Application context based access control
First Claim
1. A method comprising:
- receiving a first command of an application to invoke a function of a user interface;
identifying, using a computer processor, a first authorization context based on a first user context and the function of the user interface invoked;
applying access criteria associated with the first authorization context to provide user access to a first portion of application data;
receiving a second command to invoke the function in a second instance of the application;
identifying a second authorization context based on a second user context and the function of the user interface invoked; and
applying access criteria associated with the second authorization context to provide user access to a second portion of the application data and restrict access to the first portion of application data.
1 Assignment
0 Petitions
Accused Products
Abstract
Access control for an application is described. An exemplary method includes receiving a first command of an application to invoke a function of a user interface, identifying a first authorization context based on a first user context and the function of the user interface invoked, retrieving a first access policy providing access criteria associated with the first authorization context, and applying the first access policy to the accessibility of the function. The method includes receiving a second command to invoke the function in a second instance of the application and identifying a second authorization context based on a second user context and the function of the user interface invoked. The second authorization context is different than the first authorization context. The method includes retrieving a second access policy providing second access criteria associated with the second authorization context and applying the second access policy to the accessibility of the function.
20 Citations
20 Claims
-
1. A method comprising:
-
receiving a first command of an application to invoke a function of a user interface; identifying, using a computer processor, a first authorization context based on a first user context and the function of the user interface invoked; applying access criteria associated with the first authorization context to provide user access to a first portion of application data; receiving a second command to invoke the function in a second instance of the application; identifying a second authorization context based on a second user context and the function of the user interface invoked; and applying access criteria associated with the second authorization context to provide user access to a second portion of the application data and restrict access to the first portion of application data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of providing access to application data, the method comprising:
-
receiving a first command through a user interface to invoke a data access function of an application; identifying a first authorization context associated with the data access function invoked by the first command; retrieving a first access policy providing access criteria associated with the first authorization context; applying the first access policy to provide a first level of access to the application data using a computer processor; receiving a second command to invoke a data access function of the application; identifying a second authorization context associated with the data access function invoked by the second command; retrieving a second access policy providing second access criteria associated with the second authorization context; and applying the second access policy to provide a second level of access to the application data. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A hardware computer readable storage medium storing executable instructions which, when executed using a processor, perform a method comprising:
-
displaying a user interface of an application having a plurality of different data access functions selectable through the user interface; receiving a user input command through the user interface to invoke a function selected from the plurality of different data access functions; identifying, using the processor, an authorization context based on a user context and the selected function that is invoked; retrieving an access policy providing access criteria associated with the authorization context; and applying the access policy to the selected function to control user access to data in the application. - View Dependent Claims (18, 19, 20)
-
Specification