| CPC H04L 63/105 (2013.01) [G06F 9/4881 (2013.01); H04L 63/102 (2013.01)] | 19 Claims |
|
1. An access control method performed in an information technology system comprising a normalized access control database and a denormalized access control database, wherein the normalized access control database stores access rights of a plurality of entities in an entity hierarchy with at least two hierarchy levels, a higher hierarchy level and a lower hierarchy level, wherein the plurality of entities comprise higher hierarchy level entities of the higher hierarchy level and lower hierarchy level entities at the lower hierarchy level, and the denormalized access control database stores the access rights of the higher hierarchy level entities and the lower hierarchy level entities, the method comprising:
receiving a first update request from a client to change the access rights of at least one higher hierarchy level entity;
updating the access rights of the at least one higher hierarchy level entity in the normalized access control database;
computing updated access control rights for one or more corresponding lower hierarchy level entities which are related to the at least one higher hierarchy level entity corresponding to the updated access rights;
storing the updated access rights of the one or more lower hierarchy level entities in the denormalized access control database;
storing the updated access rights of the at least one higher hierarchy level entity in the denormalized access control database; and
serving an access request from one of the one or more lower hierarchy level entities on the basis of the updated access rights at the lower hierarchy level stored in the denormalized access control database.
|