Claims
- 1. Method for authorizing access to a controlled entity by a user, comprising:
binding an access control list (ACL) to said controlled entity selectively at item type, item, mixed, or library level; and responsive to said binding level, performing ACL checking for authorizing access to said controlled entity by said user.
- 2. The method of claim 1, said item type comprising one or more component items with each component item having one or more item views which together form an item type view.
- 3. The method of claim 2, further comprising:
specifying for said user a set of user privileges; and intersecting said ACL and said set of user privileges to authorize said access.
- 4. The method of claim 2, further comprising responsive to said item type level:
checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view; for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; for a get item request, enabling access to said items corresponding to said item type view for which said access is granted.
- 5. The method of claim 2, further comprising responsive to said item level:
for a get item type request, returning all said item types and item type views; and for a get item request, checking said ACL for said item for selectively granting access to said item.
- 6. The method of claim 2, further comprising:
configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; and responsive to said mixed level, for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view; for a get item type request, returning said item type and said item type view for an item type view granted said access; for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and for a get item request, executing said ACL check for each said item in said item type.
- 7. The method of claim 2, further comprising:
providing a library level ACL, and responsive to said library level, for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and for a get item request, checking said library level ACL to selectively grant access to said item.
- 8. The method of claim 3, further comprising:
providing a library level ACL; configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; responsive to said item type level:
checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view; for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; and for a get item request, enabling access to said items corresponding to said item type view for which said access is granted; responsive to said item level:
for a get item type request, returning all said item types and item type views; and for a get item request, checking said ACL for said item for selectively granting access to said item; responsive to said mixed level,
for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view; for a get item type request, returning said item type and said item type view for an item type view granted said access; and for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and for a get item request, executing said ACL check for each said item in said item type; and responsive to said library level,
for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and for a get item request, checking said library level ACL to selectively grant access to said item.
- 9. System for authorizing access to a controlled entity by a user, comprising:
binding level control indicia selectively binding an access control list (ACL) to said controlled entity at item type, item, mixed, or library binding level; and a content manager responsive to said binding level for performing ACL checking for authorizing access to said controlled entity by said user.
- 10. The system of claim 9, said item type comprising one or more component items with each component item having one or more item views which together form an item type view.
- 11. The system of claim 10, further comprising:
a set of user privileges for said user; and said content manager intersecting said ACL and said set of user privileges to authorize said access.
- 12. The system of claim 10, further comprising:
said content manager responsive to said item type level, checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view; for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; and for a get item request, enabling access to said items corresponding to said item type view for which said access is granted.
- 13. The system of claim 10, further comprising
said content manager responsive to said item level: for a get item type request, returning all said item types and item type views; and for a get item request, checking said ACL for said item for selectively granting access to said item.
- 14. The system of claim 10, further comprising:
said binding level control indicia configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; and said content manager responsive to said mixed level; for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view; for a get item type request, returning said item type and said item type view for an item type view granted said access; for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and for a get item request, executing said ACL check for each said item in said item type.
- 15. The system of claim 10, further comprising:
a library level ACL, and said content manager responsive to said library level, for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and for a get item request, checking said library level ACL to selectively grant access to said item.
- 16. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access to a controlled entity by a user, according to a method comprising:
binding an access control list (ACL) to said controlled entity selectively at item type, item, mixed, or library level; and responsive to said binding level, performing ACL checking for authorizing access to said controlled entity by said user.
- 17. The program storage device of claim 16, said item type comprising one or more component items with each component item having one or more item views which together form an item type view.
- 18. The program storage device of claim 17, said method further comprising:
specifying for said user a set of user privileges; and intersecting said ACL and said set of user privileges to authorize said access.
- 19. The program storage device of claim 18, said method further comprising:
providing a library level ACL; configuring ACL binding control level individually for each said item type selectively to item control level or item type control level; responsive to said item type level:
checking said ACL for each said item type for selectively granting access for each said item type to a corresponding item type view; for a get item type request, returning said item type and said item type view for each said item type for which said corresponding item type view is granted; and for a get item request, enabling access to said items corresponding to said item type view for which said access is granted; responsive to said item level:
for a get item type request, returning all said item types and item type views; and for a get item request, checking said ACL for said item for selectively granting access to said item; responsive to said mixed level,
for said item types configured to said item type control level, checking said ACL for said item type to selectively grant access to said item type view; for a get item type request, returning said item type and said item type view for an item type view granted said access; and for a get item request for an item in said item type, enabling access to said item provided said access is granted to said item type view; and for said item types configured to said item control level, for a get item type request, returning said item type and said item type views; and for a get item request, executing said ACL check for each said item in said item type; and responsive to said library level,
for a get item type request, checking said library level ACL to selectively grant access to said library and, responsive to said access being granted, returning all said item types and item type views; and for a get item request, checking said library level ACL to selectively grant access to said item.
CROSS REFERENCES TO RELATED APPLICATIONS
[0001] U.S. patent application Ser. No. ______, assignee docket SVL920020023US1, entitled “SYSTEM AND METHOD FOR MANAGING APPLICATION SPECIFIC PRIVILEGES IN A CONTENT MANAGEMENT SYSTEM”, Ser. No. ______, assignee docket SVL920020024US1 entitled “SYSTEM AND METHOD FOR ENSURING SECURITY WITH MULTIPLE AUTHENTICATION SCHEMES”, and Ser. No. ______, assignee docket SVL920020026, entitled “SYSTEM AND METHOD FOR INCREMENTAL REFRESH OF A COMPILED ACCESS CONTROL TABLE IN A CONTENT MANAGEMENT SYSTEM” filed concurrently herewith are assigned to the same assignee hereof and contain subject matter related, in certain respect, to the subject matter of the present application. The above-identified patent applications are incorporated herein by reference.