Hierarchical entitlement system with integrated inheritance and limit checks
First Claim
1. A method implemented in a computer system for specifying and enforcing entitlements for performance of financial transactions, the method comprising:
- in a computer system having at least a processor and memory, providing a hierarchical entitlement structure with inheritance for specifying entitlements for performing financial transactions;
receiving user input for defining a plurality of entitlement groups of said hierarchical entitlement structure, wherein each entitlement group has specified permissions to perform financial transactions, limits on performance of said financial transactions, and membership of each user, said hierarchical entitlement structure proving that a given entitlement group inherits permissions provided to its parent entitlement groups in said hierarchical entitlement structure, and wherein defining a plurality of entitlement groups includes restricting permissions inherited by an entitlement group from its parent entitlement group in said hierarchical entitlement structure;
in response to a particular user request to perform a financial transaction at runtime, identifying the particular user'"'"'s membership in a certain entitlement group; and
determining whether to allow the particular user to perform the financial transaction based on permissions and limits of said hierarchical entitlement structure applicable to the particular user'"'"'s performance of the financial transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
A hierarchical entitlement system with integrated inheritance and limit checks is described. In one embodiment, for example, a computer-implemented method is described for specifying and enforcing entitlements for performance of financial transactions, the method comprises steps of: providing a hierarchical entitlement structure with inheritance for specifying entitlements for performing financial transactions; receiving user input for defining a plurality of entitlement groups of the hierarchical entitlement structure, wherein each entitlement group has specified permissions to perform financial transactions, limits on performance of the financial transactions, and membership of each user; in response to a particular user request to perform a financial transaction at runtime, identifying the particular user'"'"'s membership in a certain entitlement group; and determining whether to allow the particular user to perform the financial transaction based on permissions and limits of the hierarchical entitlement structure applicable to the particular user'"'"'s performance of the financial transaction.
43 Citations
39 Claims
-
1. A method implemented in a computer system for specifying and enforcing entitlements for performance of financial transactions, the method comprising:
-
in a computer system having at least a processor and memory, providing a hierarchical entitlement structure with inheritance for specifying entitlements for performing financial transactions; receiving user input for defining a plurality of entitlement groups of said hierarchical entitlement structure, wherein each entitlement group has specified permissions to perform financial transactions, limits on performance of said financial transactions, and membership of each user, said hierarchical entitlement structure proving that a given entitlement group inherits permissions provided to its parent entitlement groups in said hierarchical entitlement structure, and wherein defining a plurality of entitlement groups includes restricting permissions inherited by an entitlement group from its parent entitlement group in said hierarchical entitlement structure; in response to a particular user request to perform a financial transaction at runtime, identifying the particular user'"'"'s membership in a certain entitlement group; and determining whether to allow the particular user to perform the financial transaction based on permissions and limits of said hierarchical entitlement structure applicable to the particular user'"'"'s performance of the financial transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for specifying and enforcing entitlements for performance of financial transactions, the system comprising:
-
a computer having at least a processor and memory; a hierarchical entitlement structure with inheritance for specifying entitlements for performing financial transactions; a user input module for specifying a plurality of entitlement groups of said hierarchical entitlement structure, wherein each entitlement group has specified permissions to perform financial transactions, limits on performance of said financial transactions, and user membership, said hierarchical entitlement structure providing that a given entitlement group inherits permissions provided to its parent entitlement group in said hierarchical entitlement structure, and wherein said plurality of entitlement groups includes a child entitlement group inheriting permissions from its parent entitlement group in said hierarchical entitlement structure;
wherein;
restrictions are applied to the permissions inherited by such child inheritance andan enforcement module for determining, in response to a particular user'"'"'s request to perform a given financial transaction at runtime, whether to allow the particular user to perform the financial transaction based on permissions and limits of said hierarchical entitlement structure applicable to the entitlement group of which the particular user is a member. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method for defining and enforcing permissions and limits on performance of financial transactions in a banking system, the method comprising:
-
in a banking system implemented in a computer system having at least a processor and memory, receiving user input defining a plurality of entitlement groups, wherein each entitlement group has specified users, permissions to perform financial transactions and limits on performance said financial transactions; organizing said plurality of entitlement groups into a hierarchical structure with inheritance specifying permissions and limits for performing financial transactions, said hierarchical entitlement structure providing that a given entitlement group inherits permissions provided to its parent entitlement group in said hierarchical entitlement structure, and wherein defining a plurality of entitlement groups includes restricting permissions inherited by an entitlement map from its parent entitlement group in said hierarchical entitlement structure; in response to a particular user request to perform a financial transaction in the banking system at runtime, identifying the particular user'"'"'s membership in a certain entitlement group; and determining whether to allow the particular user to perform the financial transaction based on permissions and limits of said hierarchical entitlement structure applicable to the particular user'"'"'s performance of the financial transaction.
-
Specification