1. Field of the Invention
The present invention relates to techniques for controlling access to data within computer systems. More specifically, the present invention relates to a method and an apparatus for handling document revision history information in the presence of a multi-user permissions and ownership model.
2. Related Art
File systems generally provide sophisticated mechanisms for enforcing access rights to files. These mechanisms control the ability users to perform specific operations on files. For example, UNIX-based file systems provide permission mechanisms which allow specific users (or groups of users) to selectively: read, write or execute individual files.
These file-system-based permission mechanisms are generally effective for controlling accesses to current versions of existing files. However, in many situations it is desirable to be able to access data from previous revisions of files, or from files that have been deleted from the file system. These types of accesses can be facilitated by caching previous revisions of files. However, when users view previous revisions of files, it is important to ensure that users cannot view revisions that they did not have permission to view originally. This cannot be accomplished by simply caching permissions for files because advanced operating systems provide other mechanisms, such as Access Control Lists (ACLs) and kernel plugins, to perform permissions checks. These other mechanisms can change their decisions on a minute-by-minute basis and cannot be cached.
Hence, what is needed is a method and an apparatus for controlling accesses to cached revisions of documents without violating permissions.