Method, an apparatus, a computer system, a security component and a computer readable medium for defining access rights in metadata-based file arrangement

US 8,996,575 B2
Filed: 09/29/2010
Issued: 03/31/2015
Est. Priority Date: 09/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method for a computer system storing electronic objects being defined by metadata comprising one or more properties having values, comprising:

determining access rights for an object by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable;

retrieving the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for a computer system storing electronic objects being defined by metadata items. The method comprises deriving access rights from one or more security components originating from respective metadata items of at least one object, and determining the effective access rights for the object by means of the security components. The invention also relates to a method for a computer system storing electronic objects being defined by metadata items, wherein access rights for an object are determined by means of one or more pseudo-users. The invention also relates to an apparatus, a computer system and a computer readable medium comprising a computer program stored therein for carrying out the methods.

Citations

7 Claims

1. A method for a computer system storing electronic objects being defined by metadata comprising one or more properties having values, comprising:
- determining access rights for an object by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable;
  
  retrieving the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1, further comprising retrieving said access rights from at least one security component being referred by a metadata property value of the object.
  - 3. The method according to claim 2, wherein an object refers to the object'"'"'s own access control list, wherein the effective access rights for the said object are determined by means of security components as part of the object'"'"'s own access control list.
  - 4. The method according to claim 1, wherein the user belongs to a user group, which is defined by a pseudo-user.

5. A non-transitory computer readable medium comprising computer program instructions stored thereon, wherein said instructions, when executed, are fordetermining access rights for an object being defined by metadata comprising one or more properties having values by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable;
- retrieving the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.

6. An apparatus comprising a processor, memory including computer program code, the memory and the computer program code configured to, with the processor, cause the apparatus to perform at least the following:
- determine access rights for an object being defined by metadata comprising one or more properties having values by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable;
  
  retrieve the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.

7. A computer system comprising:
- at least one processor;
  
  at least one memory including computer program code;
  
  the memory and the computer program code configured to, with said at least one processor, cause the computer system at least to perform;
  
  determining access rights for an object being defined by metadata comprising one or more properties having values by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable;
  
  retrieving the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
M-Files Oy
Original Assignee
M-Files Oy
Inventors
Laitkorpi, Markku, Nivala, Antti, Lepola, Juha, Metspelto, Ari, Partanen, Timo
Primary Examiner(s)
Hershley, Mark E

Application Number

US12/924,625
Publication Number

US 20120078965A1
Time in Patent Office

1,644 Days
Field of Search

707/785
US Class Current

707/785
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/176   Support for shared access t...

G06F 16/51   Indexing; Data structures t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2145   Inheriting rights or proper...

Method, an apparatus, a computer system, a security component and a computer readable medium for defining access rights in metadata-based file arrangement

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Method, an apparatus, a computer system, a security component and a computer readable medium for defining access rights in metadata-based file arrangement

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links