Browse Prior Art Database

A Reusable Component that Manages and Enforces User Privileges in Software Applications

IP.com Disclosure Number: IPCOM000010704D
Original Publication Date: 2003-Jan-09
Included in the Prior Art Database: 2003-Jan-09
Document File: 2 page(s) / 55K

Publishing Venue

IBM

Abstract

The User Privilege Component is a software module that can be used to manage and enforce user privileges (also called permissions) in a software program. It is application independent, and can resolve a fairly complex set of permission rules with a single database query and very little application logic.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 2

  A Reusable Component that Manages and Enforces User Privileges in Software Applications

  Disclosed is a software module, herein called the User Privilege Component, that is used to manage and enforce user privileges (also called permissions) in a software program. Its primary benefit is its ability to resolve a fairly complex set of permission rules with a single database query and very little application logic. Another benefit is its application independence.

The key to understanding the User Privilege Component is the following simple data model:

A "factor" can be thought of as a "user attribute" because it is something that is known about a user who logs in. Examples are user ID, the user's country, the user's job classification, and so forth. A "privilege" is something that might be permitted or prohibited to a user. Examples could be the ability to log in, to use the administrative interface, or to access a particular set of files or data. An entry in the FACTOR_PRIVILEGE table maps a factor (that is, user attribute) to a privilege.

1

[This page contains 1 picture or other non-text object]

Page 2 of 2

Below are some example FACTOR_PRIVILEGE entries:

FACTOR_I D

FACTOR_V APP_IDALUE PRIV_ID PRIV_VALUE WEIGHT ENABLE_1_DISABLE_

0

country Canada reportomati c

job_class contractor reportomati
c

user_id janedoe reportomati
c

view_folder reports/inve 5ntory 1


view_folder reports/inve
6ntory 0


view_folder reports/inve
7ntory 1

The ENABLE_1_DISABLE_0 flag is used to explici...