Dynamic role based authorization system and method

US 8,024,794 B1
Filed: 11/30/2005
Issued: 09/20/2011
Est. Priority Date: 11/30/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A system, comprising:

a hardware processor; and

memory storing a plurality of computer executable resources associated with a first authorization domain, the first authorization domain being one of a plurality of root entity data objects of an application and including at least one of an account, a territory, and an opportunity, and which derives protection via control of access to the resources, andthe memory further storing a plurality of computer implementable roles associated with the first authorization domain;

wherein the hardware processor is configured such that access to the resources is controlled utilizing expressions that operate as a function of the roles and the resources;

wherein the hardware processor is configured such that the expressions operate as a function of run-time data;

wherein the hardware processor is configured such that query code is generated using the first authorization domain and the expressions;

wherein the hardware processor is configured such that the expressions are used at run-time to dynamically generate an optimized query;

wherein the hardware processor is configured such that authorization via one of the expressions for a particular one of the roles to access a particular one of the resources associated with the first authorization domain automatically confers authorization for the particular one of the roles to access resources of at least one second authorization domain of the application related to the first authorization domain, the at least one second authorization domain of the application related to the first authorization domain via a hierarchical relationship;

wherein the resources are linked to the first authorization domain utilizing an authorization path;

wherein the resources are associated with a customer relationship management (CRM) application;

wherein the query code generation utilizes dynamic relational information in a customer database of the CRM application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for role based authorization. Included is a plurality of resources and roles associated with an authorization domain. In use, access to the resources is controlled utilizing expressions that operate as a function of the roles and the resources.

41 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a hardware processor; and
  
  memory storing a plurality of computer executable resources associated with a first authorization domain, the first authorization domain being one of a plurality of root entity data objects of an application and including at least one of an account, a territory, and an opportunity, and which derives protection via control of access to the resources, andthe memory further storing a plurality of computer implementable roles associated with the first authorization domain;
  
  wherein the hardware processor is configured such that access to the resources is controlled utilizing expressions that operate as a function of the roles and the resources;
  
  wherein the hardware processor is configured such that the expressions operate as a function of run-time data;
  
  wherein the hardware processor is configured such that query code is generated using the first authorization domain and the expressions;
  
  wherein the hardware processor is configured such that the expressions are used at run-time to dynamically generate an optimized query;
  
  wherein the hardware processor is configured such that authorization via one of the expressions for a particular one of the roles to access a particular one of the resources associated with the first authorization domain automatically confers authorization for the particular one of the roles to access resources of at least one second authorization domain of the application related to the first authorization domain, the at least one second authorization domain of the application related to the first authorization domain via a hierarchical relationship;
  
  wherein the resources are linked to the first authorization domain utilizing an authorization path;
  
  wherein the resources are associated with a customer relationship management (CRM) application;
  
  wherein the query code generation utilizes dynamic relational information in a customer database of the CRM application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20)
- - 2. The system of claim 1, wherein the roles include user roles assigned to users.
  - 3. The system of claim 1, wherein the roles include team roles assigned to teams.
  - 4. The system of claim 1, wherein the roles include global roles assigned on a global basis.
  - 5. The system of claim 1, wherein the expressions are user-configurable.
  - 6. The system of claim 5, wherein the expressions are user-configurable utilizing a graphical user interface.
  - 7. The system of claim 1, wherein the expressions are reusable.
  - 8. The system of claim 7, wherein the expressions are reusable by naming the expressions such that they are capable of being reused with different resources, authorization domains, and other expressions.
  - 9. The system of claim 1, wherein the expressions are updateable.
  - 10. The system of claim 1, wherein the expressions are updateable in real-time.
  - 11. The system of claim 1, wherein the control is performed reactively.
  - 12. The system of claim 1, wherein the control is performed proactively.
  - 13. The system of claim 1, wherein the control is instantaneous.
  - 14. The system of claim 1, wherein the expressions include conditions under which access to the resources is allowed.
  - 15. The system of claim 14, wherein the conditions under which access to the resources is allowed include an arithmetic expression that operates as a function of at least one of a name and a parameter associated with the resources.
  - 16. The system of claim 14, wherein the conditions under which access to the resources is allowed include a boolean expression that operates as a function of at least one of a name and a parameter associated with the resources.
  - 17. The system of claim 1, wherein access to the resources is tailored based on an organization structure without requiring customization of the resources.
  - 20. The system of claim 1, wherein the authorization path includes a data structure that links the resources to the first authorization domain for establishing a relationship between the resources, the roles, and the first authorization domain.

18. A method, comprising:
- defining a plurality of roles associated with a first authorization domain;
  
  linking, utilizing a hardware processor, the first authorization domain with a plurality of resources, the first authorization domain being one of a plurality of root entity data objects of an application and including at least one of an account, a territory, and an opportunity, and which derives protection via control of access to the resources; and
  
  controlling access to the resources utilizing expressions that operate as a function of the roles and the resources, utilizing the hardware processor;
  
  wherein the expressions operate as a function of run-time data;
  
  wherein query code is generated using the first authorization domain and the expressions;
  
  wherein the expressions are used at run-time to dynamically generate an optimized query;
  
  wherein authorization via one of the expressions for a particular one of the roles to access a particular one of the resources associated with the first authorization domain automatically confers authorization for the particular one of the roles to access resources of at least one second authorization domain of the application related to the first authorization domain, the at least one second authorization domain of the application related to the first authorization domain via a hierarchical relationship;
  
  wherein the resources are linked to the first authorization domain utilizing an authorization path;
  
  wherein the resources are associated with a customer relationship management (CRM) application;
  
  wherein the query code generation utilizes dynamic relational information in a customer database of the CRM application.

19. A computer program product embodied on a non-transitory computer readable storage medium, comprising:
- a data structure for representing a plurality of resources and roles associated with a first authorization domain, the first authorization domain being one of a plurality of root entity data objects of an application and including at least one of an account, a territory, and an opportunity, and which derives protection via control of access to the resources; and
  
  computer code for controlling access to the resources utilizing expressions that operate as a function of the roles and the resources;
  
  wherein the computer program product is configured such that the expressions operate as a function of run-time data;
  
  wherein the computer program product is configured such that query code is generated using the first authorization domain and the expressions;
  
  wherein the computer program product is configured such that the expressions are used at run-time to dynamically generate an optimized query;
  
  wherein the computer program product is configured such that authorization via one of the expressions for a particular one of the roles to access a particular one of the resources associated with the first authorization domain automatically confers authorization for the particular one of the roles to access resources of at least one second authorization domain of the application related to the first authorization domain, the at least one second authorization domain of the application related to the first authorization domain via a hierarchical relationship;
  
  wherein the resources are linked to the first authorization domain utilizing an authorization path;
  
  wherein the resources are associated with a customer relationship management (CRM) application;
  
  wherein the query code generation utilizes dynamic relational information in a customer database of the CRM application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amdocs Development Limited (Amdocs Ltd.), Amdocs Software Systems Limited (Amdocs Ltd.)
Original Assignee
Amdocs Software Systems Limited (Amdocs Ltd.)
Inventors
Ho, Ming, Feldman, Samuel
Primary Examiner(s)
Gergiso; Techane

Application Number

US11/292,030
Time in Patent Office

2,120 Days
Field of Search

726/21, 726/2, 715/741, 235/382, 700/237
US Class Current

726/21
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

Dynamic role based authorization system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic role based authorization system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links