US20170012985A1 - Granting permissions to an object when adding people to a conversation - Google Patents
Granting permissions to an object when adding people to a conversation Download PDFInfo
- Publication number
- US20170012985A1 US20170012985A1 US15/270,453 US201615270453A US2017012985A1 US 20170012985 A1 US20170012985 A1 US 20170012985A1 US 201615270453 A US201615270453 A US 201615270453A US 2017012985 A1 US2017012985 A1 US 2017012985A1
- Authority
- US
- United States
- Prior art keywords
- user
- recipient
- message
- access
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 230000007246 mechanism Effects 0.000 claims description 26
- 238000000034 method Methods 0.000 claims description 13
- 230000008859 change Effects 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims 7
- 238000012986 modification Methods 0.000 claims 7
- 230000004044 response Effects 0.000 claims 2
- 238000004891 communication Methods 0.000 description 17
- 238000010586 diagram Methods 0.000 description 11
- 238000012545 processing Methods 0.000 description 8
- 230000003287 optical effect Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000006855 networking Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 101000822695 Clostridium perfringens (strain 13 / Type A) Small, acid-soluble spore protein C1 Proteins 0.000 description 1
- 101000655262 Clostridium perfringens (strain 13 / Type A) Small, acid-soluble spore protein C2 Proteins 0.000 description 1
- 101000655256 Paraclostridium bifermentans Small, acid-soluble spore protein alpha Proteins 0.000 description 1
- 101000655264 Paraclostridium bifermentans Small, acid-soluble spore protein beta Proteins 0.000 description 1
- 241001422033 Thestylus Species 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 238000012905 input function Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/07—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
- H04L51/08—Annexed information, e.g. attachments
-
- H04L51/14—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/214—Monitoring or handling of messages using selective forwarding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/224—Monitoring or handling of messages providing notification on incoming messages, e.g. pushed notifications of received messages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/234—Monitoring or handling of messages for tracking messages
-
- H04L51/24—
-
- H04L51/34—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Definitions
- Some such messaging systems include, for instance, electronic mail (email) systems, instant messaging systems, communication systems within social networking systems, among others.
- attachments are provided as links to a document, a picture, a directory, a folder, etc., (all of which are collectively referred to as an object) that is stored at a given location.
- the recipient receives the message, with the attached link, the recipient can actuate that link in order to retrieve and view, or otherwise have access to, the object.
- a user receives a message (such as, for example, an electronic mail message) that has a link to an attached object
- the user can forward that message, or reply to the message, adding a new recipient that was not on the original message.
- Some objects are not generally accessible.
- an access control list often contains information that indicates which permissions or access rights each user or group of users in the messaging system has to a specific object. If the new recipient does not have access to the object that is linked to in the message, then when the new recipient clicks on (or otherwise actuates) the link to that object, the new recipient will receive an error message.
- a user generates a message by adding a recipient in order to send the message to the recipient.
- the message has a link to an attached object which is automatically detected and it is determined whether the recipient has rights to the object. If not, the recipient's rights are automatically modified so that the recipient has rights to the object, and the user is notified of the modified permissions.
- FIG. 1 is a block diagram of one illustrative messaging architecture.
- FIGS. 2 and 3 shows examples of messages.
- FIGS. 4-1 and 4-2 (collectively FIG. 4 ) show a flow diagram illustrating one embodiment of the operation of the architecture shown in FIG. 1 in modifying permissions for a new recipient of a message with a link to an object.
- FIGS. 4A-4D are illustrative user interface displays.
- FIG. 5 shows one embodiment of the architecture shown in FIG. 1 , but deployed in a cloud architecture.
- FIGS. 6-11 show various embodiments of mobile devices.
- FIG. 12 is a block diagram of one embodiment of a computing environment.
- FIG. 1 shows one embodiment of a block diagram of a messaging architecture 100 .
- Messaging architecture 100 illustratively includes messaging system 102 , and data provider 104 .
- FIG. 1 also shows that users 106 and 108 illustratively have access to messaging system 102 in order to send and receive messages.
- User's 106 and 108 can access messaging system 102 either directly (as indicated by arrows 110 and 112 ) or through user devices 114 and 116 .
- User devices 114 and 116 themselves, can access messaging system 102 either directly (as indicated by arrows 118 and 120 ) or through network 122 (as indicated by arrow 124 ).
- FIG. 1 also shows that data provider 104 can be accessed by messaging system 102 either directly (as indicated by arrow 126 ) or over network 128 .
- networks 122 and 128 can be the same or different networks.
- data provider 104 is local to, or part of, messaging system 102 . The example shown in FIG. 1 , where the two are separate, is for illustrative purposes only.
- messaging system 102 includes messaging server 130 with access control component 132 .
- Messaging system 102 also illustratively includes user interface component 133 , processor 134 , and other components 135 .
- Data provider 104 illustratively includes processor 136 and data store 138 .
- Data store 138 illustratively includes a set of objects, such as documents 140 , directories 142 , folders 144 , or other objects 146 .
- Data provider 144 also illustratively includes access control list 148 . It will be noted that access control list 148 can also be stored in data store 138 but it is shown separately therefrom for the sake of example only.
- Messaging server 130 illustratively controls the operation of messaging system 102 so that users can send and receive messages.
- the users can also illustratively attach links to objects, within the messages.
- Messaging server 130 therefore also controls accessing of stored objects (stored on data provider 104 ) when a user actuates the link to that object from within a message, so that the user has access to the objects that are attached to (e.g., that have links in) various messages.
- messaging system 102 is an electronic mail (email) system
- messaging server 130 is an email server.
- Access control component 132 illustratively identifies when recipients have been added to a message that includes a link to an object. In that case, access control component 132 can illustratively modify the permissions of the recipient, as necessary, so that the recipient has access to that object. This is described in greater detail below with respect to FIGS. 4-4D .
- User interface component 133 is illustratively controlled by other components, servers, or items in messaging system 102 , or elsewhere, in order to generate user interface displays for users 106 and 108 . It will be noted, however, that there can also be a user interface component on user devices 114 and 116 , which generates those user interface displays as well. Further, it will be noted that user interface component 133 can generate the user interface displays itself, or under the control of other items in FIG. 1 .
- the user interface displays illustratively include user input mechanisms that allow the users to control and manipulate messaging system 102 , in order to view and manage messages.
- the user input mechanisms can include a wide variety of different types of user input mechanisms, such as links, icons, buttons, dropdown menus, text boxes, check boxes, etc.
- the user input mechanisms can be actuated by the user in a wide variety of different ways. For instance, they can be actuated using touch gestures (where the display is touch sensitive), a hard or soft keyboard or keypad, a point and click device (such as a mouse or trackball), buttons, joysticks, or other actuators.
- touch gestures where the display is touch sensitive
- a hard or soft keyboard or keypad a hard or soft keyboard or keypad
- a point and click device such as a mouse or trackball
- buttons joysticks, or other actuators.
- the user input mechanisms can also be actuated by using voice commands.
- Processors 134 and 136 are illustratively computer processors that have associated memory and timing circuitry, not separately shown.
- Processor 134 is illustratively a functional part of messaging system 102 and is activated by, and facilitates the functionality of, messaging server 130 , access control component 132 and other items in messaging system 102 .
- Processor 136 is illustratively a functional part of data provider 104 and facilitates the functionality of data provider 104 in providing access to data in data store 138 .
- Access control list 148 is illustratively a list or other component that includes information which indicates which permissions or access rights each user or group of users in system 102 has to a specific object (such as the objects stored in data store 138 ). Each object illustratively has a unique security attribute that identifies which users have access to it.
- the access control list is illustratively a list of each object and the corresponding user access privileges that define the various access privileges (such as read, write, execute, etc.) that each user has to each object. This is just one exemplary structure for access control list 148 , and others can be used as well.
- Data store 138 is shown as a single data store that is local to data provider 104 . It will be noted, however, that it could also be made up of multiple different data stores, all of which are local to data provider 104 , all of which are remote from data provider 104 and accessible by data provider 104 , or some of which are local, others of which are remote.
- Networks 122 and 128 can be a wide variety of different types of networks. They can be local area networks, wide area networks, telephone networks, messaging networks, near field communication networks, etc.
- FIG. 2 shows one embodiment of an illustrative message 160 .
- Message 160 illustratively includes a list of recipients 162 , a message body 164 and one or more links to attachments or shared objects 166 .
- the recipients 162 can be located in a “to:” field, a “cc:” field, a “bcc:” field, etc.
- the message body 164 illustratively contains a main message portion for message 160 and link 166 is illustratively an actuable link that can be actuated by user 106 in order to access the attachment or shared objects that are linked to by link 166 .
- link 166 is illustratively an actuable link that can be actuated by user 106 in order to access the attachment or shared objects that are linked to by link 166 .
- link 166 When the user actuates link 166 , the user is illustratively navigated to the object that link 166 links to.
- Access control component 132 illustratively detects that user 106 is sending the message to a recipient and that the message contains at least one link 166 to an attachment or shared object. Access control component 132 then determines whether the recipient 162 has permissions to the attachment or shared object and, if not, modifies the permissions so that the recipient 162 can access the attachment or shared object through link 166 . Access control component 132 illustratively notifies user 106 of this as well.
- the message being processed is first received by user 106 , from another user 108 .
- User 106 views the message 160 and adds one or more new recipients.
- FIG. 3 is one exemplary block diagram of the message 168 that is sent on to the new recipients. It can be seen that message 168 includes some or all of message 160 and can optionally include one or more of recipients 162 in the original message, one or more new recipients 170 , as well as message body 164 and link 166 to the attachments or shared objects.
- Access control component 132 illustratively detects that user 106 is sending the message to the new recipients and that the message contains at least one link 166 to an attachment or shared object.
- Access control component 132 determines whether the new recipient 170 has permissions to the attachment or shared object and, if not, modifies the permissions so that the new recipient 170 can access the attachment or shared object through link 166 . Access control component 132 illustratively notifies user 106 of this as well.
- FIGS. 4-1 and 4-2 (collectively FIG. 4 ) show a flow diagram illustrating one embodiment of the operation of architecture 100 in sending a previously-received message to a new recipient, in more detail. It will be appreciated that substantially the processing can be performed if the user is creating a new message and entering a recipient in the “to” field, the “cc” field or the “bcc” field as well. Processing a previously-received message is described simply as a more comprehensive example.
- FIGS. 4A-4D are illustrative user interface displays. FIGS. 4-4D will now be described in conjunction with one another.
- User 106 first receives a message, such as message 160 . This is indicated by block 180 in FIG. 4 . User 106 then generates a new message (such as message 168 ) by configuring the previously-received message to send the message on, such as by adding a new recipient 170 to message 160 , to form the new message 168 . This is indicated by block 182 in FIG. 4 .
- User 106 can do this, for instance, by forwarding the message to new recipient 170 , as indicated by block 184 , by replying to the message and adding the new recipient 170 as indicated by block 186 , by replying all to the previously-received message, and adding a recipient as the new recipient 170 , as indicated by block 188 , or in other ways as well, as indicated by block 190 .
- FIG. 4A shows one example of a message 168 that has been configured by user 106 to be sent on to one or more new recipients.
- message 168 is part of an electronic mail system, so that it is an email message.
- the user interface display 200 indicates, generally at 202 , that user 106 is viewing his or her inbox.
- the inbox illustratively includes a list of conversations 204 , and the user has selected conversation 206 .
- the previously-received message 160 includes a link to a shared object and is shown as being part of message 168 .
- Message 168 is shown with new recipients identified generally at 170 .
- user 106 has selected previously-received message 160 and configured the message to forward it to new recipients 170 .
- the forwarded message with the new recipients 170 forms message 168 .
- Access control component 132 in messaging server 130 , detects that the user 106 has configured message 160 to be sent on.
- Component 132 first determines whether the message has a link to a shared object. This is indicated by block 210 in FIG. 4 .
- the shared attachment or object can be a document, 140 , a file 212 , a folder 144 , a directory 142 , a picture 214 , or any of a wide variety of other objects, as indicated by block 216 . If there is no link to a shared object, then access control component 130 need not do anything, and the message can simply be sent on as normal. This may be the case, for instance, if the user simply replies to the message but there are no links to shared objects. Simply continuing to send the message, without doing anything further, is indicated by block 218 in FIG. 4 .
- access control component 132 determines whether there are one or more links to shared objects, then component 132 determines whether the message has been configured to identify any new recipients 170 , different from the recipients in the previously-received message. This is indicated by block 220 in FIG. 4 . Again, if the answer is no, then access control component 132 need not do anything further. This is indicated by block 218 .
- access control component 132 illustratively has messaging server 130 make a call to data provider 104 to access the access control list 148 at data provider 104 , in order to identify the permissions associated with user 106 . Specifically, access control component 132 determines whether user 106 has the permissions required to share the present message (and the attachments or shared objects) further. This is indicated by block 222 . By way of example, it may be that certain users have access to forward messages or to grant access to objects, while certain other users do not. Thus, component 132 determines whether user 106 has the appropriate permissions to share message 160 with new recipients, as well as to share the attachments or shared objects with new recipients.
- access control component 132 again calls to data provider 104 in order to gain access to the access control list 148 , to determine whether the new recipients 170 , themselves, have the appropriate permissions to receive the message, along with the link to the attachments or shared objects. This is indicated by block 224 . If not, then component 132 has determined that user 106 does not have permission to share the message, with the link to the attachments or shared objects, with new recipients, and that the identified new recipients 170 do not have the appropriate permissions to receive that information. Therefore, component 132 uses user interface component 133 to generate and display an error message indicating that the message cannot be forwarded, as it is presently configured. This is indicated by block 226 in FIG. 4 .
- component 132 determines that, even though user 106 does not have the appropriate permissions to share the message and linked objects further, the new recipients 170 do have permission to receive that information. Therefore, component 132 uses user interface component 133 to generate a warning message to indicate this and allows the message to be sent. This is indicated by block 228 in FIG. 4 .
- component 132 determines whether any of the new recipients 170 are external new recipients, (that is, recipients that are external to the organization that deploys messaging system 102 ). This is an optional step and is indicated by block 230 in FIG. 4 .
- component 132 determines whether external sharing is enabled within system 102 . That is, system 102 may place restrictions on what types of messages or attachments can be shared externally. In fact, system 102 can completely preclude external sharing of various messages or attachments. Thus, component 132 determines whether external sharing has been enabled for this particular message, and the particular shared objects that have links to them in the message. This is indicated by block 232 . If one of the new recipients 170 is an external recipient, but external sharing is not enabled within system 102 , then component 132 again uses user interface component 133 to generate an error message as indicated by block 226 . If external sharing is enabled, then processing continues at block 234 .
- Access control component 132 determines whether the new recipients 170 have appropriate permissions in order to receive the attachments or shared objects. Access control component 132 determines whether the new recipients have the appropriate permissions by requesting that messaging server 130 make a call to data provider 104 to gain access to the access control list 148 . Component 132 examines the access control list 148 to determine whether the new recipients 170 have the appropriate permissions to access the shared documents. If so, then component 132 does not need to do anything further, and the message 168 with the new recipients 170 and the link to shared objects 166 can simply be sent as configured.
- access control component 132 sets the appropriate permissions in access control list 148 so that the new recipients 170 do have the appropriate permissions. This is indicated by block 236 in FIG. 4 .
- access control component 132 uses user interface component 133 to generate a user interface display that notifies user 106 that this has happened. This is indicated by block 238 in FIG. 4 .
- user interface display 200 shows that the attachments or shared objects (the playbook additions) are identified in message 168 as generally indicated by numeral 240 .
- Numeral 240 indicates that the permissions for new recipients 170 have been modified so that the recipients have edit permissions to the attachments or shared objects.
- access control component 132 gives user 106 a chance to confirm or cancel these permissions. This is indicated by block 242 in the flow diagram of FIG. 4 .
- access control component 132 gives user 206 a chance to modify the permissions. This is indicated by block 244 .
- access control component 132 can notify the user that the permissions have been granted to the new recipients in other ways as well, and this is indicated by block 246 .
- a user input mechanism 248 is provided that allows the user to modify the permissions granted to the new recipients 170 .
- access control component 132 uses user interface component 133 to generate a dropdown menu or other user interface mechanism that allows the user to perform certain actions with respect to the attachments or shared objects.
- FIG. 4B shows another embodiment of user interface display 200 , which is similar to that shown in FIG. 4A , and similar items are similarly numbered. However, it can be seen in FIG. 4B that the user has actuated user input mechanism 248 and a dropdown menu is displayed which includes a “manage permissions” actuator 250 . When the user actuates user input mechanisms 250 , access control component 132 illustratively generates a user interface display that allows user 106 to modify the permissions that have been granted to the new recipients 170 .
- FIG. 4C shows another embodiment of user interface display 200 , that is similar to that shown in FIG. 4B , and similar items are similarly numbered.
- access control component 132 generates another “manage permissions” pane 252
- the user can illustratively modify the permissions granted new recipients 170 for the attachment or shared object.
- FIG. 4C specifically shows that the shared object is a document that is stored on a cloud-based data store.
- the user 106 can select user input mechanism 254 to indicate that the new recipient should have view and edit permissions to the shared document.
- the user can also actuate user input mechanism 256 that gives the new recipients view only privileges.
- FIG. 4D shows another embodiment of a user interface display 300 .
- User interface display 300 is similar to user interface display 200 shown in FIGS. 4A-4C , and similar items are similarly numbered. However, it can be seen that in FIG. 4D , instead of forwarding the original message 160 as message 168 , the user has “replied all” to message 160 to obtain message 168 and added new recipient 170 on the cc line.
- FIG. 4D shows that access control component 132 illustratively uses user interface component 133 to generate a display (shown generally at 302 ) that notifies the user that the new message recipient 170 will be granted permission to view the attachment or shared object shown generally at 304 .
- display element 302 can be a user actuable user input mechanism. Therefore, when the user actuates element 302 , the user can again be navigated to a screen (or a user input mechanism can be displayed) which allows the user to modify the permissions granted to the new recipient.
- the user can simply send the new message to all recipients. This is indicated generally by block 306 in the flow diagram of FIG. 4 .
- FIG. 5 is a block diagram of architecture 100 , shown in FIG. 1 , except that its elements are disposed in a cloud computing architecture 500 .
- Cloud computing provides computation, software, data access, and storage services that do not require end-user knowledge of the physical location or configuration of the system that delivers the services.
- cloud computing delivers the services over a wide area network, such as the internet, using appropriate protocols.
- cloud computing providers deliver applications over a wide area network and they can be accessed through a web browser or any other computing component.
- Software or components of architecture 100 as well as the corresponding data can be stored on servers at a remote location.
- the computing resources in a cloud computing environment can be consolidated at a remote data. center location or they can be dispersed.
- Cloud computing infrastructures can deliver services through shared data centers, even though they appear as a single point of access for the user.
- the components and functions described herein can be provided from a service provider at a remote location using a cloud computing architecture.
- they can be provided from a conventional server, or they can be installed on client devices directly, or in other ways.
- Cloud computing both public and private provides substantially seamless pooling of resources, as well as a reduced need to manage and configure underlying hardware infrastructure.
- a public cloud is managed by a vendor and typically supports multiple consumers using the same infrastructure. Also, a public cloud, as opposed to a private cloud, can free up the end users from managing the hardware.
- a private cloud may be managed by the organization itself and the infrastructure is typically not shared with other organizations. The organization still maintains the hardware to some extent, such as installations and repairs, etc.
- FIG. 5 specifically shows that messaging system 102 and data provider 104 are located in cloud 502 (which can be public, private, or a combination where portions are public while others are private). Therefore, user 106 uses a user device 114 to access those systems through cloud 502 .
- cloud 502 which can be public, private, or a combination where portions are public while others are private. Therefore, user 106 uses a user device 114 to access those systems through cloud 502 .
- FIG. 5 also depicts another embodiment of a cloud architecture.
- FIG. 5 shows that it is also contemplated that some elements of architecture 100 are disposed in cloud 502 while others are not.
- data store 138 can be disposed outside of cloud 502 , and accessed through cloud 502 .
- access control component 132 is also outside of cloud 502 . Regardless of where they are located, they can be accessed directly by device 114 , through a network (either a wide area network or a local area network), they can be hosted at a remote site by a service, or they can be provided as a service through a cloud or accessed by a connection service that resides in the cloud. All of these architectures are contemplated herein.
- architecture 100 can be disposed on a wide variety of different devices. Some of those devices include servers, desktop computers, laptop computers, tablet computers, or other mobile devices, such as palm top computers, cell phones, smart phones, multimedia players, personal digital assistants, etc.
- FIG. 6 is a simplified block diagram of one illustrative embodiment of a handheld or mobile computing device that can be used as a user's or client's hand held device 16 , in which the present system (or parts of it) can be deployed.
- FIGS. 7-11 are examples of handheld or mobile devices.
- FIG. 6 provides a general block diagram of the components of a client device 6 that can run components of architecture 100 or user devices 114 or 116 or that interacts with architecture 100 , or both.
- a communications link 13 is provided that allows the handheld device to communicate with other computing devices and under some embodiments provides a channel for receiving information automatically, such as by scanning.
- Examples of communications link 13 include an infrared port, a serial/USB port, a cable network port such as an Ethernet port, and a wireless network port allowing communication though one or more communication protocols including General Packet Radio Service (GPRS), LTE, HSPA, HSPA+ and other 3G and 4G radio protocols, 1Xrtt, and Short Message Service, which are wireless services used to provide cellular access to a network, as well as 802.11 and 802.11b (Wi-Fi) protocols, and Bluetooth protocol, which provide local wireless connections to networks.
- GPRS General Packet Radio Service
- LTE Long Term Evolution
- HSPA High Speed Packet Access
- HSPA+ High Speed Packet Access Plus
- 1Xrtt 3G and 4G radio protocols
- 1Xrtt 1Xrtt
- Short Message Service Short Message Service
- SD card interface 15 Secure Digital (SD) card that is connected to a SD card interface 15 .
- SD card interface 15 and communication links 13 communicate with a processor 17 (which can also embody processors 134 or 136 from FIG. 1 ) along a bus 19 that is also connected to memory 21 and input/output (I/O) components 23 , as well as clock 25 and location system 27 .
- processor 17 which can also embody processors 134 or 136 from FIG. 1
- bus 19 that is also connected to memory 21 and input/output (I/O) components 23 , as well as clock 25 and location system 27 .
- I/O components 23 are provided to facilitate input and output operations.
- I/O components 23 for various embodiments of the device 16 can include input components such as buttons, touch sensors, multi-touch sensors, optical or video sensors, voice sensors, touch screens, proximity sensors, microphones, tilt sensors, and gravity switches and output components such as a display device, a speaker, and or a printer port.
- Other I/O components 23 can be used as well.
- Clock 25 illustratively comprises a real time clock component that outputs a time and. date. It can also, illustratively, provide timing functions for processor 17 .
- Location system 27 illustratively includes a component that outputs a current geographical location of device 16 .
- This can include, for instance, a global positioning system (GPS) receiver, a LORAN system, a dead reckoning system, a cellular triangulation system, or other positioning system. It can also include, for example, mapping software or navigation software that generates desired maps, navigation routes and other geographic functions.
- GPS global positioning system
- Memory 21 stores operating system 29 , network settings 31 , applications 33 , application configuration settings 35 , data store 37 , communication drivers 39 , and communication configuration settings 41 .
- Memory 21 can include all types of tangible volatile and non-volatile computer-readable memory devices. It can also include computer storage media (described below).
- Memory 21 stores computer readable instructions that, when executed by processor 17 , cause the processor to perform computer-implemented steps or functions according to the instructions.
- device 16 can have a client business system 24 which can run various business applications or embody parts or all of architecture 100 . Processor 17 can be activated by other components to facilitate their functionality as well.
- Examples of the network settings 31 include things such as proxy information, Internet connection information, and mappings.
- Application configuration settings 35 include settings that tailor the application for a specific enterprise or user.
- Communication configuration settings 41 provide parameters for communicating with other computers and include items such as GPRS parameters, SMS parameters, connection user names and passwords.
- Applications 33 can be applications that have previously been stored on the device 16 or applications that are installed during use, although these can be part of operating system 29 , or hosted external to device 16 , as well.
- FIG. 7 shows one embodiment in which device 16 is a tablet computer 600 .
- computer 600 is shown with user interface display 200 (from FIG. 4B ) displayed on the display screen 602 .
- Screen 602 can be a touch screen (so touch gestures from a user's finger 604 can be used to interact with the application) or a pen-enabled interface that receives inputs from a pen or stylus. It can also use an on-screen virtual keyboard. Of course, it might also be attached to a keyboard or other user input device through a suitable attachment mechanism, such as a wireless link or USB port, for instance.
- Computer 600 can also illustratively receive voice inputs as well.
- FIGS. 8 and 9 provide additional examples of devices 16 that can be used, although others can be used as well.
- a feature phone, smart phone or mobile phone 45 is provided as the device 16 .
- Phone 45 includes a set of keypads 47 for dialing phone numbers, a display 49 capable of displaying images including application images, icons, web pages, photographs, and video, and control buttons 51 for selecting items shown on the display.
- the phone includes an antenna 53 for receiving cellular phone signals such as General Packet Radio Service (GPRS) and 1Xrtt, and Short Message Service (SMS) signals.
- GPRS General Packet Radio Service
- 1Xrtt 1Xrtt
- SMS Short Message Service
- phone 45 also includes a Secure Digital (SD) card slot 55 that accepts a SD card 57 .
- SD Secure Digital
- the mobile device of FIG. 9 is a personal digital assistant (PDA) 59 or a multimedia player or a tablet computing device, etc. (hereinafter referred to as PDA 59 ).
- PDA 59 includes an inductive screen 61 that senses the position of a stylus 63 (or other pointers, such as a user's finger) when the stylus is positioned over the screen. This allows the user to select, highlight, and move items on the screen as well as draw and write.
- PDA 59 also includes a number of user input keys or buttons (such as button 65 ) which allow the user to scroll through menu options or other display options which are displayed on display 61 , and allow the user to change applications or select user input functions, without contacting display 61 .
- PDA 59 can include an internal antenna and an infrared transmitter/receiver that allow for wireless communication with other computers as well as connection ports that allow for hardware connections to other computing devices. Such hardware connections are typically made through a cradle that connects to the other computer through a serial or USB port. As such, these connections are non-network connections.
- mobile device 59 also includes a SD card slot 67 that accepts a SD card 69 .
- FIG. 10 is similar to FIG. 8 except that the phone is a smart phone 71 .
- Smart phone 71 has a touch sensitive display 73 that displays icons or tiles or other user input mechanisms 75 .
- Mechanisms 75 can be used by a user to run applications, make calls, perform data transfer operations, etc.
- smart phone 71 is built on a mobile operating system and offers more advanced computing capability and connectivity than a feature phone.
- FIG. 11 shows smart phone 71 with the display of FIG. 4B displayed thereon.
- FIG. 12 is one embodiment of a computing environment in which architecture 100 , or parts of it, (for example) can be deployed.
- an exemplary system for implementing some embodiments includes a general-purpose computing device in the form of a computer 810 .
- Components of computer 810 may include, but are not limited to, a processing unit 820 (which can comprise processor 134 or 136 ), a system memory 830 , and a system bus 821 that couples various system components including the system memory to the processing unit 820 .
- the system bus 821 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
- such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus.
- ISA Industry Standard Architecture
- MCA Micro Channel Architecture
- EISA Enhanced ISA
- VESA Video Electronics Standards Association
- PCI Peripheral Component Interconnect
- Computer 810 typically includes a variety of computer readable media.
- Computer readable media can be any available media that can be accessed by computer 810 and includes both volatile and nonvolatile media, removable and non-removable media.
- Computer readable media may comprise computer storage media and communication media.
- Computer storage media is different from, and does not include, a modulated data signal or carrier wave. It includes hardware storage media including both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
- Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computer 810 .
- Communication media typically embodies computer readable instructions, data structures, program modules or other data in a transport mechanism and includes any information delivery media.
- modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
- communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.
- the system memory 830 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 831 and random access memory (RAM) 832 .
- ROM read only memory
- RAM random access memory
- BIOS basic input/output system 833
- RAM 832 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 820 .
- FIG. 12 illustrates operating system 834 , application programs 835 , other program modules 836 , and program data 837 .
- FIG. 12 illustrates a hard disk drive 841 that reads from or writes to non-removable, nonvolatile magnetic media, a magnetic disk drive 851 that reads from or writes to a removable, nonvolatile magnetic disk 852 , and an optical disk drive 855 that reads from or writes to a removable, nonvolatile optical disk 856 such as a CD ROM or other optical media.
- removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like.
- the hard disk drive 841 is typically connected to the system bus 821 through a non-removable memory interface such as interface 840
- magnetic disk drive 851 and optical disk drive 855 are typically connected to the system bus 821 by a removable memory interface, such as interface 850 .
- the functionality described herein can be performed, at least in pall, by one or more hardware logic components.
- illustrative types of hardware logic components include Field-programmable Gate Arrays (FPGAs), Program-specific integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-Chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), etc.
- the drives and their associated computer storage media discussed above and illustrated in FIG. 12 provide storage of computer readable instructions, data structures, program modules and other data for the computer 810 .
- hard disk drive 841 is illustrated as storing operating system 844 , application programs 845 , other program modules 846 , and program data 847 .
- operating system 844 application programs 845 , other program modules 846 , and program data 847 are given different numbers here to illustrate that, at a minimum, they are different copies.
- a user may enter commands and information into the computer 810 through input devices such as a keyboard 862 , a microphone 863 , and a pointing device 861 , such as a mouse, trackball or touch pad.
- Other input devices may include a joystick, game pad, satellite dish, scanner, or the like.
- These and other input devices are often connected to the processing unit 820 through a user input interface 860 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB).
- a visual display 891 or other type of display device is also connected to the system bus 821 via an interface, such as a video interface 890 .
- computers may also include other peripheral output devices such as speakers 897 and printer 896 , which may be connected through an output peripheral interface 895 .
- the computer 810 is operated in a networked environment using logical connections to one or more remote computers, such as a remote computer 880 .
- the remote computer 880 may be a personal computer, a hand-held device, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 810 .
- the logical connections depicted in FIG. 12 include a local area network (LAN) 871 and a wide area network (WAN) 873 , but may also include other networks.
- LAN local area network
- WAN wide area network
- Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
- the computer 810 When used in a LAN networking environment, the computer 810 is connected to the LAN 871 through a network interface or adapter 870 .
- the computer 810 When used in a WAN networking environment, the computer 810 typically includes a modem 872 or other means for establishing communications over the WAN 873 , such as the Internet.
- the modem 872 which may be internal or external, may be connected to the system bus 821 via the user input interface 860 , or other appropriate mechanism.
- program modules depicted relative to the computer 810 may be stored in the remote memory storage device.
- FIG. 12 illustrates remote application programs 885 as residing on remote computer 880 . It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A user generates a message by adding a recipient in order to send the message to the recipient. The message has a link to an attached object which is automatically detected and it is determined whether the recipient has rights to the object. If not, the recipient's rights are automatically modified so that the recipient has rights to the object, and the user is notified of the modified permissions.
Description
- The present application is a continuation of and claims priority of U.S. patent application Ser. No. 14/053,361, filed Oct. 14, 2013, the content of which is hereby incorporated by reference in its entirety.
- A variety of different types of messaging systems are currently in wide use. Some such messaging systems include, for instance, electronic mail (email) systems, instant messaging systems, communication systems within social networking systems, among others.
- In using such messaging systems, it is common for users to send attachments to one another. In addition, users of social network systems can make an attachment or object available to others in a given group, In some embodiments, the attachments are provided as links to a document, a picture, a directory, a folder, etc., (all of which are collectively referred to as an object) that is stored at a given location. When the recipient receives the message, with the attached link, the recipient can actuate that link in order to retrieve and view, or otherwise have access to, the object.
- However, some problems can occur with this type of communication. For instance, where a user receives a message (such as, for example, an electronic mail message) that has a link to an attached object, the user can forward that message, or reply to the message, adding a new recipient that was not on the original message. Some objects, however, are not generally accessible. For instance, an access control list often contains information that indicates which permissions or access rights each user or group of users in the messaging system has to a specific object. If the new recipient does not have access to the object that is linked to in the message, then when the new recipient clicks on (or otherwise actuates) the link to that object, the new recipient will receive an error message.
- The discussion above is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed subject matter.
- A user generates a message by adding a recipient in order to send the message to the recipient. The message has a link to an attached object which is automatically detected and it is determined whether the recipient has rights to the object. If not, the recipient's rights are automatically modified so that the recipient has rights to the object, and the user is notified of the modified permissions.
- This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. The claimed subject matter is not limited to implementations that solve any or all disadvantages noted in the background.
-
FIG. 1 is a block diagram of one illustrative messaging architecture. -
FIGS. 2 and 3 shows examples of messages. -
FIGS. 4-1 and 4-2 (collectivelyFIG. 4 ) show a flow diagram illustrating one embodiment of the operation of the architecture shown inFIG. 1 in modifying permissions for a new recipient of a message with a link to an object. -
FIGS. 4A-4D are illustrative user interface displays. -
FIG. 5 shows one embodiment of the architecture shown inFIG. 1 , but deployed in a cloud architecture. -
FIGS. 6-11 show various embodiments of mobile devices. -
FIG. 12 is a block diagram of one embodiment of a computing environment. -
FIG. 1 shows one embodiment of a block diagram of amessaging architecture 100.Messaging architecture 100 illustratively includesmessaging system 102, anddata provider 104.FIG. 1 also shows thatusers messaging system 102 in order to send and receive messages. User's 106 and 108 can accessmessaging system 102 either directly (as indicated byarrows 110 and 112) or throughuser devices User devices messaging system 102 either directly (as indicated byarrows 118 and 120) or through network 122 (as indicated by arrow 124). -
FIG. 1 also shows thatdata provider 104 can be accessed bymessaging system 102 either directly (as indicated by arrow 126) or overnetwork 128. It will, of course, be appreciated thatnetworks data provider 104 is local to, or part of,messaging system 102. The example shown inFIG. 1 , where the two are separate, is for illustrative purposes only. - In one embodiment,
messaging system 102 includesmessaging server 130 withaccess control component 132.Messaging system 102 also illustratively includesuser interface component 133,processor 134, andother components 135. -
Data provider 104 illustratively includesprocessor 136 anddata store 138.Data store 138 illustratively includes a set of objects, such asdocuments 140,directories 142,folders 144, orother objects 146.Data provider 144 also illustratively includesaccess control list 148. It will be noted thataccess control list 148 can also be stored indata store 138 but it is shown separately therefrom for the sake of example only. -
Messaging server 130 illustratively controls the operation ofmessaging system 102 so that users can send and receive messages. The users can also illustratively attach links to objects, within the messages.Messaging server 130 therefore also controls accessing of stored objects (stored on data provider 104) when a user actuates the link to that object from within a message, so that the user has access to the objects that are attached to (e.g., that have links in) various messages. By way of example, wheremessaging system 102 is an electronic mail (email) system, thenmessaging server 130 is an email server. -
Access control component 132 illustratively identifies when recipients have been added to a message that includes a link to an object. In that case,access control component 132 can illustratively modify the permissions of the recipient, as necessary, so that the recipient has access to that object. This is described in greater detail below with respect toFIGS. 4-4D . -
User interface component 133 is illustratively controlled by other components, servers, or items inmessaging system 102, or elsewhere, in order to generate user interface displays forusers user devices user interface component 133 can generate the user interface displays itself, or under the control of other items inFIG. 1 . - The user interface displays illustratively include user input mechanisms that allow the users to control and manipulate
messaging system 102, in order to view and manage messages. The user input mechanisms can include a wide variety of different types of user input mechanisms, such as links, icons, buttons, dropdown menus, text boxes, check boxes, etc. In addition, the user input mechanisms can be actuated by the user in a wide variety of different ways. For instance, they can be actuated using touch gestures (where the display is touch sensitive), a hard or soft keyboard or keypad, a point and click device (such as a mouse or trackball), buttons, joysticks, or other actuators. Also, wheremessaging system 102 or one ofuser devices -
Processors Processor 134 is illustratively a functional part ofmessaging system 102 and is activated by, and facilitates the functionality of,messaging server 130,access control component 132 and other items inmessaging system 102.Processor 136 is illustratively a functional part ofdata provider 104 and facilitates the functionality ofdata provider 104 in providing access to data indata store 138. -
Access control list 148 is illustratively a list or other component that includes information which indicates which permissions or access rights each user or group of users insystem 102 has to a specific object (such as the objects stored in data store 138). Each object illustratively has a unique security attribute that identifies which users have access to it. The access control list is illustratively a list of each object and the corresponding user access privileges that define the various access privileges (such as read, write, execute, etc.) that each user has to each object. This is just one exemplary structure foraccess control list 148, and others can be used as well. -
Data store 138 is shown as a single data store that is local todata provider 104. It will be noted, however, that it could also be made up of multiple different data stores, all of which are local todata provider 104, all of which are remote fromdata provider 104 and accessible bydata provider 104, or some of which are local, others of which are remote. -
Networks - A detailed discussion of the operation of
architecture 100 is given below with respect toFIGS. 4-4D . However a brief overview will first be provided. For purposes of the present discussion,user 106 illustratively generates a message with a link to a shared object.User 106 then adds a recipient to that message and sends it on to the recipient. For the sake of example.FIG. 2 shows one embodiment of anillustrative message 160.Message 160 illustratively includes a list ofrecipients 162, amessage body 164 and one or more links to attachments or sharedobjects 166. Therecipients 162 can be located in a “to:” field, a “cc:” field, a “bcc:” field, etc. Themessage body 164 illustratively contains a main message portion formessage 160 and link 166 is illustratively an actuable link that can be actuated byuser 106 in order to access the attachment or shared objects that are linked to bylink 166. When the user actuateslink 166, the user is illustratively navigated to the object that link 166 links to. - In any case, after
user 106 generatesmessage 160,user 106 can illustratively add arecipient 162 to that message (or the recipient can be entered earlier and send it on to therecipient 162. This can be done in a wide variety of different ways, some of which are discussed below with respect toFIG. 4 .Access control component 132 illustratively detects thatuser 106 is sending the message to a recipient and that the message contains at least onelink 166 to an attachment or shared object.Access control component 132 then determines whether therecipient 162 has permissions to the attachment or shared object and, if not, modifies the permissions so that therecipient 162 can access the attachment or shared object throughlink 166.Access control component 132 illustratively notifiesuser 106 of this as well. - In another embodiment, the message being processed is first received by
user 106, from anotheruser 108.User 106 views themessage 160 and adds one or more new recipients.FIG. 3 is one exemplary block diagram of themessage 168 that is sent on to the new recipients. It can be seen thatmessage 168 includes some or all ofmessage 160 and can optionally include one or more ofrecipients 162 in the original message, one or morenew recipients 170, as well asmessage body 164 and link 166 to the attachments or shared objects.Access control component 132 illustratively detects thatuser 106 is sending the message to the new recipients and that the message contains at least onelink 166 to an attachment or shared object.Access control component 132 then determines whether thenew recipient 170 has permissions to the attachment or shared object and, if not, modifies the permissions so that thenew recipient 170 can access the attachment or shared object throughlink 166.Access control component 132 illustratively notifiesuser 106 of this as well. -
FIGS. 4-1 and 4-2 (collectivelyFIG. 4 ) show a flow diagram illustrating one embodiment of the operation ofarchitecture 100 in sending a previously-received message to a new recipient, in more detail. It will be appreciated that substantially the processing can be performed if the user is creating a new message and entering a recipient in the “to” field, the “cc” field or the “bcc” field as well. Processing a previously-received message is described simply as a more comprehensive example.FIGS. 4A-4D are illustrative user interface displays.FIGS. 4-4D will now be described in conjunction with one another. -
User 106 first receives a message, such asmessage 160. This is indicated byblock 180 inFIG. 4 .User 106 then generates a new message (such as message 168) by configuring the previously-received message to send the message on, such as by adding anew recipient 170 tomessage 160, to form thenew message 168. This is indicated byblock 182 inFIG. 4 .User 106 can do this, for instance, by forwarding the message tonew recipient 170, as indicated byblock 184, by replying to the message and adding thenew recipient 170 as indicated byblock 186, by replying all to the previously-received message, and adding a recipient as thenew recipient 170, as indicated byblock 188, or in other ways as well, as indicated byblock 190. -
FIG. 4A shows one example of amessage 168 that has been configured byuser 106 to be sent on to one or more new recipients. In the embodiment shown inFIG. 4A ,message 168 is part of an electronic mail system, so that it is an email message. Theuser interface display 200 indicates, generally at 202, thatuser 106 is viewing his or her inbox. The inbox illustratively includes a list ofconversations 204, and the user has selectedconversation 206. The previously-receivedmessage 160 includes a link to a shared object and is shown as being part ofmessage 168.Message 168, is shown with new recipients identified generally at 170. In the embodiment shown inFIG. 4A ,user 106 has selected previously-receivedmessage 160 and configured the message to forward it tonew recipients 170. The forwarded message with thenew recipients 170forms message 168. -
Access control component 132, inmessaging server 130, detects that theuser 106 has configuredmessage 160 to be sent on.Component 132 first determines whether the message has a link to a shared object. This is indicated byblock 210 inFIG. 4 . The shared attachment or object, as briefly mentioned above, can be a document, 140, afile 212, afolder 144, adirectory 142, apicture 214, or any of a wide variety of other objects, as indicated byblock 216. If there is no link to a shared object, then accesscontrol component 130 need not do anything, and the message can simply be sent on as normal. This may be the case, for instance, if the user simply replies to the message but there are no links to shared objects. Simply continuing to send the message, without doing anything further, is indicated byblock 218 inFIG. 4 . - However, if, at
block 210,access control component 132 determines that there are one or more links to shared objects, thencomponent 132 determines whether the message has been configured to identify anynew recipients 170, different from the recipients in the previously-received message. This is indicated byblock 220 inFIG. 4 . Again, if the answer is no, then accesscontrol component 132 need not do anything further. This is indicated byblock 218. - However, if, at
block 220, it is determined that the newly configuredmessage 168 does havenew recipients 170, then accesscontrol component 132 illustratively hasmessaging server 130 make a call todata provider 104 to access theaccess control list 148 atdata provider 104, in order to identify the permissions associated withuser 106. Specifically,access control component 132 determines whetheruser 106 has the permissions required to share the present message (and the attachments or shared objects) further. This is indicated byblock 222. By way of example, it may be that certain users have access to forward messages or to grant access to objects, while certain other users do not. Thus,component 132 determines whetheruser 106 has the appropriate permissions to sharemessage 160 with new recipients, as well as to share the attachments or shared objects with new recipients. - If not, then access
control component 132 again calls todata provider 104 in order to gain access to theaccess control list 148, to determine whether thenew recipients 170, themselves, have the appropriate permissions to receive the message, along with the link to the attachments or shared objects. This is indicated byblock 224. If not, thencomponent 132 has determined thatuser 106 does not have permission to share the message, with the link to the attachments or shared objects, with new recipients, and that the identifiednew recipients 170 do not have the appropriate permissions to receive that information. Therefore,component 132 usesuser interface component 133 to generate and display an error message indicating that the message cannot be forwarded, as it is presently configured. This is indicated byblock 226 inFIG. 4 . - However, if at block at
block 224,component 132 determines that, even thoughuser 106 does not have the appropriate permissions to share the message and linked objects further, thenew recipients 170 do have permission to receive that information. Therefore,component 132 usesuser interface component 133 to generate a warning message to indicate this and allows the message to be sent. This is indicated byblock 228 inFIG. 4 . - Returning again to block 222 in
FIG. 4 , ifuser 106 does have permission to share the present message with the link to the shared objects further, thencomponent 132 determines whether any of thenew recipients 170 are external new recipients, (that is, recipients that are external to the organization that deploys messaging system 102). This is an optional step and is indicated byblock 230 inFIG. 4 . - If there are external recipients,
component 132 determines whether external sharing is enabled withinsystem 102. That is,system 102 may place restrictions on what types of messages or attachments can be shared externally. In fact,system 102 can completely preclude external sharing of various messages or attachments. Thus,component 132 determines whether external sharing has been enabled for this particular message, and the particular shared objects that have links to them in the message. This is indicated byblock 232. If one of thenew recipients 170 is an external recipient, but external sharing is not enabled withinsystem 102, thencomponent 132 again usesuser interface component 133 to generate an error message as indicated byblock 226. If external sharing is enabled, then processing continues atblock 234. - Also, if at
block 230 it is determined that there are no external recipients identified asnew recipients 170, then processing continues atblock 234.Access control component 132, atblock 234, determines whether thenew recipients 170 have appropriate permissions in order to receive the attachments or shared objects.Access control component 132 determines whether the new recipients have the appropriate permissions by requesting thatmessaging server 130 make a call todata provider 104 to gain access to theaccess control list 148.Component 132 examines theaccess control list 148 to determine whether thenew recipients 170 have the appropriate permissions to access the shared documents. If so, thencomponent 132 does not need to do anything further, and themessage 168 with thenew recipients 170 and the link to sharedobjects 166 can simply be sent as configured. - However, if, at
block 234,component 132 determines that thenew recipients 170 do not have the appropriate permissions to receive thenew message 168 with the links to the attachments or sharedobjects 166, then accesscontrol component 132 sets the appropriate permissions inaccess control list 148 so that thenew recipients 170 do have the appropriate permissions. This is indicated byblock 236 inFIG. 4 . - Once
access control component 132 has set the permissions withinaccess control list 148 so that thenew recipients 170 have access to the attachments or shared objects,component 132 usesuser interface component 133 to generate a user interface display that notifiesuser 106 that this has happened. This is indicated byblock 238 inFIG. 4 . By way of example,user interface display 200 shows that the attachments or shared objects (the playbook additions) are identified inmessage 168 as generally indicated bynumeral 240.Numeral 240 indicates that the permissions fornew recipients 170 have been modified so that the recipients have edit permissions to the attachments or shared objects. In one embodiment,access control component 132 gives user 106 a chance to confirm or cancel these permissions. This is indicated byblock 242 in the flow diagram ofFIG. 4 . In another embodiment,access control component 132 gives user 206 a chance to modify the permissions. This is indicated byblock 244. Of course,access control component 132 can notify the user that the permissions have been granted to the new recipients in other ways as well, and this is indicated byblock 246. - In the example shown in
FIG. 4A , auser input mechanism 248 is provided that allows the user to modify the permissions granted to thenew recipients 170. When the user actuates user input mechanism 248 (such as by touching it with a touch gesture, by actuating it with a point and click device, etc.),access control component 132 usesuser interface component 133 to generate a dropdown menu or other user interface mechanism that allows the user to perform certain actions with respect to the attachments or shared objects. -
FIG. 4B shows another embodiment ofuser interface display 200, which is similar to that shown inFIG. 4A , and similar items are similarly numbered. However, it can be seen inFIG. 4B that the user has actuateduser input mechanism 248 and a dropdown menu is displayed which includes a “manage permissions”actuator 250. When the user actuatesuser input mechanisms 250,access control component 132 illustratively generates a user interface display that allowsuser 106 to modify the permissions that have been granted to thenew recipients 170. - By way of example,
FIG. 4C shows another embodiment ofuser interface display 200, that is similar to that shown inFIG. 4B , and similar items are similarly numbered. However, it can be seen inFIG. 4C that, after the user actuates the “manage permissions”user input mechanism 250,access control component 132 generates another “manage permissions”pane 252 In the embodiment shown inFIG. 4C , the user can illustratively modify the permissions grantednew recipients 170 for the attachment or shared object.FIG. 4C specifically shows that the shared object is a document that is stored on a cloud-based data store. Theuser 106 can select user input mechanism 254 to indicate that the new recipient should have view and edit permissions to the shared document. However, the user can also actuateuser input mechanism 256 that gives the new recipients view only privileges. -
FIG. 4D shows another embodiment of auser interface display 300.User interface display 300 is similar touser interface display 200 shown inFIGS. 4A-4C , and similar items are similarly numbered. However, it can be seen that inFIG. 4D , instead of forwarding theoriginal message 160 asmessage 168, the user has “replied all” tomessage 160 to obtainmessage 168 and addednew recipient 170 on the cc line.FIG. 4D shows thataccess control component 132 illustratively usesuser interface component 133 to generate a display (shown generally at 302) that notifies the user that thenew message recipient 170 will be granted permission to view the attachment or shared object shown generally at 304. Again, in one embodiment,display element 302 can be a user actuable user input mechanism. Therefore, when the user actuateselement 302, the user can again be navigated to a screen (or a user input mechanism can be displayed) which allows the user to modify the permissions granted to the new recipient. - In any case, once the user has been notified, the user can simply send the new message to all recipients. This is indicated generally by
block 306 in the flow diagram ofFIG. 4 . -
FIG. 5 is a block diagram ofarchitecture 100, shown inFIG. 1 , except that its elements are disposed in acloud computing architecture 500. Cloud computing provides computation, software, data access, and storage services that do not require end-user knowledge of the physical location or configuration of the system that delivers the services. In various embodiments, cloud computing delivers the services over a wide area network, such as the internet, using appropriate protocols. For instance, cloud computing providers deliver applications over a wide area network and they can be accessed through a web browser or any other computing component. Software or components ofarchitecture 100 as well as the corresponding data, can be stored on servers at a remote location. The computing resources in a cloud computing environment can be consolidated at a remote data. center location or they can be dispersed. Cloud computing infrastructures can deliver services through shared data centers, even though they appear as a single point of access for the user. Thus, the components and functions described herein can be provided from a service provider at a remote location using a cloud computing architecture. Alternatively, they can be provided from a conventional server, or they can be installed on client devices directly, or in other ways. - The description is intended to include both public cloud computing and private cloud computing. Cloud computing (both public and private) provides substantially seamless pooling of resources, as well as a reduced need to manage and configure underlying hardware infrastructure.
- A public cloud is managed by a vendor and typically supports multiple consumers using the same infrastructure. Also, a public cloud, as opposed to a private cloud, can free up the end users from managing the hardware. A private cloud may be managed by the organization itself and the infrastructure is typically not shared with other organizations. The organization still maintains the hardware to some extent, such as installations and repairs, etc.
- In the embodiment shown in
FIG. 5 , some items are similar to those shown inFIG. 1 and they are similarly numbered.FIG. 5 specifically shows thatmessaging system 102 anddata provider 104 are located in cloud 502 (which can be public, private, or a combination where portions are public while others are private). Therefore,user 106 uses auser device 114 to access those systems throughcloud 502. -
FIG. 5 also depicts another embodiment of a cloud architecture.FIG. 5 shows that it is also contemplated that some elements ofarchitecture 100 are disposed incloud 502 while others are not. By way of example,data store 138 can be disposed outside ofcloud 502, and accessed throughcloud 502. In another embodiment,access control component 132 is also outside ofcloud 502. Regardless of where they are located, they can be accessed directly bydevice 114, through a network (either a wide area network or a local area network), they can be hosted at a remote site by a service, or they can be provided as a service through a cloud or accessed by a connection service that resides in the cloud. All of these architectures are contemplated herein. - It will also be noted that
architecture 100, or portions of it, can be disposed on a wide variety of different devices. Some of those devices include servers, desktop computers, laptop computers, tablet computers, or other mobile devices, such as palm top computers, cell phones, smart phones, multimedia players, personal digital assistants, etc. -
FIG. 6 is a simplified block diagram of one illustrative embodiment of a handheld or mobile computing device that can be used as a user's or client's hand helddevice 16, in which the present system (or parts of it) can be deployed.FIGS. 7-11 are examples of handheld or mobile devices. -
FIG. 6 provides a general block diagram of the components of aclient device 6 that can run components ofarchitecture 100 oruser devices architecture 100, or both. In thedevice 16, acommunications link 13 is provided that allows the handheld device to communicate with other computing devices and under some embodiments provides a channel for receiving information automatically, such as by scanning. Examples of communications link 13 include an infrared port, a serial/USB port, a cable network port such as an Ethernet port, and a wireless network port allowing communication though one or more communication protocols including General Packet Radio Service (GPRS), LTE, HSPA, HSPA+ and other 3G and 4G radio protocols, 1Xrtt, and Short Message Service, which are wireless services used to provide cellular access to a network, as well as 802.11 and 802.11b (Wi-Fi) protocols, and Bluetooth protocol, which provide local wireless connections to networks. - Under other embodiments, applications or systems are received on a removable Secure Digital (SD) card that is connected to a
SD card interface 15.SD card interface 15 andcommunication links 13 communicate with a processor 17 (which can also embodyprocessors FIG. 1 ) along abus 19 that is also connected tomemory 21 and input/output (I/O)components 23, as well asclock 25 andlocation system 27. - I/
O components 23, in one embodiment, are provided to facilitate input and output operations. I/O components 23 for various embodiments of thedevice 16 can include input components such as buttons, touch sensors, multi-touch sensors, optical or video sensors, voice sensors, touch screens, proximity sensors, microphones, tilt sensors, and gravity switches and output components such as a display device, a speaker, and or a printer port. Other I/O components 23 can be used as well. -
Clock 25 illustratively comprises a real time clock component that outputs a time and. date. It can also, illustratively, provide timing functions forprocessor 17. -
Location system 27 illustratively includes a component that outputs a current geographical location ofdevice 16. This can include, for instance, a global positioning system (GPS) receiver, a LORAN system, a dead reckoning system, a cellular triangulation system, or other positioning system. It can also include, for example, mapping software or navigation software that generates desired maps, navigation routes and other geographic functions. -
Memory 21stores operating system 29,network settings 31,applications 33,application configuration settings 35,data store 37,communication drivers 39, andcommunication configuration settings 41.Memory 21 can include all types of tangible volatile and non-volatile computer-readable memory devices. It can also include computer storage media (described below).Memory 21 stores computer readable instructions that, when executed byprocessor 17, cause the processor to perform computer-implemented steps or functions according to the instructions. Similarly,device 16 can have a client business system 24 which can run various business applications or embody parts or all ofarchitecture 100.Processor 17 can be activated by other components to facilitate their functionality as well. - Examples of the
network settings 31 include things such as proxy information, Internet connection information, and mappings.Application configuration settings 35 include settings that tailor the application for a specific enterprise or user.Communication configuration settings 41 provide parameters for communicating with other computers and include items such as GPRS parameters, SMS parameters, connection user names and passwords. -
Applications 33 can be applications that have previously been stored on thedevice 16 or applications that are installed during use, although these can be part ofoperating system 29, or hosted external todevice 16, as well. -
FIG. 7 shows one embodiment in whichdevice 16 is atablet computer 600. InFIG. 7 ,computer 600 is shown with user interface display 200 (fromFIG. 4B ) displayed on thedisplay screen 602.Screen 602 can be a touch screen (so touch gestures from a user'sfinger 604 can be used to interact with the application) or a pen-enabled interface that receives inputs from a pen or stylus. It can also use an on-screen virtual keyboard. Of course, it might also be attached to a keyboard or other user input device through a suitable attachment mechanism, such as a wireless link or USB port, for instance.Computer 600 can also illustratively receive voice inputs as well. -
FIGS. 8 and 9 provide additional examples ofdevices 16 that can be used, although others can be used as well. InFIG. 8 , a feature phone, smart phone ormobile phone 45 is provided as thedevice 16.Phone 45 includes a set ofkeypads 47 for dialing phone numbers, adisplay 49 capable of displaying images including application images, icons, web pages, photographs, and video, andcontrol buttons 51 for selecting items shown on the display. The phone includes anantenna 53 for receiving cellular phone signals such as General Packet Radio Service (GPRS) and 1Xrtt, and Short Message Service (SMS) signals. In some embodiments,phone 45 also includes a Secure Digital (SD)card slot 55 that accepts aSD card 57. - The mobile device of
FIG. 9 is a personal digital assistant (PDA) 59 or a multimedia player or a tablet computing device, etc. (hereinafter referred to as PDA 59).PDA 59 includes aninductive screen 61 that senses the position of a stylus 63 (or other pointers, such as a user's finger) when the stylus is positioned over the screen. This allows the user to select, highlight, and move items on the screen as well as draw and write.PDA 59 also includes a number of user input keys or buttons (such as button 65) which allow the user to scroll through menu options or other display options which are displayed ondisplay 61, and allow the user to change applications or select user input functions, without contactingdisplay 61. Although not shown,PDA 59 can include an internal antenna and an infrared transmitter/receiver that allow for wireless communication with other computers as well as connection ports that allow for hardware connections to other computing devices. Such hardware connections are typically made through a cradle that connects to the other computer through a serial or USB port. As such, these connections are non-network connections. In one embodiment,mobile device 59 also includes a SD card slot 67 that accepts aSD card 69. -
FIG. 10 is similar toFIG. 8 except that the phone is asmart phone 71.Smart phone 71 has a touchsensitive display 73 that displays icons or tiles or otheruser input mechanisms 75.Mechanisms 75 can be used by a user to run applications, make calls, perform data transfer operations, etc. In general,smart phone 71 is built on a mobile operating system and offers more advanced computing capability and connectivity than a feature phone.FIG. 11 showssmart phone 71 with the display ofFIG. 4B displayed thereon. - Note that other forms of the
devices 16 are possible. -
FIG. 12 is one embodiment of a computing environment in whicharchitecture 100, or parts of it, (for example) can be deployed. With reference toFIG. 12 , an exemplary system for implementing some embodiments includes a general-purpose computing device in the form of acomputer 810. Components ofcomputer 810 may include, but are not limited to, a processing unit 820 (which can compriseprocessor 134 or 136), asystem memory 830, and asystem bus 821 that couples various system components including the system memory to theprocessing unit 820. Thesystem bus 821 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus. Memory and programs described with respect toFIG. 1 can be deployed in corresponding portions ofFIG. 12 . -
Computer 810 typically includes a variety of computer readable media. Computer readable media can be any available media that can be accessed bycomputer 810 and includes both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media is different from, and does not include, a modulated data signal or carrier wave. It includes hardware storage media including both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed bycomputer 810. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media. - The
system memory 830 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 831 and random access memory (RAM) 832. A basic input/output system 833 (BIOS), containing the basic routines that help to transfer information between elements withincomputer 810, such as during start-up, is typically stored inROM 831.RAM 832 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processingunit 820. By way of example, and not limitation,FIG. 12 illustratesoperating system 834,application programs 835,other program modules 836, andprogram data 837. - The
computer 810 may al so include other removable/non-removable volatile/nonvolatile computer storage media, By way of example only,FIG. 12 illustrates ahard disk drive 841 that reads from or writes to non-removable, nonvolatile magnetic media, amagnetic disk drive 851 that reads from or writes to a removable, nonvolatilemagnetic disk 852, and anoptical disk drive 855 that reads from or writes to a removable, nonvolatileoptical disk 856 such as a CD ROM or other optical media. Other removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like. Thehard disk drive 841 is typically connected to thesystem bus 821 through a non-removable memory interface such asinterface 840, andmagnetic disk drive 851 andoptical disk drive 855 are typically connected to thesystem bus 821 by a removable memory interface, such asinterface 850. - Alternatively, or in addition, the functionality described herein can be performed, at least in pall, by one or more hardware logic components. For example, and without limitation, illustrative types of hardware logic components that can be used include Field-programmable Gate Arrays (FPGAs), Program-specific integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-Chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), etc.
- The drives and their associated computer storage media discussed above and illustrated in
FIG. 12 , provide storage of computer readable instructions, data structures, program modules and other data for thecomputer 810. InFIG. 12 , for example,hard disk drive 841 is illustrated as storingoperating system 844,application programs 845,other program modules 846, andprogram data 847. Note that these components can either be the same as or different fromoperating system 834,application programs 835,other program modules 836, andprogram data 837.Operating system 844,application programs 845,other program modules 846, andprogram data 847 are given different numbers here to illustrate that, at a minimum, they are different copies. - A user may enter commands and information into the
computer 810 through input devices such as akeyboard 862, amicrophone 863, and apointing device 861, such as a mouse, trackball or touch pad. Other input devices (not shown) may include a joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to theprocessing unit 820 through auser input interface 860 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB). Avisual display 891 or other type of display device is also connected to thesystem bus 821 via an interface, such as avideo interface 890. In addition to the monitor, computers may also include other peripheral output devices such asspeakers 897 andprinter 896, which may be connected through an outputperipheral interface 895. - The
computer 810 is operated in a networked environment using logical connections to one or more remote computers, such as aremote computer 880. Theremote computer 880 may be a personal computer, a hand-held device, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to thecomputer 810. The logical connections depicted inFIG. 12 include a local area network (LAN) 871 and a wide area network (WAN) 873, but may also include other networks. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet. - When used in a LAN networking environment, the
computer 810 is connected to theLAN 871 through a network interface or adapter 870. When used in a WAN networking environment, thecomputer 810 typically includes amodem 872 or other means for establishing communications over theWAN 873, such as the Internet. Themodem 872, which may be internal or external, may be connected to thesystem bus 821 via theuser input interface 860, or other appropriate mechanism. In a networked environment, program modules depicted relative to thecomputer 810, or portions thereof, may be stored in the remote memory storage device. By way of example, and not limitation,FIG. 12 illustratesremote application programs 885 as residing onremote computer 880. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used. - It should also be noted that the different embodiments described herein can be combined in different ways. That is, parts of one or more embodiments can be combined with parts of one or more other embodiments. All of this is contemplated herein.
- Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Claims (20)
1. A computer-implemented method of controlling a messaging system, the method comprising:
identifying a message to be sent to a recipient from a user, the message including a link to an object, wherein an access permission is associated with the object and defines accessibility to the object;
determining that the recipient does not have permission to access the object based on the access permission associated with the object;
generating a user notification display for the user indicating that the access permission will be modified so the recipient has access to the object; and
automatically modifying the access permission associated with the object so the recipient has access to the object.
2. The computer-implemented method of claim 1 , wherein the object comprises a document that is separate from the message.
3. The computer-implemented method of claim 1 , wherein identifying a message to be sent comprises:
determining that the message comprises one of a forward message or a reply message to a previously received message and that the recipient is a new recipient that was not a recipient of the previously received message.
4. The computer-implemented method of claim 1 , the method further comprising:
accessing an access control component that specifically identifies one or more users and, for each user, permissions relative to the object; and
determining whether the user has permission to share the object based on the access control component, wherein the access permission is automatically modified so the recipient has access to the object based on determining whether the user has permission to share the object.
5. The computer-implemented method of claim 1 , wherein the link comprises a link to the document that is attached to the message.
6. The computer-implemented method of claim 1 , wherein the user notification display is displayed to the user before the message is sent by the user to the recipient.
7. The computer-implemented method of claim 1 , wherein generating a user notification display comprises:
generating the user notification display to indicate a permission setting, corresponding to the object, for the recipient prior to modifying the access permission.
8. The computer-implemented method of claim 7 , wherein generating the user notification display further comprises:
displaying a permission management user input mechanism;
receiving user actuation of the permission management user input mechanism; and
in response to receiving user actuation, displaying a permission modification user interface display with a permission modification user input mechanism that receives a user modification input to modify the permission setting for the recipient.
9. The computer-implemented method of claim 1 , wherein the user notification display comprises a user interface element that receives a user input defining a type of access permission for the recipient, and wherein the access permission is modified based on the type.
10. The computer-implemented method of claim 9 , wherein the type of access permission comprises one of a view only permission or an edit permission, and wherein the user interface element comprises a user-selectable option for selecting the type.
11. A computing system comprising:
an access control component configured to:
detect a message to be sent to a recipient from a user, the message including a link to an object, wherein an access permission is associated with the object and defines accessibility of the object;
determine that the recipient does not have permission to access the object based on the access permission associated with the object;
based on determining that the recipient does not have permission to access the object, automatically modifying the access permission associated with the object so the recipient has access to the object; and
a user interface component configured to generate a user notification display, to the user, that indicates the access permission will be modified so the recipient has access to the object.
12. The computing system of claim 11 , wherein the user notification display includes an access control settings change user input mechanism that is actuated to change the access control settings for the recipient, corresponding to the object.
13. The computing system of claim 12 , and further comprising:
a messaging server configured to control message sending and message receiving among users of the computing system, wherein the access control component is configured to:
automatically set the access control settings by controlling the messaging server to call a data provider that stores the object and an access control list that is associated with the object; and
receive from the data provider current access control settings for the new recipient, corresponding to the object.
14. The computing system of claim 13 , wherein the access control component is configured to automatically set the access control settings for the recipient by having the messaging server send new access control settings for the recipient to the data provider.
15. The computing system of claim 11 , wherein the access control component is configured to detect that the user is sending one of a forward message and a reply message that adds a new recipient.
16. The computing system of claim 11 , wherein the user notification display indicates a permission setting, corresponding to the object prior to the modification.
17. The computing system of claim 16 , wherein the user interface component is configured to:
display a permission management user input mechanism;
receive user actuation of the permission management user input mechanism; and
in response to the received user actuation, display a permission modification user interface display with a permission modification user input mechanism that receives a user modification input to modify the current permission setting for the recipient.
18. A computing system comprising:
at least one processor; and
memory storing instructions executable by the at least one processor, wherein the instructions configure the computing system to:
identify a message to be sent to a recipient from a user, the message including a link to an object, wherein an access permission is associated with the object and defines accessibility to the object;
determine that the recipient does not have permission to access the object based on the access permission associated with the object;
generate a user notification display for the user indicating that the access permission will be modified so the recipient has access to the object; and
automatically modify the access permission associated with the object so the recipient has access to the object.
19. The computing system of claim 18 , wherein the object comprises a document that is separate from the message.
20. The computing system of claim 18 , wherein the instructions configure the computing system to:
determine that the message comprises one of a forward message or a reply message to a previously received message and that the recipient is a new recipient that was not a recipient of the previously received message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/270,453 US20170012985A1 (en) | 2013-10-14 | 2016-09-20 | Granting permissions to an object when adding people to a conversation |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/053,361 US9491177B2 (en) | 2013-10-14 | 2013-10-14 | Granting permissions to an object when adding people to a conversation |
US15/270,453 US20170012985A1 (en) | 2013-10-14 | 2016-09-20 | Granting permissions to an object when adding people to a conversation |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/053,361 Continuation US9491177B2 (en) | 2013-10-14 | 2013-10-14 | Granting permissions to an object when adding people to a conversation |
Publications (1)
Publication Number | Publication Date |
---|---|
US20170012985A1 true US20170012985A1 (en) | 2017-01-12 |
Family
ID=51862541
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/053,361 Active US9491177B2 (en) | 2013-10-14 | 2013-10-14 | Granting permissions to an object when adding people to a conversation |
US15/270,453 Abandoned US20170012985A1 (en) | 2013-10-14 | 2016-09-20 | Granting permissions to an object when adding people to a conversation |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/053,361 Active US9491177B2 (en) | 2013-10-14 | 2013-10-14 | Granting permissions to an object when adding people to a conversation |
Country Status (7)
Country | Link |
---|---|
US (2) | US9491177B2 (en) |
EP (1) | EP3058685B1 (en) |
JP (1) | JP6401793B2 (en) |
CN (1) | CN105637813B (en) |
BR (1) | BR112016007128A8 (en) |
RU (1) | RU2676872C2 (en) |
WO (1) | WO2015057431A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10361987B2 (en) * | 2016-05-21 | 2019-07-23 | Facebook, Inc. | Techniques to convert multi-party conversations to an editable document |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10476823B2 (en) * | 2014-09-04 | 2019-11-12 | Blackberry Limited | Automatic identification and retrieval of message attachments in a message conversation |
US10536407B1 (en) * | 2014-12-15 | 2020-01-14 | Amazon Technologies, Inc. | Converting shared files to message attachments |
US10650085B2 (en) * | 2015-03-26 | 2020-05-12 | Microsoft Technology Licensing, Llc | Providing interactive preview of content within communication |
US10140434B2 (en) | 2016-05-03 | 2018-11-27 | Microsoft Technology Licensing, Llc | Group-based external sharing of electronic data |
US10645036B2 (en) * | 2016-06-16 | 2020-05-05 | Microsoft Technology Licensing, Llc | In-line collaboration in e-mail |
US10241848B2 (en) | 2016-09-30 | 2019-03-26 | Microsoft Technology Licensing, Llc | Personalized diagnostics, troubleshooting, recovery, and notification based on application state |
US10476768B2 (en) | 2016-10-03 | 2019-11-12 | Microsoft Technology Licensing, Llc | Diagnostic and recovery signals for disconnected applications in hosted service environment |
CN112204596A (en) * | 2018-03-29 | 2021-01-08 | S.G.A.创新有限公司 | System, apparatus and method for publicly/privately exchanging messages/files and creating dynamic subgroups |
WO2019240777A1 (en) * | 2018-06-12 | 2019-12-19 | Google Llc | Sharing rights to control aspects of an electronic message |
JP7196511B2 (en) * | 2018-10-01 | 2022-12-27 | 富士フイルムビジネスイノベーション株式会社 | data processor |
US11644952B2 (en) * | 2020-12-29 | 2023-05-09 | Dropbox, Inc. | Processing electronic signature data in a collaborative environment |
GB2615373A (en) * | 2022-02-03 | 2023-08-09 | Elmon Brandon | System and method of tracing and controlling the loop of electronic messages |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080120383A1 (en) * | 2006-11-22 | 2008-05-22 | Shruti Kumar | Method and system for preventing thread insertion or removal |
US20080120382A1 (en) * | 2006-11-17 | 2008-05-22 | International Business Machines Corporation | Method, computer program product, and user interface for making non-shared linked documents in electronic messages accessible to recipients |
US20100169439A1 (en) * | 2008-12-31 | 2010-07-01 | O'sullivan Patrick Joseph | System and method for allowing access to content |
US7783711B2 (en) * | 2005-07-01 | 2010-08-24 | 0733660 B.C. Ltd. | Electronic mail system with functionally for senders to control actions performed by message recipients |
US20120278404A1 (en) * | 2011-04-28 | 2012-11-01 | Microsoft Corporation | Upload of attachment and insertion of link into electronic messages |
US20140215568A1 (en) * | 2012-08-29 | 2014-07-31 | Ivan Kirigin | Requesting modification rights to a linked file set |
US20150199533A1 (en) * | 2012-09-14 | 2015-07-16 | Google Inc. | Correcting access rights of files in electronic communications |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6473794B1 (en) * | 1999-05-27 | 2002-10-29 | Accenture Llp | System for establishing plan to test components of web based framework by displaying pictorial representation and conveying indicia coded components of existing network framework |
US7367048B2 (en) * | 2003-07-10 | 2008-04-29 | International Business Machines Corporation | Apparatus and method for autonomic email access control |
US20060294187A1 (en) | 2004-01-20 | 2006-12-28 | Thomas Hakel | Integrated web communications system |
CA2554991A1 (en) | 2006-07-28 | 2008-01-28 | Ibm Canada Limited - Ibm Canada Limitee | System and method for distributing email attachments |
JP4978274B2 (en) * | 2007-03-30 | 2012-07-18 | 株式会社日立製作所 | E-mail system |
JP2008262293A (en) * | 2007-04-10 | 2008-10-30 | Hitachi Ltd | Shared file access management method, system and program |
US8341726B2 (en) * | 2007-07-23 | 2012-12-25 | International Business Machines Corporation | System and method for controlling email propagation |
ATE554453T1 (en) * | 2008-02-29 | 2012-05-15 | Research In Motion Ltd | SYSTEM AND METHODS FOR SHARED OWNER BASED RESOURCE ACCESS CONTROL |
KR101507787B1 (en) * | 2008-03-31 | 2015-04-03 | 엘지전자 주식회사 | Terminal and method of communicating using instant messaging service therein |
US8452854B2 (en) | 2008-06-17 | 2013-05-28 | Research In Motion Limited | Method and apparatus for remote manipulation of attachments |
US9619664B2 (en) * | 2009-11-17 | 2017-04-11 | International Business Machines Corporation | Systems and methods for handling electronic messages |
US20110137947A1 (en) * | 2009-12-03 | 2011-06-09 | International Business Machines Corporation | Dynamic access control for documents in electronic communications within a cloud computing environment |
US8832802B2 (en) * | 2010-02-01 | 2014-09-09 | Protextion Technologies, Llc | System for distribution permissions for network communications |
US8621648B2 (en) * | 2010-05-03 | 2013-12-31 | Intuit Inc. | Method and system for secure exchange and use of electronic business cards |
US8631387B2 (en) * | 2011-03-31 | 2014-01-14 | Coral Networks, Inc. | System and method for the structuring and interpretation of organic computer programs |
US10185932B2 (en) * | 2011-05-06 | 2019-01-22 | Microsoft Technology Licensing, Llc | Setting permissions for links forwarded in electronic messages |
US20130080545A1 (en) | 2011-09-28 | 2013-03-28 | Microsoft Corporation | Automatic access settings based on email recipients |
EP2802118B1 (en) * | 2012-12-07 | 2021-02-03 | Duvon Corporation | File sharing system and method |
-
2013
- 2013-10-14 US US14/053,361 patent/US9491177B2/en active Active
-
2014
- 2014-10-08 CN CN201480056562.6A patent/CN105637813B/en active Active
- 2014-10-08 WO PCT/US2014/059586 patent/WO2015057431A1/en active Application Filing
- 2014-10-08 JP JP2016547969A patent/JP6401793B2/en active Active
- 2014-10-08 BR BR112016007128A patent/BR112016007128A8/en not_active Application Discontinuation
- 2014-10-08 RU RU2016114159A patent/RU2676872C2/en active
- 2014-10-08 EP EP14793676.9A patent/EP3058685B1/en active Active
-
2016
- 2016-09-20 US US15/270,453 patent/US20170012985A1/en not_active Abandoned
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7783711B2 (en) * | 2005-07-01 | 2010-08-24 | 0733660 B.C. Ltd. | Electronic mail system with functionally for senders to control actions performed by message recipients |
US20080120382A1 (en) * | 2006-11-17 | 2008-05-22 | International Business Machines Corporation | Method, computer program product, and user interface for making non-shared linked documents in electronic messages accessible to recipients |
US20080120383A1 (en) * | 2006-11-22 | 2008-05-22 | Shruti Kumar | Method and system for preventing thread insertion or removal |
US20100169439A1 (en) * | 2008-12-31 | 2010-07-01 | O'sullivan Patrick Joseph | System and method for allowing access to content |
US20120278404A1 (en) * | 2011-04-28 | 2012-11-01 | Microsoft Corporation | Upload of attachment and insertion of link into electronic messages |
US20140215568A1 (en) * | 2012-08-29 | 2014-07-31 | Ivan Kirigin | Requesting modification rights to a linked file set |
US20150199533A1 (en) * | 2012-09-14 | 2015-07-16 | Google Inc. | Correcting access rights of files in electronic communications |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10361987B2 (en) * | 2016-05-21 | 2019-07-23 | Facebook, Inc. | Techniques to convert multi-party conversations to an editable document |
US11032231B1 (en) * | 2016-05-21 | 2021-06-08 | Facebook, Inc. | Techniques to convert multi-party conversations to an editable document |
Also Published As
Publication number | Publication date |
---|---|
CN105637813B (en) | 2019-02-15 |
JP6401793B2 (en) | 2018-10-10 |
US20150106877A1 (en) | 2015-04-16 |
EP3058685A1 (en) | 2016-08-24 |
WO2015057431A1 (en) | 2015-04-23 |
RU2676872C2 (en) | 2019-01-11 |
JP2016540325A (en) | 2016-12-22 |
BR112016007128A2 (en) | 2017-08-01 |
RU2016114159A (en) | 2017-10-17 |
EP3058685B1 (en) | 2019-02-20 |
CN105637813A (en) | 2016-06-01 |
US9491177B2 (en) | 2016-11-08 |
BR112016007128A8 (en) | 2020-03-03 |
RU2016114159A3 (en) | 2018-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9491177B2 (en) | Granting permissions to an object when adding people to a conversation | |
US10775956B2 (en) | Electronic data storage re-sharing notification | |
US10936808B2 (en) | Document linking in an electronic messaging system | |
CN109076087B (en) | Group-based external sharing of electronic data | |
US9699152B2 (en) | Sharing content with permission control using near field communication | |
US20150263995A1 (en) | Identifying relationships between message threads | |
US20180152460A1 (en) | Persistent mutable sharing of electronic content | |
US20170364692A1 (en) | Electronic file sharing link granularity | |
US20240037066A1 (en) | File access permission revocation notification | |
AU2015315405A1 (en) | Mapping account information to server authentication | |
EP3097667B1 (en) | Deriving atomic communication threads from independently addressable messages | |
US10554598B2 (en) | Accessibility processing when making content available to others | |
EP4042295A1 (en) | Surfacing sharing attributes of a link proximate a browser address bar | |
EP4398133A2 (en) | Group-based external sharing of electronic data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: MICROSOFT CORPORATION, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MEYERS, DAVID L.;LIMONT, DAVID P.;FERN, KENNETH;AND OTHERS;SIGNING DATES FROM 20131010 TO 20131013;REEL/FRAME:039802/0598 Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:039802/0656 Effective date: 20141014 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |