting metadirectory database; and
allocating at least one user role to at least one user of the data processing system according to at least one of the predefined user roles.
4 Assignments
0 Petitions
Accused Products
Abstract
In a data processing system with at least one data processing device, a large number of databases allocated to the data processing system and having user-specific data are linked together for forming a single resulting user database. Access permissions for resources provided by the at least one data processing device are awarded by predefined user roles. At least one user role is allocated to at least one user of the data processing system.
-
Citations
15 Claims
-
1. A method for controlling access to resources of a data processing system with at least one data processing device, comprising:
-
linking together a plurality of databases having user-specific data and being allocated to the data processing system to form a single resulting metadirectory database; eliminating redundant user-specific data among the plurality of databases during the linking together; predefining user roles using memberships of users in organization units or regions of responsibility of the users for business processes; awarding access permissions for resources provided by the at least one data processing device by the predefined user roles stored in the single resulting metadirectory database; and allocating at least one user role to at least one user of the data processing system according to at least one of the predefined user roles. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A data processing system, comprising:
-
at least one data processing device; a plurality of databases, in which user-specific data is stored, each of the plurality being linked together to form a single resulting metadirectory database; an award unit to award, by predefined user roles stored in the single resulting metadirectory database, access permissions for resources provided by the at least one data processing device; and an allocation unit to allocate at least one user role to at least one user of the data processing system according to at least one of the predefined user roles; wherein redundant user-specific data among the plurality of databases are eliminated when they are linked together; and wherein the user roles are predefined using memberships of users in organization units or regions of responsibility of the users for business processes.
-
-
14. A machine-readable storage medium that stores instructions executable by a machine to perform operations comprising:
-
linking together a plurality of databases having user-specific data and being allocated to a data processing system to form a single resulting metadirectory database; eliminating redundant user-specific data among the plurality of databases during the linking together; predefining user roles using memberships of users in organization units or regions of responsibility of the users for business processes; awarding access permissions for resources provided by the at least one data processing device by the predefined user roles stored in the single resulting metadirectory database; and allocating at least one user role to at least one user of the data processing system according to at least one of the predefined user roles.
-
-
15. A method for controlling access to resources of at least one data processing device, comprising:
-
linking together a plurality of databases containing user-specific data for users of the data processing device, to thereby form a metadirectory database; eliminating redundant user-specific data among the plurality of databases during the linking together; predefining user roles using memberships of users in organization units or regions of responsibility of the users for business processes; allocating a user role to each user of the data processing device, based on the user-specific data for the user according to at least one predefined user role; and selecting access permissions to the resources of the data processing device to award using user roles stored in the single resulting metadirectory database, each user role encompassing a plurality of access permissions.
-
Specification