Invention Grant
US5911143A Method and system for advanced role-based access control in distributed
and centralized computer systems
失效
分布式和集中式计算机系统中高级角色访问控制的方法和系统
- Patent Title: Method and system for advanced role-based access control in distributed and centralized computer systems
- Patent Title (中): 分布式和集中式计算机系统中高级角色访问控制的方法和系统
-
Application No.: US514710Application Date: 1995-08-14
-
Publication No.: US5911143APublication Date: 1999-06-08
- Inventor: Klaus Deinhart , Virgil Gligor , Christoph Lingenfelder , Sven Lorenz
- Applicant: Klaus Deinhart , Virgil Gligor , Christoph Lingenfelder , Sven Lorenz
- Applicant Address: NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: NY Armonk
- Priority: DEX94112649 19940815
- Main IPC: G06F12/14
- IPC: G06F12/14 ; G06F1/00 ; G06F12/00 ; G06F21/00 ; G06F21/20 ; G06F21/24 ; H04L29/08 ; G06F17/30
Abstract:
A method and system for registration, authorization, and control of access rights in a computer system. Access rights of subjects on objects in a computer system are controlled using parameterized role types that can be instantiated into role instances equivalent to roles or groups. The required parameters are provided by the subject of the computer system, e.g. by a person, a job position, or an organization unit. Furthermore, relative resource sets are instantiated into concrete resource sets and individual resources by using the same parameter values as for instantiating the role types. Authorization and control of access rights include capability lists providing the access rights of the subjects on the objects of a computer system on a per subject basis. Furthermore, access control lists are derived from capability lists, so that access rights of the subjects on the respective objects are provided.
Public/Granted literature
- USD285794S Combined heat reduction fan and elapsed operation time indicator for computer Public/Granted day:1986-09-23
Information query
