Method and system for managing object level security using an object definition hierarchy
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, by a computer system, a request from a user to perform an action on a first object in a plurality of objects in a software application;
accessing, by the computer system, a predefined hierarchy of a plurality of different object definitions, wherein said first object is an instance of a first object definition in the predefined hierarchy;
determining, by the computer system, an attribute of the first object comprising a second object, wherein the second object is a particular instance of a second object definition, wherein said second object definition is an ancestor of said first object definition in the predefined hierarchy, and wherein the attribute defines an association between the first object and the second object that is independent of the predefined hierarchy;
accessing, by the computer system, user authorization data;
determining, by the computer system, permission of the user to perform said action; and
granting, by the computer system, the user permission to perform the action on said first object,wherein the permission is determined from the predefined hierarchy of the plurality of different object definitions, the attribute, and the user authorization data, andwherein the user is granted permission to perform the action on said first object if the user authorization data grants the user permission to perform the action on the first object based on the first object definition and the attribute.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment the present invention includes a computer-implemented method comprising receiving a request from a user to perform an action on a first object in a software application, accessing a predefined hierarchy of a plurality of different object definitions, accessing user authorization data, and granting the user permission to perform the action on said first object, wherein the permission is determined from the predefined hierarchy and the user authorization data, wherein determining the permission includes traversing the predefined hierarchy.
37 Citations
18 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a computer system, a request from a user to perform an action on a first object in a plurality of objects in a software application; accessing, by the computer system, a predefined hierarchy of a plurality of different object definitions, wherein said first object is an instance of a first object definition in the predefined hierarchy; determining, by the computer system, an attribute of the first object comprising a second object, wherein the second object is a particular instance of a second object definition, wherein said second object definition is an ancestor of said first object definition in the predefined hierarchy, and wherein the attribute defines an association between the first object and the second object that is independent of the predefined hierarchy; accessing, by the computer system, user authorization data; determining, by the computer system, permission of the user to perform said action; and granting, by the computer system, the user permission to perform the action on said first object, wherein the permission is determined from the predefined hierarchy of the plurality of different object definitions, the attribute, and the user authorization data, and wherein the user is granted permission to perform the action on said first object if the user authorization data grants the user permission to perform the action on the first object based on the first object definition and the attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable medium containing instructions for controlling a computer system to perform a method, the method comprising:
-
receiving a request from a user to perform an action on a first object in a plurality of objects in a software application; accessing a predefined hierarchy of a plurality of different object definitions, wherein said first object is an instance of a first object definition in the predefined hierarchy; determining an attribute of the first object comprising a second object, wherein the second object is a particular instance of a second object definition, wherein said second object definition is an ancestor of said first object definition in the predefined hierarchy, and wherein the attribute defines an association between the first object and the second object that is independent of the predefined hierarchy; accessing user authorization data; and determining permission of the user to perform said action; and granting the user permission to perform the action on said first object, wherein the permission is determined from the predefined hierarchy of the plurality of different object definitions, the attribute, and the user authorization data, and wherein the user is granted permission to perform the action on said first object if the user authorization data grants the user permission to perform the action on the first object based on the first object definition and the attribute. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification