System and method for role based access control in a content management system

摘要

Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dynamically determined at runtime. Furthermore, as new resources are added, they can be assigned to a pre-existing protection class. The new resource may thus automatically inherit the various permissions and roles attached to the protection class.

主权项

1. A computer-implemented method comprising:
receiving, by at least one processor of a library server, a request from a requestor client to access a resource from a resource manager database; retrieving, by the at least one processor of the library server, a role of the requestor client from an access control server for accessing the database; permitting, by the at least one processor of the library server, the requestor client to access a resource based on the role of the requestor client, a protection class to which the resource belongs and a set of privileges, wherein the protection class comprises a set of resources that share an access control policy independent of any relationships among resources; and wherein the role is correlated to the set of privileges within the protection class, and wherein the protection class dynamically binds the set of resources such that the set of privileges to the role is implicitly derived during run time from the privileges associated with the protection class bound to the role.