US 12,069,058 B2
Security mechanisms for content management systems
Kerry Xing, San Francisco, CA (US); Raghav Sharma, San Francisco, CA (US); Bradley Girardeau, San Francisco, CA (US); Maxime Serrano, San Francisco, CA (US); Ruslan Nigmatullin, Mountain View, CA (US); Soumit Rahman, San Francisco, CA (US); Sergey Petrenko, San Mateo, CA (US); and Tobias Kohlenberg, Portland, OR (US)
Assigned to Dropbox, Inc., San Francisco, CA (US)
Filed by Dropbox, Inc., San Francisco, CA (US)
Filed on Mar. 26, 2021, as Appl. No. 17/301,149.
Prior Publication US 2022/0311772 A1, Sep. 29, 2022
Int. Cl. H04L 9/40 (2022.01); G06F 21/62 (2013.01)
CPC H04L 63/101 (2013.01) [G06F 21/6218 (2013.01); H04L 63/104 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving, by a content management system, a first request from a service executing on a computing system associated with the content management system, the first request to access a first data item stored on a first server of the content management system;
determining, by the content management system, a first data type associated with the first data item;
accessing, by the content management system, an access control list to determine whether the service has permission to access data associated with the first data type;
based on a first determination that the service has permission to access data associated with the first data type, processing, by the content management system, the first request;
receiving, by the content management system, a second request from the service executing on the computing system to access a second data item stored on the first server of the content management system;
determining, by the content management system, a second data type associated with the second data item;
accessing, by the content management system, the access control list to determine whether the service has permission to access data associated with the second data type; and
based on a second determination that the service does not have permission to access data associated with the second data type, rejecting, by the content management system, the second request.