| 发明名称 |
SYSTEM AND METHOD FOR MAINTENANCE OF TRANSITIVE CLOSURE OF A GRAPH AND USER AUTHENTICATION |
| 摘要 |
A user authorization system may include a database server maintaining, in a database, a cached user rights list specifying associations between users and related entities from which the users inherit rights and an access control list specifying permissions of entities to access objects. A server may receive a request from a user to access an object and pass access information to the database server. The database server may filter the access control list based on the cached user rights list to generate a filtered access control list specifying permissions to the object for the user and return the filtered access control list to the server. The server may then utilize the filtered access control list returned from the database server to determine whether the user has permission to access the object. |
| 申请公布号 |
US2015281248(A1) |
申请公布日期 |
2015.10.01 |
| 申请号 |
US201514668686 |
申请日期 |
2015.03.25 |
| 申请人 |
OPEN TEXT S.A. |
发明人 |
Obbard Geoffrey Michael |
| 分类号 |
H04L29/06;G06F17/30;G06F21/62 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A user authorization system comprising:
a database server maintaining a cached user rights list and an access control list in a database embodied on non-transitory computer memory, the user rights list comprising associations between users and related entities from which the users inherit rights and the access control list specifying permissions of entities to access objects; and an authorization server coupled to the database server via a network, the authorization server configured to:
receive a request from a user; andinteract with the database server to cause the database server to perform:
determining a new transitive closure for the user based on a directed graph of associations between entities in the database;determining a delete user rights record by:
comparing the cached user rights list and the new transitive closure;determining a first transitive closure path for an entity that is not specified in the new transitive closure and that is specified in the user rights list; andselecting as the delete user rights record a record specifying the first transitive closure path; anddeleting the delete user rights record from the cached user rights list. |
| 地址 |
Luxembourg LU |
