1. Field of the Invention
The present invention relates to the field of computer software and, in particular, to a system and method for assigning permissions to access data and perform actions in a computer system.
2. Description of the Related Art
One commonly-performed task in managing users of a shared computer system, such as employees in a large organization, is setting user permissions. Each user may be provided access, i.e., “permission,” to view, edit, or generate certain types of data, or perform certain actions in the system. For example, in a corporate organization, each member of the human resources (HR) department may have access to view the personnel records of the other employees in the corporate organization. However, employees not in the HR department would not have this access. An example of an action would be that each member of the human resources (HR) department may be allowed to reset passwords for employees in the corporate organization. However, employees not in the HR department would not have this access.
Setting permissions for each user in an organization individually can be a very tedious, time-consuming, and error-prone process. For example, if 1000 different users were to be granted permission to view a particular set of files, then each user would need to be individually granted the permission. If the individual users to whom the permission is granted changes, then the change would need to be entered for each affected user. Some conventional techniques allow for an administrator to generate a group of users and assign permissions to the group. In such a case, each member of the group is granted the permission. However, managing group membership can also be tedious, time consuming and error prone. Errors in granting appropriate permissions are common when using such conventional techniques.
Accordingly, there remains a need in the art for a technique that addresses the drawbacks and limitations discussed above.