Domain aware time-based logins
First Claim
1. A method comprising:
- determining, in an operating system instance, that a first login access is being attempted by a first user at a first access time on an object and that a second login access is being attempted by a second user at a second access time on the object;
determining a first domain identifier associated with the first user and a second domain identifier associated with the second user, wherein the first domain identifier identifies a first domain and the second domain identifier identifies a second domain, the first and second domains respectively representing a first organizational entity and a second organization entity of a plurality of domains representing a plurality of organizational entities;
accessing a set of one or more domain identifiers associated with the object, wherein the set identifies one or more domains of the plurality of domains representing one or more organizational entities of the plurality of organizational entities;
accessing one or more domain isolation rules associated with the operating system instance for permitting an attempted login access to the object during at least a first time period of a plurality of time periods by one or more domains based on whether a domain identifier associated with the first user is one of the domain identifiers in the set of domain identifiers associated with the object for during the first time period;
evaluating the one or more domain isolation rules to determine whether the first login access is permitted on the object at the first access time;
returning a permit indication that the first login access is permitted on the object if the domain isolation rules indicate that the first domain identifier represents a domain that is permitted for the object at the first access time and if the first access time is during the first time period, andreturning a deny indication that the first login access is not permitted on the object if the domain isolation rules indicate that the first domain identifier represents a domain that is not permitted for the object at the first access time and if the first access time is during a second time period different from the first time period and the first domain identifier is not one of the domain identifiers in the set of domain identifiers associated with the object for during the second time period;
evaluating the one or more domain isolation rules to determine whether the second login access is permitted on the object at the second access time;
returning the permit indication for the second user if the second access time is during the second time period and the second domain identifier is one of the domain identifiers in the set of domain identifiers associated with the object for during the second time period, andreturning the deny indication if the second access time is during the first time period and the second domain identifier is not one of the domain identifiers in the set of domain identifiers associated with the object for during the first time period.
1 Assignment
0 Petitions
Accused Products
Abstract
A method may comprise determining, in an operating system instance, that a login access is being attempted by a user at an access time on an object. A domain identifier associated with the user may be determined. A set of one or more domain identifiers may be accessed that may be associated with the object and that identify one or more domains. One or more domain isolation rules may be accessed and evaluated that may be associated with the operating system instance for permitting an attempted login access to the object based on whether a domain identifier associated with the user is one of the domain identifiers in the set of domain identifiers associated with the object for during a time period. A permit or deny indication may be returned based on whether or not login access is permitted on the object at the access time.
50 Citations
25 Claims
-
1. A method comprising:
-
determining, in an operating system instance, that a first login access is being attempted by a first user at a first access time on an object and that a second login access is being attempted by a second user at a second access time on the object; determining a first domain identifier associated with the first user and a second domain identifier associated with the second user, wherein the first domain identifier identifies a first domain and the second domain identifier identifies a second domain, the first and second domains respectively representing a first organizational entity and a second organization entity of a plurality of domains representing a plurality of organizational entities; accessing a set of one or more domain identifiers associated with the object, wherein the set identifies one or more domains of the plurality of domains representing one or more organizational entities of the plurality of organizational entities; accessing one or more domain isolation rules associated with the operating system instance for permitting an attempted login access to the object during at least a first time period of a plurality of time periods by one or more domains based on whether a domain identifier associated with the first user is one of the domain identifiers in the set of domain identifiers associated with the object for during the first time period; evaluating the one or more domain isolation rules to determine whether the first login access is permitted on the object at the first access time; returning a permit indication that the first login access is permitted on the object if the domain isolation rules indicate that the first domain identifier represents a domain that is permitted for the object at the first access time and if the first access time is during the first time period, and returning a deny indication that the first login access is not permitted on the object if the domain isolation rules indicate that the first domain identifier represents a domain that is not permitted for the object at the first access time and if the first access time is during a second time period different from the first time period and the first domain identifier is not one of the domain identifiers in the set of domain identifiers associated with the object for during the second time period; evaluating the one or more domain isolation rules to determine whether the second login access is permitted on the object at the second access time; returning the permit indication for the second user if the second access time is during the second time period and the second domain identifier is one of the domain identifiers in the set of domain identifiers associated with the object for during the second time period, and returning the deny indication if the second access time is during the first time period and the second domain identifier is not one of the domain identifiers in the set of domain identifiers associated with the object for during the first time period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
determining, in an operating system instance, that a first login access is being attempted by a first user at a first access time on an object; determining a first domain identifier associated with the first user, wherein the first domain identifier identifies a first domain representing a first organizational entity of a plurality of domains representing a plurality of organizational entities; accessing a set of one or more domain identifiers associated with the object, wherein the set identifies one or more domains of the plurality of domains representing one or more organizational entities of the plurality of organizational entities; accessing one or more domain isolation rules associated with the operating system instance for permitting an attempted login access to the object during at least a first time period of a plurality of time periods by one or more domains based on whether a domain identifier associated with the first user is one of the domain identifiers in the set of domain identifiers associated with the object for during the first time period; evaluating the one or more domain isolation rules to determine whether the first login access is permitted on the object at the first access time; returning a permit indication that the first login access is permitted on the object if the domain isolation rules indicate that the first domain identifier represents a domain that is permitted for the object at the first access time; and returning a deny indication that the first login access is not permitted on the object if the domain isolation rules indicate that the first domain identifier represents a domain that is not permitted for the object at the first access time; wherein the first user is also associated with a second domain identifier that identifies a second domain of the plurality of domains representing a second organizational entity of the plurality of organizational entities and, returning a permit indication that the first login access is permitted on the object if the first access time is during the first time period, and the domain isolation rules indicate that the first domain identifier is permitted for the object during the first time period; and returning a permit indication that the first login access is permitted on the object if the first access time is during a second time period different from the first time period, and the domain isolation rules indicate that the second domain identifier is permitted for the object during the second time period. - View Dependent Claims (14, 15, 16)
-
-
17. A system for determining login access, comprising:
-
a processing device; a memory; and a records display program including a plurality of instructions stored in the memory that, in response to selection of an attribute, are executed by the processing device to; determine, in an operating system instance, that a login access is being attempted by a user at an access time on an object, determine, in an operating system instance, that a second login access is being attempted by a second user at a second access time on the object, determine a domain identifier associated with the user, wherein the domain identifier identifies a domain representing an organizational entity of a plurality of domains representing a plurality of organizational entities, determine a second domain identifier associated with the second user, wherein the second domain identifier identifies a second domain representing a second organizational entity of the plurality of domains representing the plurality of organizational entities, access a set of one or more domain identifiers associated with the object, wherein the set identifies one or more domains of the plurality of domains representing one or more organizational entities of the plurality of organizational entities, access one or more domain isolation rules associated with the operating system instance for permitting an attempted login access to the object during a time period of a plurality of time periods by one or more domains based on whether the domain identifier associated with the user is one of the domain identifiers in the set of domain identifiers associated with the object for during the time period, evaluate the one or more domain isolation rules to determine whether the login access attempted by the user is permitted on the object at the access time, return a permit indication that the login access is permitted on the object if the domain isolation rules indicate that the domain identifier represents a domain that is permitted for the object at the access time and if the access time is during the time period, and return a deny indication that the login access is not permitted on the object if the domain isolation rules indicate that the domain identifier represents a domain that is not permitted for the object at the access time and if the access time is during a second time period different from the time period and the domain identifier is not one of the domain identifiers in the set of domain identifiers associated with the object for during the second time period; evaluate the one or more domain isolation rules to determine whether the second login access is permitted on the object at the second access time; return the permit indication for the second user if the second access time is during the second time period and the second domain identifier is one of the domain identifiers in the set of domain identifiers associated with the object for during the second time period, and return the deny indication if the second access time is during the time period and the second domain identifier is not one of the domain identifiers in the set of domain identifiers associated with the object for during the time period. - View Dependent Claims (18, 19, 20)
-
-
21. A computer program product for determining login access, the computer program product comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code executable by a computer device to; determine, by the computer device, in an operating system instance, that a login access is being attempted by a user at an access time on an object, determine by the computer device a domain identifier associated with the user, wherein the domain identifier identifies a domain representing an organizational entity of a plurality of domains representing a plurality of organizational entities, access by the computer device a set of one or more domain identifiers associated with the object, wherein the set identifies one or more domains of the plurality of domains representing one or more organizational entities of the plurality of organizational entities, access by the computer device one or more domain isolation rules associated with the operating system instance for permitting an attempted login access to the object during a time period of a plurality of time periods by one or more domains based on whether the domain identifier associated with the user is one of the domain identifiers in the set of domain identifiers associated with the object for during the time period, evaluate by the computer device the one or more domain isolation rules to determine whether the login access attempted by the user is permitted on the object at the access time, return by the computer device a permit indication that the login access is permitted on the object if the domain isolation rules indicate that the domain identifier represents a domain that is permitted for the object at the access time, and return by the computer device a deny indication that the login access is not permitted on the object if the domain isolation rules indicate that the domain identifier represents a domain that is not permitted for the object at the access time, wherein the user is also associated with a second domain identifier that identifies a second domain of the plurality of domains representing a second organizational entity of the plurality of organizational entities, and return by the computer device a permit indication that the login access is permitted on the object if the access time is during the time period, and the domain isolation rules indicate that the domain identifier is permitted for the object during the time period; and return by the computer device a permit indication that the first login access is permitted on the object if the access time is during a second time period different from the time period, and the domain isolation rules indicate that the second domain identifier is permitted for the object during the second time period. - View Dependent Claims (22, 23, 24, 25)
-
Specification