Method and apparatus for extensible security authorization grouping
First Claim
1. An apparatus for use in a computer system including a plurality of users and a plurality of software products, including first and second software products, each for performing at least one action with respect to an object, the apparatus comprising:
- a group service having a store of groups, each group including at least one of the plurality of users; and
an authorization service that determines, based on permission information, permission for one of the plurality of users to perform a first action using a first software product with respect to a first object, and that determines permission for one of the plurality of users to perform a second action using a second software product with respect to a second object, the permission information indicating authorization for at least one group or user to perform at least one action with respect to an object for the plurality of software products;
wherein access to the first and second objects is unrestricted by a systems administrator.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing an extensible grouping mechanism for security applications for use in a computer system. Groups may be established and maintained by non-system administrators and used to control actions that are taken with respect to objects, such as files and other resources. The groups and associated security functions may be implemented across a plurality of different software products and optionally integrated into an existing security mechanism maintained by system administrators. Software products used in the system may be arranged to request authorization to perform requested actions with respect to objects access to which is not controlled by a systems administrator.
34 Citations
20 Claims
-
1. An apparatus for use in a computer system including a plurality of users and a plurality of software products, including first and second software products, each for performing at least one action with respect to an object, the apparatus comprising:
-
a group service having a store of groups, each group including at least one of the plurality of users; and
an authorization service that determines, based on permission information, permission for one of the plurality of users to perform a first action using a first software product with respect to a first object, and that determines permission for one of the plurality of users to perform a second action using a second software product with respect to a second object, the permission information indicating authorization for at least one group or user to perform at least one action with respect to an object for the plurality of software products;
wherein access to the first and second objects is unrestricted by a systems administrator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
-
-
11. An apparatus for use in a computer system including a plurality of users and a plurality of software products, including first and second software products, each for performing at least one action with respect to an object, the apparatus comprising:
-
a group service having a store of groups, each group including at least one of the plurality of users; and
an authorization service that determines permission for at least one user to perform an action with respect to an object based on permission information, the permission information indicating at least one action that may be performed with respect to an object by at least one group or user;
wherein at least one non-system administrator defines at least some of the permission information to assign authorization to one or more groups or users to perform a first action with respect to a first object using a first software product, and wherein at least one non-system administrator assigns authorization to one or more groups or users to perform a second action with respect to a second object using second software product. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method for operating a computer system, comprising:
-
receiving a first request regarding a first action requested to be performed by a first user with respect to a first object using a first software product, access to the first object being unrestricted by permissions established by a systems administrator;
determining authorization for the first user to perform the first action using the first software product based on at least one group that the first user is associated with and permission information defining authorization for at least one group to perform at least one action with respect to at least one object;
receiving a second request regarding a second action requested to be performed by a second user with respect to a second object using a second software product, access to the second object being unrestricted by permissions established by a systems administrator; and
determining authorization for the second user to perform the second action using the second software product based on at least one group that the second user is associated with and the permission information. - View Dependent Claims (18, 19, 20)
-
Specification