Technical Field
The present disclosure relates to application servers, and more specifically to access control for objects (in such application servers) having attributes defined against hierarchically organized domains containing fixed number of values.
Related Art
Objects are used for digitally representing any entities of interest in applications. Each object typically has attributes, with the value of each attribute expressing a characteristic of the corresponding entity. The entities can be diverse things such as people, animals, organizations, systems, etc., as is well known in the relevant arts.
Attributes are defined in some environments, against domains containing fixed number of values, implying that an attribute can be assigned from only the values of the corresponding domain. The term ‘fixed’ implies that the number of values in the corresponding domain is finite. For example, a domain ‘Country’ contains a finite number of values, corresponding to the different countries in the world.
Domains are conveniently organized hierarchically (as a tree data structure) in several environments. For example, each value in the Country domain may be further qualified by a State domain, having again a fixed number of corresponding values (i.e., names of states). Each value in the State domain in turn may be further qualified by a City domain, thus forming hierarchically organized domains. As an additional illustration, applications in financial domain operate based on hierarchically organized domains such as Asset Classes, Product Types etc., specified by Basel Committee on Banking Supervision (BCBS).
There is a general need to provide access control for objects when corresponding attributes are defined against such hierarchically organized domains. Access control may specify aspects such as which users can access which objects, where and when such access is permitted or denied, the specific actions (add, modify, delete, etc.) permitted or denied for each user, etc., on the objects.
Aspects of the present disclosure facilitate access control in such environments, as described below with examples.
In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the leftmost digit(s) in the corresponding reference number.