Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
2000-07-18
2004-04-06
Geckil, Mehmet B. (Department: 2142)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S229000, C709S246000
Reexamination Certificate
active
06718386
ABSTRACT:
FIELD OF THE INVENTION
1. Background of the Invention
This invention relates to methods, a system, and an article for displaying privilege state data indicating the privileges of users or groups of users to use different objects supported by a network environment, for example. Such objects can include data or software components. In addition, the method, apparatus, and article can have the capability to receive and set privilege state data defining use privileges of objects for various users or groups of users.
2. Description of the Related Art
In most network environments, the users or groups of users have varying privileges with respect to objects supported by the network. The privileges are generally controlled by a system administrator that uses an application program to set privilege states for all users or groups of users with respect to the objects. For example, in a particular organization, it may be desirable that a user group of corporate officers have access to accounting data supported by the network system, but that other users such as quality control personnel not have access to such information. Such privileges can be set by appropriate definitions of the two groups and privilege settings with respect to the accounting data using the application program. Generally, a different application program running on a network server uses the privilege state settings to enforce restrictions on privileges of the network objects for different users or groups of users.
The complexity of the privilege state data scales rapidly upward with increasing numbers of objects, privileges associated with the objects, and users or user groups on the network system, and therefore administration of privilege states becomes increasingly difficult. In addition, updating of the privilege states is required with changes in the users or users groups, objects, and privileges associated with the objects. Complexity of privilege states is further increased by the fact that some users or groups may “inherit” privilege rights from other groups of which they are members. In previous application programs of this nature, the display of privilege state data is generally done in a manner that makes it relatively difficult to understand which users have privilege rights to which objects, and the derivation of those privilege rights, e.g., whether through direct settings or through inheritance. Therefore, setting privilege states as they should be or debugging improper settings is generally relatively difficult with such application programs. It would be desirable to provide methods, a system, and an article that have the capability to display privilege state data in a readily comprehensible manner. In addition, it would be desirable to provide methods, a system, and an article that have the capability to permit privilege state settings to be readily made. Furthermore, it would be desirable to provide methods, a system, and an article that can be used to generate a display that readily permits comprehension of privilege states.
SUMMARY OF THE INVENTION
The invented methods, system and article have as their objects to overcome the abovestated problems with previous devices and techniques, and do in fact overcome such problems and provide significant advantages over the prior art.
A first method of the invention comprises generating a display of privilege state in a three-dimensional view. The privilege state data can be used to indicate the privileges of users or groups of users with respect to an object such as data or a software component accessible by such user or group of users. The privilege state data can be represented by graphical symbols indicating “on”, “inherited on”, “public on”, “off”, “not set”, and “disabled” states. The display can include at least one privilege label, object label, and user label arranged along respective axes of the three-dimensional view. The privilege state data can be displayed in one or more cells arranged in association with respective privilege label(s), object label(s), and user label(s). The privilege label identifies at least one privilege, the object label identifies at least one object associated with the privilege, and the user label identifies at least one user or group of users associated with the object. The objects can be data and/or software components accessible by the network system. The privilege labels can identify data access, data view, and data flow privileges to access or transfer data pertaining to the object within or without the network system, and/or use privileges relative to software component objects. The object labels can identify respective data object(s) stored in a database accessible by the network system, or software component object(s) accessible by the network system. The user labels can identify at least one user and/or user group.
A second method of the invention comprises generating a display of privilege state data in an array of cells in a three-dimensional view on a terminal device, the privilege state data of the cells displayed in correspondence with privilege labels, object labels, and user labels arranged along respective transverse axes of the three-dimensional view. The display is generated by the user interface of a terminal device. The privilege labels can be generated based on respective privilege data, the object labels can be generated based on respective object data, and the user data can be generated based on respective user data. The method can include inputting privilege state data with the user interface of the terminal device into at least one cell of the array using at least one privilege label, object label, and user label. The second method can also include determining the privilege data, object data, and user data corresponding to the cell in which the privilege state data is input. The second method can also include storing the privilege state data in a memory in correspondence with respective privilege data, object data, and user data for the cell in which the privilege state data was input. The second method can further include updating the display to include privilege state data input by the user in the inputting step, based on the privilege state data stored in the memory. The privilege state data can include data for “on”, “inherited on”, “public on”, “off”, “not set”, and “disabled” states. The privilege labels, object labels, or user labels can be implemented as software controls. The second method can also include selecting at least one of the privilege labels, object labels, or user labels with the user interface of the terminal device, and modifying the display of the privilege state data by removing or adding cells in the three-dimensional view based on the selected one of the privilege labels, object labels, or user labels. The user data can identify first and second user entities related by a predetermined hierarchical relationship, and the privilege state data can be input in at least one cell corresponding to first user entity in the inputting step. The second method can further include determining whether the second user entity inherits privilege state data from the first user entity, based on the hierarchical relationship. If the determination establishes that the second user entity inherits the privilege state data from the first user entity, the second method includes storing the privilege state data in correspondence with the user data for the second entity and the object data and privilege data for which the privilege state data was input in the inputting step. The second method can further include determining whether a first object inherits the privilege state data of a second object, based on predetermined dependency data. If so, the second method stores the privilege state data for the first object as the privilege state data for the second object for the user data designated by the inputting step. The second method can further include determining whether a first privilege inherits the privilege state data of a second privilege, based on the predetermined dependency data. If the
Geckil Mehmet B.
Morris Manning & Martin LLP
LandOfFree
Methods, system, and article for displaying privilege state... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods, system, and article for displaying privilege state..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods, system, and article for displaying privilege state... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3200442