摘要:
Managing a content management system. The content management system is one that is configured and controlled to establish a connection between a client and a library server, generate a transaction identifier and insert, a record for the transaction in a tracking table associated with the library server, pass transaction data from the client to a resource manager, process the transaction at the resource manager and record transaction data in a tracking table associated with the resource manager. The resource manager returns transaction success/failure data to the client, compares activity recorded in the tracking tables, and takes corrective action based upon the activity comparison.
摘要:
A content management system provides versioning capability that can either be controlled by the client application or be transparent thereto. Control of document versions depends on the root and child component attributes that are defined by the hierarchical structure of the document. When a document is updated, the present system performs any or all of the following scenarios as desired by the user: replace the existing attribute values stored in the root component instance for a specified document; replace the existing attribute values stored in a specified child component instance for the specified document; add a new child component instance into the hierarchical structure for the specified document; or delete an existing child component instance from the hierarchical structure for the specified document.
摘要:
Access to system and user defined entities (objects, data items, or the like) is managed by a content manager. A privilege grants a user an ability to access system such controlled entities. An item is an atomic user data entity stored in the CM library server. A privileges table is used to store system and user defined privileges. A privilege is represented by a row in the table. Each privilege has a unique privilege code, with codes 0 to 999 reserved to store system-defined privileges and codes beyond 999 open for user-defined privileges thus allowing application specific privileges to be added without limit.
摘要:
Access to system and user defined entities (objects, data items, or the like) is managed by a content manager. A privilege grants a user an ability to access system such controlled entities. An item is an atomic user data entity stored in the CM library server. A privileges table is used to store system and user defined privileges. A privilege is represented by a row in the table. Each privilege has a unique privilege code, with codes 0 to 999 reserved to store system-defined privileges and codes beyond 999 open for user-defined privileges thus allowing application specific privileges to be added without limit.
摘要:
System and method for authorizing access to an entity by a user, by binding an access control list to each entity; specifying for the user a set of user privileges; intersecting the access control list and set of user privileges in a compiled ACL table; incrementally refreshing the compiled ACL table responsive to run time modification of relevant tables containing the access control list and set of user privileges; and referencing the compiled access control list to authorize a user request to access an entity.
摘要:
Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dynamically determined at runtime. Furthermore, as new resources are added, they can be assigned to a pre-existing protection class. The new resource may thus automatically inherit the various permissions and roles attached to the protection class.
摘要:
Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dynamically determined at runtime. Furthermore, as new resources are added, they can be assigned to a pre-existing protection class. The new resource may thus automatically inherit the various permissions and roles attached to the protection class.
摘要:
Methods and apparatus for providing a multi-tier object-relational database architecture are disclosed. In one illustrative embodiment of the present invention, a multi-tier database architecture comprises an object-relational database engine as a top tier, one or more domain-specific extension modules as a bottom tier, and one or more universal extension modules as a middle tier. The individual extension modules of the bottom tier operationally connect with the one or more universal extension modules which, themselves, operationally connect with the database engine. The domain-specific extension modules preferably provide such functions as search, index, and retrieval services of images, video, audio, time series, web pages, text, XML, spatial data, etc. The domain-specific extension modules may include one or more IBM DB2 extenders, Oracle data cartridges and/or Informix datablades, although other domain-specific extension modules may be used.
摘要:
A partitioning scheme for co-locating records of a table with records they reference. In a distributed database system, records of one table or relation may be stored at different locations. In order to optimize database query processing the present invention partitions records of a table by reference. A record in a table may reference another record in the table or in another table. The present invention stores (or co-locates) the referencing record with the referenced record.
摘要:
An efficient method for adding one or more new direct access storage devices (DASDs) to a redundant array of independent disks (RAID) array without disrupting ongoing operation of the array. In one embodiment, after contents of new DASDs are initialized off-line, the "parity" or "data" status of specific storage locations in the array is re-mapped, without any changes to the storage locations' contents. In a second embodiment, RAID arrays are efficiently expanded and parallelism is facilitated for original as well as new data by re-mapping parity and data tracks, changing the contents of a minimum number of tracks and maintaining the contents of others.