System and method for assigning permissions to access data and perform actions in a computer system

摘要

A method for setting permissions for a group of users of a computer system. The method includes receiving data that defines a role for a first group of users, the role including one or more permissions each defining a permitted activity of the first group of users with respect to data of users in a second group of users, and setting the one or more permissions based on the defined role.

主权项

1. A computer-implemented method for setting permissions for a first group of users of a computer system, the method comprising:
receiving data through a first user interface to define a first group of users, wherein the data that defines the first group of users comprises a first group membership criterion, wherein a first user is dynamically added to the first group of users when an attribute associated with the first user satisfies the first group membership criterion and when a lock feature is not enabled, and wherein the first user is not added to the first group of users when the attribute associated with the first user satisfies the first group membership criterion and when the lock feature is enabled; receiving data through the first user interface to define a second group of users, wherein the first user interface associates a first name with the first group of users and the first user interface associates a second name with the second group of users; receiving data through a second user interface to define a role, the second user interface configured to display a plurality of categories of action-oriented permissions to a user, the action-oriented permissions each defining permitted functional actions, wherein the user selects one or more particular action-oriented permissions in one or more categories of permissions to define permitted functional actions for the role; assigning the defined role to the defined first group of users; specifying the defined second group of users as the target users of the role; and setting, by operation of a computer processor, the one or more particular action-oriented permissions based on the defined role to define permitted functional actions the first group of users can perform on information associated with the second group of users.