US20150358326A1 - Secured data exchange with external users - Google Patents

Secured data exchange with external users Download PDF

Info

Publication number
US20150358326A1
US20150358326A1 US14/485,380 US201414485380A US2015358326A1 US 20150358326 A1 US20150358326 A1 US 20150358326A1 US 201414485380 A US201414485380 A US 201414485380A US 2015358326 A1 US2015358326 A1 US 2015358326A1
Authority
US
United States
Prior art keywords
external user
access
enterprise
event
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/485,380
Inventor
Vaibhav Varshney
Chandar Panjwani
Vasant Kulkarni
Kunal Kishore
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Industry Software Inc
Original Assignee
Siemens Product Lifecycle Management Software Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Product Lifecycle Management Software Inc filed Critical Siemens Product Lifecycle Management Software Inc
Assigned to SIEMENS INDUSTRY SOFTWARE (INDIA) PRIVATE LIMITED reassignment SIEMENS INDUSTRY SOFTWARE (INDIA) PRIVATE LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KISHORE, Kunal, KULKAMI, VASANT, PANJWANI, Chandar, VARSHNEY, Vaibhav
Assigned to SIEMENS PRODUCT LIFECYCLE MANAGEMENT SOFTWARE INC. reassignment SIEMENS PRODUCT LIFECYCLE MANAGEMENT SOFTWARE INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SIEMENS INDUSTRY SOFTWARE (INDIA) PRIVATE LIMITED
Priority to EP15169858.6A priority Critical patent/EP2953089A1/en
Publication of US20150358326A1 publication Critical patent/US20150358326A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/101Collaborative creation, e.g. joint development of products or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present disclosure is directed, in general, to computer-aided design (“CAD”), visualization, and manufacturing systems, product lifecycle management (“PLM”) systems, and similar systems, that manage data for products and other items (collectively, “Product Data Management” systems or PDM systems).
  • CAD computer-aided design
  • PLM product lifecycle management
  • PDM systems manage PLM and other data. Improved systems are desirable.
  • Various disclosed embodiments include a method for controlling access to enterprise objects for an external user.
  • the method includes receiving a search request from a supplier relationship management (SRM) for access to an enterprise object in an PLM system, evaluating an enterprise rule tree to determine access and editing privileges granted to an external user accessor for the enterprise object, granting the access and editing privileges to the external user accessor based upon the enterprise rule tree, and sending the enterprise object as external user data to the SRM when the enterprise rule tree authenticates the external user accessor.
  • SRM supplier relationship management
  • FIG. 1 depicts a block diagram of a data processing system in which an embodiment can be implemented
  • FIG. 2 illustrates an external user accessor implemented in an enterprise system in accordance with the present disclosure.
  • FIG. 3 illustrates a flow chart for accessing data in a model using an external user accessor method in accordance with the present disclosure.
  • FIGS. 1 through 3 discussed below, and the various embodiments used to describe the principles of the present disclosure in this patent document are by way of illustration only and should not be construed in any way to limit the scope of the disclosure. Those skilled in the art will understand that the principles of the present disclosure may be implemented in any suitably arranged device. The numerous innovative teachings of the present application will be described with reference to exemplary non-limiting embodiments.
  • FIG. 1 depicts a block diagram of a data processing system in which an embodiment can be implemented, for example, as a PLM system particularly configured by software or otherwise to perform the processes as described herein, and in particular as each one of a plurality of interconnected and communicating systems as described herein.
  • the data processing system depicted includes a processor 102 connected to a level two cache/bridge 104 , which is connected in turn to a local system bus 106 .
  • Local system bus 106 may be, for example, a peripheral component interconnect (PCI) architecture bus.
  • PCI peripheral component interconnect
  • Also connected to local system bus in the depicted example are a main memory 108 and a graphics adapter 110 .
  • the graphics adapter 110 may be connected to display 111 .
  • LAN local area network
  • WiFi Wireless Fidelity
  • Expansion bus interface 114 connects local system bus 106 to input/output (I/O) bus 116 .
  • I/O bus 116 is connected to keyboard/mouse adapter 118 , disk controller 120 , and I/O adapter 122 .
  • Disk controller 120 can be connected to a storage 126 , which can be any suitable machine usable or machine readable storage medium, including but not limited to nonvolatile, hard-coded type mediums such as read only memories (ROMs) or erasable, electrically programmable read only memories (EEPROMs), magnetic tape storage, and user-recordable type mediums such as floppy disks, hard disk drives and compact disk read only memories (CD-ROMs) or digital versatile disks (DVDs), and other known optical, electrical, or magnetic storage devices.
  • ROMs read only memories
  • EEPROMs electrically programmable read only memories
  • CD-ROMs compact disk read only memories
  • DVDs digital versatile disks
  • audio adapter 124 Also connected to I/O bus 116 in the example shown is audio adapter 124 , to which speakers (not shown) may be connected for playing sounds.
  • Keyboard/mouse adapter 118 provides a connection for a pointing device (not shown), such as a mouse, trackball, trackpointer, touchscreen, etc.
  • FIG. 1 may vary for particular implementations.
  • other peripheral devices such as an optical disk drive and the like, also may be used in addition or in place of the hardware depicted.
  • the depicted example is provided for the purpose of explanation only and is not meant to imply architectural limitations with respect to the present disclosure.
  • a data processing system in accordance with an embodiment of the present disclosure includes an operating system employing a graphical user interface.
  • the operating system permits multiple display windows to be presented in the graphical user interface simultaneously, with each display window providing an interface to a different application or to a different instance of the same application.
  • a cursor in the graphical user interface may be manipulated by a user through the pointing device. The position of the cursor may be changed and/or an event, such as clicking a mouse button, generated to actuate a desired response.
  • One of various commercial operating systems such as a version of Microsoft WindowsTM, a product of Microsoft Corporation located in Redmond, Wash. may be employed if suitably modified.
  • the operating system is modified or created in accordance with the present disclosure as described.
  • LAN/ WAN/Wireless adapter 112 can be connected to a network 130 (not a part of data processing system 100 ), which can be any public or private data processing system network or combination of networks, as known to those of skill in the art, including the Internet.
  • Data processing system 100 can communicate over network 130 with server system 140 , which is also not part of data processing system 100 , but can be implemented, for example, as a separate data processing system 100 .
  • FIG. 2 illustrates an external user accessor 250 implemented in a PLM system 200 in accordance with the present disclosure.
  • the supplier relationship management (SRM) 210 controls the interaction between the external user and the protected enterprise system 250 .
  • An external user is a user who does not have authenticated access to the PLM system, but nonetheless requires access to specific component data.
  • the external user accesses the SRM 210 from a remote location on any type of platform.
  • the external user can use a web browser to access the SRM 210 .
  • the partition 220 and the event 230 compartmentalize the data for an enterprise system 250 and the external user data 240 that is shared with the external user.
  • the partition 220 is a logical independent space for managing enterprise data.
  • Each partition 220 is independent of other partitions and the external user's access to a particular partition 220 provides no access or visibility to the other partitions.
  • Each partition 220 contains events 230 , where an event 230 holds external user data 240 for a specific exchange with external users.
  • the external user data 240 is a copy of the enterprise object 270 data.
  • the enterprise objects 270 are assigned to specific external users and transmitted to the external user as external user data 240 .
  • the next level of access refinement can be done by assigning specific external user data 240 in the event 230 to specific external users.
  • An external user can access and respond only to the external user data 240 to which the external user is assigned and is not aware of the other data in the event 230 shared with other external users.
  • the event 230 provides time bound access to the external user data 240 in the event 230 .
  • the external user fails to access or respond to the external user data 240 in the specified amount of time or before the scheduled time, the external user's access to the data is removed.
  • the external user accessors 260 are created to provide access to enterprise objects to unknown external users and are used to define the rules to control the external user's access to the protected data.
  • the external user accessors 260 are created before the external user can gain access to the enterprise objects 270 in the enterprise system 250 .
  • the external user accessors 260 assign specific access rules for enterprise objects which are evaluated using the enterprise rule tree 280 .
  • the enterprise system 250 holds all the enterprise objects 270 , external user accessors 260 , and enterprise rule tree 280 .
  • the enterprise objects 270 are objects incorporated into different models that are created by external users.
  • FIG. 3 illustrates a flowchart for accessing data in a model using an external user accessor method 300 in accordance with the present disclosure.
  • the enterprise system 250 receives a request from an SRM 210 to access an enterprise object 270 .
  • the request includes the external user's credentials, the desired enterprise object 270 to be accessed, and any other suitable information required for the enterprise system 250 to respond to a request for authorization of an external user's access of an enterprise object 270 .
  • step 320 the enterprise system 250 evaluates the enterprise rule tree 280 to determine access and editing privileges granted to the external user accessor 260 for the enterprise object 270 .
  • the enterprise system 250 grants the privilege (read, write, etc.) to the external user accessor 260 based upon the enterprise rule tree 280 .
  • the enterprise system 250 determines whether the external user accessor 260 provides the external user with access to the enterprise object 270 .
  • the SRM 260 also provides time bound access to the enterprise object 270 , which determines the amount of time or event close time for the external user to have access to the enterprise objects 270 . When the amount of time or event close time occurs, the event terminates access to the external user data.
  • step 340 the enterprise objects 270 are sent as external user data 240 to the SRM 210 in response to the request to access the enterprise object 270 and authentication by the enterprise rule tree 280 . If the enterprise rule tree does not authenticate the external user accessor 260 , the SRM 210 is denied access to the enterprise object 270 .
  • machine usable/readable or computer usable/readable mediums include: nonvolatile, hard-coded type mediums such as read only memories (ROMs) or erasable, electrically programmable read only memories (EEPROMs), and user-recordable type mediums such as floppy disks, hard disk drives and compact disk read only memories (CD-ROMs) or digital versatile disks (DVDs).
  • ROMs read only memories
  • EEPROMs electrically programmable read only memories
  • user-recordable type mediums such as floppy disks, hard disk drives and compact disk read only memories (CD-ROMs) or digital versatile disks (DVDs).

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A method for controlling access to enterprise objects for an external user. The method includes receiving a search request from an external SRM for access to an enterprise object in an enterprise system, evaluating an enterprise rule tree to determine access and editing privileges granted to an external user accessor for the enterprise object, granting the access and editing privileges to the external user accessor based upon the enterprise rule tree, and sending the enterprise object as external user data to the SRM when the enterprise rule tree authenticates the external user accessor.

Description

    RELATED APPLICATIONS
  • This patent document claims priority under 35 U.S.C. §119 and all other benefits from Indian Provisional Patent Application Serial No. 614/KOL/2014, filed Jun. 5, 2014, titled: “Asynchronous Design Data Exchange With External Users” (Attorney Docket 2014P09612IN), and Indian Provisional Patent Application Serial No. 616/KOL/2014, filed Jun. 5, 2014, titled: “Secured Data Exchange with External Users” (Attorney Docket 2014P09613IN), the contents of which are hereby incorporated by reference to the extent permitted by law.
    • TECHNICAL FIELD
  • The present disclosure is directed, in general, to computer-aided design (“CAD”), visualization, and manufacturing systems, product lifecycle management (“PLM”) systems, and similar systems, that manage data for products and other items (collectively, “Product Data Management” systems or PDM systems).
    • BACKGROUND OF THE DISCLOSURE
  • PDM systems manage PLM and other data. Improved systems are desirable.
    • SUMMARY OF THE DISCLOSURE
  • Various disclosed embodiments include a method for controlling access to enterprise objects for an external user. The method includes receiving a search request from a supplier relationship management (SRM) for access to an enterprise object in an PLM system, evaluating an enterprise rule tree to determine access and editing privileges granted to an external user accessor for the enterprise object, granting the access and editing privileges to the external user accessor based upon the enterprise rule tree, and sending the enterprise object as external user data to the SRM when the enterprise rule tree authenticates the external user accessor.
  • The foregoing has outlined rather broadly the features and technical advantages of the present disclosure so that those skilled in the art may better understand the detailed description that follows. Additional features and advantages of the disclosure will be described hereinafter that form the subject of the claims. Those skilled in the art will appreciate that they may readily use the conception and the specific embodiment disclosed as a basis for modifying or designing other structures for carrying out the same purposes of the present disclosure. Those skilled in the art will also realize that such equivalent constructions do not depart from the spirit and scope of the disclosure in its broadest form.
  • Before undertaking the DETAILED DESCRIPTION below, it may be advantageous to set forth definitions of certain words or phrases used throughout this patent document: the terms “include” and “comprise,” as well as derivatives thereof, mean inclusion without limitation; the term “or” is inclusive, meaning and/or; the phrases “associated with” and “associated therewith,” as well as derivatives thereof, may mean to include, be included within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, cooperate with, interleave, juxtapose, be proximate to, be bound to or with, have, have a property of, or the like; and the term “controller” means any device, system or part thereof that controls at least one operation, whether such a device is implemented in hardware, firmware, software or some combination of at least two of the same. It should be noted that the functionality associated with any particular controller may be centralized or distributed, whether locally or remotely. Definitions for certain words and phrases are provided throughout this patent document, and those of ordinary skill in the art will understand that such definitions apply in many, if not most, instances to prior as well as future uses of such defined words and phrases. While some terms may include a wide variety of embodiments, the appended claims may expressly limit these terms to specific embodiments.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • For a more complete understanding of the present disclosure, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, wherein like numbers designate like objects, and in which:
  • FIG. 1 depicts a block diagram of a data processing system in which an embodiment can be implemented;
  • FIG. 2 illustrates an external user accessor implemented in an enterprise system in accordance with the present disclosure.
  • FIG. 3 illustrates a flow chart for accessing data in a model using an external user accessor method in accordance with the present disclosure.
    •  DETAILED DESCRIPTION
  • FIGS. 1 through 3, discussed below, and the various embodiments used to describe the principles of the present disclosure in this patent document are by way of illustration only and should not be construed in any way to limit the scope of the disclosure. Those skilled in the art will understand that the principles of the present disclosure may be implemented in any suitably arranged device. The numerous innovative teachings of the present application will be described with reference to exemplary non-limiting embodiments.
  • It is important that the enterprise system controls the access of the data for external user, when the enterprise system is exchanging the design information with disconnected external users. Data security and access are important so that no two external users can see each other's data and all the security definitions in the PLM system are honored. Due to the need to exchange data with disconnected external users, data authorization systems need to be adapted to situations where end users are unknown. A new external user accessor object is created for the unknown external user to be granted access privileges without being authenticated users and the data authorization system is modified to allow the unknown external user to use the external user accessor object to gain access to the data.
  • FIG. 1 depicts a block diagram of a data processing system in which an embodiment can be implemented, for example, as a PLM system particularly configured by software or otherwise to perform the processes as described herein, and in particular as each one of a plurality of interconnected and communicating systems as described herein. The data processing system depicted includes a processor 102 connected to a level two cache/bridge 104, which is connected in turn to a local system bus 106. Local system bus 106 may be, for example, a peripheral component interconnect (PCI) architecture bus. Also connected to local system bus in the depicted example are a main memory 108 and a graphics adapter 110. The graphics adapter 110 may be connected to display 111.
  • Other peripherals, such as local area network (LAN)/Wide Area Network/Wireless (e.g. WiFi) adapter 112, may also be connected to local system bus 106. Expansion bus interface 114 connects local system bus 106 to input/output (I/O) bus 116. I/O bus 116 is connected to keyboard/mouse adapter 118, disk controller 120, and I/O adapter 122. Disk controller 120 can be connected to a storage 126, which can be any suitable machine usable or machine readable storage medium, including but not limited to nonvolatile, hard-coded type mediums such as read only memories (ROMs) or erasable, electrically programmable read only memories (EEPROMs), magnetic tape storage, and user-recordable type mediums such as floppy disks, hard disk drives and compact disk read only memories (CD-ROMs) or digital versatile disks (DVDs), and other known optical, electrical, or magnetic storage devices.
  • Also connected to I/O bus 116 in the example shown is audio adapter 124, to which speakers (not shown) may be connected for playing sounds. Keyboard/mouse adapter 118 provides a connection for a pointing device (not shown), such as a mouse, trackball, trackpointer, touchscreen, etc.
  • Those of ordinary skill in the art will appreciate that the hardware depicted in FIG. 1 may vary for particular implementations. For example, other peripheral devices, such as an optical disk drive and the like, also may be used in addition or in place of the hardware depicted. The depicted example is provided for the purpose of explanation only and is not meant to imply architectural limitations with respect to the present disclosure.
  • A data processing system in accordance with an embodiment of the present disclosure includes an operating system employing a graphical user interface. The operating system permits multiple display windows to be presented in the graphical user interface simultaneously, with each display window providing an interface to a different application or to a different instance of the same application. A cursor in the graphical user interface may be manipulated by a user through the pointing device. The position of the cursor may be changed and/or an event, such as clicking a mouse button, generated to actuate a desired response.
  • One of various commercial operating systems, such as a version of Microsoft Windows™, a product of Microsoft Corporation located in Redmond, Wash. may be employed if suitably modified. The operating system is modified or created in accordance with the present disclosure as described.
  • LAN/ WAN/Wireless adapter 112 can be connected to a network 130 (not a part of data processing system 100), which can be any public or private data processing system network or combination of networks, as known to those of skill in the art, including the Internet. Data processing system 100 can communicate over network 130 with server system 140, which is also not part of data processing system 100, but can be implemented, for example, as a separate data processing system 100.
  • FIG. 2 illustrates an external user accessor 250 implemented in a PLM system 200 in accordance with the present disclosure.
  • The supplier relationship management (SRM) 210 controls the interaction between the external user and the protected enterprise system 250. An external user is a user who does not have authenticated access to the PLM system, but nonetheless requires access to specific component data. The external user accesses the SRM 210 from a remote location on any type of platform. In one embodiment, the external user can use a web browser to access the SRM 210.
  • The partition 220 and the event 230 compartmentalize the data for an enterprise system 250 and the external user data 240 that is shared with the external user. The partition 220 is a logical independent space for managing enterprise data. Each partition 220 is independent of other partitions and the external user's access to a particular partition 220 provides no access or visibility to the other partitions. Each partition 220 contains events 230, where an event 230 holds external user data 240 for a specific exchange with external users. The external user data 240 is a copy of the enterprise object 270 data.
  • The enterprise objects 270 are assigned to specific external users and transmitted to the external user as external user data 240. The next level of access refinement can be done by assigning specific external user data 240 in the event 230 to specific external users. An external user can access and respond only to the external user data 240 to which the external user is assigned and is not aware of the other data in the event 230 shared with other external users.
  • The event 230 provides time bound access to the external user data 240 in the event 230. When the external user fails to access or respond to the external user data 240 in the specified amount of time or before the scheduled time, the external user's access to the data is removed.
  • The external user accessors 260 are created to provide access to enterprise objects to unknown external users and are used to define the rules to control the external user's access to the protected data. The external user accessors 260 are created before the external user can gain access to the enterprise objects 270 in the enterprise system 250.
  • The external user accessors 260 assign specific access rules for enterprise objects which are evaluated using the enterprise rule tree 280.
  • The enterprise system 250 holds all the enterprise objects 270, external user accessors 260, and enterprise rule tree 280. The enterprise objects 270 are objects incorporated into different models that are created by external users.
  • FIG. 3 illustrates a flowchart for accessing data in a model using an external user accessor method 300 in accordance with the present disclosure.
  • In step 310, the enterprise system 250 receives a request from an SRM 210 to access an enterprise object 270. The request includes the external user's credentials, the desired enterprise object 270 to be accessed, and any other suitable information required for the enterprise system 250 to respond to a request for authorization of an external user's access of an enterprise object 270.
  • In step 320, the enterprise system 250 evaluates the enterprise rule tree 280 to determine access and editing privileges granted to the external user accessor 260 for the enterprise object 270.
  • In step 330, the enterprise system 250 grants the privilege (read, write, etc.) to the external user accessor 260 based upon the enterprise rule tree 280. The enterprise system 250 determines whether the external user accessor 260 provides the external user with access to the enterprise object 270. The SRM 260 also provides time bound access to the enterprise object 270, which determines the amount of time or event close time for the external user to have access to the enterprise objects 270. When the amount of time or event close time occurs, the event terminates access to the external user data.
  • In step 340, the enterprise objects 270 are sent as external user data 240 to the SRM 210 in response to the request to access the enterprise object 270 and authentication by the enterprise rule tree 280. If the enterprise rule tree does not authenticate the external user accessor 260, the SRM 210 is denied access to the enterprise object 270.
  • Of course, those of skill in the art will recognize that, unless specifically indicated or required by the sequence of operations, certain steps in the processes described above may be omitted, performed concurrently or sequentially, or performed in a different order.
  • Those skilled in the art will recognize that, for simplicity and clarity, the full structure and operation of all data processing systems suitable for use with the present disclosure is not being depicted or described herein. Instead, only so much of a data processing system as is unique to the present disclosure or necessary for an understanding of the present disclosure is depicted and described. The remainder of the construction and operation of data processing system 100 may conform to any of the various current implementations and practices known in the art.
  • It is important to note that while the disclosure includes a description in the context of a fully functional system, those skilled in the art will appreciate that at least portions of the mechanism of the present disclosure are capable of being distributed in the form of instructions contained within a machine-usable, computer-usable, or computer-readable medium in any of a variety of forms, and that the present disclosure applies equally regardless of the particular type of instruction or signal bearing medium or storage medium utilized to actually carry out the distribution. Examples of machine usable/readable or computer usable/readable mediums include: nonvolatile, hard-coded type mediums such as read only memories (ROMs) or erasable, electrically programmable read only memories (EEPROMs), and user-recordable type mediums such as floppy disks, hard disk drives and compact disk read only memories (CD-ROMs) or digital versatile disks (DVDs).
  • Although an exemplary embodiment of the present disclosure has been described in detail, those skilled in the art will understand that various changes, substitutions, variations, and improvements disclosed herein may be made without departing from the spirit and scope of the disclosure in its broadest form.
  • None of the description in the present application should be read as implying that any particular element, step, or function is an essential element which must be included in the claim scope: the scope of patented subject matter is defined only by the allowed claims. Moreover, none of these claims are intended to invoke paragraph six of 35 USC §112 unless the exact words “means for” are followed by a participle.

Claims (20)

What is claimed is:
1. A method for controlling access to enterprise objects for an external user comprising:
receiving a search request from an external supplier relationship manager (SRM) for access to an enterprise object in an enterprise system;
evaluating an enterprise rule tree to determine access and editing privileges granted to an external user accessor for the enterprise object;
granting the access and editing privileges to the external user accessor based upon the enterprise rule tree; and
sending the enterprise object as external user data to the external SRM in response to the request to access the enterprise object and authentication by the enterprise rule tree.
2. The method for controlling access to enterprise objects for an external user of claim 1, wherein the external user data is contained in a partition.
3. The method for controlling access to enterprise objects for an external user of claim 2, wherein the partition is independent from other partitions and access to a particular partition provides no access to other partitions.
4. The method for controlling access to enterprise objects for an external user of claim 2, wherein the external user data is further contained in an event and the event is contained inside the partition.
5. The method for controlling access to enterprise objects for an external user of claim 4, wherein the event provides access to specific external user data to the external user, but not to other data in the event.
6. The method for controlling access to enterprise objects for an external user of claim 4, wherein the event has a limited amount of time for access to the external user data by the external user.
7. The method for controlling access to enterprise objects for an external user of claim 6, wherein the limited amount of time is based on a specific amount of time or a specific time in which the access is terminated.
8. A data processing system comprising:
a processor; and
an accessible memory, the data processing system particularly configured to
receive a search request from an external supplier relationship manager (SRM) for access to an enterprise object in an enterprise system;
evaluate an enterprise rule tree to determine access and editing privileges granted to an external user accessor for the enterprise object;
grant the access and editing privileges to the external user accessor based upon the enterprise rule tree; and
send the enterprise object as external user data to the external SRM in response to the request to access the enterprise object and authentication by the enterprise rule tree.
9. The data processing system of claim 8, wherein the external user data is contained in a partition.
10. The data processing system of claim 9, wherein the partition is independent from other partitions and access to a particular partition provides no access to other partitions.
11. The data processing system of claim 9, wherein the external user data is further contained in an event and the event is contained inside the partition.
12. The data processing system of claim 11, wherein the event provides access to specific external user data to an external user, but not to other data in the event.
13. The data processing system of claim 11, wherein the event has a limited amount of time for access to the external user data by an external user.
14. The data processing system of claim 13, wherein the limited amount of time is based on a specific amount of time or a specific time in which the access is terminated.
15. A non-transitory computer-readable medium encoded with executable instructions that, when executed, cause one or more data processing systems to:
receive a search request from an external supplier relationship manager (SRM) for access to an enterprise object in an enterprise system;
evaluate an enterprise rule tree to determine access and editing privileges granted to an external user accessor for the enterprise object;
grant the access and editing privileges to the external user accessor based upon the enterprise rule tree; and
send the enterprise object as external user data to the external SRM in response to the request to access the enterprise object and authentication by the enterprise rule tree.
16. The non-transitory computer-readable medium of claim 15, wherein the external user data is contained in a partition.
17. The non-transitory computer-readable medium of claim 16, wherein the partition is independent from other partitions and access to a particular partition provides no access to other partitions.
18. The non-transitory computer-readable medium of claim 16, wherein the external user data is further contained in an event and the event is contained inside the partition.
19. The non-transitory computer-readable medium of claim 18, wherein the event provides access to specific external user data to the external user, but not to other data in the event.
20. The non-transitory computer-readable medium of claim 18, wherein the event has a limited amount of time for access to the external user data by an external user.
US14/485,380 2014-06-05 2014-09-12 Secured data exchange with external users Abandoned US20150358326A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP15169858.6A EP2953089A1 (en) 2014-06-05 2015-05-29 Secured data exchange with external users

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
IN614/KOL/2014 2014-06-05
IN614KO2014 2014-06-05
IN616/KOL/2014 2014-06-05
IN616KO2014 2014-06-05

Publications (1)

Publication Number Publication Date
US20150358326A1 true US20150358326A1 (en) 2015-12-10

Family

ID=54769869

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/485,380 Abandoned US20150358326A1 (en) 2014-06-05 2014-09-12 Secured data exchange with external users
US14/485,305 Active 2036-04-08 US9998462B2 (en) 2014-06-05 2014-09-12 Asynchronous design data exchange with external users

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/485,305 Active 2036-04-08 US9998462B2 (en) 2014-06-05 2014-09-12 Asynchronous design data exchange with external users

Country Status (1)

Country Link
US (2) US20150358326A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080134286A1 (en) * 2000-04-19 2008-06-05 Amdur Eugene Computer system security service
US8327419B1 (en) * 2008-05-22 2012-12-04 Informatica Corporation System and method for efficiently securing enterprise data resources
US20130263221A1 (en) * 2012-03-27 2013-10-03 Varonis Systems, Inc. Method and apparatus for enterprise-level filtered search
US20140181020A1 (en) * 2012-12-21 2014-06-26 Olga Kreindlina Integration scenario for master data with software-as-a-service system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003107224A1 (en) 2002-06-18 2003-12-24 Arizona Board Of Regents, Acting For Arizona State University Assignment and management of authentication & authorization
US20040098292A1 (en) * 2002-11-18 2004-05-20 Miller Lynn R. System and method for enabling supplier manufacturing integration
US20040181417A1 (en) * 2003-03-14 2004-09-16 Gunther Piller Managing the definition of a product innovation
EP1687767A1 (en) * 2003-11-14 2006-08-09 Koninklijke Philips Electronics N.V. Product data exchange
EP1672548A1 (en) * 2004-12-20 2006-06-21 Dassault Systèmes Process and system for rendering an object in a view using a product lifecycle management database
US8412741B2 (en) * 2007-07-17 2013-04-02 Agile Software Corporation Product network management system and method
US8131392B2 (en) * 2008-02-25 2012-03-06 The Boeing Company System and method for using manufacturing states of vehicle products for display of a manufacturing process
JP5231946B2 (en) * 2008-11-04 2013-07-10 株式会社日立製作所 Manufacturing information management method and manufacturing information management system
CN101645011B (en) * 2009-07-16 2013-07-31 唐山轨道客车有限责任公司 Integration scheme and platform between heterogeneous workgroup collaborative design system and PLM system
US8768947B2 (en) 2009-12-22 2014-07-01 At&T Global Network Services Deutschland Gmbh System and method for implementing unique primary keys across enterprise databases
WO2012051389A1 (en) * 2010-10-15 2012-04-19 Expressor Software Method and system for developing data integration applications with reusable semantic types to represent and process application data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080134286A1 (en) * 2000-04-19 2008-06-05 Amdur Eugene Computer system security service
US8327419B1 (en) * 2008-05-22 2012-12-04 Informatica Corporation System and method for efficiently securing enterprise data resources
US20130263221A1 (en) * 2012-03-27 2013-10-03 Varonis Systems, Inc. Method and apparatus for enterprise-level filtered search
US20140181020A1 (en) * 2012-12-21 2014-06-26 Olga Kreindlina Integration scenario for master data with software-as-a-service system

Also Published As

Publication number Publication date
US20150356505A1 (en) 2015-12-10
US9998462B2 (en) 2018-06-12

Similar Documents

Publication Publication Date Title
EP3149607B1 (en) Fast access rights checking of configured structure data
US8826390B1 (en) Sharing and access control
US8726348B2 (en) Collaborative rules based security
US8505084B2 (en) Data access programming model for occasionally connected applications
US10419485B2 (en) Picture/gesture password protection
US11768925B2 (en) Smart device management resource picker
EP2776968B1 (en) User interface for selection of multiple accounts and connection points
US20140317676A1 (en) Utilizing a social graph for network access and admission control
US20170171161A1 (en) Enforcing restrictions on third-party accounts
US9510182B2 (en) User onboarding for newly enrolled devices
US10102489B2 (en) Work plan based control of physical and virtual access
JP5855235B2 (en) Selective locking of object data elements
US20180032747A1 (en) System and Method for Database-Level Access Control Using Rule-Based Derived Accessor Groups
US10042652B2 (en) Home automation system
US20110113474A1 (en) Network system security managment
US20150358326A1 (en) Secured data exchange with external users
EP2953089A1 (en) Secured data exchange with external users
US8689285B1 (en) Rule-based derived-group security data management
KR101285729B1 (en) System and method for securing databse
JP2017219880A (en) Approval system, access control method and access control program

Legal Events

Date Code Title Description
AS Assignment

Owner name: SIEMENS PRODUCT LIFECYCLE MANAGEMENT SOFTWARE INC.

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SIEMENS INDUSTRY SOFTWARE (INDIA) PRIVATE LIMITED;REEL/FRAME:033734/0970

Effective date: 20140710

Owner name: SIEMENS INDUSTRY SOFTWARE (INDIA) PRIVATE LIMITED,

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KISHORE, KUNAL;KULKAMI, VASANT;PANJWANI, CHANDAR;AND OTHERS;REEL/FRAME:033734/0953

Effective date: 20140604

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION