Method for performing group exclusion in hierarchical group structures
First Claim
Patent Images
1. In a distributed computing system having a system resource,(A) in which a plurality of principals are divided into a plurality of groups including a first group which is one subgroup of a second group which includes other subgroups;
- and(B) in which principals derive their membership in the second group through membership in at least one of the subgroups;
a method for denying principal'"'"'s solely in the first group access to the resource comprising the steps of;
(a) receiving a request from a principal for access to the system resource;
(b) determining whether the requesting principal is a member of one of the subgroups not the first group; and
(c) denying the requesting principal access to the resource if the principal is not a member of one of the other subgroups, whereby principal solely in the first group are denied access to the resource.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for denying a first group access to a system resource wherein a second group is selected such that the first group is a subgroup of the second group. Access is granted only to those members of the second group who do not derive their membership in the second group through their membership in the first group.
300 Citations
3 Claims
-
1. In a distributed computing system having a system resource,
(A) in which a plurality of principals are divided into a plurality of groups including a first group which is one subgroup of a second group which includes other subgroups; - and
(B) in which principals derive their membership in the second group through membership in at least one of the subgroups; a method for denying principal'"'"'s solely in the first group access to the resource comprising the steps of; (a) receiving a request from a principal for access to the system resource; (b) determining whether the requesting principal is a member of one of the subgroups not the first group; and (c) denying the requesting principal access to the resource if the principal is not a member of one of the other subgroups, whereby principal solely in the first group are denied access to the resource.
- and
-
2. In a distributed computing system having a system resource,
(A) in which a plurality of principals are divided into a plurality of groups including a first group which is one subgroup of a second group which includes other subgroups; - and
(B) in which principals derive their membership in the second group through membership in at least one of the subgroups; a method for denying principals solely in the first group access to the resource comprising the steps of; (a) receiving a request from a principal for access to the system resource; (b) determining whether the requesting principal derives its membership in the second group solely through its membership in the first group; and (c) granting the requesting principal access to the resource if the principal does not derive its membership in the second group solely through membership in the first group. - View Dependent Claims (3)
- and
Specification