-
公开(公告)号:CA2154020A1
公开(公告)日:1996-02-16
申请号:CA2154020
申请日:1995-07-17
Applicant: IBM
Inventor: DEINHART KLAUS , GLIGOR VIRGIL D , LINGENFELDER CHRISTOPH , LORENZ SVEN
Abstract: A method and system for registration, authorization, and control of access r ights in a computer system are disclosed in the present invention. The inventive method forcontrolling access rights of subjects on objects in a computer system uses parameterized role types that can be instantiated into role instances equivalent to roles or groups as known from the prior art. The required parameters are provided by the subjec t of the computer system, e.g. by a person, a job position or an organization unit. F urthermore, the inventive method provides relative resource sets which are instantiated into concrete resource sets and individual resources by using the same parameter values as forinstantiating the role types. The inventive system f or authorization and control of access rights as disclosed in the present invention comprises capability lists prov iding the access rights of the subjects on the objects of a computer system on a per subject basis. Furthermore, the inventive system comprises means for deriving access contro l lists from capability lists, wherein said access rights of the subjects on the respecti ve objects are provided .
-
公开(公告)号:DE69427347T2
公开(公告)日:2001-10-31
申请号:DE69427347
申请日:1994-08-15
Applicant: IBM
Inventor: DEINHART KLAUS , GLIGOR VIRGIL D , LINGENFELDER DR , LORENZ DR
Abstract: A method and system for registration, authorization, and control of access rights in a computer system are disclosed in the present invention. The inventive method for controlling access rights of subjects (1) on objects (4) in a computer system uses parameterized role types (2) that can be instantiated into role instances (4) equivalent to roles or groups as known from the prior art. The required parameters are provided by the subject (1) of the computer system, e.g. by a person (5), a job position (6) or an organization unit (7). Furthermore, the inventive method provides relative resource sets (8) which are instantiated into concrete resource sets (9) and individual resources (10) by using the same parameter values as for instantiating the role types. The inventive system for authorization and control of access rights as disclosed in the present invention comprises capability lists (30) providing the access rights of the subjects (1) on the objects (4) of a computer system on a per-subject basis. Furthermore, the inventive system comprises means for deriving (32) access control lists (31) from capability lists (30), wherein said access rights of the subjects (1) on the respective objects (4) are provided.
-
公开(公告)号:CA2154020C
公开(公告)日:2001-10-16
申请号:CA2154020
申请日:1995-07-17
Applicant: IBM
Inventor: DEINHART KLAUS , GLIGOR VIRGIL D , LINGENFELDER CHRISTOPH , LORENZ SVEN
Abstract: A method and system for registration, authorization, and control of access r ights in a computer system are disclosed in the present invention. The inventive method forcontrolling access rights of subjects on objects in a computer system uses parameterized role types that can be instantiated into role instances equivalent to roles or groups as known from the prior art. The required parameters are provided by the subjec t of the computer system, e.g. by a person, a job position or an organization unit. F urthermore, the inventive method provides relative resource sets which are instantiated into concrete resource sets and individual resources by using the same parameter values as forinstantiating the role types. The inventive system f or authorization and control of access rights as disclosed in the present invention comprises capability lists prov iding the access rights of the subjects on the objects of a computer system on a per subject basis. Furthermore, the inventive system comprises means for deriving access contro l lists from capability lists, wherein said access rights of the subjects on the respecti ve objects are provided .
-
公开(公告)号:DE69427347D1
公开(公告)日:2001-07-05
申请号:DE69427347
申请日:1994-08-15
Applicant: IBM
Inventor: DEINHART KLAUS , GLIGOR VIRGIL D , LINGENFELDER DR , LORENZ DR
Abstract: A method and system for registration, authorization, and control of access rights in a computer system are disclosed in the present invention. The inventive method for controlling access rights of subjects (1) on objects (4) in a computer system uses parameterized role types (2) that can be instantiated into role instances (4) equivalent to roles or groups as known from the prior art. The required parameters are provided by the subject (1) of the computer system, e.g. by a person (5), a job position (6) or an organization unit (7). Furthermore, the inventive method provides relative resource sets (8) which are instantiated into concrete resource sets (9) and individual resources (10) by using the same parameter values as for instantiating the role types. The inventive system for authorization and control of access rights as disclosed in the present invention comprises capability lists (30) providing the access rights of the subjects (1) on the objects (4) of a computer system on a per-subject basis. Furthermore, the inventive system comprises means for deriving (32) access control lists (31) from capability lists (30), wherein said access rights of the subjects (1) on the respective objects (4) are provided.
-
-
-
Search Results
4
records
(took 0.017 seconds)
