×

Methods and apparatus for scoped role-based access control

  • US 8,458,337 B2
  • Filed: 06/09/2008
  • Issued: 06/04/2013
  • Est. Priority Date: 06/30/2006
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of providing role-based access control of a resource by a subject in an access control system comprising the steps of:

  • receiving a request to access a resource by a subject;

    controlling access to the requested resource by a scoped role-based access control system, wherein the scoped role-based access control system defines a plurality of roles, wherein at least one role is associated with multiple permission sets wherein each permission set associated with a given role is bound to a set of different resources, andwherein a first scope is defined to directly associate a set of one or more subjects with a given resource, wherein multiple subjects having a same role can be assigned access to different resources associated with the same role based on different defined first scopes, andwherein a second scope is defined to associate a set of one or more resources with a given permission set associated with a given role,wherein the defined first and second scopes allow multiple subjects having a same role to have a different set of permissions associated with said same role against different sets of resources associated with the different sets of permissions of said same role,wherein controlling access to the requested resource comprises;

    determining if the requested resource is accessible by the subject based on a defined first scope;

    determining if the requested resource is accessible by a role and an associated permission set associated with the subject based on a defined second scope;

    permitting access control of the requested resource by the subject when the requested resource is determined to be accessible by both the subject and the role and the associated permission set associated with the subject; and

    denying access control of the requested resource by the subject when the requested resource is determined to not be accessible by either the subject or the role and the associated permission set associated with the subject,wherein controlling access is implemented by a computer.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×