Methods and systems for managing permissions data

US 8,239,351 B2
Filed: 06/07/2007
Issued: 08/07/2012
Est. Priority Date: 06/07/2007
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine readable storage medium containing executable computer program instructions which cause a data processing system to perform a method comprising:

generating search results by searching a metadata database or an index database without regard to permissions;

determining that permission information for a file in the search results is not included in a permissions cache;

determining valid permission information for the file in a hierarchical file system;

adding the valid permission information for the file to the permissions cache;

adding directory information for the file to a directory cache, wherein the directory cache identifies directories having files included in a permissions cache;

receiving a notification of a change of permissions of a directory in the hierarchical file system;

determining, in response to the notification, whether the directory is listed in the directory cache;

invalidating or deleting at least a portion of the permissions cache when the directory is listed in the directory cache; and

maintaining validity of the permissions cache when the directory is not listed in the directory cache.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer readable media which use permissions checking when deciding whether to allow access to a file are described. In one exemplary embodiment, a method includes receiving a notification of a change of permissions of a directory in a hierarchical file system and determining, in response to the notification, whether to update partially a permissions cache which is used in screening access based on permissions, such as access to search results. The determining may include a comparison of an identifier of the directory to a data structure of cached directories which have files represented in the permissions cache.

Citations

22 Claims

1. A non-transitory machine readable storage medium containing executable computer program instructions which cause a data processing system to perform a method comprising:
- generating search results by searching a metadata database or an index database without regard to permissions;
  
  determining that permission information for a file in the search results is not included in a permissions cache;
  
  determining valid permission information for the file in a hierarchical file system;
  
  adding the valid permission information for the file to the permissions cache;
  
  adding directory information for the file to a directory cache, wherein the directory cache identifies directories having files included in a permissions cache;
  
  receiving a notification of a change of permissions of a directory in the hierarchical file system;
  
  determining, in response to the notification, whether the directory is listed in the directory cache;
  
  invalidating or deleting at least a portion of the permissions cache when the directory is listed in the directory cache; and
  
  maintaining validity of the permissions cache when the directory is not listed in the directory cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
- - 2. The medium as in claim 1, wherein the determining that a file'"'"'s permission information is not included in the permissions cache further comprises comparing the directory to the directory cache and wherein the directory is a subdirectory.
  - 3. The medium as in claim 1, wherein the invalidating or deleting a portion of the permissions cache is terminated automatically after a period of time, and the entire permissions cache is invalidated or flushed when the invalidating or deleting the portion of the permissions cache is incomplete when terminated.
  - 4. The medium as in claim 1, wherein invalidating or deleting at least a portion of the permissions cache is performed for a first portion of the permissions cache while a second portion of the permissions cache is not invalidated or deleted.
  - 5. The medium as in claim 1, wherein the directory cache is configured as a fixed size Bloom filter in which directory identifiers are hashed and stored in the directory cache.
  - 6. The medium as in claim 1, wherein separate permission caches and directory caches are maintained for each user and each permission cache and each directory cache is stored as one or two files in the hierarchical file system.
  - 7. The medium as in claim 1, wherein the method further comprises:
    - receiving a notification of a change of permissions of a file in the hierarchical file system;
      
      determining whether to partially update the permissions cache for permissions of the file in response to the receiving of the notification of the change of permissions of the file.
  - 8. The medium as in claim 1, wherein the permissions cache is used in screening search results based on permissions.
  - 9. The medium as in claim 1, wherein the directory cache stores hashed directory identifiers in a lossy manner.
  - 10. The medium as in claim 1, further comprising finding any files that are children of the directory.
  - 20. The medium as in claim 10, wherein the invalidated or deleted portion of the permissions cache corresponds to the files found to be children of the directory.

11. A machine implemented method comprising:
- generating search results by searching a metadata database or an index database without regard to permissions;
  
  determining that permission information for a file in the search results is not included in a permissions cache;
  
  determining valid permission information for the file in a hierarchical file system;
  
  adding the valid permission information for the file to the permissions cache;
  
  adding directory information for the file to a directory cache, wherein the directory cache identifies directories having files included in a permissions cache;
  
  receiving a notification of a change of permissions of a directory in the hierarchical file system;
  
  determining, in response to the notification, whether the directory is listed in the directory cache;
  
  invalidating or deleting at least a portion of the permissions cache when the directory is listed in the directory cache; and
  
  maintaining validity of the permissions cache when the directory is not listed in the directory cache.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 21, 22)
- - 12. The method as in claim 11, wherein the determining that a file'"'"'s permission information is not included in the permissions cache further comprises comparing the directory to the directory cache, and wherein the directory is a subdirectory.
  - 13. The method as in claim 11, wherein the invalidating or deleting a portion of the permissions cache is terminated automatically after a period of time, and the entire permissions cache is invalidated or flushed when the invalidating or deleting the portion of the permissions cache is incomplete when terminated.
  - 14. The method as in claim 11, wherein invalidating or deleting at least a portion of the permissions cache is performed for a first portion of the permissions cache while a second portion of the permissions cache is not invalidated or deleted.
  - 15. The method as in claim 11, wherein the directory cache is configured as a fixed size Bloom filter in which directory identifiers are hashed and stored in the directory cache.
  - 16. The method as in claim 11, wherein separate permission caches and directory caches are maintained for each user and each permission cache and each directory cache is stored as one or two files in the hierarchical file system.
  - 17. The method as in claim 11, wherein the method further comprises:
    - receiving a notification of a change of permissions of a file in the hierarchical file system;
      
      determining whether to partially update the permissions cache for permissions of the file in response to the receiving of the notification of the change of permissions of the file.
  - 18. The method as in claim 11, wherein the permissions cache is used in screening search results based on permissions.
  - 19. The method as in claim 11, wherein the directory cache stores hashed directory identifiers in a lossy manner.
  - 21. The method as in claim 11, further comprising finding any files that are children of the directory.
  - 22. The method as in claim 21, wherein the invalidated or deleted portion of the permissions cache corresponds to the files found to be children of the directory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Hörnqvist, John M.
Primary Examiner(s)
Badawi, Sherief

Application Number

US11/811,189
Publication Number

US 20080306954A1
Time in Patent Office

1,888 Days
Field of Search

707/203, 707/1, 707/3, 707/754, 707/770, 707/797, 707/781, 707/783, 707/784, 707/687, 707/782, 711/145, 711/123, 711/207
US Class Current

707/687
CPC Class Codes

G06F 16/144   Query formulation

G06F 16/168   Details of user interfaces ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Methods and systems for managing permissions data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for managing permissions data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links