The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section. Further, it should not be assumed that any of the approaches described in this section are well-understood, routine, or conventional merely by virtue of their inclusion in this section.
Shared data repositories allow various users to access, share, edit, and otherwise interact with the same electronic digital documents. Large organizations can have extremely large data repositories with a large number of documents being shared across a large number of users.
While large data repositories allow organizations to consolidate electronic digital documents, the large data repositories often have to be paired with access controls in order to limit the access of users to specific documents. Access controls can be used to limit access to individual documents, folders, or portions of the data repository to specific users, groups, roles, or other identifying information.
In order to more effectively apply access controls to groups of documents, some data repositories have a hierarchical organization. In a hierarchical organization, individual hierarchical levels can have their own access controls. For instance, a first folder can be limited to one portion of an organization while a second folder within the first folder can be limited to a subset of the portion of the organization. While hierarchical levels often have overlapping permissions where higher levels comprise each of the permissions of a lower level, the overlapping permissions are not always required.
Effectively evaluating permissions for a document in a data repository having a hierarchical organization can be computationally expensive, especially when the document is within a large number of hierarchical levels, each with different permission sets identifying users, groups, roles, or other identifying information which have the right to access each level. To evaluate such a document, the system would need to evaluate the requester against each hierarchical level that encompasses the document. The larger the data repository is, the longer and more computationally expensive evaluating document permissions becomes.
Thus, there is a need for a system which allows for the efficient evaluation of permissions in a data repository having a hierarchical organization.