This invention relates to the field of access control. In particular, the invention relates to dynamic access control for server applications.
Legacy applications may be delivered to a user by application delivery software at a client system such as a terminal emulator, web browser or other application delivery product. A legacy application may have been written a while ago and over time the security and privacy requirements may have become stricter (for example, because of new legislation and regulations). It is often not possible to change the application, the database, or the database privileges to add access control capabilities.
For example, considering the following scenario, a legacy application may have been designed and written for one type user and, following new legislation and regulations, there may be users carrying specific roles that are not allowed to accesses some of the application screens. Fine grained access control capabilities need to be added without changing the application or the database.
Role Base Access Control (RBAC) is a technical means for controlling access to computer resources. Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. System users are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions or user particular resources. Since users are not assigned permissions directly, but only acquire them through their role(s), management of individual user rights becomes a matter of simply assigning appropriate roles to the user. The access control can be enforced on many levels, today most of the known databases support RBAC and, when needed, applications are written and modified to support it.