Inheritance of controls within a hierarchy of data processing system resources
First Claim
1. A data processing apparatus including means for applying access controls to hierarchically organized data processing system resources, the means for applying access controls including:
- means for associating a scope of applicability with an access control for a first resource; and
means for controlling the performance of an operation in accordance with the access control, wherein the means for controlling is responsive to a first scope of applicability associated with an access control to limit access control inheritability to less than all descendants of the first resource in the hierarchy.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are methods, apparatus and computer programs for applying access controls to control operations on hierarchically organized data processing system resources. A number of different scopes of applicability can be set in association with an access control, such as an ACL, and this will determine the inheritability, non-inheritability or limited inheritability of the access control for resources in the hierarchy. When a request is received to perform an operation, the access controls for the relevant branch of the hierarchy are processed to determine an applicable access control—taking account of inheritance attributes which have been set for individual access controls. The invention is useful for controlling the application of ACLs to topics in a topic tree within a publish/subscribe message broker.
121 Citations
20 Claims
-
1. A data processing apparatus including means for applying access controls to hierarchically organized data processing system resources, the means for applying access controls including:
-
means for associating a scope of applicability with an access control for a first resource; and
means for controlling the performance of an operation in accordance with the access control, wherein the means for controlling is responsive to a first scope of applicability associated with an access control to limit access control inheritability to less than all descendants of the first resource in the hierarchy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A message broker for distributing messages to subscriber application programs in accordance with topic-based subscriptions, the broker including means for applying access controls to hierarchically organized message topics, the means for applying access controls including:
-
means for associating a scope of applicability with an access control for a first message topic; and
means for controlling the performance of an operation in accordance with the access control, wherein the means for controlling is responsive to a first scope of applicability for an access control to limit access control inheritability to less than all descendants of the first message topic in the hierarchy. - View Dependent Claims (12, 13)
-
-
14. A method for applying access controls to hierarchically organized data processing system resources, the method including:
-
associating a scope of applicability with an access control for a first resource; and
controlling the performance of an operation in accordance with the access control, wherein the step of controlling is responsive to a first scope of applicability for an access control to limit access control inheritability to less than all descendants of the first resource in the hierarchy. - View Dependent Claims (15, 16)
-
-
17. A method for evaluating access controls associated with an hierarchically organized set of data processing system resources, for use in a system in which a scope of applicability can be selected for an access control, wherein the method comprises:
-
responsive to an operation request, traversing a branch of the hierarchy corresponding to the resources of the hierarchy which are relevant to a requested operation, to identify access controls associated with the resources of the branch;
determining which of the identified access controls is applicable to the requested operation; and
controlling the requested operation in accordance with the determined applicable access controls;
wherein the step of determining the applicable access controls comprises evaluating a scope of applicability attribute associated with at least one of the identified access controls to determine which data processing system resources inherit access controls from which other resources within the hierarchy. - View Dependent Claims (18)
-
-
19. A computer program comprising program code for controlling the performance of operations on a data processing apparatus on which the program code executes, to implement a method for applying access controls to hierarchically organized data processing system resources, wherein the method includes:
-
associating a scope of applicability with an access control for a first resource; and
controlling the performance of an operation in accordance with the access control, wherein the step of controlling is responsive to a first scope of applicability for an access control to limit access control inheritability to less than all descendants of the first resource in the hierarchy. - View Dependent Claims (20)
-
Specification