Dynamic access control list for managed content
First Claim
Patent Images
1. A method of controlling access to managed content, comprising:
- receiving an indication that a user requests an access right associated with a content item during a current session;
determining, using a processor and based on an access control policy that the user is a potential member of a group to which the access right has been granted, based at least in part on a list of potential members of the group, wherein the group is a dynamic group;
determining the potential member is considered a currently valid member of the group based at least in part on a context data associated with the user, current session, and a membership criteria;
allowing the potential member to access the content item in a manner associated with the access right;
wherein the access control policy is enforced by a content management system used by a plurality of applications to access content items; and
wherein the access control policy is applied equally to the plurality of applications.
12 Assignments
0 Petitions
Accused Products
Abstract
Dynamic control of access to managed content is disclosed. In some embodiments, an ACL includes a “dynamic” group having an associated list of potential members. In any given session and/or at any point in time, whether a user is considered a currently valid member of the group, and therefore allowed access to managed content in accordance with an access right or privilege granted to the group with respect to one or more content items is determined, e.g., based on application context (what operation the user is trying to perform, etc.) and/or other context information (time of date, location of system from which access was requested, etc.).
-
Citations
20 Claims
-
1. A method of controlling access to managed content, comprising:
-
receiving an indication that a user requests an access right associated with a content item during a current session; determining, using a processor and based on an access control policy that the user is a potential member of a group to which the access right has been granted, based at least in part on a list of potential members of the group, wherein the group is a dynamic group; determining the potential member is considered a currently valid member of the group based at least in part on a context data associated with the user, current session, and a membership criteria; allowing the potential member to access the content item in a manner associated with the access right; wherein the access control policy is enforced by a content management system used by a plurality of applications to access content items; and wherein the access control policy is applied equally to the plurality of applications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A content management system, comprising:
-
a processor configured to; receive an indication that a user requests an access right associated with a content item during a current session; determine, based on a control access policy that the user is a potential member of a dynamic group to which the access right has been granted, based at least in part on a list of potential members of the group, wherein the group is a dynamic group; determine the potential member is considered a currently valid member of the group based at least in part on a context data associated with the user, current session, and a membership criteria; allow the potential member to access the content item in a manner associated with the access right; wherein the access control policy is enforced by a content management system used by a plurality of applications to access content items; and wherein the access control policy is applied equally to the plurality of applications; and a data storage device configured to store the content item. - View Dependent Claims (15, 16, 17)
-
-
18. A computer program product for managing content, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
receiving an indication that a user requests an access right associated with a content item during a current session; determining, based on an access control policy, that the user is a potential member of a group to which the access right has been granted, based at least in part on a list of potential members of the group, wherein the group is a dynamic group; determining the potential member is considered a currently valid member of the group based at least in part on a context data associated with the user, current session, and a membership criteria; allowing the potential member to access the content item in a manner associated with the access right; wherein the access control policy is enforced by a content management system used by a plurality of applications to access content items; and wherein the access control policy is applied equally to the plurality of applications. - View Dependent Claims (19, 20)
-
Specification