Enforcing native access control to indexed documents
First Claim
Patent Images
1. A method for processing a search request, comprising:
- while crawling for documents, selecting higher levels of access control list information from native levels of access control list information for each document, wherein the selected higher levels of access control list information have a similar semantic for different types of one or more backend repositories, wherein the selected higher levels of access control list information are used to predict a probability of successful impersonation access to the documents, wherein the native levels of access control list information represents access controls implemented at the one or more backend repositories;
mapping the selected higher levels of access control list information to one or more indexed levels of access control list information that are stored in a search index, wherein the indexed levels include a database level and a server level, and wherein, for each of the indexed levels, for each document, information is stored in the search index to indicate a security level of access a user needs to access the document;
generating a pre-filtered list of documents by matching terms of the search request by using the search index;
generating an interim result set of documents from the pre-filtered list of documents by matching the one or more indexed levels of access control list information associated with each said document to one or more security groups associated with the search request, wherein the one or more security groups are associated with a user issuing the search request and who is a member of the one or more security groups;
generating a final result set by performing impersonation for the interim result set of documents by contacting the one or more backend repositories storing the interim result set of documents; and
providing the final result set of documents to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are provided for processing a search request. One or more indexed levels of access control list information are stored in a search index for each document identified in the search index. An interim result set is generated by matching the one or more indexed levels of access control list information associated with each said document to one or more security groups associated with the search request. A final result set is generated from the interim result set by performing impersonation.
-
Citations
33 Claims
-
1. A method for processing a search request, comprising:
-
while crawling for documents, selecting higher levels of access control list information from native levels of access control list information for each document, wherein the selected higher levels of access control list information have a similar semantic for different types of one or more backend repositories, wherein the selected higher levels of access control list information are used to predict a probability of successful impersonation access to the documents, wherein the native levels of access control list information represents access controls implemented at the one or more backend repositories; mapping the selected higher levels of access control list information to one or more indexed levels of access control list information that are stored in a search index, wherein the indexed levels include a database level and a server level, and wherein, for each of the indexed levels, for each document, information is stored in the search index to indicate a security level of access a user needs to access the document; generating a pre-filtered list of documents by matching terms of the search request by using the search index; generating an interim result set of documents from the pre-filtered list of documents by matching the one or more indexed levels of access control list information associated with each said document to one or more security groups associated with the search request, wherein the one or more security groups are associated with a user issuing the search request and who is a member of the one or more security groups; generating a final result set by performing impersonation for the interim result set of documents by contacting the one or more backend repositories storing the interim result set of documents; and providing the final result set of documents to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An article of manufacture for processing a search request, wherein the article of manufacture comprises a computer readable storage medium that stores instructions, and wherein the article of manufacture is operable to:
-
while crawling for documents, select higher levels of access control list information from native levels of access control list information for each document, wherein the selected higher levels of access control list information have a similar semantic for different types of one or more backend repositories, wherein the selected higher levels of access control list information are used to predict a probability of successful impersonation access to the documents, wherein the native levels of access control list information represents access controls implemented at the one or more backend repositories; map the selected higher levels of access control list information to one or more indexed levels of access control list information that are stored in a search index, wherein the indexed levels include a database level and a server level, and wherein, for each of the indexed levels, for each document, information is stored in the search index to indicate a security level of access a user needs to access the document; generate a pre-filtered list of documents by matching terms of the search request by using the search index; generate an interim result set of documents from the pre-filtered list of documents by matching the one or more indexed levels of access control list information associated with each said document to one or more security groups associated with the search request, wherein the one or more security groups are associated with a user issuing the search request and who is a member of the one or more security groups; generate a final result set by performing impersonation for the interim result set of documents by contacting the one or more backend repositories storing the interim result set of documents; and provide the final result set of documents to the user. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for processing a search request, comprising:
-
a processor; and hardware logic causing operations to be performed, the operations comprising; while crawling for documents, selecting higher levels of access control list information from native levels of access control list information for each document, wherein the selected higher levels of access control list information have a similar semantic for different types of one or more backend repositories, wherein the selected higher levels of access control list information are used to predict a probability of successful impersonation access to the documents, wherein the native levels of access control list information represents access controls implemented at the one or more backend repositories; mapping the selected higher levels of access control list information to one or more indexed levels of access control list information that are stored in a search index, wherein the indexed levels include a database level and a server level, and wherein, for each of the indexed levels, for each document, information is stored in the search index to indicate a security level of access a user needs to access the document; generating a pre-filtered list of documents by matching terms of the search request by using the search index; generating an interim result set of documents from the pre-filtered list of documents by matching the one or more indexed levels of access control list information associated with each said document to one or more security groups associated with the search request, wherein the one or more security groups are associated with a user issuing the search request and who is a member of the one or more security groups; generating a final result set by performing impersonation for the interim result set of documents by contacting the one or more backend repositories storing the interim result set of documents; and providing the final result set of documents to the user. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification