Application context based access control
First Claim
Patent Images
1. A method comprising:
- creating a hierarchical structure of user selectable functions or tasks of an application including a hierarchical function or task of the application and a plurality of dependent functions or tasks of the application selectable through the hierarchical function or task of the application through an input device;
assigning at least one authorization context to each of the user selectable functions or tasks in the hierarchical structure such that the at least one authorization context is activated in response to selection of the user selectable function or task;
providing a set of access policies stored on one or more computer storage devices and retrievable via a processing unit, the set of access policies being separate from the authorization contexts assigned to the user selectable functions or tasks of the application and including one or more rules defining access criteria for the user selectable functions or tasks in relation to a user'"'"'s identification or role; and
associating a first one of the access policies with an authorization context assigned to a first one of the dependent functions or tasks, the first one of the access policies being different than a second one of the access policies that is associated with an authorization context assigned to the hierarchical function or task, the second one of the access policies also being associated with an authorization context assigned to a second one of the dependent functions or tasks such that the second access policy is invoked upon selection of the hierarchical function or task and upon selection of the second one of the dependent functions or tasks.
2 Assignments
0 Petitions
Accused Products
Abstract
A context based access control system that includes a set of one or more authorization contexts that are activated in response to selection of different functions or tasks or other functional boundary object of an application program. The authorization contexts are associated with one or more access policies that are invoked in response to activation of the one or more authorization contexts.
-
Citations
20 Claims
-
1. A method comprising:
-
creating a hierarchical structure of user selectable functions or tasks of an application including a hierarchical function or task of the application and a plurality of dependent functions or tasks of the application selectable through the hierarchical function or task of the application through an input device; assigning at least one authorization context to each of the user selectable functions or tasks in the hierarchical structure such that the at least one authorization context is activated in response to selection of the user selectable function or task; providing a set of access policies stored on one or more computer storage devices and retrievable via a processing unit, the set of access policies being separate from the authorization contexts assigned to the user selectable functions or tasks of the application and including one or more rules defining access criteria for the user selectable functions or tasks in relation to a user'"'"'s identification or role; and associating a first one of the access policies with an authorization context assigned to a first one of the dependent functions or tasks, the first one of the access policies being different than a second one of the access policies that is associated with an authorization context assigned to the hierarchical function or task, the second one of the access policies also being associated with an authorization context assigned to a second one of the dependent functions or tasks such that the second access policy is invoked upon selection of the hierarchical function or task and upon selection of the second one of the dependent functions or tasks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An application tool including instructions stored on one or more computer storage media and executable by a processing unit to implement components comprising:
-
an authorization context tool component configured to provide one or more authorization contexts and a context framework component configured to create an authorization context framework for a hierarchical structure of user tasks or functions of an application that are selectable through one or more user interfaces of the application using an input device, wherein the authorization context framework includes one or more authorization contexts associated with one or more of the user tasks or functions; an association tool component configured to create an association component to associate one or more access policies defining one or more access rules stored on the one or more computer storage devices to the one or more authorization contexts; and an access policy tool component configured to provide the one or more access policies including the one or more access rules separate from the one or more authorization contexts and configured to invoke the one or more access policies based upon an association of the one or more access policies with an active authorization context that is associated with a first user task or function of the application, the invoked one or more access policies permitting a particular user to have access to information in the active authorization context that is associated with the first user task or function of the application but denying access to the information to the particular user in an authorization context that is associated with a second user task or function of the application that is different than the first user task or function of the application. - View Dependent Claims (10, 11, 12, 13, 14, 20)
-
-
15. A method comprising:
-
receiving a first command to invoke a first task or function of a user interface from an input device; processing the first command via a processing unit and retrieving a first authorization context assigned to the first task or function; retrieving one or more access policies including one or more access rules providing access criteria in relation to a user'"'"'s identification or role, associated with the first task or function through the first authorization context following retrieval of the first authorization context; invoking the one or more access policies associated with the first authorization context and applying the one or more access rules of the one or more access policies; receiving a second command to invoke a second task or function different from the first task or function from the input device, the first task or function and the second task or function both being associated with and executed by a same application; processing the second command via the processing unit and retrieving a second authorization context different from the first authorization context assigned to the second task or function; retrieving the one or more access policies associated with the second task or function through the second authorization context; invoking the one or more access policies associated with the second active authorization context and applying the one or more access rules of the one or more access policies associated with the second authorization context; and editing the one or more access policies associated with the first task and the one or more access policies associated with the second task utilizing a security administration console of the same application. - View Dependent Claims (16, 17, 18, 19)
-
Specification