Enterprise Security Management System Using Hierarchical Organization and Multiple Ownership Structure
First Claim
1. A method comprising:
- assigning a first set of identifiers to a first set of users;
assigning a second set of identifiers to each of the first set of users, the second set of identifiers associating a respective one of the first set of users with at least one of a second set of users where the at least one of the second set of users is granted permission to access one or more files associated with the respective one of the first set of users;
receiving a request from a requestor among the second set of users to access a network resource associated with one of the first set of users;
determining whether the requestor has permission to access the network resource;
determining which privileges the requestor is given relative to the network resource if the requestor has permission to access the network resource; and
providing the requestor with the network resource based on the determined privilege.
6 Assignments
0 Petitions
Accused Products
Abstract
A hierarchical security model for networked computer users is described. Files and resources are controlled or created by users within the network. Each user within the network has an account that is managed by a network administrator. The account specifies the user identifier and password. Users are grouped into organizations depending upon function or other organizational parameter. The groups within the network are organized hierarchically in terms of access and control privileges. Users within a higher level group may exercise access and control privileges over files or resources owned by users in a lower level group. The account for each user further specifies the group that the owner belongs to and an identifier for any higher level groups that have access privileges over the user'"'"'s group. All users within a group inherit the rights and restrictions of the group.
29 Citations
19 Claims
-
1. A method comprising:
-
assigning a first set of identifiers to a first set of users; assigning a second set of identifiers to each of the first set of users, the second set of identifiers associating a respective one of the first set of users with at least one of a second set of users where the at least one of the second set of users is granted permission to access one or more files associated with the respective one of the first set of users; receiving a request from a requestor among the second set of users to access a network resource associated with one of the first set of users; determining whether the requestor has permission to access the network resource; determining which privileges the requestor is given relative to the network resource if the requestor has permission to access the network resource; and providing the requestor with the network resource based on the determined privilege. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of organizing users in an enterprise, the method comprising:
-
assigning a user identifier and password to at least one user of a plurality of users; assigning a group identifier to the at least one user for associating with a group; specifying a parent group identifier for the group assigned to the at least one user, the parent group identifier identifying a parent group containing one or more superior users who have access to resources owned by the at least one user. - View Dependent Claims (10, 11)
-
-
12. A system comprising:
-
a plurality of first devices; and a server coupled with the plurality of first devices through a network, wherein the server is configured to; assign a first set of identifiers to the plurality of first devices; assign a second set of identifiers to each of the plurality of first devices, the second set of identifiers associating a respective one of the plurality of first devices with at least one of a plurality of second devices, where the at least one of the plurality of second devices is granted permission to access one or more files associated with the respective one of the plurality of first devices; receive a request from a requestor to access a network resource; determine whether the requestor has permission to access the network resource; determine which privileges the requestor is given relative to the network resource if the requestor has permission to access the network resource; and provide the requestor with the network resource based on the determined privilege. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification