Rule-based application access management
First Claim
Patent Images
1. A method comprising:
- displaying resources;
providing altitude stored in a table for a set of the resources;
providing access control rules stored in the table for the set of resources at the altitude;
providing a file object and a path in a table entry of the table associated with a resource of the set of resources, wherein the table entry further includes the altitude and an access control rule of the access control rules;
receiving at runtime a request for the resource from an application having a process ID;
determining whether the process ID is associated with the file object and the path;
if it is determined that the process ID is associated with the file object and the path;
populating a runtime table with the altitude, the access control rule, and the process ID;
if it is determined that the process ID is not associated with the file object and the path;
setting the access control rule to a Pass Through access control rule;
populating the runtime table with the altitude, the Pass Through access control rule, and the process ID;
providing security settings for the set of resources at the altitude.
2 Assignments
0 Petitions
Accused Products
Abstract
A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.
-
Citations
23 Claims
-
1. A method comprising:
-
displaying resources; providing altitude stored in a table for a set of the resources; providing access control rules stored in the table for the set of resources at the altitude; providing a file object and a path in a table entry of the table associated with a resource of the set of resources, wherein the table entry further includes the altitude and an access control rule of the access control rules; receiving at runtime a request for the resource from an application having a process ID; determining whether the process ID is associated with the file object and the path; if it is determined that the process ID is associated with the file object and the path; populating a runtime table with the altitude, the access control rule, and the process ID; if it is determined that the process ID is not associated with the file object and the path; setting the access control rule to a Pass Through access control rule; populating the runtime table with the altitude, the Pass Through access control rule, and the process ID; providing security settings for the set of resources at the altitude. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
at least one processor; memory storing instructions configured to instruct the at least one processor to perform; displaying resources; providing altitude stored in a table for a set of the resources; providing access control rules stored in the table for the set of resources at the altitude; providing a file object and a path in a table entry of the table associated with a resource of the set of resources, wherein the table entry further includes the altitude and an access control rule of the access control rules; receiving at runtime a request for the resource from an application having a process ID; determining whether the process ID is associated with the file object and the path; if it is determined that the process ID is associated with the file object and the path; populating a runtime table with the altitude, the access control rule, and the process ID; if it is determined that the process ID is not associated with the file object and the path; setting the access control rule to a Pass Through access control rule; populating the runtime table with the altitude, the Pass Through access control rule, and the process ID; providing security settings for the set of resources at the altitude. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system comprising a processor, further comprising:
-
means for displaying resources; means for providing altitude stored in a table for a set of the resources; means for providing access control rules stored in the table for the set of resources at the altitude; means for providing a file object and a path in a table entry of the table associated with a resource of the set of resources, wherein the table entry further includes the altitude and an access control rule of the access control rules; means for receiving at runtime a request for the resource from an application having a process ID; means for determining whether the process ID is associated with the file object and the path; means for populating a runtime table with the altitude, the access control rule, and the process ID if it is determined that the process ID is associated with the file object and the path; means for setting the access control rule to a Pass Through access control rule if it is determined that the process ID is not associated with the file object and the path; means for populating the runtime table with the altitude, the Pass Through access control rule, and the process ID if it is determined that the process ID is not associated with the file object and the path; means for providing security settings for the set of resources at the altitude.
-
Specification