Patent Grant
10474837
Business Process Management (bpm) software allows businesses to automate their work flow. For example, the steps for requesting a vacation can be captured in a flow that runs on a business process computer system which takes a vacation request as input, calculates if the requested vacation time is available, routes it to the proper approving manager, and, once approved, notifies all relevant associated personnel and posts it on a group calendar. During the execution of the business process, a number of business objects may be created and stored in the computer system to store relevant business process data. In some cases, the different users that interact with the business process will control or have access to the entire process and all of the process's associated data. However, the data involved or associated with a given business processes may have different access requirements depending on the data's nature. For example, in a loan mortgage approval process, an appraiser should not be able to access all of the applicant's financial information despite being able to input the appraisal as part of the business process. It would be beneficial to have access to different business objects associated with a business process be able to be controlled individually for each business object.
Various embodiments of the invention are disclosed in the following detailed description and the accompanying drawings.
The invention can be implemented in numerous ways, including as a process, an apparatus, a system, a composition of matter, a computer readable medium such as a computer readable storage medium or a computer network wherein program instructions are sent over optical or communication links. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. A component such as a processor or a memory described as being configured to perform a task includes both a general component that is temporarily configured to perform the task at a given time or a specific component that is manufactured to perform the task. In general, the order of the steps of disclosed processes may be altered within the scope of the invention.
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. Numerous specific details are set forth in the following description in order to provide a thorough understanding of the invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the invention is not unnecessarily obscured.
Controlling access to business process data is disclosed. During the development of a business process, one or more business process objects that can hold business process data are specified. Each business process object is associated with a potentially different access control list (ACL). When an instance of the business process is created, e.g., upon submission of a vacation request by employee X for dates Y to Z, in the example described above, instances of the one or more business process objects are created and stored in a repository. For each such business process object instance, the corresponding access control list associated with that business process object at business process design time is associated with the business process object instance. Access to each instance of the one or more business process objects is controlled by the access control list that was associated with the business process object instance at the time the business process object instance was created. The access control list indicates a type of access that an application, a user, or a group of users is allowed.
Two different business processes can have associated with it the same type of business process object as another business process. However, each of the two different business processes can associate a potentially different access control list with said business process object, even though said business process object is of the same type for the two different business processes. For example, a vacation request business process may have associated with it an “employee” type of business object, and a purchase order request business process can have a business object of same type “employee” associated with it. In some embodiments, a different ACL may be associated, e.g., at business process design time, with the employee type object in the context of a vacation request than in the context of a purchase order request. For example, a purchasing department worker may be given “read” access to employee objects associated with a purchase order business process instance, but denied access to the same type of object created in the context of a vacation request business process instance. In some embodiments, business process objects associated with one or more business processes are stored in a repository comprising and/or associated with a content management system, and the repository and/or associated content management system manages the function of associating a business process object instance created by an instance of a business process an ACL associated with the business process object at the time the business process was defined (or some other time prior to instantiation of the current business process instance). In some embodiments, the repository and/or associated content management system controls access to the business process object instance, in accordance with the ACL.
In 202, the business process is executed. An instance of the business process is created and run. The instance of the business process creates a set associated business process objects that hold data.
In 306, a business process step is defined that may edit one or more instances of one or more business process objects. For example, a new DSL Service Business process includes steps to: 1) submit DSL service form; 2) assign work order to DSL technician (manual step); 3) wait for 10 business days for any complaints; 4) charge credit card; and 5) end business process. The DSL service form step of the business process includes entering customer information into a customer business process object, credit card information into a credit card business process object, and order details into an order details business process object. Each of these objects has different access control lists associated with them (as indicated during the development process). For example, the customer business process object may be read and written by a customer service representative, but only read by an installation technician; the credit card business process object may be read and written by a customer service representative, but no access is available for an installation technician; and, the order details business process object may be read and written by a customer service representative, and also read and written by an installation technician. In 308, it is determined if there are more steps. If there are, then control passes to 306. If not, then in 310 the business process development is completed. Completion includes building a business process or saving the business process.
Purchase order instance 602 includes information regarding a purchase request—for example, the purchase request date, the requested item, the purchase order number, order date, receive date, paid date, etc. Associated access control list A 606 includes access information indicating read/write/edit access for requesting employee, an accounting department, an ordering department, and a shipping/receiving department so that they can each read, enter, and modify entries of the purchase order.
Employee instance 604 includes information regarding an employee that requested the purchase order—for example, employee name, employee identification number, purchase authority level, etc. Associated access control list B 608 includes access information indicating read access for the ordering and shipping/receiving department so the requestor can be contacted if there are questions regarding the order and read/write/edit/delete access for the human resource department so that the department can modify the employee information.
Vendor instance 610 includes information regarding the vendor from whom the requested purchase is to be made. Associated access control list A 612 has the same specified access as the access control list A 612 associated with purchase order instance 602.
Vacation request instance 702 includes information regarding a vacation request—for example, the requested dates, potential conflicts, etc. Associated access control list C 706 includes access information indicating read/write/edit access for the requesting employee and read access for the employee's manager and the human resources department.
Employee instance 704 includes information regarding an employee that requested the vacation—for example, employee name, employee identification number, vacation accrual level, etc. Associated access control list D 708 includes access information indicating read access for the employee so that the requestor can know their own vacation levels available and read/write/edit/delete access for the human resource department so that the department can modify the employee information.
Although the foregoing embodiments have been described in some detail for purposes of clarity of understanding, the invention is not limited to the details provided. There are many alternative ways of implementing the invention. The disclosed embodiments are illustrative and not restrictive.
This application is a continuation of U.S. patent application Ser. No. 13/302,913 filed Nov. 22, 2011, entitled ACCESS CONTROL FOR BUSINESS PROCESS DATA, which is a continuation of U.S. patent application Ser. No. 11/644,340 filed Dec. 22, 2006, entitled ACCESS CONTROL FOR BUSINESS PROCESS issued as U.S. Pat. No. 8,086,637, which are incorporated herein by reference for all purposes.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5226161 | Khoyi et al. | Jul 1993 | A |
| 5708812 | Van Dyke | Jan 1998 | A |
| 5764972 | Crouse et al. | Jun 1998 | A |
| 5765153 | Benantar et al. | Jun 1998 | A |
| 5805118 | Mishra et al. | Sep 1998 | A |
| 5845299 | Arora et al. | Dec 1998 | A |
| 5899996 | Dysart et al. | May 1999 | A |
| 5900871 | Atkin et al. | May 1999 | A |
| 5907326 | Atkin et al. | May 1999 | A |
| 5918013 | Mighdoll et al. | Jun 1999 | A |
| 5950198 | Falls et al. | Sep 1999 | A |
| 5987498 | Athing et al. | Nov 1999 | A |
| 6026433 | D'arlach et al. | Feb 2000 | A |
| 6044374 | Nesamoney et al. | Mar 2000 | A |
| 6058366 | Tarkiainen et al. | May 2000 | A |
| 6119130 | Nguyen et al. | Sep 2000 | A |
| 6135646 | Kahn | Oct 2000 | A |
| 6148311 | Wishnie et al. | Nov 2000 | A |
| 6163880 | Ramalingam et al. | Dec 2000 | A |
| 6199077 | Inala et al. | Mar 2001 | B1 |
| 6202066 | Barkley et al. | Mar 2001 | B1 |
| 6236971 | Stefik et al. | May 2001 | B1 |
| 6236996 | Bapat et al. | May 2001 | B1 |
| 6292798 | Dockter et al. | Sep 2001 | B1 |
| 6327628 | Anuff et al. | Dec 2001 | B1 |
| 6338086 | Curtis et al. | Jan 2002 | B1 |
| 6345329 | Baskey et al. | Feb 2002 | B1 |
| 6351741 | Flenniken | Feb 2002 | B1 |
| 6353851 | Anupam et al. | Mar 2002 | B1 |
| 6389540 | Scheifler et al. | May 2002 | B1 |
| 6453310 | Zander | Sep 2002 | B1 |
| 6463535 | Drews | Oct 2002 | B1 |
| 6466983 | Strazza | Oct 2002 | B1 |
| 6546397 | Rempell | Apr 2003 | B1 |
| 6560639 | Dan et al. | May 2003 | B1 |
| 6625603 | Garg | Sep 2003 | B1 |
| 6643661 | Polizzi et al. | Nov 2003 | B2 |
| 6654749 | Nashed | Nov 2003 | B1 |
| 6668353 | Yurkovic | Dec 2003 | B1 |
| 6714936 | Nevin | Mar 2004 | B1 |
| 6745238 | Giljum et al. | Jun 2004 | B1 |
| 6772146 | Khemlani et al. | Aug 2004 | B2 |
| 6788933 | Boehmke et al. | Sep 2004 | B2 |
| 6931546 | Kouznetsov et al. | Aug 2005 | B1 |
| 6950943 | Bacha et al. | Sep 2005 | B1 |
| 7035825 | Sturtevant et al. | Apr 2006 | B1 |
| 7293070 | Moses et al. | Nov 2007 | B2 |
| 7340406 | Tribble | Mar 2008 | B1 |
| 7350231 | Madison et al. | Mar 2008 | B2 |
| 7430587 | Malone | Sep 2008 | B2 |
| 7689532 | Levy | Mar 2010 | B1 |
| 7801990 | Anuff et al. | Sep 2010 | B2 |
| 7984066 | Kilday | Jul 2011 | B1 |
| 8086637 | Tsai et al. | Dec 2011 | B1 |
| 8407353 | Moses et al. | Mar 2013 | B2 |
| 8606916 | Moses et al. | Dec 2013 | B2 |
| 9027144 | Roustant | May 2015 | B1 |
| 9037739 | Moses et al. | May 2015 | B2 |
| 9521046 | Anuff et al. | Dec 2016 | B2 |
| 9716751 | Moses et al. | Jul 2017 | B2 |
| 9749411 | Moses et al. | Aug 2017 | B2 |
| 20020002543 | Spooren et al. | Jan 2002 | A1 |
| 20020023147 | Kovacs et al. | Feb 2002 | A1 |
| 20020026359 | Long et al. | Feb 2002 | A1 |
| 20020029296 | Anuff et al. | Mar 2002 | A1 |
| 20020067370 | Forney et al. | Jun 2002 | A1 |
| 20020072920 | Grianger | Jun 2002 | A1 |
| 20020078168 | Christfort et al. | Jun 2002 | A1 |
| 20020078377 | Chang et al. | Jun 2002 | A1 |
| 20020083415 | Jazdzewski | Jun 2002 | A1 |
| 20020107768 | Davis | Aug 2002 | A1 |
| 20020156756 | Stanley et al. | Oct 2002 | A1 |
| 20020158899 | Raymond | Oct 2002 | A1 |
| 20020178439 | Rich et al. | Nov 2002 | A1 |
| 20020184165 | Deboer et al. | Dec 2002 | A1 |
| 20020194267 | Flesner et al. | Dec 2002 | A1 |
| 20020194347 | Koo et al. | Dec 2002 | A1 |
| 20020199123 | Mcintyre et al. | Dec 2002 | A1 |
| 20030018964 | Fox et al. | Jan 2003 | A1 |
| 20030028610 | Pearson | Feb 2003 | A1 |
| 20030034905 | Anton et al. | Feb 2003 | A1 |
| 20030041198 | Exton et al. | Feb 2003 | A1 |
| 20030046589 | Gregg et al. | Mar 2003 | A1 |
| 20030163438 | Barnett et al. | Aug 2003 | A1 |
| 20030182656 | Leathers et al. | Sep 2003 | A1 |
| 20030187966 | Sinha | Oct 2003 | A1 |
| 20030192031 | Srinivasan et al. | Oct 2003 | A1 |
| 20030195789 | Yen | Oct 2003 | A1 |
| 20040015391 | Dupreez et al. | Jan 2004 | A1 |
| 20040162901 | Mangipudi et al. | Aug 2004 | A1 |
| 20040167984 | Herrmann | Aug 2004 | A1 |
| 20040205042 | Ritter et al. | Oct 2004 | A1 |
| 20040220897 | Bernhart et al. | Nov 2004 | A1 |
| 20040243640 | Bostleman et al. | Dec 2004 | A1 |
| 20050004978 | Reed et al. | Jan 2005 | A1 |
| 20050039033 | Meyers et al. | Feb 2005 | A1 |
| 20050044396 | Vogel et al. | Feb 2005 | A1 |
| 20050114661 | Cheng | May 2005 | A1 |
| 20050171833 | Jost et al. | Aug 2005 | A1 |
| 20050182963 | Phillips et al. | Aug 2005 | A1 |
| 20050223009 | Powers et al. | Oct 2005 | A1 |
| 20050289166 | Stanley et al. | Dec 2005 | A1 |
| 20060026558 | Beringer et al. | Feb 2006 | A1 |
| 20060174334 | Perlin et al. | Aug 2006 | A1 |
| 20060195494 | Deitrich | Aug 2006 | A1 |
| 20070156418 | Richter et al. | Jul 2007 | A1 |
| 20110302211 | Kilday et al. | Dec 2011 | A1 |
| 20120072461 | Tsai et al. | Mar 2012 | A1 |
| 20170090399 | Anuff et al. | Mar 2017 | A1 |
| 20180336520 | Davis | Nov 2018 | A1 |
| Number | Date | Country |
|---|---|---|
| WO 2000029927 | May 2000 | WO |
| WO 2000034873 | Jun 2000 | WO |
| WO 2003025796 | Mar 2003 | WO |
| Entry |
|---|
| Office Action for U.S. Appl. No. 11/644,340, dated May 19, 2010, 16 pgs. |
| Office Action for U.S. Appl. No. 11/644,340, dated Oct. 29, 2010, 19 pgs. |
| Office Action for U.S. Appl. No. 11/644,340, dated Feb. 10, 2011, 27 pgs. |
| Office Action for U.S. Appl. No. 11/644,340, dated Jun. 17, 2011, 34 pgs. |
| EMC Corporation, Content Server Administrator's Guide, EMC2 documentum, Version 5.3 SP1, Sep. 2005, 654 pgs. |
| EMC Corporation, Content Server Fundamentals, EMC2 documentum, Version 5.3 SP1, Sep. 2005, 354 pgs. |
| U.S. Appl. No. 11/227,254, filed Sep. 16, 2005, 43 pgs. |
| U.S. Appl. No. 60/626,096, filed Nov. 8, 2004, part 1, 144 pgs. |
| U.S. Appl. No. 60/626,096, filed Nov. 8, 2004, part 2, 69 pgs. |
| Office Action for U.S. Appl. No. 13/302,913, dated Apr. 16, 2013, 65 pgs. |
| Silver, Bruce, EMC Documentum BPM: Breaking New Ground with Collaboration, Content Awareness, Mar. 2005, 20 pgs. |
| Fordin, Scott, Documentum FAQ: Common Questions and Concerns About Documentum at NEF, Rev. 1.0, Dec. 2006, 9 pgs. |
| Salamone, Salvatore, “EMC releases Documentum 5.3,” Techworld, Apr. 5, 2005, 1 pg. |
| Panjwani, Sunil, et al, “Business Process Services: Technical Overview and Lab,” Documentum Developer Conf., San Ramon, CA, Oct. 2004, 16 pgs. |
| 2006 BPMS Report Series, BPM Institute, Oct. 13, 2005, 1 pg., retrieved from http://web.archive.org/web/20061013185230/https://www.bpminstitute.org/bpmsreport.html. |
| Bizflow User Guide, Version 9.0, Handysoft Global Corp., Copyright 2004, 363 pgs. |
| Silver, Bruce, “Documentum BPM: Automating and Integrating Content-Centric Processes,” May 2004, 15 pgs. |
| Silver, Bruce, The 2006 BPMS Report: IBM WebSphere BPM Suite, v6.0, Mar. 2005, 30 pgs. |
| Office Action for U.S. Appl. No. 13/302,913, dated Oct. 17, 2013, 32 pgs. |
| Fortin, Frederic, Inherence by type and “New Document action”, EMC, May 24, 2005, 5 pgs. retrieved from https://community.emc.com/thread/61515?start=0&start=0 and printed on Aug. 20, 2013. |
| Office Action for U.S. Appl. No. 13/302,913, dated Jun. 23, 2014, 45 pgs. |
| Office Action for U.S. Appl. No. 13/302,913, dated Oct. 15, 2014, 43 pgs. |
| Appellant's Brief for U.S. Appl. No. 13/302,913, mailed Apr. 20, 2015, 42 pgs. |
| Resubmitted Appellant's Brief for U.S. Appl. No. 13/302,913, mailed Jul. 2, 2015, 9 pgs. |
| Examiner's Answer for U.S. Appl. No. 13/302,913, dated Nov. 4, 2015, 40 pgs. |
| Definition of “Repository,” American Heritage College Dictionary, 4th Edition, 2 pgs. |
| Reply Brief for U.S. Appl. No. 13/302,913, mailed Jan. 4, 2016, 6 pgs. |
| Decision on Appeal for U.S. Appl. No. 13/302,913 mailed Mar. 19, 2018, 11 pgs. |
| Bruno, et al., “Pebble: A Component-Based Operating System for Embedded Applications,” Proceedings of USENIX Workshop on Embedded Systems, Cambridge, MA, Mar. 29-31, 1999, 11 pgs. |
| “Iplanet Portal Server 3.0 Overall Architecture” (White Paper); iPlanet e-Commerce Solutions (A Sun/Netscape Alliance), 2000, 28 pgs. |
| “Solving Real World Business Challenges: DataChannel Enterprise Information Portal Architecture” (Technical White Paper); DataChannel, Inc., 2000, 9 pgs. |
| “Outlook 2000—Sharing Outlook Components,” Microsoft Office 2000—Online Training, 5 pgs. |
| “Air Products Gets to Market Faster with Microsoft SharePoint Portal Server,” Microsoft SharePoint Portal Server 2001, Published Jun. 2001, 5 pgs. |
| “Portal and Knowledge Management Roadmap,” Portal & Knowledge Management Session Code: KB011SN; CA Computer Associates; CA World, 33 pgs. |
| “Getting Started with WAR Files,” IONA Technologies PLC, IONA/Portal Suite/iPortal Application Server, Mar. 6, 2002, pp. 1-7. |
| “NT-to-Win2K Migration Tools,” Sep. 2000, Windows 2000 Magazine, Mar. 6, 2002, pp. 1-15. |
| “Web Browser File Uploading to EAServer,” Greg Douglas, Sybase Principle Consultant, Jan. 15, 2001, pp. 1-5. |
| “Developing Applications with Jrun,” Allaire Corp., pp. 1 to xxvi, 1-13, 378-413, May 10, 2001. |
| “Developing Web Applications with ColdFusion,” Allaire Corp., pp. 1 to xiii, 219-230, 1999. |
| The Delphi Group, “Corporate Portal Architecture: Special Report on Infoimage Freedom,” pp. 1-20, Nov. 1999. |
| Grosso, P., “XML Fragment interchange, W3C,” www.w3.org/TR/xml-fragment, pp. 1-31, Feb. 12, 2001. |
| Lie, H.K. et al., “Cascading Style Sheets, Level L,” W3C, www.w3.org/pub/www.TR/REC-CSS1-961217, Dec. 17, 1996, pp. 1-86. |
| Courter, G. et al., “Mastering Microsoft Office 2000 Professional Edition,” 1999, pp. 1-537. |
| “Computerworld Companies Turn to Portals for Electronic Business,” News Story by: Julia King. |
| “Computerworld Epicentric Opens Doors to E-Commerce,” News and Story by Amy Helen Johnson. |
| Citrix Delphi Group Names Sequoia's XML Portal Server Leading Application for Creating E-Business Portals. |
| Citrix Sequoia Software Announces New Java-Based Portal Server, XPS for Unix. |
| Vignette Corporation, Vignette Application Portal, Dec. 2002, pp. 1-17. |
| Montalbano, “Epicentric Buys Web-Services Tool Company,” Mar. 2, 2001, CRN, San Francisco, CA, 3 pgs. |
| Epicentric Foundation Server Wins “2001 Product of the Year” award from CMP Media's Transform Magazine, Jan. 7, 2002, 4 pgs. |
| Epicentric, Inc., Tech Note—Configuring LDAP with Netscape Directory Server 4.1 for Epicentric Foundation Server 3.5—JNDI Full Mode, Mar. 15, 2001, San Francisco, CA. |
| Emmerich et al., “Implementing Incremental Code Migration with XML,” ACM, pp. 397-406, ICSE 2000. |
| Schrefl et al., “Self-Maintaining Web Pages—Overview,” pp. 83-90, IEEE 2001. |
| Padmanabhan et al., “The Content and Access Dynamics of a Busy Web Site: Findings and Implications,” pp. 111-123, ACM 2000. |
| DataChannel, Looking Under the Hood: DataChannel Server's Intelligent eXtensible Architecture (IXA), DataChannel Server 4.0, pp. 1-12, 2000. |
| Choi, Byron, “A Few Tips for Good XML Design,” pp. 1-16, Nov. 14, 2000, Philadelphia, PA. |
| Challenger et al., “A Publishing System for Efficiently Creating Dynamic Web Content,” pp. 844-853, IEEE 2000; IEEEINFOCOM 2000. |
| Iyengar et al., “High Performance Web Site Design Techniques,” IEEE Internet Computing, pp. 17-26, Mar.-Apr. 2000; http://computer.org/internet/. |
| Challenger et al., “A Scalable and Highly Available System for Serving Dynamic Data at Frequently Accessed Web Sites,” pp. 1-30, 1998, http://gallifrey.watson.ibm.com/sc98. |
| Reference (computer science), Wikipedia, Sep. 6, 2010, 5 pgs., at http://en.wikipedia.org/wiki/Reference_(computer_science), printed Feb. 17, 2011. |
| Identity (object-oriented programing), Wikipedia, Nov. 8, 2010, 2 pgs., at http://en.wikipedia.org/wiki/Identity_(object-oriented_programming), printed Feb. 17, 2011. |
| Number | Date | Country | |
|---|---|---|---|
| 20180293404 A1 | Oct 2018 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 13302913 | Nov 2011 | US |
| Child | 15982782 | US | |
| Parent | 11644340 | Dec 2006 | US |
| Child | 13302913 | US |
