Invention Grant
- Patent Title: Data driven role based security
-
Application No.: US15384675Application Date: 2016-12-20
-
Publication No.: US10367821B2Publication Date: 2019-07-30
- Inventor: Sergei Ivanov , John August Barrows
- Applicant: Microsoft Technology Licensing, LLC
- Applicant Address: US WA Redmond
- Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
- Current Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
- Current Assignee Address: US WA Redmond
- Agency: Ray Quinney & Nebeker, PC
- Agent Thomas M. Hardman; Timothy J. Churna
- Main IPC: H04L29/06
- IPC: H04L29/06 ; G06F21/00 ; G06F21/62 ; G06F21/60

Abstract:
Aspects extend to methods, systems, and computer program products for controlling performance of a requested user operation. It is determined if a requested user operation can access data on behalf of a user based on an obtained user context associated with the user. The user context identifies the location of an object representing a user relative to other objects within a hierarchical data structure. The context is used to derive a role for the user. A control expression is accessed. The control expression governs access of the requested user operation for the derived role. A set of permissions is formed for the user by evaluating the control expression using the user context and a data context for the data. The user's authorization to perform the requested user operation is determined from the set of permissions. The requested user operation is performed according to the determined user's authorization.
Public/Granted literature
- US20170111367A1 DATA DRIVEN ROLE BASED SECURITY Public/Granted day:2017-04-20
Information query