Relationship-Based Authorization

摘要

Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access.

主权项

1. A non-transitory computer program product, tangibly embodied in a computer-readable media, the computer program product comprising instructions to cause data processing apparatus to perform operations comprising:
receiving data characterizing a request for authorization to access a computer-based resource by a principal; determining whether the requesting principal is authorized for the access to the computer-based resource, the determining comprising:
determining whether the requesting principal has a relationship with a principal that has management rights of access to the computer-based resource; anddetermining whether the relationship allows for the access to the computer-based resource if the requesting principal has a relationship with the principal that has management rights; otherwise, determining whether an organization of the requesting principal has a relationship, with the principal that has management rights, that allows for the access; and providing authorization for the requesting principal to the computer-based resource.