What technology area does this patent fall under?

Primary CPC classification G06F21/6227. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Jun 29 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Assignment and Dynamic Application of a Permission Rule to a Group of Entities

US2023205913A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2023205913-A1
Application number	US-202318175458-A
Country	US
Kind code	A1
Filing date	Feb 27, 2023
Priority date	Oct 13, 2021
Publication date	Jun 29, 2023
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods, systems, devices, and tangible non-transitory computer readable media facilitating assignment and/or dynamic application of a permission rule to a group of entities. In an example embodiment, the disclosed technology can: define a group of entities having a common attribute; assign a permission rule to the group of entities based at least in part on the common attribute; project the permission rule onto one or more entities in the group of entities based at least in part on assignment of the permission rule to the group of entities; obtain data indicative of a change in group membership status of an entity in the group of entities; and/or update a projection of the permission rule onto the entity to modify an association of the entity with the group of entities and/or the permission rule based at least in part on receipt of the data.

First claim

Opening claim text (preview).

1 .- 20 . (canceled) 21 . A computing system comprising: one or more processors; and one or more memory devices that store instructions that, when executed by the one or more processors, cause the computing system to perform operations, the operations comprising: maintaining an object database comprising multiple objects respectively corresponding to multiple entities having a plurality of attributes, the multiple objects comprising attributes that respectively correspond to the multiple entities; defining a group of entities from the multiple entities, the group of entities comprising at least one common attribute from the multiple sets of data objects; assigning a permission rule to the group of entities based at least in part on the at least one common attribute, the permission rule being indicative of an access right to access at least one of data or functionality of a computing environment, wherein based at least in part on evaluation of the permission rule a first entity to which the permission rule is assigned is granted access to the at least one of data or functionality of the computing environment and a second entity to which the permission rule is applied is denied access to the at least one of data or functionality of the computing environment; storing in a group access control list a mapping of the permission rule to the group of entities, the group access control list comprising a first class instance of a first class in an object based model; projecting the permission rule onto one or more entities in the group of entities based at least in part on assignment of the permission rule to the group of entities; storing in a group-entity access control list at least one projection of the permission rule onto the one or more entities in the group of entities, the group-entity access control list comprising a second class instance of a second class in the object based model; obtaining data indicative of a change in group membership status of an entity in the group of entities; and updating a projection of the permission rule onto the entity to modify an association of the entity with at least one of the group of entities or the permission rule based at least in part on receipt of the data indicative of the change in the group membership status of the entity. 22 . The computing system of claim 21 , wherein the group of entities comprises at least one first entity to which the permission rule is assigned and at least one second entity to which the permission rule is applied. 23 . The computing system of claim 21 , wherein the defining the group of entities from the multiple entities comprises: employing a predefined query language to query the multiple sets of data objects to identify the group of entities comprising the at least one common attribute. 24 . The computing system of claim 21 , wherein the operations further comprise: employing a predefined query language to query the multiple sets of data objects to identify at least one first entity to which the permission rule is assigned. 25 . The computing system of claim 21 , wherein the operations further comprise: employing a predefined query language to query the multiple sets of data objects to identify at least one second entity to which the permission rule is applied. 26 . The computing system of claim 21 , wherein the operations further comprise: evaluating at least one projection of the permission rule onto the one or more entities in the group of entities to determine whether the permission rule is assigned or applied to the one or more entities. 27 . The computing system of claim 26 , wherein the operations further comprise: granting access to at least one of data or functionality of a computing environment based at least in part on a determination that the permission rule is assigned to the one or more entities. 28 . A computer-implemented method to assign and dynamically apply a permission rule to a group of entities, the computer-implemented method comprising: maintaining, by a computing system operatively coupled to one or more processors, multiple sets of data objects respectively corresponding to multiple entities having a plurality of attributes, the multiple objects comprising attributes that respectively correspond to the multiple entities; defining, by the computing system, a group of entities from the multiple entities, the group of entities comprising at least one common attribute from the multiple sets of data objects; assigning, by the computing system, a permission rule to the group of entities based at least in part on the at least one common attribute, the permission rule being indicative of an access right to access at least one of data or functionality of a computing environment, wherein based at least in part on evaluation of the permission rule a first entity to which the permission rule is assigned is granted access to the at least one of data or functionality of the computing environment and a second entity to which the permission rule is applied is denied access to the at least one of data or functionality of the computing environment; storing, by the computing system, in a group-entity access control list at least one projection of the permission rule onto the one or more entities in the group of entities, the group-entity access control list comprising a second class instance of a second class in the object based model; obtaining, by the computing system, data indicative of a change in group membership status of an entity in the group of entities; and updating, by the computing system, a projection of the permission rule onto the entity to modify an association of the entity with at least one of the group of entities or the permission rule based at least in part on receipt of the data indicative of the change in the group membership status of the entity. 29 . The computer-implemented method of claim 28 , wherein the group of entities comprises at least one first entity to which the permission rule is assigned and at least one second entity to which the permission rule is applied. 30 . The computer-implemented method of claim 28 , wherein the defining, by the computing system, the group of entities from the multiple entities comprises: employing, by the computing system, a predefined query language to query the multiple sets of data objects to identify the group of entities comprising the at least one common attribute. 31 . The computer-implemented method of claim 28 , further comprising: employing, by the computing system, a predefined query language to query the multiple sets of data objects to identify at least one of: one or more first entities to which the permission rule is assigned; or one or more second entities to which the permission rule is applied. 32 . The computer-implemented method of claim 28 , further comprising: evaluating, by the computing system, at least one projection of the permission rule onto the one or more entities in the group of entities to determine whether the permission rule is assigned or applied to the one or more entities. 33 . One or more tangible non-transitory computer-readable media storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform operations, the operations comprising: maintaining an object database comprising multiple objects respectively corresponding to multiple entities having a plurality of attributes, the multiple objects comprising attributes that respectively correspond to the multiple entities; defining a group of entities from the multiple entities, the group of entities compri

Assignees

People Center Inc

Inventors

Classifications

G06F16/2433
Query languages · CPC title
G06F16/289
Object oriented databases · CPC title
G06F21/6227Primary
where protection concerns the structure of data, e.g. records, types, queries · CPC title
G06F21/62Primary
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
G06F21/604
Tools and structures for managing or administering access control systems · CPC title

Patent family

Related publications grouped by family.

View patent family 84246235

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2023205913A1 cover?: Methods, systems, devices, and tangible non-transitory computer readable media facilitating assignment and/or dynamic application of a permission rule to a group of entities. In an example embodiment, the disclosed technology can: define a group of entities having a common attribute; assign a permission rule to the group of entities based at least in part on the common attribute; project the pe…
Who is the assignee on this patent?: People Center Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/6227. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Jun 29 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).