Refined permission constraints using internal and external data extraction in a role-based access control system
First Claim
Patent Images
1. A Role Based Access Control (RBAC) method performed by a data processor, comprising:
- retaining a role for a user having access to a computer system, the role including access constraints;
receiving a request for access to an object of the computer system from the user;
verifying the role has access to the object;
granting or denying access to the object in response to the request by extracting context and content from internal to the computer system and external to the computer system, wherein granting access to the object includes altering the access constraints of the role for the request according to the context and content from internal to the computer system and external to the computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention can enable increasing refinement of role-based permission to access data within a Role Based Access Control (RBAC) controlled computer system by enabling constraints to be written on the role-based permissions. The constraints may utilize each and every type or combination of subject, object, or environment information extracted from sources internal or external to the controlled computer system and may evaluate the content or context of the information extracted to enable refined and dynamic access after the role permission assignment and immediately before every access grant without the reassignment of roles.
42 Citations
26 Claims
-
1. A Role Based Access Control (RBAC) method performed by a data processor, comprising:
-
retaining a role for a user having access to a computer system, the role including access constraints; receiving a request for access to an object of the computer system from the user; verifying the role has access to the object; granting or denying access to the object in response to the request by extracting context and content from internal to the computer system and external to the computer system, wherein granting access to the object includes altering the access constraints of the role for the request according to the context and content from internal to the computer system and external to the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A Role Based Access Control (RBAC) method performed by a data processor, comprising:
-
retaining a role for a user having access to a computer system, the role including access constraints; receiving a request from a user for an operation on an object of the computer system, the computer system including an environment; verifying the access constraints of the role by; extracting content internal to the computer system about at least one of the user, the role, the object, and the environment; extracting content external to the computer system about at least one of the role, the user, the object, and the environment; extracting context external to the computer system about at least one of the user, the role, the object, and the environment; extracting context internal to the computer system about at least one of the role, the user, the object, and the environment; altering the access constraints of the role for the request according to the extracted context and content from internal to the computer system and external to the computer system; and granting access to the operation. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification