Access controls through node-based effective policy identifiers
First Claim
1. A data processing method comprising:
- receiving an update to a first node that changes a policy of the first node, the first node initially comprising an effective policy identifier mapped to the policy of the first node and an identifier of a second node that is a parent node of the first node;
in response to receiving the update, generating a new effective policy identifier for the changed policy of the first node and the identifier of the second node;
invalidating data associating user identifiers with effective policy identifiers corresponding to nodes that are descendant nodes of the first node.
7 Assignments
0 Petitions
Accused Products
Abstract
Techniques for implementing a node-based access control system are described herein. In an embodiment, a server computer stores a node based policy system wherein each node identifies a resource and a policy for the resource. The server computer identifies a policy for a first node and an identifier of a second node wherein the second node is a parent node to the first node. The server computer maps an effective policy identifier to the policy for the first node and the identifier of the second node. The server computer stores data associating the effective policy identifier with the first node. The server computer identifies a policy for a third node and an identifier of the second node, wherein the second node is a parent node to the third node and wherein the policy for the third node is equivalent to the policy for the first node. The server computer then stores data associating the effective policy identifier with the third node.
101 Citations
18 Claims
-
1. A data processing method comprising:
-
receiving an update to a first node that changes a policy of the first node, the first node initially comprising an effective policy identifier mapped to the policy of the first node and an identifier of a second node that is a parent node of the first node; in response to receiving the update, generating a new effective policy identifier for the changed policy of the first node and the identifier of the second node; invalidating data associating user identifiers with effective policy identifiers corresponding to nodes that are descendant nodes of the first node. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
one or more processors; one or more storage media; one or more instructions stored in the storage media which, when executed by the one or more processors, cause performance of; receiving an update to a first node that changes a policy of the first node, the first node initially comprising an effective policy identifier mapped to the policy of the first node and an identifier of a second node that is a parent node of the first node; in response to receiving the update, generating a new effective policy identifier for the changed policy of the first node and the identifier of the second node; invalidating data associating user identifiers with effective policy identifiers corresponding to nodes that are descendant nodes of the first node. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. One or more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause performance of:
-
receiving an update to a first node that changes a policy of the first node, the first node initially comprising an effective policy identifier mapped to the policy of the first node and an identifier of a second node that is a parent node of the first node; in response to receiving the update, generating a new effective policy identifier for the changed policy of the first node and the identifier of the second node; invalidating data associating user identifiers with effective policy identifiers corresponding to nodes that are descendant nodes of the first node. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification