1. Technical Field
The present invention relates to a system and method for adding multi-level security to federated assets. More particularly, the present invention relates to a system and method for filtering a composite taxonomy based upon user credentials and providing the filtered composite taxonomy to a portal, which the portal utilizes when generating a user interface view that includes nodes corresponding to federated assets in which the user is authorized to access.
2. Description of the Related Art
Asset repositories are software client and server systems that allow users to view, search, create, read, update, and delete assets. Assets may include, for example, documents, code fragments, install scripts, binary images, and other asset bundles. A system may “federate” repositories, which involves connecting multiple repositories together to share assets. Federation may also include providing a common client access point to the federated repositories, such as through a portal.
A computer system typically includes repositories that differ in their taxonomies, asset definitions and user access. Some repositories may include a “single-level” security access while other repositories may include a “multi-level” security access. A single-level security access repository provides a secure login mechanism that allows user access to all assets within that repository. This type of security level access is typical when the repository does not support fine-grained asset security to restrict view, search, create, read, update and delete operations. A multi-level security access repository provides multiple users and groups specific view, search, create, read, update and delete privileges. These repositories take into account factors such as which repository a user is accessing, from which geography the user is connecting, and repository usage patterns.
A challenge found, however, is an inability to federate multi-level security repositories with single-level security repositories. Existing art requires a user to individually log into each repository. Otherwise, the user may have access to an asset within a repository in which the user is not authorized.