Methods, systems, and computer program products are disclosed for protecting the security of resources in distributed computing environments. The disclosed techniques improve administration and enforcement of security policies. Allowed actions on resources, also called permissions, (such as invocations of particular methods, read or write access of a particular row or perhaps a particular column in a database table, and so forth) are grouped, and each group of permissions is associated with a role name. A particular action on a particular resource may be specified in more than one group, and therefore may be associated with more than one role. Each role is administered as a security object. Users and/or user groups may be associated with one or more roles. At run-time, access to a resource is protected by determining whether the invoking user has been associated with (granted) at least one of the roles required for this type of access on this resource.

 
Web www.patentalert.com

< Single management point for a storage system or storage area network

< Internet usage data recording system and method employing a configurable rule engine for the processing and correlation of network data

> Image information transmitting system, scanner apparatus and user terminal apparatus, and image information transmitting system

> Selective cache flushing in identity and access management systems

~ 00296