公开(公告)号：WO9945456B1

公开(公告)日：1999-11-11

申请号：PCT/US9904550

申请日：1999-03-02

Applicant: NETWORK APPLIANCE INC

Inventor： HITZ DAVID ,  BORR ANDREA ,  HAWLEY ROBERT J ,  MUHLESTEIN MARK ,  PEARSON JOAN

IPC: G06F12/00 ,  G06F1/00 ,  G06F21/41 ,  G06F21/62

CPC classification number: G06F21/6218 ,  G06F21/41 ,  G06F21/6236 ,  G06F2221/2141

Abstract: The invention provides a method and system for enforcing file access control among client devices using multiple diverse access control models and multiple diverse file server protocols. A multi-protocol file server identifies each file with one particular access control model out of a plurality of possible models, and enforces that one particular model for all accesses to that file. When the file server receives a file server request for that file using a different access control model, the file server translates the access control limits for that file into no-less-restrictive limits in the different model. The file server restricts access by the client device using the translated access control limits. Each file is assigned the access control model of the user who created the file or who last set access control limits for the file. When a user having a different access control model sets access control limits, the access control model for the file is changed to the new model. Files are organized in a tree hierarchy, in which each tree is limited to one or more access control models (which can limit the ability of users to set access control limits for files in that tree). Each tree can be limited to NT-model-only format, Unix-model-only format, or mixed NT-or-Unix-models format.

Abstract translation: 本发明提供一种用于使用多种不同的访问控制模型和多种多样的文件服务器协议来实施客户端设备之间的文件访问控制的方法和系统 多协议文件服务器使用多个可能模型中的一个特定的访问控制模型识别每个文件，并对该文件的所有访问执行该特定模型。 当文件服务器使用不同的访问控制模型接收到该文件的文件服务器请求时，文件服务器将该文件的访问控制限制转换为不同模型中的无限制限制。 文件服务器使用翻译的访问控制限制来限制客户端设备的访问。 每个文件都分配了创建文件的用户的访问控制模型，或者最后为文件设置访问控制限制的访问控制模型。 当具有不同访问控制模型的用户设置访问控制限制时，将文件的访问控制模型更改为新模型。 文件以树状层次结构组织，其中每个树被限制到一个或多个访问控制模型（这可以限制用户为该树中的文件设置访问控制限制的能力）。 每个树可以限制为仅NT型格式，仅限Unix模型格式或混合的NT或Unix模型格式。

公开(公告)号：CA2322320C

公开(公告)日：2010-02-09

申请号：CA2322320

申请日：1999-03-02

Applicant: NETWORK APPLIANCE INC

Inventor： HITZ DAVID ,  BORR ANDREA ,  HAWLEY ROBERT J ,  MUHLESTEIN MARK ,  PEARSON JOAN

IPC: G06F12/00 ,  G06F1/00 ,  G06F21/41 ,  G06F21/62

Abstract: The invention provides a method and system for enforcing file access control among client devices using multiple diverse access control models and multiple diverse file server protocols. A multi-protocol file server identifies each file with one particular access control model out of a plurality of possible models, and enforces that one particular model for all accesses to that file. When the file server receives a file server request for that file using a different access control model, the file server translates the access control limits for that file into no-less-restrictive limits in the different model. The file server restricts access by the client device using the translated access control limits. Each file is assigned the access control model of the user who created the file or who last set access control limits for the file. When a user having a different access control model sets access control limits, the access control model for the file is changed to the new model. Files are organized in a tree hierarchy, in which each tree is limited to one or more access control models (which can limit the ability of users to set access control limits for files in that tree). Each tree can be limited to NT-model-only format, Unix-model-only format, or mixed NT-or-Unix-models format.

公开(公告)号：AT317566T

公开(公告)日：2006-02-15

申请号：AT99909745

申请日：1999-03-02

Applicant: NETWORK APPLIANCE INC

Inventor： HITZ DAVID ,  BORR ANDREA ,  HAWLEY ROBERT J ,  MUHLESTEIN MARK ,  PEARSON JOAN

IPC: G06F12/00 ,  G06F1/00 ,  G06F21/41 ,  G06F21/62

公开(公告)号：CA2322320A1

公开(公告)日：1999-09-10

申请号：CA2322320

申请日：1999-03-02

Applicant: NETWORK APPLIANCE INC

Inventor： MUHLESTEIN MARK ,  HAWLEY ROBERT J ,  PEARSON JOAN ,  BORR ANDREA ,  HITZ DAVID

IPC: G06F12/00 ,  G06F1/00 ,  G06F21/41 ,  G06F21/62

Abstract: The invention provides a method and system for enforcing file access control among client devices using multiple diverse access control models and multiple diverse file server protocols. A multi-protocol file server identifies each file with one particular access control model out of a plurality of possible models, and enforces that one particular model for all accesses to that file. When the file server receives a file server request for that file using a different access control model, the file server translates the access control limits for that file into no-less-restrictive limits in the different model. The file server restricts access by the client device using the translated access control limits. Each file is assigned the access control model of the user who created the file or who last set access control limits for the file. When a user having a different access control model sets access control limits, the access control model for the file is changed to the new model. Files are organized in a tree hierarchy, in which each tree is limited to one or more access control models (which can limit the ability of users to set access control limits for files in that tree). Each tree can be limited to NTmodel-only format, Unix-model-only format, or mixed NT-or-Unix-models format.