Conventional security for accessing objects in databases is usually dependent on the object of interest, meaning that permissions for a user are assigned to an object or a folder of objects. If a user is granted a different permission level for a particular action relating to an object, such as being able to modify a file in a file folder when previously the user had read only access for the file, then it is necessary to change the permission level associated with the object. In the aforementioned case, the object happens to be a file. But the object could also be file folder containing a group of files. Because of its dependency on individual objects, conventional security can be characterized as being “object-specific.”
Several problems of the object-specific conventional security manifest themselves in the project management environment where user groups are assigned to a specific folder in a database to store and modify their files. For example, a western geographic region of users maybe required save their files in a “West” folder. Meanwhile, an eastern geographic region of users maybe required save their files in an “East” folder. In the same set of circumstances, the eastern geographic region of users maybe required to have access only to one-half of the contents of the “West” folder. Similarly, the western geographic region of users maybe required to have access only to one-half of the contents of the “East” folder.
With the object-specific conventional security, one way to resolve this problem is to create a duplicate set of the “West” files in which the eastern region employees have access and are stored in the “East” folder. And similarly, a duplicate set of the “East” files in which the western region employees have access can be created and stored in the “West” folder. These duplicate sets of files for each folder are necessary because in the object-specific conventional security model, security is linked or controlled by the folder. The object-specific conventional security model typically does not permit half access to files contained within a database folder. This Conventional security can be characterized as an “all” or “nothing” approach relative to access or permission level for a particular folder.
One problem with maintaining duplicate sets of files is that there could be some uncertainty as to how current the duplicate set of files is relative to the original set of files. Even an automated duplication system would have problems, especially if there are large volumes of files and constant edits being performed by different users on the original set of files. Another problem exists when a user wants to modify the “duplicate” of a file. It would be quite a challenge to have any changes made to a “duplicate” file to be reflective or later saved back into the original file from which the duplicate file was made.
Another way to solve this problem of accessing the same objects by different users of different user groups is to set the permissions directly on each of the required files in the “West” folder instead of setting permissions based upon a folder. Setting permissions based on individual files within a folder could permit eastern region employees to access the files stored in the “West” folder. Likewise, permissions could be set directly on each of the files in the “East” folder to permit western region employees to access the files stored in the “East” folder. But this solution can be quite troublesome because it would require the manual setting of individual permissions for each employee on each affected file.
In other words, another problem of the object-specific conventional security is that it is very difficult to customize permission or access settings for numerous individual users. For example, to customize permission or access settings for 1000 users who have access to 100+ files or file folders would require significant man power because each of the 100+ files or file folders would require custom or individualized settings.
Accordingly there is a need in the art for a security system permits individual customization for numerous users that reduces any work needed to make the customizations. There is also a need in the art for a security system that can permit different tiers of access to different groups of files within the same file folder. Another need exists in the art for a security system that does not require the duplication of files to permit access to information. A further need exists in the art for a security system that is dynamic and which can automatically respond to instantaneous changes to a database such as modifications to existing files or creation of new files. Another need exists in the art for a security system that can support users who can be members of various user groups, who in turn, may have various levels of access.