| 发明名称 |
DATA DRIVEN ROLE BASED SECURITY |
| 摘要 |
Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access. |
| 申请公布号 |
US2014351892(A1) |
申请公布日期 |
2014.11.27 |
| 申请号 |
US201414457045 |
申请日期 |
2014.08.11 |
| 申请人 |
Microsoft Corporation |
发明人 |
Ivanov Sergei;Barrows John August |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. At a computer system, a method for determining access to a computing object, the method comprising:
accessing a data context in connection with potential access to the computing object by a user identity; defining a derived role for the user identity based on at least one aspect of the data context; receiving a request to access the computing object; forming a set of permissions for the computing object by evaluating a control expression governing access to the computing object based on the derived role; and determining the user identity's access to the computing object in accordance with the set of permissions. |
| 地址 |
Redmond WA US |
