首页>
外国专利>
method and system for enhanced access control based on roles in distributed and centralized computer systems
method and system for enhanced access control based on roles in distributed and centralized computer systems
展开▼
机译:分布式和集中式计算机系统中基于角色的增强访问控制的方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method and system for registration, authorization, and control of access rights in a computer system are disclosed in the present invention. The inventive method for controlling access rights of subjects (1) on objects (4) in a computer system uses parameterized role types (2) that can be instantiated into role instances (4) equivalent to roles or groups as known from the prior art. The required parameters are provided by the subject (1) of the computer system, e.g. by a person (5), a job position (6) or an organization unit (7). Furthermore, the inventive method provides relative resource sets (8) which are instantiated into concrete resource sets (9) and individual resources (10) by using the same parameter values as for instantiating the role types. The inventive system for authorization and control of access rights as disclosed in the present invention comprises capability lists (30) providing the access rights of the subjects (1) on the objects (4) of a computer system on a per-subject basis. Furthermore, the inventive system comprises means for deriving (32) access control lists (31) from capability lists (30), wherein said access rights of the subjects (1) on the respective objects (4) are provided. MATH
展开▼