Optimizing a compiled access control table in a content management system
First Claim
Patent Images
1. A computer implemented method comprising:
- generating, by a processor, a compiled access control list from a plurality of access control lists, one or more sets of group privileges, a set of user information, and one or more sets of user privileges, wherein the compiled access control list includes for each entry a privilege flag indicating a presence of a read privilege in a set of privileges associated with that entry, and wherein the compiled access control list lacks entries for individual group members and includes at least one user group and at least one individual user lacking membership in a group;
responsive to a modification of a number of members within the at least one user group, making no change to the compiled access control list; and
processing, by the processor, a request to permit access to a data object based on one or more entries in the compiled access control list each associated with an access control list for the data object and including the privilege flag indicating the presence of the read privilege.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, computer program product, and system for improving the operation and management of a content management system, by managing data security and incremental refreshes of a compiled access control table. A user may be authorized to access an entity such as a data item by reference to a single table that compiles ACL information from a plurality of tables, without repetitive access to several system tables.
101 Citations
22 Claims
-
1. A computer implemented method comprising:
-
generating, by a processor, a compiled access control list from a plurality of access control lists, one or more sets of group privileges, a set of user information, and one or more sets of user privileges, wherein the compiled access control list includes for each entry a privilege flag indicating a presence of a read privilege in a set of privileges associated with that entry, and wherein the compiled access control list lacks entries for individual group members and includes at least one user group and at least one individual user lacking membership in a group; responsive to a modification of a number of members within the at least one user group, making no change to the compiled access control list; and processing, by the processor, a request to permit access to a data object based on one or more entries in the compiled access control list each associated with an access control list for the data object and including the privilege flag indicating the presence of the read privilege. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product comprising:
a computer readable storage device having computer readable program code stored thereon, the computer readable program code comprising computer readable program code configured to; generate a compiled access control list from a plurality of access control lists, one or more sets of group privileges, a set of user information, and one or more sets of user privileges, wherein the compiled access control list includes for each entry a privilege flag indicating a presence of a read privilege in a set of privileges associated with that entry, and wherein the compiled access control list lacks entries for individual group members and includes at least one user group and at least one individual user lacking membership in a group; responsive to a modification of a number of members within the at least one user group, making no change to the compiled access control list; and process a request to permit access to a data object based on one or more entries in the compiled access control list each associated with an access control list for the data object and including the privilege flag indicating the presence of the read privilege. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
16. A system comprising:
-
a hardware processor configured with logic to; generate a compiled access control list from a plurality of access control lists, one or more sets of group privileges, a set of user information, and one or more sets of user privileges, wherein the compiled access control list includes for each entry a privilege flag indicating a presence of a read privilege in a set of privileges associated with that entry, and wherein the compiled access control list lacks entries for individual group members and includes at least one user group and at least one individual user lacking membership in a group; responsive to a modification of a number of members within the at least one user group, making no change to the compiled access control list; and process a request to permit access to a data object based on one or more entries in the compiled access control list each associated with an access control list for the data object and including the privilege flag indicating the presence of the read privilege. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification