Data driven role based security
US10367821B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 20, 2016 |
| Grant date | Jul 30, 2019 |
| Priority date | — |
| Expiry date | Jul 27, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2141
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Aspects extend to methods, systems, and computer program products for controlling performance of a requested user operation. It is determined if a requested user operation can access data on behalf of a user based on an obtained user context associated with the user. The user context identifies the location of an object representing a user relative to other objects within a hierarchical data structure. The context is used to derive a role for the user. A control expression is accessed. The control expression governs access of the requested user operation for the derived role. A set of permissions is formed for the user by evaluating the control expression using the user context and a data context for the data. The user's authorization to perform the requested user operation is determined from the set of permissions. The requested user operation is performed according to the determined user's authorization.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.