Hierarchical entitlement system with integrated inheritance and limit checks
First Claim
1. A method for specifying and enforcing transaction amount limits comprising:
- defining, by one or more computing devices, a transaction amount limit for a transaction;
specifying, by the one or more computing devices, conditions under which the transaction amount limit is applicable to the transaction, comprising a unit of the transaction and an entitlement group;
identifying, by the one or more computing devices, membership of a user in the entitlement group, responsive to a request from the user to perform a the transaction;
identifying, by the one or more computing devices, the transaction amount limit associated with the entitlement group and the unit of the transaction, wherein the entitlement group has a negative role-based permission inheritance from a parent entitlement group such that the transaction amount limit is within boundaries of a parent transaction amount limit associated with the parent entitlement group wherein the transaction amount limit is configured to specify a rule selected from one of;
(a) wherein the transaction amount limit is a first limit applicable to the transaction only if the unit of the transaction is equivalent to a unit of the transaction amount limit without a conversion, and further wherein the transaction amount limit is within boundaries of the parent transaction amount limit specified in the same unit of the transaction amount limit, or(b) wherein the transaction amount limit is a second limit applicable to the transaction regardless of the unit of the transaction, and further wherein the transaction amount limit is within boundaries of the parent transaction amount limit specified as applicable regardless of the unit of the transaction, wherein the first limit and the second limit are set independently of each other; and
processing, by the one or more computing devices, the transaction if the transaction satisfies the transaction amount limit based on comparison of the converted amount limit and/or converted amount of the transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
A hierarchical entitlement system, method, and computer program product with integrated inheritance and limit checks are described. In one embodiment, for example, a computer-implemented method is described for specifying and enforcing entitlements for performance of financial transactions, the method comprises steps of: providing a hierarchical entitlement structure with inheritance for specifying entitlements for performing financial transactions; receiving user input for defining a plurality of entitlement groups of the hierarchical entitlement structure, wherein each entitlement group has specified permissions to perform financial transactions, limits on performance of the financial transactions, and membership of each user; in response to a particular user request to perform a financial transaction at runtime, identifying the particular user'"'"'s membership in a certain entitlement group; and determining whether to allow the particular user to perform the financial transaction based on permissions and limits of the hierarchical entitlement structure applicable to the particular user'"'"'s performance of the financial transaction.
-
Citations
20 Claims
-
1. A method for specifying and enforcing transaction amount limits comprising:
-
defining, by one or more computing devices, a transaction amount limit for a transaction; specifying, by the one or more computing devices, conditions under which the transaction amount limit is applicable to the transaction, comprising a unit of the transaction and an entitlement group; identifying, by the one or more computing devices, membership of a user in the entitlement group, responsive to a request from the user to perform a the transaction; identifying, by the one or more computing devices, the transaction amount limit associated with the entitlement group and the unit of the transaction, wherein the entitlement group has a negative role-based permission inheritance from a parent entitlement group such that the transaction amount limit is within boundaries of a parent transaction amount limit associated with the parent entitlement group wherein the transaction amount limit is configured to specify a rule selected from one of; (a) wherein the transaction amount limit is a first limit applicable to the transaction only if the unit of the transaction is equivalent to a unit of the transaction amount limit without a conversion, and further wherein the transaction amount limit is within boundaries of the parent transaction amount limit specified in the same unit of the transaction amount limit, or (b) wherein the transaction amount limit is a second limit applicable to the transaction regardless of the unit of the transaction, and further wherein the transaction amount limit is within boundaries of the parent transaction amount limit specified as applicable regardless of the unit of the transaction, wherein the first limit and the second limit are set independently of each other; and processing, by the one or more computing devices, the transaction if the transaction satisfies the transaction amount limit based on comparison of the converted amount limit and/or converted amount of the transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable storage medium having stored thereon computer-executable instructions for enabling a processor to specify and enforce transaction amount limits that, if executed by a computing device, cause the computing device to perform a method comprising:
-
defining a transaction amount limit for a transaction; specifying conditions under which the transaction amount limit is applicable to the transaction, comprising a unit of the transaction and an entitlement group; identifying membership of a user in the entitlement group, responsive to a request from the user to perform a the transaction; identifying the transaction amount limit associated with the entitlement group and the unit of the transaction, wherein the entitlement group has a negative role-based permission inheritance from a parent entitlement group such that the transaction amount limit is within boundaries of a parent transaction amount limit associated with the parent entitlement group wherein the transaction amount limit is configured to specify a rule selected from one of; wherein the transaction amount limit is a first limit applicable to the transaction only if the unit of the transaction is equivalent to a unit of the transaction amount limit without a conversion, and further wherein the transaction amount limit is within boundaries of the parent transaction amount limit specified in the same unit of the transaction amount limit, or wherein the transaction amount limit is a second limit applicable to the transaction regardless of the unit of the transaction, and further wherein the transaction amount limit is within boundaries of the parent transaction amount limit specified as applicable regardless of the unit of the transaction, wherein the first limit and the second limit are set independently of each other; and processing the transaction if the transaction satisfies the transaction amount limit based on comparison of the converted amount limit and/or converted amount of the transaction. - View Dependent Claims (12, 13, 14, 16, 17, 18)
-
-
15. The computer-readable storage medium of step 14, wherein the processing the transaction comprises:
- declining to process the transaction if the cumulative amount limit would be exceeded based on the sum of the running total and the transaction requested by the user, only if the particular unit is equivalent to the units of the transaction.
-
19. A system that specifies and enforces transaction amount limits, comprising:
-
a first module configured to define a transaction amount limit for a transaction; a second module configured to specify conditions under which the transaction amount limit is applicable to the transaction, comprising a unit of the transaction and an entitlement group; a third module configured to identify membership of a user in an the entitlement group, responsive to a request from the user to perform a the transaction; a fourth module configured to identify the transaction amount limit associated with the entitlement group and the unit of the transaction, wherein the entitlement group has a negative role-based permission inheritance from a parent entitlement group such that the transaction amount limit is within boundaries of a parent transaction amount limit associated with the parent entitlement group wherein the transaction amount limit is configured to specify a rule selected from one of; (a) wherein the transaction amount limit is a first limit applicable to the transaction only if the unit of the transaction is equivalent to a unit of the transaction amount limit without a conversion, and further wherein the transaction amount limit is within boundaries of the parent transaction amount limit specified in the same unit of the transaction amount limit, or (b) wherein the transaction amount limit is a second limit applicable to the transaction regardless of the unit of the transaction, and further wherein the transaction amount limit is within boundaries of the parent transaction amount limit specified as applicable regardless of the unit of the transaction, wherein the first limit and the second limit are set independently of each other; and a fifth module configured to process the transaction if the transaction satisfies the transaction amount limit based on comparison of the converted amount limit and/or converted amount of the transaction; wherein the first module, the second module, the third module, the fourth module, and the fifth module execute in one or more processors.
-
-
20. A method for specifying and enforcing cumulative amount limits comprising:
-
defining, by one or more computing devices, a cumulative amount limit; specifying, by the one or more computing devices, conditions under which the cumulative amount limit is applicable to a transaction, comprising a unit of the transaction and an entitlement group; identifying, by the one or more computing devices, membership of a user in the entitlement group, responsive to a request from the user to perform the transaction; identifying, by the one or more computing devices, the cumulative amount limit associated with the entitlement group and the unit of the transaction, wherein the entitlement group has a negative role-based permission inheritance from a parent entitlement group such that the cumulative amount limit is within boundaries of a parent cumulative amount limit associated with the parent entitlement group, wherein the cumulative amount limit is configured to specify a rule selected from one of; (a) wherein the cumulative amount limit is a first limit that maintains a running total of all transactions performed by the user and/or the entitlement group where the unit of the transaction is equivalent to a unit of the cumulative amount limit without a conversion, the running total defined in terms of the unit of the cumulative amount limit, and further wherein the cumulative amount limit is within boundaries of the parent cumulative amount limit specified in the same unit of the transaction amount limit, or (b) wherein the cumulative amount limit is a second limit that maintains a running total of all transactions performed by the user and/or the entitlement group regardless of the unit of the transaction, and further wherein the cumulative amount limit is within boundaries of the parent cumulative amount limit specified as applicable regardless of the units of the transaction, wherein the first limit and the second limit are set independently of each other; and rejecting, by the one or more computing devices, the processing of the transaction if the cumulative amount limit would be exceeded based on the sum of the running total and the transaction requested by the user, based on the first limit or the second limit.
-
Specification