The present invention can enable increasing refinement of role-based permission to access data within a Role Based Access Control (RBAC) controlled computer system by enabling constraints to be written on the role-based permissions. The constraints may utilize each and every type or combination... Show moreThe present invention can enable increasing refinement of role-based permission to access data within a Role Based Access Control (RBAC) controlled computer system by enabling constraints to be written on the role-based permissions. The constraints may utilize each and every type or combination of subject, object, or environment information extracted from sources internal or external to the controlled computer system and may evaluate the content or context of the information extracted to enable refined and dynamic access after the role permission assignment and immediately before every access grant without the reassignment of roles.
Sponsorship: Illinois Institute of Technology
United States Patent
Primary US Patent Classification 707/783
International Patent Classification G06F 17/30 Show less