1. Field of the Invention
The invention relates generally to computer systems, which represent an organisational business enterprise, and specifically to a representation of an organisation in a database and the use of the representation for the protection of computer information.
2. Description of Related Art
As is well known, business enterprises are organised into groups and structures, which maximise the overall efficiency of the business. An enterprise may be divided into locations, departments, geographical regions, divisions, or others. The number and types of these are varied and change over time. Current art provides many means for representing an organisation in a computer system. These computer representations are often linked to the enterprise's e-mail and document storage systems to provide a wide range of services. Of these services, of particular importance is the protection of the enterprise's documents from unauthorised access. Many systems have been devised for protecting documents. These systems range from simple implementations, for example a list of authorised employees, to complicated systems using passwords, biometrics (e.g. voice recognition), and others. As an organisation changes, the computer representation of the organisation must be made up to date. As employees change jobs or when the organization is restructured, for example, access to new documents may need to be granted and existing access to documents may need to be changed or removed.
Additional complexity exists as a document changes over time. When a document is created, it may then goes through a variety of processing states including review, revision, approval, and distribution. A document may have a status of “draft” or “final”. It may require approval and thus may be “approved” or “unapproved”. It may be “finalised” or “published”. Access to a document may change throughout this processing, for example, a policy document may have limited access until approved when it becomes public. Individuals in an organisation may have differing processing preferences and requirements. Some with approval authority may delegate that authority to another as a matter of choice, for example, a senior member of a department may review documents on behalf of the department's manager as a matter of the manager's choice.
Documents may be distributed through the enterprise. In some cases, electronic distribution is used, for example, using e-mail. Documents may be distributed and either absolutely or relatively addressed. Absolute address is independent of the sender of the document; while relative address is relative to the sender of the document. For example, sending a document to “the head of the legal department” is independent of who is sending it, where sending a document to “my manager” is dependent of the sender.
Finally, an individual within an organisation has at least three different roles, which roughly speaking correspond to “the person”, “the office of”, and “the desk of”. When sending a document to a person, it may be intended only for the person, for example, a finalised and approved request for leave is returned to the originator. A document may be intended for the “office of” where the document is to be reviewed by the office-designated reviewer. A document may be intended for the “desk of” where the document is to be approved by the individual or designated other, for example, while on leave. In addition, access to a document, as distinguished from distribution of document, may be limited to the individual, the “office of” or the “desk of” a person within the organisation.
Current art systems have used a variety of strategies and techniques to manage the complexity of business organisations. These strategies range from simple lists of department members to complex database systems. Each of these systems provides a employee interface for entering and maintaining the enterprise organisation in computer form, and offers one or more output reports, e.g. phone directories, organisation charts, etc., to display the current organisation. Each of these systems is lacking the ability to maintain security requirements up-to-date as the organization undergoes periodic re-structures. These systems represent the organization in terms of its actual organization chart shown as individual organizational positions reporting to others further up the hierarchy and so on. With each re-organization, this requires changing the representation so that security requirements reflect the revisions. This invention enables representing the organization in terms of underlying ‘areas of accountabilities’ rather than the individual reporting relationships. As the organization is restructured, the areas of accountability do not necessarily need to be changed. They can simply be re-assigned to the new organization structure.