Control of access to files
First Claim
1. A computer system for controlling access to files, the computer system comprising:
- a processor;
a computer-readable memory;
a computer-readable storage device;
first program instructions for receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;
second program instructions for receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;
third program instructions for, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file, andfourth program instructions for storing the access-control list in an information repository,wherein the information repository comprises a security architecture,wherein the security architecture controls access to a secured system,wherein the security architecture comprises a category variable, andwherein the category variable comprises a set of category sub-variables; and
wherein the identifying comprises;
requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user;
communicating a first query to the information repository, wherein the first query is a function of the set of user credentials;
receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system;
communicating a second query to the information repository, wherein the second query is a function of the authorization code;
receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and
retrieving the category from the access-control list; and
wherein the first program instructions, the second program instructions, and the third program instructions, and the fourth program instructions are stored on the computer-readable storage device for execution by the processor via the computer-readable memory.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and program product for using access-control lists to control access to categorized computer files. Two or more computer files are each associated with one of a set of possible classifications that fall within a single category and an access-control list associates a user with a subset of these classifications. In response to the user'"'"'s request for access to one of these files, where the request specifies the requested file but does not specify the category of the requested file, the processor identifies the requested file'"'"'s category based on that file'"'"'s associated classifications, checks the access-control list to determine that the user is authorized to access files of the identified category, and then grants the requesting user access to the requested file.
18 Citations
12 Claims
-
1. A computer system for controlling access to files, the computer system comprising:
-
a processor; a computer-readable memory; a computer-readable storage device; first program instructions for receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;second program instructions for receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category; third program instructions for, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file, and fourth program instructions for storing the access-control list in an information repository, wherein the information repository comprises a security architecture, wherein the security architecture controls access to a secured system, wherein the security architecture comprises a category variable, and wherein the category variable comprises a set of category sub-variables; and wherein the identifying comprises; requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user; communicating a first query to the information repository, wherein the first query is a function of the set of user credentials; receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system; communicating a second query to the information repository, wherein the second query is a function of the authorization code; receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and retrieving the category from the access-control list; and wherein the first program instructions, the second program instructions, and the third program instructions, and the fourth program instructions are stored on the computer-readable storage device for execution by the processor via the computer-readable memory. - View Dependent Claims (2, 3, 4)
-
-
5. A method for controlling access to files, the method comprising:
-
one or more processors of a computer system receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;the one or more processors further receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category; the one or more processors, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by the one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file, and the one or more processors storing the access-control list in an information repository, wherein the information repository comprises a security architecture, wherein the security architecture controls access to a secured system, wherein the security architecture comprises a category variable, and wherein the category variable comprises a set of category sub-variables; and wherein the identifying comprises; requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user; communicating a first query to the information repository, wherein the first query is a function of the set of user credentials; receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system; communicating a second query to the information repository, wherein the second query is a function of the authorization code; receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and retrieving the category from the access-control list. - View Dependent Claims (6, 7, 8)
-
-
9. A computer program product, comprising a computer-readable hardware storage device having a computer-readable program code stored therein, said program code configured to be executed by one or more processors of a computer system to implement a method for controlling access to files, the method comprising:
-
the one or more processors receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;the one or more processors further receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category; the one or more processors, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by the one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file, and the one or more processors storing the access-control list in an information repository, wherein the information repository comprises a security architecture, wherein the security architecture controls access to a secured system, wherein the security architecture comprises a category variable, and wherein the category variable comprises a set of category sub-variables; and wherein the identifying comprises; requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user; communicating a first query to the information repository, wherein the first query is a function of the set of user credentials; receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system; communicating a second query to the information repository, wherein the second query is a function of the authorization code; receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and retrieving the category from the access-control list. - View Dependent Claims (10, 11, 12)
-
Specification