Who is the assignee on this patent?

Beedubail Ganesha, Choy David Mun-Hien, Hsiao Hui-I, and 3 more

What technology area does this patent fall under?

Primary CPC classification H04L63/102. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Sep 27 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

System and method for role based access control in a content management system

US9455990B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9455990-B2
Application number	US-45927606-A
Country	US
Kind code	B2
Filing date	Jul 21, 2006
Priority date	Jul 21, 2006
Publication date	Sep 27, 2016
Grant date	Sep 27, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dynamically determined at runtime. Furthermore, as new resources are added, they can be assigned to a pre-existing protection class. The new resource may thus automatically inherit the various permissions and roles attached to the protection class.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method comprising: receiving, by at least one processor of a library server, a request from a requestor client to access a resource from a resource manager database; retrieving, by the at least one processor of the library server, a role of the requestor client from an access control server for accessing the database; permitting, by the at least one processor of the library server, the requestor client to access a resource based on the role of the requestor client, a protection class to which the resource belongs and a set of privileges, wherein the protection class comprises a set of resources that share an access control policy independent of any relationships among resources; and wherein the role is correlated to the set of privileges within the protection class, and wherein the protection class dynamically binds the set of resources such that the set of privileges to the role is implicitly derived during run time from the privileges associated with the protection class bound to the role. 2. The method of claim 1 , wherein permitting the requestor client to access the resource further comprises permitting the requestor client to perform a set of operations on the resource. 3. The method of claim 1 , wherein permitting the requestor client to access the resource further comprises dynamically determining the set of privileges that are granted to the role at runtime. 4. The method of claim 1 , wherein permitting the requestor client to access the resource further comprises identifying a pointer to the protection class. 5. The method of claim 1 , wherein permitting the requestor client to access the resource further comprises determining a plurality of protection classes of the resource. 6. The method of claim 1 , wherein permitting the requestor client to access the resource further comprises receiving a list of protection classes attached to information about the requested access to the resource. 7. The method of claim 1 , wherein the protection class is based on a document type of the resource, wherein resources of a first document type are classified as a first protection class, and resources of a second document type are classified as a second protection class. 8. The computer-implemented method of claim 1 , wherein the permitting the requestor client to access the resource comprises: determining the protection class of the resource and the role of the user by querying a database table that contains information on protection classes and roles; determining privileges that are granted to the role for the protection class to which the resource belongs based on a result of the querying the database table; and permitting access to the resource based on the determined privileges. 9. A library server comprising: a hardware processor configured to: receive a request from a requestor client to access a resource from the resource manager database; retrieve a role of the requestor client from an access control server for accessing the database; permit the requestor client to access the resource based on the role of the requestor client, a protection class to which the resource belongs and a set of privileges, wherein the protection class comprises a set of resources that share an access control policy independent of any relationships among resources; and wherein the role is correlated to the set of privileges within the protection class, and wherein the protection class dynamically binds the set of resources such that the set of privileges to the role is implicitly derived during run time from the privileges associated with the protection class bound to the role. 10. A computer readable storage medium, the computer readable storage medium not being a signal, comprising executable instructions for performing a method comprising: receiving, by at least one processor of a library server, a request from a requestor client to access a resource from a database; retrieving, by the at least one processor of the library server, a role of the requestor client from an access control server for accessing the database; permitting, by the at least one processor of the library server, the requestor client to access a resource based on the role of the requestor client, a protection class to which the resource belongs and a set of privileges, wherein the protection class comprises a set of resources that share an access control policy independent of any relationships among resources; and wherein the role is correlated to the set of privileges within the protection class, and wherein the protection class dynamically binds the set of resources such that the set of privileges to the role is implicitly derived during run time from the privileges associated with the protection class bound to the role. 11. A computer-implemented method comprising: receiving, by at least one processor of a library server, a request to add a resource to a resource manager database from a requestor client; determining, by the at least one processor, a protection class for the resource, the protection class comprising a set of resources that share an access control policy independent of any relationships among resources; assigning, by at least one processor of the library server, the resource to the protection class; and assigning, by the at least one processor of the library server, a set of privileges associated with the protection class to a role, wherein the role is correlated to the set of privileges within the protection class, and wherein the protection class dynamically binds the set of resources such that the set of privileges to the role is implicitly derived during run time from the privileges associated with the protection class bound to the role. 12. The method of claim 11 , wherein assigning the resource to the protection class further comprises receiving an input from a requestor client that indicates the protection class. 13. The method of claim 11 , wherein assigning the resource to the protection class further comprises automatically assigning the resource to the protection class based on a characteristic of the resource. 14. The method of claim 13 , wherein assigning the resource to the protection class further comprises assigning the resource to the protection class based on a name of the resource. 15. The method of claim 13 , wherein assigning the resource to the protection class further comprises assigning the resource to the protection class based on a file type of the resource. 16. The method of claim 13 , wherein assigning the resource to the protection class further comprises assigning the resource to the protection class based on a role of a requestor client that requested assigning of the resource. 17. The method of claim 13 , wherein assigning the resource to protection class further comprises assigning the resource to the protection class based on a storage location of the resource. 18. A library server comprising: a hardware processor configured to: receive a request to add a resource to a resource manager database from a requestor client; determine a protection class for the resource, the protection class comprising a set of resources that share an access control policy independent of any relationships among resources; assign the resource to the protection class; and assign a set of privileges associated with the protection class to a role, wherein the role is correlated to the set of privileges within the protection class, and wherein the protection class dynamically binds the set of reso

Assignees

Inventors

Classifications

H04L63/101
Access control lists [ACL] · CPC title
H04L63/0428
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
G06F21/6227
where protection concerns the structure of data, e.g. records, types, queries · CPC title
H04L63/08
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
H04L63/102Primary
Entity profiles · CPC title

Patent family

Related publications grouped by family.

View patent family 38972903

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9455990B2 cover?: Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dyn…
Who is the assignee on this patent?: Beedubail Ganesha, Choy David Mun-Hien, Hsiao Hui-I, and 3 more
What technology area does this patent fall under?: Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Sep 27 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).