Hierarchical security mechanism for dynamically assigning security levels to object programs
Method for dynamically regrouping subscribers on a communications system Patent #: 5014345
ApplicationNo. 807685 filed on 12/16/1991
US Classes:707/9, Privileged access340/5.54, Password713/167Object protection
ExaminersPrimary: Lee, Thomas C.
Attorney, Agent or Firm
Foreign Patent References
International ClassG06F 012/14
AbstractA method and system for controlling access by groups of users to multiple objects stored within a data processing system implemented library wherein each object has an access list associated therewith explicitly listing individual users permitted access to that object. A group identification is established which encompasses all users within the data processing system, a selected subset of users with the data processing system, or a single selected user and his or her designated affinity users or proxies. The group identification is then listed within an associated access list for a particular object and upon an attempted access of the particular object by a user not listed explicitly within the associated access list, a determination is made as to whether or not that user is listed within a group identification which is permitted access. In one embodiment of the present invention selected objects and users each have associated therewith a clearance level and access to a selected object by a particular user listed within a group identification may be denied if that particular user's clearance level does not meet or exceed the clearance level of the selected object.