Method, an apparatus, a computer system, a security component and a computer readable medium for defining access rights in metadata-based file arrangement
First Claim
1. A method for a computer system storing electronic objects being defined by metadata comprising one or more properties having values, comprising:
- determining access rights for an object by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable;
retrieving the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a method for a computer system storing electronic objects being defined by metadata items. The method comprises deriving access rights from one or more security components originating from respective metadata items of at least one object, and determining the effective access rights for the object by means of the security components. The invention also relates to a method for a computer system storing electronic objects being defined by metadata items, wherein access rights for an object are determined by means of one or more pseudo-users. The invention also relates to an apparatus, a computer system and a computer readable medium comprising a computer program stored therein for carrying out the methods.
-
Citations
7 Claims
-
1. A method for a computer system storing electronic objects being defined by metadata comprising one or more properties having values, comprising:
-
determining access rights for an object by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable; retrieving the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory computer readable medium comprising computer program instructions stored thereon, wherein said instructions, when executed, are for
determining access rights for an object being defined by metadata comprising one or more properties having values by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable; retrieving the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.
-
6. An apparatus comprising a processor, memory including computer program code, the memory and the computer program code configured to, with the processor, cause the apparatus to perform at least the following:
-
determine access rights for an object being defined by metadata comprising one or more properties having values by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable; retrieve the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.
-
-
7. A computer system comprising:
-
at least one processor; at least one memory including computer program code; the memory and the computer program code configured to, with said at least one processor, cause the computer system at least to perform; determining access rights for an object being defined by metadata comprising one or more properties having values by means of one or more pseudo-users, wherein a pseudo-user indicates a metadata property of an object, from a value of which an identity of a user is retrievable; retrieving the identity of the user being allowed to access the object by a metadata property value of another object that is indirectly referred to from a metadata property value of the object being accessed, wherein said identity of the user is located in a metadata property value of a last object in a chain of cascaded objects, wherein said chain of cascaded objects is automatically generated by metadata value references between the object being accessed and the last object.
-
Specification