Role based access controls

US 8,214,398 B1
Filed: 02/15/2006
Issued: 07/03/2012
Est. Priority Date: 02/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method of providing access control in a computer system arranged to include an operation system layer and an application layer, the method comprising:

loading a policy module within the operating system layer;

generating a profile associated with a role within an organization by analyzing with an analyzer tasks performed by a user associated with said profile using a role shell, and determining based upon said analyzing a set of rules that define said storing the profile within the policy module in the operating system layer;

enforcing the profile with respect to one or more users associated with the role;

associating the role shell with the role; and

facilitating communication between the operating system and application layers using the role shell.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Role-based access controls improve user access in a computer system. A profile associated with a role is generated. The profile is enforced with respect to one or more users associated with the role. Optionally, the profile is generated based at least in part on a user interaction.

152 Citations

18 Claims

1. A method of providing access control in a computer system arranged to include an operation system layer and an application layer, the method comprising:
- loading a policy module within the operating system layer;
  
  generating a profile associated with a role within an organization by analyzing with an analyzer tasks performed by a user associated with said profile using a role shell, and determining based upon said analyzing a set of rules that define said storing the profile within the policy module in the operating system layer;
  
  enforcing the profile with respect to one or more users associated with the role;
  
  associating the role shell with the role; and
  
  facilitating communication between the operating system and application layers using the role shell.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein generating the profile includes analyzing an authorized interaction with a protected resource, and creating said profile to ensure that the authorized interaction is not blocked in the future for the profile.
  - 3. The method of claim 2 wherein the protected resource comprises an application and the profile defines one or more access controls associated with the application.
  - 4. The method of claim 1 wherein the profile created is refined based at least in part on accesses logged in a log.
  - 5. The method of claim 4 wherein the log is created non-contemporaneously with the refining of the profile.
  - 6. The method of claim 4 wherein the log is created on a first platform and the profile is refined on a second platform.
  - 7. The method of claim 1 wherein the profile uses shell globbing syntax.
  - 8. The method of claim 1 wherein the profile is generated based at least in part upon rules determined by analyzing the user interaction with a resource.
  - 9. The method of claim 8 wherein the user interaction includes providing questions to the user.
  - 10. The method of claim 1 wherein the role shell comprises a hard link to a system shell.
  - 11. The method of claim 1 wherein enforcing the profile includes constraining the role shell in accordance with the profile.

12. A system of providing access control comprising a processor, coupled to a memory, configured to:
- load a policy module within an operating system layer;
  
  generate a profile associated with a role by analyzing with an analyzer tasks performed by a user associated with said profile using a role shell, and determining based upon said analyzing a set of rules that define said profile;
  
  enforce the profile with respect to one or more users associated with the role;
  
  store the profile in the policy module in the operating system layer;
  
  associate the shell with the role; and
  
  facilitate communication between the operating system layer and an application layer using the role shell.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12 wherein the processor is configured to generate the profile at least in part by an authorized interaction with a protected resource, and creating said profile to ensure that the authorized interaction is not blocked in the future for the profile.
  - 14. The system of claim 13 wherein the protected resource comprises an application and the profile defines one or more access controls associated with the application.
  - 15. The system of claim 12 wherein the profile is generated based at least in part upon rules determined by analyzing the user interaction with a resource.
  - 16. The system of claim 12 wherein the role shell comprises a hard link to a system shell.
  - 17. The system of claim 12 wherein the processor is configured to enforce the profile at least in part by constraining the role shell in accordance with the profile.

18. A computer program product to provide access control, the computer program product being embodied in a computer readable medium and comprising computer instructions to:
- load a policy module within an operating system layer;
  
  generate a profile associated with a role by analyzing with an analyzer tasks performed by a user associated with said profile using a role shell, and determining based upon said analyzing a set of rules that define said profile;
  
  store the profile in the policy module in the operating system layer of the computer;
  
  associate the role shell with the role;
  
  facilitate communication between the operating system layer and an application layer using the role shell; and
  
  enforce the profile with respect to one or more users associated with the role.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Cowan, S. Crispin, Arnold, Seth R., Beattie, Steven M., Johansen, John R., Michael, Jesse D., Jones, Anthony N.
Primary Examiner(s)
Rones, Charles
Assistant Examiner(s)
Chojnacki, Mellissa M

Application Number

US11/355,097
Time in Patent Office

2,330 Days
Field of Search

707/785
US Class Current

707/785
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Role based access controls

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

152 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Role based access controls

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

152 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links