'METHOD AND SYSTEM FOR A ROLE-BASED ACCESS CONTROL MODEL WITH ACTIVE ROLES'

摘要

pA method, system, apparatus, and computer program product are presented for managing access to resources with a role-based access control model that includes dynamic update functionality using role filters and capability filters. Rather than directly connecting individual users to a role, a role filter is defined for a role. The role filter is evaluated to determine which users should be matched to a given role, and matching users are then automatically associated with the given role. In addition to its role filter, each named role contains a set of capabilities. Each capability contains a set of access conditions and a capability filter. Each access condition has a set of rights. Rather than directly connecting individual resources to a capability, the administrator can define a capability filter for each capability. As target instances are added, deleted, or changed, capability filters are re-evaluated to maintain the appropriate set of relationships./p[US2002178119A1]