Abstract: Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dynamically determined at runtime. Furthermore, as new resources are added, they can be assigned to a pre-existing protection class. The new resource may thus automatically inherit the various permissions and roles attached to the protection class.

Abstract: Access to system and user defined entities (objects, data items, or the like) is managed by a content manager. A privilege grants a user an ability to access system such controlled entities. An item is an atomic user data entity stored in the CM library server. A privileges table is used to store system and user defined privileges. A privilege is represented by a row in the table. Each privilege has a unique privilege code, with codes 0 to 999 reserved to store system-defined privileges and codes beyond 999 open for user-defined privileges thus allowing application specific privileges to be added without limit.

Abstract: Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dynamically determined at runtime. Furthermore, as new resources are added, they can be assigned to a pre-existing protection class. The new resource may thus automatically inherit the various permissions and roles attached to the protection class.

Abstract: System and method for authorizing access to an entity by a user, by binding an access control list to each entity; specifying for the user a set of user privileges; intersecting the access control list and set of user privileges in a compiled ACL table; incrementally refreshing the compiled ACL table responsive to run time modification of relevant tables containing the access control list and set of user privileges; and referencing the compiled access control list to authorize a user request to access an entity.

Abstract: A system and method are provided for an information management system (IMS) having an underlying relational database management system (RDBMS) that allows applications to access the RDBMS directly for improved performance without going through the IMS, while maintaining access control. An access control list (ACL) is generated, with tables in the RDBMS being bound using codes in the ACL. At run time or, more preferably, pre-run time, user-defined functions (UDF) evaluate access control attributes and generate an access authorization table, which is joined with the appropriate information table(s) in response to a query against a view on the table. The view is presented to the querying user. Thus, access control rules are encapsulated in the view that is presented to the user.

Abstract: A content management system provides versioning capability that can either be controlled by the client application or be transparent thereto. Control of document versions depends on the root and child component attributes that are defined by the hierarchical structure of the document. When a document is updated, the present system performs any or all of the following scenarios as desired by the user: replace the existing attribute values stored in the root component instance for a specified document; replace the existing attribute values stored in a specified child component instance for the specified document; add a new child component instance into the hierarchical structure for the specified document; or delete an existing child component instance from the hierarchical structure for the specified document.

Abstract: A system and method are provided for an information management system (IMS) to manage heterogenous references in the system, to ensure “referential integrity”, without changing the underlying relational database management system (RDBMS) of the IMS. One or more system tables are kept that are not visible to system users. In one embodiment, the RDBMS' mechanisms to ensure referential integrity for homogenous references is used in conjunction with the system table to extend referential integrity to heterogenous references. In another embodiment, the triggers of the RDBMS, in conjunction with the system table, are used to ensure referential integrity of heterogenous references.

Abstract: Access to system and user defined entities (objects, data items, or the like) is managed by a content manager. A privilege grants a user an ability to access system such controlled entities. An item is an atomic user data entity stored in the CM library server. A privileges table is used to store system and user defined privileges. A privilege is represented by a row in the table. Each privilege has a unique privilege code, with codes 0 to 999 reserved to store system-defined privileges and codes beyond 999 open for user-defined privileges thus allowing application specific privileges to be added without limit.

Abstract: Managing a content management system. The content management system is one that is configured and controlled to establish a connection between a client and a library server, generate a transaction identifier and insert, a record for the transaction in a tracking table associated with the library server, pass transaction data from the client to a resource manager, process the transaction at the resource manager and record transaction data in a tracking table associated with the resource manager. The resource manager returns transaction success/failure data to the client, compares activity recorded in the tracking tables, and takes corrective action based upon the activity comparison.

Abstract: A system and method are provided for an information management system (IMS) having an underlying relational database system (RDBMS) that allows an item to be associated with plural containers, and one of the containers is designated as the item's primary container. Inheritance of the primary container's access control rules can be activated, and when it is, the container's access control rules are automatically used to access the item. Otherwise, the item's access control rules are used. The container's rules can be propagated through many levels of containers/items.

Abstract: Methods and apparatus for providing a multi-tier object-relational database architecture are disclosed. In one illustrative embodiment of the present invention, a multi-tier database architecture comprises an object-relational database engine as a top tier, one or more domain-specific extension modules as a bottom tier, and one or more universal extension modules as a middle tier. The individual extension modules of the bottom tier operationally connect with the one or more universal extension modules which, themselves, operationally connect with the database engine. The domain-specific extension modules preferably provide such functions as search, index, and retrieval services of images, video, audio, time series, web pages, text, XML, spatial data, etc. The domain-specific extension modules may include one or more IBM DB2 extenders, Oracle data cartridges and/or Informix datablades, although other domain-specific extension modules may be used.

Abstract: System and method for authorizing access to an entity by a user, by binding an access control list to each entity; specifying for the user a set of user privileges; intersecting the access control list and set of user privileges in a compiled ACL table; incrementally refreshing the compiled ACL table responsive to run time modification of relevant tables containing the access control list and set of user privileges; and referencing the compiled access control list to authorize a user request to access an entity.

Abstract: An item versioning implementation in a content management system provides versioning capability that can either be controlled by the client application or be transparent thereto. Versioning is controlled by the user. The user also defines the manner in which old versions are maintained. The number of previous versions of the document may be limited by the user. The present system provides enhanced server capability for managing version control by document type, reduces client application complexity, reduces the number of required data parameters transmitted across network communications, allows flexibility in control of document versioning, and maintains compatibility with content management systems that do not have versioning control. Control of document versions depends on the root and child component attributes that are defined by the hierarchical structure of the document.

Abstract: Managing a content management system. The content management system is one that is configured and controlled to establish a connection between a client and a library server, generate a transaction identifier and insert, a record for the transaction in a tracking table associated with the library server, pass transaction data from the client to a resource manager, process the transaction at the resource manager and record transaction data in a tracking table associated with the resource manager. The resource manager returns transaction success/failure data to the client, compares activity recorded in the tracking tables, and takes corrective action based upon the activity comparison.

Abstract: Access to system and user defined entities (objects, data items, or the like) is managed by a content manager. A privilege grants a user an ability to access system such controlled entities. An item is an atomic user data entity stored in the CM library server. A privileges table is used to store system and user defined privileges. A privilege is represented by a row in the table. Each privilege has a unique privilege code, with codes 0 to 999 reserved to store system-defined privileges and codes beyond 999 open for user-defined privileges thus allowing application specific privileges to be added without limit.

Abstract: A system and method are provided for an information management system (IMS) having an underlying relational database management system (RDBMS) that allows applications to access the RDBMS directly for improved performance without going through the IMS, while maintaining access control. An access control list (ACL) is generated, with tables in the RDBMS being bound using codes in the ACL. At run time or, more preferably, pre-run time, user-defined functions (UDF) evaluate access control attributes and generate an access authorization table, which is joined with the appropriate information table(s) in response to a query against a view on the table. The view is presented to the querying user. Thus, access control rules are encapsulated in the view that is presented to the user.

Abstract: A system and method are provided for an information management system (IMS) having an underlying relational database management system (RDBMS) that allows applications to access the RDBMS directly for improved performance without going through the IMS, while maintaining access control. An access control list (ACL) is generated, with tables in the RDBMS being bound using codes in the ACL. At run time or, more preferably, pre-run time, user-defined functions (UDF) evaluate access control attributes and generate an access authorization table, which is joined with the appropriate information table(s) in response to a query against a view on the table. The view is presented to the querying user. Thus, access control rules are encapsulated in the view that is presented to the user.

Abstract: Methods and apparatus for providing a multi-tier object-relational database architecture are disclosed. In one illustrative embodiment of the present invention, a multi-tier database architecture comprises an object-relational database engine as a top tier, one or more domain-specific extension modules as a bottom tier, and one or more universal extension modules as a middle tier. The individual extension modules of the bottom tier operationally connect with the one or more universal extension modules which, themselves, operationally connect with the database engine. The domain-specific extension modules preferably provide such functions as search, index, and retrieval services of images, video, audio, time series, web pages, text, XML, spatial data, etc. The domain-specific extension modules may include one or more IBM DB2 extenders, Oracle data cartridges and/or Informix datablades, although other domain-specific extension modules may be used.

Abstract: A heterogeneous information system such as a digital library often uses a database manager together with other data resource manager(s), such as an object server or a video server, to manage digital content. Such a system often needs to maintain an application-specific database and/or to handle application-specific operational requirements. To facilitate system integration and application development, an application-independent reusable product is created which generates a custom system component or utility, such as a loader, according to a specification provided by a system integrator or an application developer.

Abstract: A digital library is comprised of a library server and at least one object server. The library server stores tables describing the digital library. An object server stores objects referenced by the tables describing the digital library. An application is coupled to the library server and the object server(s). It accesses objects via a file system or other native storage manager API under the control of the library server.