Claims
- 1. A method for delegating portal administrative authority, comprising:
determining at least one capability for a first user based on evaluation of at least one role rule; and delegating the at least one capability to a second user; and wherein the delegation establishes whether or not the second user can delegate the capability.
- 2. The method of claim 1 wherein:
the delegated at least one capability is a subset of the at least one capability for the first user.
- 3. The method of claim 1 wherein:
the at least one capability is one of: user management, page management, portlet management, portal entitlement management, portlet entitlement management, and visual appearance management.
- 4. The method of claim 1 wherein:
the first user and the second user have a hierarchical relationship and the second user is hierarchically equal or subordinate to the first user.
- 5. The method of claim 1 wherein:
the second user is promoted by the first user.
- 6. The method of claim 1 wherein:
the at least one role rule defaults to everyone.
- 7. The method of claim 1 wherein:
the at least one role rule is associated with an entitlement.
- 8. The method of claim 7 wherein:
the entitlement includes a resource name and a permission.
- 9. The method of claim 8 wherein:
the resource name is part of a taxonomy.
- 10. The method of claim 8 wherein:
the resource name identifies the first user.
- 11. The method of claim 1 wherein:
the at least one role rule includes at least one predicate.
- 12. The method of claim 1 wherein:
the at least one role rule is specified in plain language.
- 13. The method of claim 1 wherein:
the at least one role rule associates the first user with a role.
- 14. The method of claim 13 wherein:
the role is one of System Administrator, Portal Administrator, and Group Administrator.
- 15. The method of claim 1 wherein:
the second user belongs to a group whose members can be promoted.
- 16. A method for delegating portal administrative authority, comprising:
determining at least one capability for a first user based on evaluation of at least one role rule; and delegating the at least one capability to a second user; and wherein the delegated at least one capability is a subset of the at least one capability of the first user.
- 17. The method of claim 16 wherein:
the first user controls whether the second user can delegate the at least one capability to a third user.
- 18. The method of claim 16 wherein:
the at least one capability is one of: user management, page management, portlet management, portal entitlement management, portlet entitlement management, and visual appearance management.
- 19. The method of claim 16 wherein:
the first user and the second user have a hierarchical relationship and the second user is hierarchically equal or subordinate to the first user.
- 20. The method of claim 16 wherein:
the second user is promoted by the first user.
- 21. The method of claim 16 wherein:
the at least one role rule defaults to everyone.
- 22. The method of claim 16 wherein:
the at least one role rule is associated with an entitlement.
- 23. The method of claim 22 wherein:
the entitlement includes a resource name and a permission.
- 24. The method of claim 23 wherein:
the resource name is part of a taxonomy.
- 25. The method of claim 23 wherein:
the resource name identifies the first user.
- 26. The method of claim 16 wherein:
the at least one role rule includes at least one predicate.
- 27. The method of claim 16 wherein:
the at least one role rule is specified in plain language.
- 28. The method of claim 16 wherein:
the at least one role rule associates the first user with a role.
- 29. The method of claim 28 wherein:
the role is one of System Administrator, Portal Administrator, and Group Administrator.
- 30. The method of claim 16 wherein:
the second user belongs to a group whose members can be promoted.
- 31. A method for delegating portal administrative authority, comprising:
determining for a first user at least one task having at least one capability; and delegating the at least one capability from the first user to at least one other user; and wherein the delegated at least one capability is a subset of the at least one capability of the first user.
- 32. The method of claim 31 wherein:
determining for a first user at least one task having at least one capability includes evaluting at least one role rule.
- 33. The method of claim 31 wherein:
the at least one capability is one of: user management, page management, portlet management, portal entitlement management, portlet entitlement management, and visual appearance management.
- 34. The method of claim 31 wherein:
the first user and the at least one other user have a hierarchical relationship and the at least one other user is hierarchically equal or subordinate to the first user.
- 35. The method of claim 31 wherein:
the at least one other user is promoted by the first user.
- 36. The method of claim 32 wherein:
the at least one role rule defaults to everyone.
- 37. The method of claim 32 wherein:
the at least one role rule is associated with an entitlement.
- 38. The method of claim 37 wherein:
the entitlement includes a resource name and a permission.
- 39. The method of claim 38 wherein:
the resource name is part of a taxonomy.
- 40. The method of claim 38 wherein:
the resource name identifies the first user.
- 41. The method of claim 32 wherein:
the at least one role rule includes at least one predicate.
- 42. The method of claim 32 wherein:
the at least one role rule is specified in plain language.
- 43. The method of claim 32 wherein:
the at least one role rule associates the first user with a role.
- 44. The method of claim 43 wherein:
the role is one of System Administrator, Portal Administrator, and Group Administrator.
- 45. The method of claim 31 wherein:
the at least one other user belongs to a group whose members can be promoted.
- 46. A method for delegating authority, comprising:
determining for a first user at least one task having at least one capability based on at least one entitlement; and delegating the at least one capability from the first user to at least one other user; and wherein the delegated at least one capability is a subset of the first user's capabilities.
- 47. The method of claim 46 wherein:
determining for a first user at least one task having at least one capability includes evaluating at least one role rule.
- 48. The method of claim 46 wherein:
the delegated at least one capability is a subset of the at least one capability for the first user.
- 49. The method of claim 46 wherein:
the at least one capability is one of: user management, page management, portlet management, portal entitlement management, portlet entitlement management, and visual appearance management.
- 50. The method of claim 46 wherein:
the first user and the at least one other user have a hierarchical relationship and the at least one other user is hierarchically equal or subordinate to the first user.
- 51. The method of claim 46 wherein:
the at least one other user is promoted by the first user.
- 52. The method of claim 47 wherein:
the at least one role rule defaults to everyone.
- 53. The method of claim 46 wherein:
the entitlement includes a resource name and a permission.
- 54. The method of claim 53 wherein:
the resource name is part of a taxonomy.
- 55. The method of claim 53 wherein:
the resource name identifies the first user.
- 56. The method of claim 47 wherein:
the at least one role rule includes at least one predicate.
- 57. The method of claim 47 wherein:
the at least one role rule is specified in plain language.
- 58. The method of claim 47 wherein:
the at least one role rule associates the first user with a role.
- 59. The method of claim 58 wherein:
the role is one of System Administrator, Portal Administrator, and Group Administrator.
- 60. The method of claim 46 wherein:
the at least one other user belongs to a group whose members can be promoted.
- 61. A system for delegating authority, comprising:
an authorization module to determine at least one capability associated with a first user based on evaluation of at least one role rule; and an administration tool coupled to the authorization module, the administration tool to delegate the at least one capability from the first user to a second user.
- 62. The system of claim 61 wherein:
the first user controls whether the second user can delegate the at least one capability to a third user.
- 63. The system of claim 61 wherein:
the delegated at least one capability is a subset of the at least one capability for the first user.
- 64. The system of claim 61 wherein:
the at least one capability is one of: user management, page management, portlet management, portal entitlement management, portlet entitlement management, and visual appearance management.
- 65. The system of claim 61 wherein:
the first user and the second user have a hierarchical relationship and the second user is hierarchically equal or subordinate to the first user.
- 66. The system of claim 61 wherein:
the second user is promoted by the first user.
- 67. The system of claim 61 wherein:
the at least one role rule defaults to everyone.
- 68. The system of claim 61 wherein:
the at least one role rule is associated with an entitlement.
- 69. The system of claim 68 wherein:
the entitlement includes a resource name and a permission.
- 70. The system of claim 69 wherein:
the resource name is part of a taxonomy.
- 71. The system of claim 68 wherein:
the resource name identifies the first user.
- 72. The system of claim 61 wherein:
the at least one role rule includes at least one predicate.
- 73. The system of claim 61 wherein:
the at least one role rule is specified in plain language.
- 74. The system of claim 61 wherein:
the at least one role rule associates the first user with a role.
- 75. The system of claim 74 wherein:
the role is one of System Administrator, Portal Administrator, and Group Administrator.
- 76. The system of claim 61 wherein:
the second user belongs to a group whose members can be promoted.
- 77. A machine readable medium having instructions stored thereon that when executed by a processor cause a system to:
determine at least one capability for a first user based on evaluation of at least one role rule; and delegate the at least one capability to a second user.
- 78. The machine readable medium of claim 77 wherein:
the first user controls whether the second user can delegate the at least one capability to a third user.
- 79. The machine readable medium of claim 77 wherein:
the delegated at least one capability is a subset of the at least one capability for the first user.
- 80. The machine readable medium of claim 77 wherein:
the at least one capability is one of: user management, page management, portlet management, portal entitlement management, portlet entitlement management, and visual appearance management.
- 81. The machine readable medium of claim 77 wherein:
the first user and the second user have a hierarchical relationship and the second user is hierarchically equal or subordinate to the first user.
- 82. The machine readable medium of claim 77 wherein:
the second user is promoted by the first user.
- 83. The machine readable medium of claim 77 wherein:
the at least one role rule defaults to everyone.
- 84. The machine readable medium of claim 77 wherein:
the at least one role rule is associated with an entitlement.
- 85. The machine readable medium of claim 84 wherein:
the entitlement includes a resource name and a permission.
- 86. The machine readable medium of claim 85 wherein:
the resource name is part of a taxonomy.
- 87. The machine readable medium of claim 85 wherein:
the resource name identifies the first user.
- 88. The machine readable medium of claim 77 wherein:
the at least one role rule includes at least one predicate.
- 89. The machine readable medium of claim 77 wherein:
the at least one role rule is specified in plain language.
- 90. The machine readable medium of claim 77 wherein:
the at least one role rule associates the first user with a role.
- 91. The machine readable medium of claim 90 wherein:
the role is one of System Administrator, Portal Administrator, and Group Administrator.
- 92. The machine readable medium of claim 77 wherein:
the second user belongs to a group whose members can be promoted.
- 93. The method of claims 77 wherein:
the step of delegating can limit the scope of the capability delegated.
- 94. The method of claims 77 wherein:
the delegating step can limit the capability delegated to one or more of a manage capability, a delegate capability and a set entitlements capability.
- 95. A system for delegating authority, comprising:
an authorization module to determine at least one capability associated with a first user based on evaluation of at least one role rule; and an administration tool coupled to the authorization module, the administration tool to delegate the at least one capability from the first user to a second user; and wherein the first user controls whether the second user can delegate the at least one capability to a third user; and wherein the at least one role rule is associated with an entitlement.
- 96. The system of claim 95 wherein:
the delegated at least one capability is a subset of the at least one capability for the first user.
- 97. The system of claim 95 wherein:
the at least one capability is one of: user management, page management, portlet management, portal entitlement management, portlet entitlement management, and visual appearance management.
- 98. The system of claim 95 wherein:
the first user and the second user have a hierarchical relationship and the second user is hierarchically equal or subordinate to the first user.
- 99. The system of claim 95 wherein:
the second user is promoted by the first user.
- 100. The system of claim 95 wherein:
the at least one role rule defaults to everyone.
- 101. The system of claim 95 wherein:
the entitlement includes a resource name and a permission.
- 102. The system of claim 101 wherein:
the resource name is part of a taxonomy.
- 103. The system of claim 101 wherein:
the resource name identifies the first user.
- 104. The system of claim 95 wherein:
the at least one role rule includes at least one predicate.
- 105. The system of claim 95 wherein:
the at least one role rule is specified in plain language.
- 106. The system of claim 95 wherein:
the at least one role rule associates the first user with a role.
- 107. The system of claim 106 wherein:
the role is one of System Administrator, Portal Administrator, and Group Administrator.
- 108. The system of claim 95 wherein:
the second user belongs to a group whose members can be promoted.
- 109. A machine readable medium having instructions stored thereon that when executed by a processor cause a system to:
determine for a first user at least one task having at least one capability based on at least one entitlement; and delegate the at least one capability from the first user to at least one other user; and wherein the delegated at least one capability is a subset of the first user's capabilities.
- 110. The machine readable medium of claim 109 wherein:
the first user controls whether the at least one other user can delegate the at least one capability to a third user.
- 111. The machine readable medium of claim 109 wherein:
the at least one capability is one of: user management, page management, portlet management, portal entitlement management, portlet entitlement management, and visual appearance management.
- 112. The machine readable medium of claim 109 wherein:
the first user and the at least one other user have a hierarchical relationship and the at least one other user is hierarchically equal or subordinate to the first user.
- 113. The machine readable medium of claim 109 wherein:
the at least one other user is promoted by the first user.
- 114. The machine readable medium of claim 109 wherein:
the at least one entitlement includes a resource name and a permission.
- 115. The machine readable medium of claim 114 wherein:
the resource name is part of a taxonomy.
- 116. The machine readable medium of claim 114 wherein:
the resource name identifies the first user.
- 117. The machine readable medium of claim 109 wherein:
the at least one entitlement includes at least one role rule.
- 118. The machine readable medium of claim 117 wherein:
the at least one role rule includes at least one predicate.
- 119. The machine readable medium of claim 117 wherein:
the at least one role rule is specified in plain language.
- 120. The machine readable medium of claim 117 wherein:
the at least one role rule associates the first user with a role.
- 121. The machine readable medium of claim 120 wherein:
the role is one of System Administrator, Portal Administrator, and Group Administrator.
- 122. The machine readable medium of claim 109 wherein:
the at least one other user belongs to a group whose members can be promoted.
- 123. The method of claims 109 wherein:
the step of delegating can limit the scope of the capability delegated.
- 124. The method of claims 109 wherein:
the delegating step can limit the capability delegated to one or more of a manage capability, a delegate capability and a set entitlements capability.
CLAIM OF PRIORITY
[0001] This application claims priority from ENHANCED PORTALS [FLAGSTAFF RELEASE], U.S. Provisional Application No. 60/386,487, Inventors: Phil Griffin, et al., filed on Oct. 24, 2001, and which is incorporated herein by reference.
[0002] This application is related to the following co-pending application which is hereby incorporated by reference in its entirety: SYSTEM AND METHOD FOR RULE-BASED ENTITLEMENTS, U.S. Application Serial No. ______, Inventors: Phil Griffin, et al., filed on ______.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60386487 |
Oct 2001 |
US |