Method, an apparatus, a computer system, a security component and a computer readable medium for defining access rights in metadata-based file arrangement
First Claim
1. A method for a dynamic content management system comprising a metadata-based folder hierarchy, said dynamic content management system storing electronic objects being defined by metadata having at least one property with a value, wherein at least one property of the metadata of an electronic object defines an access right for said electronic object, the method comprising:
- determining effective access rights for a first electronic object bydetermining one or more other electronic objects being referred to by a metadata value of said first electronic object;
retrieving security components of said one or more other electronic objects being referred to by the metadata value of said first electronic object;
processing the security components of said one or more other electronic objects according to a predefined set of rules; and
propagating the access right of the first electronic object by the security components to be the effective access rights for the first electronic object;
identifying a person having access rights for the first electronic object by resolving a person identity from a property value of an object, which property value is indicated by a pseudo-user, wherein a pseudo-user comprises at least a first metadata item and a second metadata item, wherein the first metadata item indicates the object where the user identity can be retrieved, and wherein the second metadata item indicates a property in said object, the value of which property contains the person identity of a person being authorized to access said electronic object.
0 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a method for a computer system storing electronic objects being defined by metadata items. The method comprises deriving access rights from one or more security components originating from respective metadata items of at least one object, and determining the effective access rights for the object by means of the security components. The invention also relates to a method for a computer system storing electronic objects being defined by metadata items, wherein access rights for an object are determined by means of one or more pseudo-users. The invention also relates to an apparatus, a computer system and a computer readable medium comprising a computer program stored therein for carrying out the methods.
28 Citations
21 Claims
-
1. A method for a dynamic content management system comprising a metadata-based folder hierarchy, said dynamic content management system storing electronic objects being defined by metadata having at least one property with a value, wherein at least one property of the metadata of an electronic object defines an access right for said electronic object, the method comprising:
-
determining effective access rights for a first electronic object by determining one or more other electronic objects being referred to by a metadata value of said first electronic object; retrieving security components of said one or more other electronic objects being referred to by the metadata value of said first electronic object; processing the security components of said one or more other electronic objects according to a predefined set of rules; and propagating the access right of the first electronic object by the security components to be the effective access rights for the first electronic object; identifying a person having access rights for the first electronic object by resolving a person identity from a property value of an object, which property value is indicated by a pseudo-user, wherein a pseudo-user comprises at least a first metadata item and a second metadata item, wherein the first metadata item indicates the object where the user identity can be retrieved, and wherein the second metadata item indicates a property in said object, the value of which property contains the person identity of a person being authorized to access said electronic object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising a processor, memory including computer program code, the memory and the computer program code configured to, with the processor, cause the apparatus to perform at least the following:
-
to store electronic objects in a dynamic content management system comprising a metadata-based folder hierarchy, wherein the electronic objects are being defined by metadata having at least one property with value, wherein at least one property of the metadata of an electronic object defines an access right for said electronic object; to determine effective access rights for a first electronic object by determining one or more other electronic objects referred by a metadata value of said first electronic object; retrieving security components of said one or more other electronic objects referred by the metadata value of said first electronic object; processing the security components of said one or more other electronic objects according to a predefined set of rules; and propagating the access right of the first electronic object by the security components to be the effective access rights for the first electronic object; to identify a person having access rights for the first electronic object by resolving a person identity from a property value of an object, which property value is indicated by a pseudo-user, wherein a pseudo-user comprises at least a first metadata item and a second metadata item, wherein the first metadata item indicates the object where the user identity can be retrieved, and wherein the second metadata item indicates a property in said object, the value of which property contains the person identity of a person being authorized to access said electronic object. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer system comprising:
-
at least one processor, at least one memory including computer program code, the memory and the computer program code configured to, with said at least one processor, cause the computer system at least to perform; to store electronic objects in a dynamic content management system comprising a metadata-based folder hierarchy, wherein the electronic objects are being defined by metadata having at least one property with value, wherein at least one property of the metadata of an electronic object defines an access right for said electronic object; to determine effective access rights for a first electronic object by determining one or more other electronic objects referred by a metadata value of said first electronic object; retrieving security components of said one or more other electronic objects referred by the metadata value of said first electronic object; processing the security components of said one or more other electronic objects according to a predefined set of rules; and propagating the access right of the first electronic object by the security components to be the effective access rights for the first electronic object; to identify a person having access rights for the first electronic object by resolving a person identity from a property value of an object, which property value is indicated by a pseudo-user, wherein a pseudo-user comprises at least a first metadata item and a second metadata item, wherein the first metadata item indicates the object where the user identity can be retrieved, and wherein the second metadata item indicates a property in said object, the value of which property contains the person identity of a person being authorized to access said electronic object. - View Dependent Claims (20)
-
-
21. A non-transitory computer readable medium comprising computer program instructions stored thereon, wherein said instructions, when executed, are for
to store electronic objects in a dynamic content management system comprising a metadata-based folder hierarchy, wherein the electronic objects are being defined by metadata having at least one property with value, wherein at least one property of the metadata of an electronic object defines an access right for said electronic object; -
to determine effective access rights for a first electronic object by determining one or more other electronic objects referred by a metadata value of said first electronic object; retrieving security components of said one or more other electronic objects referred by the metadata value of said first electronic object; processing the security components of said one or more other electronic objects according to a predefined set of rules; and propagating the access right of the first electronic object by the security components to be the effective access rights for the first electronic object; to identify a person having access rights for the first electronic object by resolving a person identity from a property value of an object, which property value is indicated by a pseudo-user, wherein a pseudo-user comprises at least a first metadata item and a second metadata item, wherein the first metadata item indicates the object where the user identity can be retrieved, and wherein the second metadata item indicates a property in said object, the value of which property contains the person identity of a person being authorized to access said electronic object.
-
Specification