Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2000-02-10
2001-10-23
Myers, Paul R. (Department: 2181)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000
Reexamination Certificate
active
06308173
ABSTRACT:
TECHNICAL FIELD
The present invention relates to computer networks and more particularly to the control of access permissions for resources such as files and folders (or directories) in client-server computer networks.
BACKGROUND OF THE INVENTION
A computer network links together two or more computers by a communication pathway or paths, allowing the computers to share resources and information. Networks are fast becoming a standard feature of the modern workplace. Local-area networks of personal computers and workstations are practically a necessity in large offices where many individuals must share and exchange computerized information on a daily basis. Wide-area networks connect users and computers at distant locations across the country and around the world.
In a network, a sever computer is one that provides a resource to a client computer. The same computer can be client in one context and server in another. For example, suppose that computer A has a large hard disk for storing files for an entire office, but lacks its own printer. Elsewhere on the office network, computer B has a printer but no hard disk. If a user of computer B wishes to access a file stored remotely on the disk of computer A, then computer B is the client and computer A is the (file) server. If a user of computer A wishes to print a locally stored file using the printer of computer B, then computer A becomes the client and computer B is the (print) server. A computer that can act as both client and server according to the context is called a peer server.
Resource sharing implies issues of resource security. In general, the user of a client computer cannot be trusted with unlimited access to all server resources. Accordingly, the user is required to supply a password in order to log onto the network. Additional mechanisms are used to limit access to particular resources. One such mechanism is a simple share
o-share switch, which can be set either to allow remote access to a given resource from client computers or to restrict remote access so that the resource can be accessed only locally from the server computer. More sophisticated mechanisms used to limit access to particular resources include access control lists, which specify the privileges of particular users with respect to particular resources or collections of resources.
Unfortunately, known operating systems for networking personal computers and workstations, such as Microsoft® Window™ NT by Microsoft Corp. (Redmond, Wash.), employ resource security models that are complex and difficult for users, especially new users, to understand. Compounding the difficulty are highly nonintuitive user interfaces that frustrate users' attempts to understand the security models and to manipulate resource protections within the models, for example, to manipulate user access permissions for file folders or directories stored in a persistent information store such as a hard disk.
SUMMARY OF THE INVENTION
The system and method of the invention provide a unified and straightforward approach to managing file and other resource security in a networked computing environment. In one aspect, the invention is embodied in a multi-user computer network that includes a client computer, a server computer that controls a resource sharable among users of the network, such as a shared file folder or directory, and a communications pathway between the client computer and the server computer. The resource is organized as a hierarchy of elements with a root element at the top of the hierarchy and additional elements below the root element. According to the invention, a request is received to change a protection, such as an access permission, of an element of the resource hierarchy (other than the root) with respect to a particular network user. If the element in question lacks an associated access control list, a nearest ancestor element of the hierarchy is located that has an associated access control list. The first (descendant) element inherits the access control list of the second (ancestor) element. This inheritance is done by generating a copy of the access control list of the second element and associating the generated copy with the first element. The requested change in protection is then incorporated into the generated copy that has been associated with the first element so as to establish an updated access control list for the first element. Further, the requested change can be propagated downwards in the hierarchy from the first element to its descendants having access control lists.
The invention will be better understood with reference to the drawings and detailed description below. In the drawings, like reference numerals indicate like components.
REFERENCES:
patent: 5048085 (1991-09-01), Abraham et al.
patent: 5129083 (1992-07-01), Cutler et al.
patent: 5136712 (1992-08-01), Perazzoli, Jr. et al.
patent: 5173939 (1992-12-01), Abadi et al.
patent: 5220657 (1993-06-01), Bly et al.
patent: 5237679 (1993-08-01), Wang et al.
patent: 5263158 (1993-11-01), Janis
patent: 5315657 (1994-05-01), Abadi et al.
patent: 5335346 (1994-08-01), Fabbio
patent: 5388196 (1995-02-01), Pajak et al.
patent: 5410705 (1995-04-01), Jones et al.
patent: 5450593 (1995-09-01), Howell et al.
patent: 5459863 (1995-10-01), Taylor
patent: 5463774 (1995-10-01), Jenness
patent: 5469576 (1995-11-01), Dauerer et al.
patent: 5495533 (1996-02-01), Linehan et al.
patent: 5615400 (1997-03-01), Cowsar et al.
patent: 5778222 (1998-07-01), Herrick et al.
Microsoft Corporation,Microsoft LAN Manager Administrator's Guide, V. 2.0, 1990, pp. 116-119, 147-150, 153-158.
APS Student Manual, May 7, 1991, Table of Contents and p. 7-6.
Luger, George F. and Stubblefield, William A., Artificial Intelligence, “Structures and Strategies for Complex Problem Solving,” 1993, pp. 386-393, 617-636, 665-667.
Microsoft Corporation, Windows NT Resource Guide, 1993, pp. 31-63.
Glasser Daniel S.
McCurdy Ann Elizabeth
Price Robert M.
Lee & Hayes PLLC
Microsoft Corporation
Myers Paul R.
LandOfFree
Methods and arrangements for controlling resource access in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and arrangements for controlling resource access in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and arrangements for controlling resource access in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2609272