公开(公告)号：CA2154020A1

公开(公告)日：1996-02-16

申请号：CA2154020

申请日：1995-07-17

Applicant: IBM

Inventor： DEINHART KLAUS ,  GLIGOR VIRGIL D ,  LINGENFELDER CHRISTOPH ,  LORENZ SVEN

IPC: G06F12/14 ,  G06F1/00 ,  G06F12/00 ,  G06F21/00 ,  G06F21/20 ,  G06F21/24 ,  H04L29/08 ,  G06F13/362

Abstract: A method and system for registration, authorization, and control of access r ights in a computer system are disclosed in the present invention. The inventive method forcontrolling access rights of subjects on objects in a computer system uses parameterized role types that can be instantiated into role instances equivalent to roles or groups as known from the prior art. The required parameters are provided by the subjec t of the computer system, e.g. by a person, a job position or an organization unit. F urthermore, the inventive method provides relative resource sets which are instantiated into concrete resource sets and individual resources by using the same parameter values as forinstantiating the role types. The inventive system f or authorization and control of access rights as disclosed in the present invention comprises capability lists prov iding the access rights of the subjects on the objects of a computer system on a per subject basis. Furthermore, the inventive system comprises means for deriving access contro l lists from capability lists, wherein said access rights of the subjects on the respecti ve objects are provided .

公开(公告)号：CA2154020C

公开(公告)日：2001-10-16

申请号：CA2154020

申请日：1995-07-17

Applicant: IBM

Inventor： DEINHART KLAUS ,  GLIGOR VIRGIL D ,  LINGENFELDER CHRISTOPH ,  LORENZ SVEN

IPC: G06F12/14 ,  G06F1/00 ,  G06F12/00 ,  G06F21/00 ,  G06F21/20 ,  G06F21/24 ,  H04L29/08 ,  G06F13/362

Abstract: A method and system for registration, authorization, and control of access r ights in a computer system are disclosed in the present invention. The inventive method forcontrolling access rights of subjects on objects in a computer system uses parameterized role types that can be instantiated into role instances equivalent to roles or groups as known from the prior art. The required parameters are provided by the subjec t of the computer system, e.g. by a person, a job position or an organization unit. F urthermore, the inventive method provides relative resource sets which are instantiated into concrete resource sets and individual resources by using the same parameter values as forinstantiating the role types. The inventive system f or authorization and control of access rights as disclosed in the present invention comprises capability lists prov iding the access rights of the subjects on the objects of a computer system on a per subject basis. Furthermore, the inventive system comprises means for deriving access contro l lists from capability lists, wherein said access rights of the subjects on the respecti ve objects are provided .