The present application relates to techniques for managing transactions within a computer environment.
In large institutions, such as universities, corporations, healthcare facilities, and research organizations, any one user of a computer system may have permission to perform certain actions. The user may initiate a transaction to perform a requested action via a first computer, which transmits the transaction request to a second computer to determine whether the user has the particular permissions necessary to perform the requested action. Any one user of the computer system may have different roles within the computer system of an institution, and the role may give the user certain rights associated with the software and the data being accessed. For example, a professor at a university may have access to certain data to which students of the university do not have access. Moreover, different professors may have access to different data. For example, a biology professor may have access to certain biology department records to which a physics professor does not have access.
Each transaction that a user of the computer system wishes to initiate is tested against the rights the user has and what transactions are deemed permissible. A user's rights (and, consequently, the transactions initiated by the user) may be limited for a number of reasons. For example, in order to comply with regulations related to privacy, confidentiality, and disclosure, an institution may establish rights for the user to limit the data to which a user has access and the actions the user may take within the computer system. Additionally, a user's rights vary with time and change based on a user's associations. For example, a professor may teach a particular class for one semester at a university. During that semester, the professor has access to certain student data. By way of example and not limitation, the professor may assign a grade to a student and access the students' contact information. Similarly, the students of the class may have access to the professor's contact information and may be able to fill out a course evaluation for the professor. However, such access may be limited to the time during which the class is taught. For example, the professor may not have access to the students' information before the semester starts or after the semester ends. It is known to control this access by having a human manually change a user's rights on a regular basis.