1. Field of the Invention
The present invention generally relates to computer systems. More specifically, the present invention relates to techniques for managing access to data objects accessible using an electronic content management system.
2. Description of the Related Art
Computer applications often access data objects stored in databases. An electronic content management system (ECM system) is a computer software application used to manage both electronic and non-electronic documents (e.g., scanned copies of paper documents, photographic or film images, etc.) stored in a database. ECM systems typically allow users to check-in and check-out documents into the system, provide document version control, and allow users to search for documents within the ECM system. Additionally, ECM systems may enforce access controls to protect proprietary information and government secrets, or more simply, to limit access to data objects based on the role or function of an individual within an enterprise. Accordingly, one group of individuals or users of the ECM system may have read and write access to a set of data objects, while a second group of individuals or users will have only read-access or no access at all. Typically, when a user does not have the appropriate access rights to a data object, the ECM system simply does not return any data related to that object.
Handling access denial in this fashion can produce serious practical problems. Consider the following engineering example. Often a designer or manager of an engineering project will begin a new design by considering alterations to a part included in an existing assembly or design. Information regarding the part may be scattered across many projects to which the particular designer or manager may or may not have access. If the designer does not have full access to each project, he may be unable to learn the true extent to which the part is used by the enterprise because, when the designer requests information from the ECM system, he or she simply receives no information related to data objects unless he or she has read-access privileges to the data object. Thus, one drawback to this approach of access control is that it may prevent a person from learning of even the existence of certain data objects managed by the ECM system.
This result may create serious problems as decisions regarding whether a product or part can be redesigned are often based on how many products or assemblies are impacted by a proposed design change. If a designer or manager cannot evaluate how many projects are impacted, he or she may be unable to correctly estimate the cost of changing the part. Similarly, considerations such as whether the part is currently used in another project or whether the part is included in a design or about to be placed in production may be unknown to the designer.
An example of the problem set forth above arises in the use of computer-aided design (CAD) applications to model a complicated machine such as an automobile. The term computer-aided design (CAD) generally refers to a broad variety of computer-based tools used by engineers, architects, and other design professionals. CAD applications may be used to construct computer models representing virtually any real-world construct. Many CAD models not only include visual renderings of products, assemblies, subassemblies, and parts, but also contain information about how the parts fit together, weights, materials, stresses, and forces. Essentially, the CAD model contains computer simulations of the geometry, structure and function of the object being modeled. Often, ECM systems are used to manage access to data objects created using a CAD application. A CAD model of an automobile may include a detailed model of an assembly such as a door. Such an assembly would typically include various subassemblies and parts such as a window, an ashtray, and various leaf parts. Each subassembly may itself include CAD models of primitive parts, such a bolt. The drawing files, models, views, and other data objects representing the car door, and all the related subassemblies may be stored and accessed by the CAD application interacting with an ECM system.
Now, suppose a designer wants to change one of the subassemblies or parts contained in the model of the door. Suppose further that the part is used in a model of a second automobile currently in production. If the designer does not have access to the CAD model of the second automobile, the ECM system will not return any data objects that include information about the second automobile. Therefore, the designer may proceed to change one of the subassemblies or parts of the door for the first automobile without any knowledge that the subassembly or part is currently in use for the second automobile. In many cases, this may be disruptive for designers who do have access to the designs of the second automobile. This problem may be further complicated by using the subassembly or part in several other models of automobiles or even in models in completely different product lines. Generalizing this situation, without broad read-only access, the designer is prevented from learning how many (and which) different projects share a common part or from learning what how one part may be related or integrated with other parts, assemblies or projects.
Accordingly, there remains a need for an ECM system that implements an adequate access control mechanism to prevent the unauthorized or unnecessary disclosure of data that also provides users with information regarding the existence of a object, part or model and/or the relationships between an inaccessible data object and other data objects to which a user has access privileges.