Presentation is loading. Please wait.

Presentation is loading. Please wait.

Permission Enhancements Topics Topics Demo of Work Completed to Date Demo of Work Completed to Date Grant Restrictions Grant Restrictions.

Published byMarion Robbins Modified over 9 years ago

Similar presentations

Presentation on theme: "Permission Enhancements Topics Topics Demo of Work Completed to Date Demo of Work Completed to Date Grant Restrictions Grant Restrictions."— Presentation transcript:

1 Permission Enhancements Topics Topics Demo of Work Completed to Date Demo of Work Completed to Date Grant Restrictions Grant Restrictions

2 Grant Restriction: Limit on the scope of the audience towards which an authorized user is allowed to perform some activity. Grant Restriction: Limit on the scope of the audience towards which an authorized user is allowed to perform some activity. A user can publish channels, but only to a subset of the user population. A user can publish channels, but only to a subset of the user population. Grant Restrictions

3 Address by adding a new permission whose Target attribute is a fine-grained filter (group of users). Address by adding a new permission whose Target attribute is a fine-grained filter (group of users). Owner:UP_FRAMEWORK Owner:UP_FRAMEWORK Activity:MANAGE Activity:MANAGE Target:filter.2 (group of users) Target:filter.2 (group of users) Principal:filter.1 (group of users) Principal:filter.1 (group of users) Grant Restrictions

4 granted P2, PUBLISH Channels P3, PUBLISH Fragments P1, MANAGE Group (filter.2) Content Publishers (filter.1) User1 User2 … member of restriction P1 - Owner: UP_FRAMEWORKActivity: MANAGETarget: filter.2Principal: filter.1 P2 - Owner: UP_FRAMEWORKActivity: PUBLISHTarget: CHAN_ID.*Principal: filter.1 P3 - Owner: UP_FRAMEWORKActivity: PUBLISHTarget: FRAG_ID.*Principal: filter.1 Permission Grant Set

5 A user’s restriction set will be reflected in the filter hierarchy being used by an application A user’s restriction set will be reflected in the filter hierarchy being used by an application Restriction set itself cannot be modified by user. Restriction set itself cannot be modified by user. Multiple restriction sets are OR-d together. Multiple restriction sets are OR-d together. Users will have the ability to further restrict the audience by AND-ing more criteria to the restriction set. Users will have the ability to further restrict the audience by AND-ing more criteria to the restriction set. Grant Restrictions

6 Applications will need an additional permission to preserve the restriction set that allowed the activity to occur. Applications will need an additional permission to preserve the restriction set that allowed the activity to occur. Channel publishing will now produce both a SUBSCRIBE and MANAGE (channel) permission grant. Channel publishing will now produce both a SUBSCRIBE and MANAGE (channel) permission grant. The MANAGE permission grant’s principal is the AND- ed set of restrictions. The MANAGE permission grant’s principal is the AND- ed set of restrictions. Protects the published channel to the degree that a user must be authorized (member of AND-ed set) to modify. Protects the published channel to the degree that a user must be authorized (member of AND-ed set) to modify. Grant Restrictions

7 Grant restrictions introduce a potentially undesirable side-effect, affectionately called ‘cross-pollination’. Grant restrictions introduce a potentially undesirable side-effect, affectionately called ‘cross-pollination’. Occurs when an unintended audience is the recipient of an object created by some activity. Occurs when an unintended audience is the recipient of an object created by some activity. Grant Restrictions

8 * Cross-pollination: Published channels intended for Physics majors would also User1 member of Year=Senior granted P4, PUBLISH Channels P3, MANAGE Group (filter.3) *filter.3 - (Group=Prospective Students) Year=Senior AND Major=Physics granted P2, PUBLISH Channels P1, MANAGE Group (filter.2) *filter.2 - (Major=Physics) be accessible by Prospective Students.

9 Solution to Cross-pollination is to allow a user to specify under ‘what capacity’ an activity is to be performed. Solution to Cross-pollination is to allow a user to specify under ‘what capacity’ an activity is to be performed. ‘What capacity’ represents the group (principal) that the user is a member of and performing the activity on behalf of. ‘What capacity’ represents the group (principal) that the user is a member of and performing the activity on behalf of. Year=Senior Year=Senior Year=Senior AND Major=Physics Year=Senior AND Major=Physics Grant Restrictions

10 User will be asked on behalf of ‘what capacity’ they wish to perform an activity when defining a hierarchy User will be asked on behalf of ‘what capacity’ they wish to perform an activity when defining a hierarchy Filter hierarchy will allow selection of one of the groups they are a member of (i.e. capacity). Filter hierarchy will allow selection of one of the groups they are a member of (i.e. capacity). This allows targeting only to the set of users (group or groups) that the are ‘managed’ by the group identified in the capacity. This allows targeting only to the set of users (group or groups) that the are ‘managed’ by the group identified in the capacity.

Download ppt "Permission Enhancements Topics Topics Demo of Work Completed to Date Demo of Work Completed to Date Grant Restrictions Grant Restrictions."

Similar presentations

Quality & Impact in DE defined: a selection

Quality & Impact in DE defined: a selection
National Library of New Zealand Dave Thompson Resource Development Analyst Digital Initiatives Unit.

National Library of New Zealand Dave Thompson Resource Development Analyst Digital Initiatives Unit.
EQUINOX DATA DELIVERY SYSTEM May 31, 2011 –Elizabeth Hill Equinox.uwo.ca.

EQUINOX DATA DELIVERY SYSTEM May 31, 2011 –Elizabeth Hill Equinox.uwo.ca.
Doc.: IEEE 802.11-10/1123r0 Submission September 2010 Zhu/Kim et al 1 Date: 2010-09-13 Authors: [TXOP Sharing for DL MU-MIMO Support]

Doc.: IEEE /1123r0 Submission September 2010 Zhu/Kim et al 1 Date: Authors: [TXOP Sharing for DL MU-MIMO Support]
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
Interface & Abstract Class. Interface Definition All method in an interface are abstract methods. Methods are declared without the implementation part.

Interface & Abstract Class. Interface Definition All method in an interface are abstract methods. Methods are declared without the implementation part.
Recall The Team Skills 1. Analyzing the Problem 2. Understanding User and Stakeholder Needs 3. Defining the System 4. Managing Scope 5. Refining the System.

Recall The Team Skills 1. Analyzing the Problem 2. Understanding User and Stakeholder Needs 3. Defining the System 4. Managing Scope 5. Refining the System.
Data Sources Create a connection definition in Cognos Step 2: Create a Cognos Account on Each Data Source Step 1: Import Metadata Step 3: Publish Package.

Data Sources Create a connection definition in Cognos Step 2: Create a Cognos Account on Each Data Source Step 1: Import Metadata Step 3: Publish Package.
Searching uPortal with a third party Search Engine Katya Sadovsky University of California, Irvine Administrative Computing Services

Searching uPortal with a third party Search Engine Katya Sadovsky University of California, Irvine Administrative Computing Services
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
CONFIDENTIAL RDN Release 21 Features. July 24, 2013| Release 21; | KToal | CONFIDENTIAL New Features and Enhancements Manage Zip Codes: You are now able.

CONFIDENTIAL RDN Release 21 Features. July 24, 2013| Release 21; | KToal | CONFIDENTIAL New Features and Enhancements Manage Zip Codes: You are now able.
Welcome to the Minnesota SharePoint User Group. Quick Intro Announcements Personalization in SharePoint Configuring User Profiles Configuring Audiences.

Welcome to the Minnesota SharePoint User Group. Quick Intro Announcements Personalization in SharePoint Configuring User Profiles Configuring Audiences.
Working with Workgroups and Domains

Working with Workgroups and Domains
Internal and Confidential COGNOS 8 - Implementing Security Cognos CoE.

Internal and Confidential COGNOS 8 - Implementing Security Cognos CoE.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Module 6: Designing Active Directory Security in Windows Server 2008.

Module 6: Designing Active Directory Security in Windows Server 2008.

Similar presentations

Ads by Google