The present invention relates generally to computer networks and enterprise organization, and more specifically, to a system for organizing users within an enterprise based on hierarchical relationships to control data integrity and access to shared network resources.
In most types of enterprises or organizations, the powers, privileges, and lines of communication of the members are dictated by their roles, functions, and seniority within 20 the organization. In complex organizations with several different member groups and hierarchical structures, grants of authority, communication among members and access to enterprise data and other resources must be carefully controlled in order to maintain security within the organization and the integrity of the shared resources.
Most modem enterprises and organizations use some sort of computer network to conduct their activity or business. Typically, each user or group of users will have access to a computer that is coupled to one or more other computers within the organization or outside resources used or served by the organization. Most computer operating systems allow users to be organized in some sort of grouping structure within the organization. However the hierarchical structures that can be defined are often very limited and typically do not allow for flexible and secure use of resources within the organization.
FIG. 1 illustrates the organization of computer users in a present known operating system that exemplifies a flat organizational structure in which a number of networked computer users 104 denoted U1, U2, to UN, are represented in terms of their logical relationships to one another. Each user typically operates a computer or workstation and has access and controls over certain resources, such as files and devices (printers, monitors, computer-controlled machines, data communication devices, and so on). The users are controlled or managed by an administrator or “root” user 102. The users 104 may be organized into groups, such as group 1 and group 2. Some users may belong to more than one group or to no group at all. The organization of users into groups allows the administrator to efficiently define restrictions or privileges of the users depending on group definitions.
For the structure illustrated in FIG. 1, access and communication among users is strictly limited by the one-dimensional hierarchy established by the system. Only the administrator 102 has full access to the resources owned or controlled by each user, and no one user has access to the resources or files of any other user. This structure limits the flow of data and access to resources due to the fact ownership of files and resources is strictly defined. The security system in such a network typically comprises defining a user identifier (user name or “userID”) and password for each user. A group affiliation may also be specified. Such a system may provide limited security for files and resources controlled by a specific user, but it does not allow for efficient sharing of resources among other users without compromising the security of the data or resources.
What is needed therefore, is an organizational model for networked computer users that allows for multiple ownership of system files and resources while maintaining rigid security rules over the users. Such a model is especially useful in industries in which a common body of data is operated on by a number of different users, such as networked financial enterprises, and more specifically, the mortgage loan industry. This industry requires the interfacing of various different parties including borrowers, banks, brokers, and third party service providers. Throughout the loan submission and approval process, a core set of data, the borrower's loan application data, is examined and manipulated by various different people, with each one performing a different task. The advent of on-line services, and especially web-based systems, has led to the development of sophisticated programs, referred to as Loan Origination Software (LOS) systems, which are used by loan brokers to automate the loan application process and fulfillment process.
In a traditional loan application scenario, a borrower may use a loan broker to find a loan. The broker takes the application information from the borrower and compiles the customary loan application papers. The loan origination process typically involves many different processing steps that are very detailed and data-specific, including pre-qualifying the borrower, generating loan documents, finding a lender, originating the loan, generating disclosure documents and reports, processing the loan and tracking the loan application through the final stages of underwriting and fulfillment. Various different people within the loan brokerage can be involved in each loan application, such as the loan officer who finds the appropriate loan for the borrower, the loan processor who coordinates the construction and finalization of the loan documents, and the manager who oversees the brokerage business. These parties closely interact with each other over the course of a loan application process. Each party also interacts with various outside parties, such as banks, financial institutions, underwriters, government sponsored entities, and various third party service providers and settlement service vendors.
Although present LOS systems allow brokers to automate certain processes, such as producing and populating loan forms, and keeping track of an applicant's financial information, typical loan origination software systems do not provide a comprehensive interface and access to system resources among loan officers and the other parties involved in the loan origination process, such as the loan processor and brokerage manager. Entities within the mortgage loan industry may be organized in terms of headquarters, branch offices, and individual users like brokers, loan officers, and processors. An executive in a company may want to review and manage the overall operation and loan processing status from the corporate point of view. Likewise, a broker in a branch office may want to review and manage the operation and processing status for the branch. Each of these users needs access to files and data that are controlled by other members of the organization.
What is further needed, therefore, is an organizational model that implements a hierarchical security system that allows for multiple ownership and access to files in a loan origination software system.