Access control via organization charts
First Claim
1. A computer-implemented method of controlling access to a resource, the method comprising:
- receiving at a computer having a processor, from a requesting user, a request to access the resource, the request having a requesting identifier which identifies the requesting user among a set of organization users;
locating, by the processor, a security classification associated with the requesting identifier of the request in response to receiving the request from the requesting user; and
performing, by the processor, an access control operation which;
provides, to the requesting user, access to the resource when the security classification satisfies a security class requirement; and
denies, to the requesting user, access to the resource when the security classification does not satisfy the security class requirement, the security class requirement being derived from access information defined by prior accesses to the resource by other organization users of the set of organization users;
wherein the security classification associated with the requesting identifier is based upon an organization chart, the organization chart including a set of hierarchal levels and a set of organization identifiers, each organization identifier of the set of organization identifiers being associated with an organization user of the set of organization users, each organization identifier being associated with a hierarchal level of the set of hierarchal levels;
wherein the requesting identifier includes a value of a requesting hierarchal level; and
wherein locating the security classification includes;
matching the requesting identifier to an organization identifier of the set of organization identifiers; and
setting the value of the requesting hierarchal level equal to a value of the hierarchal level with which the matched organization identifier is associated.
9 Assignments
0 Petitions
Accused Products
Abstract
Improved techniques involve controlling access to data based on who has previously accessed the data. For example, when a user submits a request to access a resource, a list of those users who have accessed the resource is generated. Identifiers associated with the requesting user and the accessing users from the list of users are located within an organization chart which contains information about the hierarchal level and department to which users within the organization belong. As an example, if the requesting user is an executive-level employee and the accessing users are also executive-level users, then access to the resource is granted. If, on the other hand, the requesting user is on the level of an individual contributor, or a contractor, then access to the resource is denied. Further, access requests can be recorded in the access log for tracking.
51 Citations
20 Claims
-
1. A computer-implemented method of controlling access to a resource, the method comprising:
-
receiving at a computer having a processor, from a requesting user, a request to access the resource, the request having a requesting identifier which identifies the requesting user among a set of organization users; locating, by the processor, a security classification associated with the requesting identifier of the request in response to receiving the request from the requesting user; and performing, by the processor, an access control operation which; provides, to the requesting user, access to the resource when the security classification satisfies a security class requirement; and denies, to the requesting user, access to the resource when the security classification does not satisfy the security class requirement, the security class requirement being derived from access information defined by prior accesses to the resource by other organization users of the set of organization users; wherein the security classification associated with the requesting identifier is based upon an organization chart, the organization chart including a set of hierarchal levels and a set of organization identifiers, each organization identifier of the set of organization identifiers being associated with an organization user of the set of organization users, each organization identifier being associated with a hierarchal level of the set of hierarchal levels; wherein the requesting identifier includes a value of a requesting hierarchal level; and wherein locating the security classification includes; matching the requesting identifier to an organization identifier of the set of organization identifiers; and setting the value of the requesting hierarchal level equal to a value of the hierarchal level with which the matched organization identifier is associated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 19, 20)
-
-
12. A system for controlling access to a resource, the system comprising:
-
a network interface connected to a network; a memory; and a processor coupled to the memory, the processor constructed and arranged to; receive, from a requesting user, a request to access the resource, the request having a requesting identifier which identifies the requesting user among a set of organization users; locate a security classification associated with the requesting identifier of the request in response to receiving the request from the requesting user; and perform an access control operation which; provides, to the requesting user, access to the resource when the security classification satisfies a security class requirement; and denies, to the requesting user, access to the resource when the security classification does not satisfy the security class requirement, the security class requirement being derived from access information defined by prior accesses to the resource by other organization users of the set of organization users; wherein the security classification associated with the requesting identifier is based upon an organization chart, the organization chart including a set of hierarchal levels and a set of organization identifiers, each organization identifier of the set of organization identifiers being associated with an organization user of the set of organization users, each organization identifier being associated with a hierarchal level of the set of hierarchal levels; wherein the requesting identifier includes a value of a requesting hierarchal level; and wherein locating the security classification includes; matching the requesting identifier to an organization identifier of the set of organization identifiers; and setting the value of the requesting hierarchal level equal to a value of the hierarchal level with which the matched organization identifier is associated. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer program product having a non-transitory computer readable storage medium which stores code to control access to a resource within an organization, the code including instructions to:
receive, from a requesting user, a request to access the resource, the request having a requesting identifier which identifies the requesting user among a set of organization users; locate a security classification associated with the requesting identifier of the request in response to receiving the request from the requesting user; and perform an access control operation which; provides, to the requesting user, access to the resource when the security classification satisfies a security class requirement; and denies, to the requesting user, access to the resource when the security classification does not satisfy the security class requirement, the security class requirement being derived from access information defined by prior accesses to the resource by other organization users of the set of organization users; wherein the security classification associated with the requesting identifier is based upon an organization chart, the organization chart including a set of hierarchal levels and a set of organization identifiers, each organization identifier of the set of organization identifiers being associated with an organization user of the set of organization users, each organization identifier being associated with a hierarchal level of the set of hierarchal levels; wherein the requesting identifier includes a value of a requesting hierarchal level; and wherein locating the security classification includes; matching the requesting identifier to an organization identifier of the set of organization identifiers; and setting the value of the requesting hierarchal level equal to a value of the hierarchal level with which the matched organization identifier is associated. - View Dependent Claims (18)
Specification