Containerized security for managed content
First Claim
Patent Images
1. A computer-implemented method for containerized security comprising:
- determining a user would be granted an access right to a content item included in a body of managed content based on an existing access control list (“
ACL”
) imposed on the content item by virtue of a privilege of the user with respect to the body of managed content generally;
wherein the existing ACL is a security measure imposed on a specific content item that grants access to the specific content item based at least in part on the privilege of the user;
receiving an indication that the content item is associated with a container, wherein the container implements security for one or more content items associated with a collaboration space created by a collaboration software;
using an aspect to trigger a piece of code to run every time an application accesses the content item so that the rules of a container mandatory access control list (“
MACL”
) are enforced;
wherein the user must be included in the container MACL in order to access the content item;
determining the user that would be granted an access right based on the existing ACL is not included in the container MACL;
using an application server to render the content item invisible within a collaboration space window to the user that would be granted an access right based on the existing ACL, based at least in part on the determination the user is not associated with the container;
wherein the collaboration space window displays i) content items that are not exclusively governed by a collaboration space rule, and ii) content items governed by a collaboration space rule and indicated as so visually; and
ensuring the user that would be granted an access right based on the existing ACL is not granted the access right to the content item unless the container MACL is satisfied.
8 Assignments
0 Petitions
Accused Products
Abstract
Containerized security is disclosed. An indication is received that a content item included in a body of managed content is associated with a container. A security measure is associated with the content item, based at least in part on the association of the content item with the container, that causes access to the content item by a user who is not associated with the container but who otherwise would have access to the content item within the body of managed content to be denied.
133 Citations
15 Claims
-
1. A computer-implemented method for containerized security comprising:
-
determining a user would be granted an access right to a content item included in a body of managed content based on an existing access control list (“
ACL”
) imposed on the content item by virtue of a privilege of the user with respect to the body of managed content generally;wherein the existing ACL is a security measure imposed on a specific content item that grants access to the specific content item based at least in part on the privilege of the user; receiving an indication that the content item is associated with a container, wherein the container implements security for one or more content items associated with a collaboration space created by a collaboration software; using an aspect to trigger a piece of code to run every time an application accesses the content item so that the rules of a container mandatory access control list (“
MACL”
) are enforced;wherein the user must be included in the container MACL in order to access the content item; determining the user that would be granted an access right based on the existing ACL is not included in the container MACL; using an application server to render the content item invisible within a collaboration space window to the user that would be granted an access right based on the existing ACL, based at least in part on the determination the user is not associated with the container; wherein the collaboration space window displays i) content items that are not exclusively governed by a collaboration space rule, and ii) content items governed by a collaboration space rule and indicated as so visually; and ensuring the user that would be granted an access right based on the existing ACL is not granted the access right to the content item unless the container MACL is satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product for containerized security, the computer program product being embodied in a non-transitory computer readable medium and comprising computer instructions for:
-
determining a user would be granted an access right to a content item included in a body of managed content based on an existing access control list (“
ACL”
) imposed on the content item by virtue of a privilege of the user with respect to the body of managed content generally;wherein the existing ACL is a security measure imposed on a specific content item that grants access to the specific content item based at least in part on the privilege of the user; receiving an indication that the content item is associated with a container, wherein the container implements security for one or more content items associated with a collaboration space created by a collaboration software; using an aspect to trigger a piece of code to run every time an application accesses the content item so that the rules of a container mandatory access control list (“
MACL”
) are enforced;wherein the user must be included in the container MACL in order to access the content item; determining the user that would be granted an access right based on the existing ACL is not included in the container MACL; rendering the content item invisible within a collaboration space window to the user that would be granted an access right based on the existing access control list ACL, based at least in part on the determination the user is not associated with the container; wherein the collaboration space window displays i) content items that are not exclusively governed by a collaboration space rule, and ii) content items governed by a collaboration space rule and indicated as so visually; and ensuring the user that would be granted an access right based on the existing ACL is not granted the access right to the content item unless the container MACL is satisfied. - View Dependent Claims (12, 13)
-
-
14. A system for containerized security comprising:
-
a processor; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to; determine a user would be granted an access right to a content item included in a body of managed content based on an existing access control list (“
ACL”
) imposed on the content item by virtue of a privilege of the user with respect to the body of managed content generally;wherein the existing ACL is a security measure imposed on a specific content item that grants access to the specific content item based at least in part on the privilege of the user; receive an indication that the content item is associated with a container, wherein the container implements security for one or more content items associated with a collaboration space created by a collaboration software; use an aspect to trigger a piece of code to run every time an application accesses the content item so that the rules of a container mandatory access control list (“
MACL”
) are enforced;wherein the user must be included in the container MACL in order to access the content item; determine the user that would be granted an access right based on the existing ACL is not included in the container MACL; render the content item invisible within a collaboration space window to the user that would be granted an access right based on the existing access control list ACL, based at least in part on the determination the user is not associated with the container; wherein the collaboration space window displays i) content items that are not exclusively governed by a collaboration space rule, and ii) content items governed by a collaboration space rule and indicated as so visually; and ensure the user that would be granted an access right based on the existing ACL is not granted the access right to the content item unless the container MACL is satisfied. - View Dependent Claims (15)
-
Specification