Method and Apparatus for Creating Custom Access Control Hierarchies
First Claim
1. A computer implemented process, responsive to an entity attempting to access a resource in a data repository, initiates a view processor component of IBM'"'"'s WEBSPHERE Virtual Member Manager, wherein the view processor performs steps comprising:
- retrieving a delegated administration path describing the location of a resource in a custom organizational hierarchy;
identifying a security policy for the resource;
identifying a security policy for an entity attempting to access the resource;
applying the security policy of the entity to the delegated administration path and security policy of the resource; and
sending the delegated administration path with the applied security policies to an authorization engine, so that access to the resource can be granted or denied.
2 Assignments
0 Petitions
Accused Products
Abstract
The Custom Access Controller adds a custom security hierarchy to the organizational data in the View Processor of WEBSPHERE Virtual Member Manager. Whenever an entity or application attempts to access a resources the access control engine starts the View Processor to identify the organizational data and assigned security policy for the resource. The assigned security policy is applied to a delegated administration path which is part of the delegated administration hierarchy but includes the appropriate path and security policy for the resource. The delegated administration path is sent to an access control engine that grants or denies access to the resource. A View Processor Interface allows network administrators to create and modify custom security hierarchies.
88 Citations
18 Claims
-
1. A computer implemented process, responsive to an entity attempting to access a resource in a data repository, initiates a view processor component of IBM'"'"'s WEBSPHERE Virtual Member Manager, wherein the view processor performs steps comprising:
-
retrieving a delegated administration path describing the location of a resource in a custom organizational hierarchy; identifying a security policy for the resource; identifying a security policy for an entity attempting to access the resource; applying the security policy of the entity to the delegated administration path and security policy of the resource; and sending the delegated administration path with the applied security policies to an authorization engine, so that access to the resource can be granted or denied. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for responding to an entity attempting to access a resource, the apparatus comprising:
-
a processor; a memory connected to the processor; an view processor component of IBM'"'"'s WEBSPHERE Virtual Member Manager running in the memory; a data repository in the memory; a resource in the data repository; a custom access controller program in the memory operable to; retrieve a delegated administration path describing the location of a resource in a custom organizational hierarchy; identify a security policy for the resource; identify a security policy for an entity attempting to access the resource; apply the security policy of the entity to the delegated administration path and security policy of the resource; and send the delegated administration path with the applied security policies to an authorization engine, so that access to the resource can be granted or denied. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer readable memory containing a plurality of instructions to cause a computer respond to an entity attempting to access a resource using a view processor component of IBM'"'"'s WEBSPHERE Virtual Member Manager, the plurality of instructions comprising:
-
a first instruction to retrieve a delegated administration path describing the location of a resource in the organizational hierarchy; a second instruction to identify a security policy for the resource; a third instruction to identify a security policy for an entity attempting to access the resource; a fourth instruction to apply the security policy of the entity to the delegated administration path and security policy of the resource; and a fifth instruction to send the delegated administration path with the applied security policies to an authorization engine, so that access to the resource can be granted or denied. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification