Browse Prior Art Database

Performing Hierarchical Authorizations

IP.com Disclosure Number: IPCOM000121856D
Original Publication Date: 1991-Oct-01
Included in the Prior Art Database: 2005-Apr-03
Document File: 2 page(s) / 74K

Publishing Venue

IBM

Related People

Hultquist, SS: AUTHOR

Abstract

This article describes a hierarchical scheme based on multiple attributes assigned to users and an algorithm for storing and checking authorizations of a user database on the attributes and the item to which the user is requesting access.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Performing Hierarchical Authorizations

      This article describes a hierarchical scheme based on
multiple attributes assigned to users and an algorithm for storing
and checking authorizations of a user database on the attributes and
the item to which the user is requesting access.

      In a system which provides access to sensitive information,
there is a need to filter requests based on attributes assigned to
the requesting user.  Among these attributes are the location of the
user, i.e., system, the identification of the user, i.e., userid, and
membership within a certain group, i.e., work group .  The items to
which users request access are referred to as documents although they
may include any kind of data storable on a computer.  Each document
is of a particular document type . Documents are stored in various
states, referred to as document status .

      Authorization is based on the values of the above-described
attributes, i.e., system, work group, user type, userid, document
type, and document status .  To assign authorities, these attributes
are searched as follows: user-type authorities, work group
authorities, and any other individual authorities.  Thus, for each
user, there is a list of document types and, for each type, each
possible status.  Therefore, for each pair of document type and
document status, the user may have authority, for example, to browse,
to print, to add, to modify, or to delete documents of the document
type and status.  (Other user operations are possible.)

      An algorithm using the IBM Restructured Extended Executor
(REXX) language controls the storage and retrieval of the
authorization information.  The basic information about
authorizations is stored in a tabular relational database management
system.  The storage and manipulation of the authorizations within
the computer memory is the principal foc...