Browse Prior Art Database

Method of Coalescing User Preferences When a User Can Be a Member of Multiple Groups in a Profile Management System

IP.com Disclosure Number: IPCOM000014768D
Original Publication Date: 2000-Jan-01
Included in the Prior Art Database: 2003-Jun-20
Document File: 3 page(s) / 52K

Publishing Venue

IBM

Abstract

When users can be in multiple groups in a Profile Management environment, a user may have access to an application granted either explicitly for the user or inherited from one or more groups of which the user is a member. There may be preferences for said application associated directly or indirectly (via inheritance) with any number of these contexts (a context as used here is defined as a user or user group). Disclosed is a method of coalescing these preferences into a set of preferences to be made available to the user application. An applications preference set is made up of one or more preferences for the application. Access to an application can either be permitted or denied. Individual preferences for an application can either be explicitly defined at a context or inherited. The same is true of access to the application (permit or deny). Individual preferences and application access are coalesced (default (i.e., inherited) preferences for a context are combined with preferences explicitly defined at the context to form a preference set). A preference explicitly defined at a context overrides the same preference inherited in the same context (i.e., preferences explicitly set override defaults). The same is true of access to the application (permit or deny).

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

  Method of Coalescing User Preferences When a User Can Be a Member of Multiple Groups in a Profile Management System

   When users can be in multiple groups in a Profile Management environment, a user may have access to an application granted either explicitly for the user or inherited from one or more groups of which the user is a member. There may be preferences for said application associated directly or indirectly (via inheritance) with any number of these contexts (a context as used here is defined as a user or user group). Disclosed is a method of coalescing these preferences into a set of preferences to be made available to the user application.

     An applications preference set is made up of one or more preferences for the application. Access to an application can either be permitted or denied. Individual preferences for an application can either be explicitly defined at a context or inherited. The same is true of access to the application (permit or deny).

     Individual preferences and application access are coalesced (default (i.e., inherited) preferences for a context are combined with preferences explicitly defined at the context to form a preference set).

     A preference explicitly defined at a context overrides the same preference inherited in the same context (i.e., preferences explicitly set override defaults). The same is true of access to the application (permit or deny).

     Default preferences for a group context are inherited from the groups parent. The same is true of access to the application (permit or deny).

     A group can only have one parent (with the exception of the top level group which has no parents - we will call this the "AllUsers" group for the purposes of this disclosure).

A user can be a member of multiple groups. These groups are arranged in a priority search order
. The priority order is user specific. If a user's access to an application is explicitly specified at the users context, user access to the application is either permitted or denied depending on the value specified at the users context. If application access is permitted, the default preferences for the user context come from the users highest priority group.

      If a user's access to an application is NOT explicitly specified at the users context, each group that the user is a member of is checked for permit access starting at the users highest priority group and progressing towards the users lowest priority group until a group either grants access (permit is found) or the group membership list is exhausted. If a permit is found, the default preferences for the user context come from the group that gra...