Browse Prior Art Database

DYNAMIC ROLE BASED AUTHORIZATION SYSTEM AND METHOD

IP.com Disclosure Number: IPCOM000132142D
Publication Date: 2005-Dec-02

Publishing Venue

The IP.com Prior Art Database

Abstract

A system, method and computer program product are provided for role based authorization. Included is a plurality of resources and roles associated with an authorization domain. In use, access to the resources is controlled utilizing expressions that operate as a function of the roles and the resources.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 11% of the total text.

Dynamic Role Based Authorization SYSTEM AND METHOD

Field of the Invention

            The present invention relates to authorization systems, and more particularly, to authorizing access to various resources.

Background

            With the advent of general access computer networks, such as the Internet, people now have ready access to various computing and/or networking resources.  Unfortunately, some people have taken advantage of such easy access, thus requiring the development of various authorization systems for authorizing resource access. 

Various techniques are employed by such authorization systems.  For example, some systems define an access control query, which uses a data path mechanism to dynamically create additional filter criteria to attach to a target query.  As yet another example, traditional systems have also defined protection mechanism using hard-coded logic (e.g. one for protecting an account, one for sales opportunities, etc.), where restrictions are built directly into each operation or query to be protected.

Still yet, additional systems replicate relevant relational application data into an external security system.  Such security system may take the form of an LDAP repository with a security framework such as a Java authentication and authorization system (JAAS), etc.  As still yet another example, other systems have been developed which run a security check to disable an access button or the like for each protected resource.  Still other systems trap a security check from a JAAS or the like, and run a query to check permissions. 

Unfortunately, the foregoing techniques are plagued with drawbacks [Ming1] such[KJZ2]  as a lack of performance or effectiveness, possibly including, but not limited to a lack of ability to define new authorization roles during operation, a lack of ability to assign permissions dynamically during operation, etc.

There is thus a need for overcoming these and/or other problems associated with the prior art.

Summary

           

A system, method and computer program product are provided for role based authorization.  Included is a plurality of resources [Ming3] [KJZ4] and roles [Ming5] associated with an authorization domain.  In use, access to the resources is controlled utilizing expressions that operate as a function of the roles and the resources[Ming6] .

                       

Brief Description of the Drawings

Figure 1[Ming7]  illustrates[KJZ8]  a network architecture, in accordance with one embodiment. 

Figure 2 shows a representative hardware environment that may be associated with the server computers and/or client computers of Figure 1, in accordance with one embodiment. 

Figure 3 shows a framework for role based authorization, in accordance with one embodiment. 

Figure 4 shows a system for global role based authorization in the context of a customer relationship management (CRM) application, in accordance with anoth...