System and method for providing complex access control in workflows

US 9,741,006 B2
Filed: 05/14/2010
Issued: 08/22/2017
Est. Priority Date: 05/14/2010
Status: Active Grant

First Claim

Patent Images

1. A system for providing complex access control in workflows, comprising:

a computer, including one or more microprocessors;

a workflow process, executing on the computer, which includes a plurality of tasks, wherein each task includes a plurality of task contents, and is associated with a plurality of task actions to be performed on each of the plurality of task contents;

a workflow manager that includes a graphical user interface, wherein the graphical user interface enables displaying a first configurable matrix for controlling access to a plurality of task contents for the particular task, and a second configurable matrix for controlling access to the plurality of task actions for the particular task,wherein each of the first configurable matrix and the second configurable matrix includes one or more logical roles and one or more application roles,wherein each logical role defines a responsibility of a particular user for the particular task, and is selected from the group consisting of a creator, an assignee, an owner, a reviewer, and an approver,wherein each application role defines a responsibility of one or more users within an enterprise environment, andwherein the graphical user interface further enables displaying each member in each of the one or more logical roles, and each member in each of the one or more application roles in both the first configurable matrix and the second configurable matrix;

wherein the work flow manager is configured toreceive a state of the particular task in real-time during execution of the particular task from an external source using a service configured for the graphical user interface,determine, based on the state of the particular task, that one or more task contents in the first configurable matrix and one or more task actions in the second configurable matrix are not selectable,receive one or more selections of task contents in the first configurable matrix, and one or more selections of task actions in the second configurable matrix, wherein each of the selections corresponds to a logical role or an application role, andcontrol access to the particular task based on the selections of task contents and task actions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing complex access control in workflows. The system comprises a computer, including a computer readable storage medium and processor operating thereon. The system also comprises at least one business process which includes a plurality of tasks. Each task is associated with a task state which changes during execution of the task. The system further comprises a plurality of logical roles. Each logical role defines a responsibility based on the task state and a member of that logical role. Additionally, the system comprises a configurable matrix of access controls that is used to control access to the plurality of tasks based on the plurality of logical roles.

133 Citations

20 Claims

1. A system for providing complex access control in workflows, comprising:
- a computer, including one or more microprocessors;
  
  a workflow process, executing on the computer, which includes a plurality of tasks, wherein each task includes a plurality of task contents, and is associated with a plurality of task actions to be performed on each of the plurality of task contents;
  
  a workflow manager that includes a graphical user interface, wherein the graphical user interface enables displaying a first configurable matrix for controlling access to a plurality of task contents for the particular task, and a second configurable matrix for controlling access to the plurality of task actions for the particular task,wherein each of the first configurable matrix and the second configurable matrix includes one or more logical roles and one or more application roles,wherein each logical role defines a responsibility of a particular user for the particular task, and is selected from the group consisting of a creator, an assignee, an owner, a reviewer, and an approver,wherein each application role defines a responsibility of one or more users within an enterprise environment, andwherein the graphical user interface further enables displaying each member in each of the one or more logical roles, and each member in each of the one or more application roles in both the first configurable matrix and the second configurable matrix;
  
  wherein the work flow manager is configured toreceive a state of the particular task in real-time during execution of the particular task from an external source using a service configured for the graphical user interface,determine, based on the state of the particular task, that one or more task contents in the first configurable matrix and one or more task actions in the second configurable matrix are not selectable,receive one or more selections of task contents in the first configurable matrix, and one or more selections of task actions in the second configurable matrix, wherein each of the selections corresponds to a logical role or an application role, andcontrol access to the particular task based on the selections of task contents and task actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the first configurable matrix shows the plurality of roles along one axis and the task contents along a second axis for the particular task.
  - 3. The system of claim 1, wherein the second configurable matrix shows the plurality of roles along one axis and task actions along a second axis for the particular task.
  - 4. The system of claim 1, wherein each of the first configurable matrix and the second configurable matrix is configured to display the plurality of task contents or the plurality of task actions for the one or more logical roles and the one or more application roles without displaying each individual member of each role.
  - 5. The system of claim 1, wherein each of the first configuration matrix and the second configurable matrix is further to control access to the particular task based on one of an external event, or workflow specific data.
  - 6. The system of claim 1, wherein the graphical user interface includes a first tab for triggering the display of the first configurable matrix, and a second tab for triggering the display of the second configurable matrix.
  - 7. The system of claim 1, wherein the plurality of task contents for the particular task includes a payload and a plurality of attributes of the payload.

8. A method for providing complex access control in workflows, comprising:
- providing, on a computer including one or more microprocessors, a workflow process which includes a plurality of tasks, wherein each task includes a plurality of task contents, and is associated with a plurality of task actions to be performed on each of the plurality of task contents;
  
  displaying, in a graphical user interface of a workflow manager, a first configurable matrix for controlling access to a plurality of task contents for the particular task, and a second configurable matrix for controlling access to the plurality of task actions for the particular task,wherein each of the first configurable matrix and the second configurable matrix includes one or more logical roles and one or more application roles,wherein each logical role defines a responsibility of a particular user for the particular task, and is selected from the group consisting of a creator, an assignee, an owner, a reviewer, and an approver,wherein each application role defines a responsibility of one or more users within an enterprise environment, andwherein the graphical user interface further enables displaying each member in each of the one or more logical roles, and each member in each of the one or more application roles in both the first configurable matrix and the second configurable matrix;
  
  receiving, at the workflow manager, a state of the particular task in real-time during execution of the particular task from an external source using a service configured for the graphical user interface,determining, based on the state of the particular task, that one or more task contents in the first configurable matrix and one or more task actions in the second configurable matrix are not selectable,receiving one or more selections of task contents in the first configurable matrix, and one or more selections of task actions in the second configurable matrix, wherein each of the selections corresponds to a logical role or an application role; and
  
  performing, via the workflow manager, control access to the particular task based on the selections of task contents and task actions.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the first configurable matrix shows the plurality of roles along one axis and the task contents along a second axis for the particular task.
  - 10. The method of claim 8, wherein the second configurable matrix shows the plurality of roles along one axis and task actions along a second axis for the particular task.
  - 11. The method of claim 8, wherein each of the first configurable matrix and the second configurable matrix is configured to display the plurality of task contents or the plurality of task actions for the one or more logical roles and the one or more application roles without displaying each individual member of each role.
  - 12. The method of claim 8, wherein each of the first configuration matrix and the second configurable matrix is further to control access to the particular task based on one of an external event, or workflow specific data.
  - 13. The method of claim 8, wherein the graphical user interface includes a first tab for triggering the display of the first configurable matrix, and a second tab for triggering the display of the second configurable matrix.
  - 14. The method of claim 8, wherein the plurality of task contents for the particular task includes a payload and a plurality of attributes of the payload.

15. A non-transitory computer readable storage medium, including instructions stored thereon which when read and executed by a computer cause the computer to perform the steps comprising:
- executing, on a computer including one or more microprocessors, a workflow process which includes a plurality of tasks, wherein each task includes a plurality of task contents, and is associated with a plurality of task actions to be performed on each of the plurality of task contents;
  
  displaying, in a graphical user interface of a workflow manager, a first configurable matrix for controlling access to a plurality of task contents for the particular task, and a second configurable matrix for controlling access to the plurality of task actions for the particular task,wherein each of the first configurable matrix and the second configurable matrix includes one or more logical roles and one or more application roles,wherein each logical role defines a responsibility of a particular user for the particular task, and is selected from the group consisting of a creator, an assignee, an owner, a reviewer, and an approver,wherein each application role defines a responsibility of one or more users within an enterprise environment, andwherein the graphical user interface further enables displaying each member in each of the one or more logical roles, and each member in each of the one or more application roles in both the first configurable matrix and the second configurable matrix;
  
  receiving, at the workflow manager, a state of the particular task in real-time during execution of the particular task from an external source using a service configured for the graphical user interface,determining, based on the state of the particular task, that one or more task contents in the first configurable matrix and one or more task actions in the second configurable matrix are not selectable,receiving one or more selections of task contents in the first configurable matrix, and one or more selections of task actions in the second configurable matrix, wherein each of the selections corresponds to a logical role or an application role; and
  
  performing, via the workflow manager, control access to the particular task based on the selections of task contents and task actions.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the first configurable matrix shows the plurality of roles along one axis and the task contents along a second axis for the particular task.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein each of the first configurable matrix and the second configurable matrix is configured to display the plurality of task contents or the plurality of task actions for the one or more logical roles and the one or more application roles without displaying each individual member of each role.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein each of the first configuration matrix and the second configurable matrix is further to control access to the particular task based on one of an external event, or workflow specific data.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein the graphical user interface includes a first tab for triggering the display of the first configurable matrix, and a second tab for triggering the display of the second configurable matrix.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein the plurality of task contents for the particular task includes a payload and a plurality of attributes of the payload.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Svetov, Vladimir, Rangaswamy, Ravi, Kamath, Mohan, Umapathy, Viswanathan
Primary Examiner(s)
DICKERSON, TIPHANY B

Application Number

US12/780,183
Publication Number

US 20110283281A1
Time in Patent Office

2,657 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/604 Tools and structures for ma...

G06Q 10/08 Logistics, e.g. warehousing...

System and method for providing complex access control in workflows

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

133 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for providing complex access control in workflows

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others