DYNAMIC ROLE BASED AUTHORIZATION SYSTEM AND METHOD
Publication Date: 2005-Dec-02
The IP.com Prior Art Database
A system, method and computer program product are provided for role based authorization. Included is a plurality of resources and roles associated with an authorization domain. In use, access to the resources is controlled utilizing expressions that operate as a function of the roles and the resources.
Field of the Invention
The present invention relates to authorization systems, and more particularly, to authorizing access to various resources.
With the advent of general access computer networks, such as the Internet, people now have ready access to various computing and/or networking resources. Unfortunately, some people have taken advantage of such easy access, thus requiring the development of various authorization systems for authorizing resource access.
Various techniques are employed by such authorization systems. For example, some systems define an access control query, which uses a data path mechanism to dynamically create additional filter criteria to attach to a target query. As yet another example, traditional systems have also defined protection mechanism using hard-coded logic (e.g. one for protecting an account, one for sales opportunities, etc.), where restrictions are built directly into each operation or query to be protected.
Still yet, additional systems replicate relevant relational application data into an external security system. Such security system may take the form of an LDAP repository with a security framework such as a Java authentication and authorization system (JAAS), etc. As still yet another example, other systems have been developed which run a security check to disable an access button or the like for each protected resource. Still other systems trap a security check from a JAAS or the like, and run a query to check permissions.
Unfortunately, the foregoing techniques are plagued with drawbacks [Ming1] such[KJZ2] as a lack of performance or effectiveness, possibly including, but not limited to a lack of ability to define new authorization roles during operation, a lack of ability to assign permissions dynamically during operation, etc.
There is thus a need for overcoming these and/or other problems associated with the prior art.
A system, method and computer program product are provided for role based authorization. Included is a plurality of resources [Ming3] [KJZ4] and roles [Ming5] associated with an authorization domain. In use, access to the resources is controlled utilizing expressions that operate as a function of the roles and the resources[Ming6] .
Brief Description of the Drawings
Figure 1[Ming7] illustrates[KJZ8] a network architecture, in accordance with one embodiment.
Figure 2 shows a representative hardware environment that may be associated with the server computers and/or client computers of Figure 1, in accordance with one embodiment.
Figure 3 shows a framework for role based authorization, in accordance with one embodiment.
Figure 4 shows a system for global role based authorization in the context of a customer relationship management (CRM) application, in accordance with anoth...