Supporting role-based access control in component-based software systems
First Claim
1. A method of supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process including a multitude of activities using a software system, the method comprising:
- componentizing the software system into a multitude of software components;
assigning an associated set of the multitude of software components to each of a plurality of roles in the collaborative process;
assigning to each of the users one of said plurality of roles as a current role of the user, as defined by a run-time state of the collaborative process;
activating a set of the multitude of software components to perform one of said activities as a current activity in the collaborative process;
limiting access of the users to the software components by providing each of the users with access to only the software components that are common in both the set of the software components assigned to the current role assigned to said each user, and the set of the software components activated to perform the current activity.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and computer program product is disclosed for supporting role-based access control in a collaborative environment, wherein pluralities of users work together in a collaborative process using a software system. The method comprises componentizing the software system into a multitude of software components, and limiting access to specific software components to certain users based on roles assigned to the users as defined by a run-time state of the collaborative process. The set of components that a user can access is dynamic, that set can change based on the “context” or the step where the user is in a collaborative workflow/process. Thus, in comparison with traditional access control mechanisms, an embodiment of the invention combines three different elements: a) the set of components that comprise the application is partitioned in such a way as to make componentized role-based access control feasible, b) a method for specifying inter-component dependencies to enable role-based groups, and c) enabling the modification of the access privileges based on contextual information from a collaborative process.
-
Citations
19 Claims
-
1. A method of supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process including a multitude of activities using a software system, the method comprising:
-
componentizing the software system into a multitude of software components; assigning an associated set of the multitude of software components to each of a plurality of roles in the collaborative process; assigning to each of the users one of said plurality of roles as a current role of the user, as defined by a run-time state of the collaborative process; activating a set of the multitude of software components to perform one of said activities as a current activity in the collaborative process; limiting access of the users to the software components by providing each of the users with access to only the software components that are common in both the set of the software components assigned to the current role assigned to said each user, and the set of the software components activated to perform the current activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An access control system for supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process including a multitude of activities using a software system, the access control system comprising one or more processor units configured for:
-
componentizing the software system into a multitude of software components; assigning an associated set of the multitude of software components to each of a plurality of roles in the collaborative process; assigning to each of the users one of said plurality of roles as a current role of the user, as defined by a run-time state of the collaborative process; activating a set of the multitude of software components to perform said one of said activities as a current activity in the collaborative process; limiting access of the users to the software components by providing each of the users with access to only the software components that are common in both the set of the software components assigned to the current role assigned to said each user, and the set of the software components activated to perform the current activity. - View Dependent Claims (12, 13, 14)
-
-
15. An article of manufacture comprising:
-
at least one tangible computer usable device having computer readable program code logic tangibly embodied therein to execute a machine instruction in one or more processing units for supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process including a multitude of activities using a software system, the computer readable program code logic, when executing, performing the following; componentizing the software system into a multitude of software components; assigning an associated set of the multitude of software components to each of a plurality of roles in the collaborative process; assigning to each of the users one of said plurality of roles as a current role of the user, as defined by a run-time state of the collaborative process; activating a set of the multitude of software components to perform said one of said activities as a current activity in the collaborative process; limiting access of the users to the software components by providing each of the with access to only the software components that are common in both the set of the software components assigned to current role assigned to said each user, and the set of the software components activated to perform the current activity. - View Dependent Claims (16, 17, 18, 19)
-
Specification