1. Field of the Invention
The present invention relates to the field of access control and rights management for electronic content and more particularly to visualization of access control rights for hierarchically organized content.
2. Description of the Related Art
Content drives the utility of a computer program. No matter the nature of the computer program, generally, a computer program accesses content, manipulates content, presents content and stores content. Much attention during the development of a computer program focuses on the efficient storage of content. With the advent of vast multi-user computing applications distributed over the global Internet, however, substantially greater attention has been placed recently on access control to content accessible by multiple different end users.
Access control refers to the restriction of access to content based upon a number of factors that may include the nature of the content sought for access, the identity of the user seeking access to the content, or the role of the user seeking access to the content. Early attempts at access control embedded the access control logic in direct connection with the program code providing access to content. Even for the most ordinary application, however, creating and maintaining a consistent access control scheme across a vast code base can be difficult and ill advised. As such, at present, it is preferred to define an entire data structure for permitting or restricting access to different content in a multi-user computing application, such that every attempt to access content in a computing application can refer to a central access control list (ACL) in order to determine whether or not to grant the specified type of access to particular content in the computing application.
The management of access control, in of itself, can be a manually tedious process. The process of access control can be even more complex when applying access control to hierarchically organized content. Generally referred to as a “tree”, a hierarchically organized set of content can include a selection of nodes arranged hierarchically from a single root to many different leaves leaf via branches and sub-trees as it is well known in the art. When addressing access control for hierarchically organized content, the core concern is the determination of access rights for an authenticated user one node either expressly defined for the node, or implicitly defined (e.g. inherited) according to access rights afforded to the authenticated user in connection with a parent node.
Administering access rights for hierarchically organized content is known to be error prone. In this regard, typically an administrator of access control rights provides access rights for only a small subset of nodes representative of content in the hierarchy resulting in a sparsely populated hierarchy of access control rights. Nodes in the hierarchy that do not enjoy expressly assigned access control rights often inherit access control rights by implication of the rights expressly assigned to a parent node in the hierarchy. Identifying implied rights for a node in a view to the hierarchy can be challenging for a large hierarchy. Consequently, administrators frequently expressly assign access control rights to nodes in a hierarchy that conflict with the implicitly defined rights for the same node. Resolution rules generally are provided to resolve such conflicts; however, the resolution rules are not also visualized in the view to the hierarchy. Thus, the administrator of the access control rights to the hierarchy must rely upon deep knowledge of the resolution rules, in the absence of which the administrator has no remedy for visualizing the access control rights expressed in the view to the hierarchy.