Method and system for managing object level security using an object definition hierarchy

摘要

In one embodiment the present invention includes a computer-implemented method comprising receiving a request from a user to perform an action on a first object in a software application, accessing a predefined hierarchy of a plurality of different object definitions, accessing user authorization data, and granting the user permission to perform the action on said first object, wherein the permission is determined from the predefined hierarchy and the user authorization data, wherein determining the permission includes traversing the predefined hierarchy.

主权项

1. A computer-implemented method comprising:
receiving, by a computer system, a request from a user to perform an action on a first object in a plurality of objects in a software application; accessing, by the computer system, a predefined hierarchy of a plurality of different object definitions, wherein said first object is an instance of a first object definition in the predefined hierarchy; determining, by the computer system, an attribute of the first object comprising a second object, wherein the second object is a particular instance of a second object definition, wherein said second object definition is an ancestor of said first object definition in the predefined hierarchy, and wherein the attribute defines an association between the first object and the second object that is independent of the predefined hierarchy; accessing, by the computer system, user authorization data; determining, by the computer system, permission of the user to perform said action; and granting, by the computer system, the user permission to perform the action on said first object, wherein the permission is determined from the predefined hierarchy of the plurality of different object definitions, the attribute, and the user authorization data, and wherein the user is granted permission to perform the action on said first object if the user authorization data grants the user permission to perform the action on the first object based on the first object definition and the attribute.