Control of access rights in a networked system with data processing

摘要

The invention relates to a method for computer-aided administration of authorizations or access rights in a networked system with data processing. The method is based on a subdivision or grouping of objects (O, ..., Ot) of the system, such as Files, devices, application programs, ... in object groups. The affiliation to an object group decides whether a user (N, ..., N) is granted or denied access rights to an object (O, ..., Ot). The object groups are formed using rules that relate to at least one property of the objects (O, ..., O), in particular a property that changes over time. The affiliation of the objects (O, ..., Ot) to an object group is continuously updated so that only objects (O, ..., Ot) with certain properties can be accessed. This makes the administration of access rights safer and easier, since hierarchical organizational structures are no longer required. The process is particularly suitable for safety-critical systems such as supply systems for district heating, natural gas, electricity or water or process engineering systems.