| 发明名称 |
Managing access to class objects in a system utilizing a role-based access control framework |
| 摘要 |
According to one aspect of the present disclosure a system and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The system includes a memory and a processor coupled to the memory, wherein the processor is configured to: determine, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; create a privilege shell for a user running the application; set the determined privilege on the privilege shell; associate an authorization to the privilege shell; and invoke the privilege shell to run the application by the user. |
| 申请公布号 |
US8955057(B2) |
申请公布日期 |
2015.02.10 |
| 申请号 |
US201213653504 |
申请日期 |
2012.10.17 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Desai Saurabh;Ranganathan Vidya |
| 分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
Baudino James L. |
| 主权项 |
1. A system, comprising:
a memory; and a processor coupled to the memory, wherein the processor is configured to:
determine, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class;for a plurality of users running the application where the users utilize different functions of the application, determine the object classes of the application for each function of the application utilized by each respective user;create a privilege shell for each user;set the determined privileges on the respective privilege shells based on the function utilized by the respective users;associate an authorization to each respective privilege shell; andinvoke the respective privilege shell to run the application by the respective user. |
| 地址 |
Armonk NY US |
