Role based authorization based on product content space

摘要

A computer-implemented method for generating role-based authorizations includes collecting, by a processor, a plurality of permissions from an access control list, creating, by the processor, a plurality of content space specification files that includes the plurality of permissions from an access control list, processing, by the processor, the plurality of content space specification files to generate a plurality of access control list roles and outputting, by the processor, the plurality of access control list roles.

主权项

1. A computer-implemented method for generating role-based authorizations for a software product, the method comprising:
collecting, by a processor, a plurality of permissions and a plurality of resources from an access control list (ACL); creating, by the processor, a plurality of content space specification files that includes the plurality of permissions and the plurality of resources from the ACL; processing, by the processor, the plurality of content space specification files to generate a plurality of ACL roles and ACL resources; defining, by the processor, a content space comprising a plurality of cells, each of the plurality of cells corresponding to one of the plurality of ACL roles, each of the plurality of cells having multiple dimensions including a noun dimension, a verb dimension, an interface dimension and a platform dimension, each of the multiple dimensions having one or more values, wherein the noun dimension is an abstract entity presented via the interface dimension, the platform dimension includes an identification of a runtime environment in which the software product executes, the verb dimension includes functions that are supported by the software product for a particular noun value, and wherein the verb dimension and platform dimension are orthogonal and noun-specific, and wherein the interface dimension includes an indication of a type of interface the software product presents to external entities, the type includes one or more of a graphical user interface, a command line interface and a programmable interface; and mapping each of the ACL roles to a combination of the noun dimension, the verb dimension and the interface dimension in the content space and each of the ACL resources to the platform dimension in the content space; and outputting, by the processor, the plurality of ACL roles.