Managing Who Can Do What in Complex Business Workflows
A system that uses two separate, configurable matrices to strictly control which users can view specific data or perform specific actions within a business process based on their assigned roles.
Original patent title: “System and method for providing complex access control in workflows”
A system that uses two separate, configurable matrices to strictly control which users can view specific data or perform specific actions within a business process based on their assigned roles. Granted to Oracle International Corp in 2017 with 23 claims and 1 forward citation.
Key facts
Coverage
What does this patent actually cover?
This system manages access control in business workflows by decoupling task contents from task actions. It uses a workflow manager with a graphical user interface to display two distinct matrices: one for controlling access to data (task contents) and another for controlling access to operations (task actions). These matrices map logical roles—such as creator, assigneeassigneeThe entity that owns the patent — usually the inventor's employer or a company.Read more →, or reviewer—against specific items, allowing the system to dynamically disable or enable options in real-time as the state of a task changes. For example, if a document is in the 'Review' state, the system automatically restricts the 'Edit' action for the 'Reviewer' role while allowing it for the 'Owner' role.
The gap
What does this patent NOT cover?
- Does not cover access control systems that rely solely on static, global permissions rather than task-state-dependent matrices.
- Does not cover systems that do not distinguish between access to data contents versus access to specific task actions.
- Does not cover basic role-based access control (RBAC) that lacks the two-matrix graphical interface structure defined in the claimsclaimsThe numbered statements at the end of a patent that legally define what the inventor owns.Read more →.
These exclusions are unique to PatentBrief — derived from the actual claim language, not patent-office boilerplate.
What made this novel
The innovation lies in splitting the access control into two distinct matrices—one for 'what' (contents) and one for 'how' (actions)—and linking them to the real-time state of a workflow task, allowing for highly granular security that updates automatically.
Schematic visualization of the patent's claim structure. Hand-drawn diagrams in progress for each landmark patent.
Where you've seen this
Real-world examples
Oracle BPM Suite
Enterprise workflow automation platforms
Corporate document approval systems
Why it matters
The bigger picture
In large enterprise environments, managing permissions for complex workflows is error-prone. This patent provides a structured, visual method for administrators to define granular access rules that adapt to the lifecycle of a business process, reducing the risk of unauthorized data exposure or improper task execution.
Filed
May 14, 2010
Granted
August 22, 2017
Market context
Who's building on this
Companies in this space
Oracle remains the primary entity associated with this technology, utilizing it within their broader Business Process Management (BPM) and enterprise middleware offerings. Other enterprise software providers in the workflow orchestration space often implement similar state-aware permission models.
Market impact
This patent formalizes a specific UI-driven approach to complex enterprise security. It helps standardize how administrators configure permission sets in large-scale business applications, moving away from hard-coded security logic toward configurable, state-driven workflow management.
Claim 1 — Plain English
What this patent covers
This system manages access control in business workflows by decoupling task contents from task actions. It uses a workflow manager with a graphical user interface to display two distinct matrices: one for controlling access to data (task contents) and another for controlling access to operations (task actions). These matrices map logical roles—such as creator, assignee, or reviewer—against specific items, allowing the system to dynamically disable or enable options in real-time as the state of a task changes. For example, if a document is in the 'Review' state, the system automatically restricts the 'Edit' action for the 'Reviewer' role while allowing it for the 'Owner' role.
The clever bit
The innovation lies in splitting the access control into two distinct matrices—one for 'what' (contents) and one for 'how' (actions)—and linking them to the real-time state of a workflow task, allowing for highly granular security that updates automatically.
What it does not cover
- Does not cover access control systems that rely solely on static, global permissions rather than task-state-dependent matrices.
- Does not cover systems that do not distinguish between access to data contents versus access to specific task actions.
- Does not cover basic role-based access control (RBAC) that lacks the two-matrix graphical interface structure defined in the claims.
Patent timeline
Application submitted to the patent office
Application published, typically 18 months after filing
Patent officially issued
PatentBrief Score
Impact Score
Moderate
Citation count
6/40
Early citations
Claim breadth
15/20
Broad claimsclaimsThe numbered statements at the end of a patent that legally define what the inventor owns.Read more →
Recency
10/20
Granted 5–10 years ago
Assignee scale
20/20
Major company or institution
PatentBrief Impact Score — based on citation count, claim breadth, recency, and assignee scale. Not a legal assessment.
Heuristic Value Estimate
What this patent might be worth
$55K – $175K
Midpoint $109K · 3.9 yr remaining · industry ×1.6
Heuristic only — blends forward/backward citation counts, claim scope, time remaining, litigation history, and CPC-derived industry baseline. Real valuations need a professional appraisal.
The original legal language
Original claims
23 claims as filed with the patent office.
Concepts involved
Citations
Patent lineage
Cite this patent
Svetov, V., Rangaswamy, R., Umapathy, V., & Kamath, M. (2017). Managing Who Can Do What in Complex Business Workflows (U.S. Patent No. 9,741,006). U.S. Patent and Trademark Office. https://patentbrief.org/patent/us/9741006/amazon-go-just-walk-out
Auto-generated from the patent record. Double-check author order and the issue date against the official USPTO document before submitting.
Embed
Add this patent to your site
Drop this plain-English patent card into any blog post or article — free, no signup. It always links back to the full breakdown here.
<div data-patentlens-widget data-patent-number="US9741006"></div> <script src="https://patentbrief.org/embed.js" async></script>
Stay in the loop
Get a weekly digest of new patents.
One email per week. No spam. Unsubscribe anytime.
Keep exploring
Related patents you should know
US 4683195 · 1987
How to Make Billions of Copies of a DNA Segment
This patent describes the Polymerase Chain Reaction (PCR), a method to rapidly create many copies of a specific piece of DNA or RNA, enabling its detection and analysis.
Cetus Corp
US 8697359 · 2014
How to Edit Genes in Human Cells Using an Engineered CRISPR System
This patent describes an engineered CRISPR-Cas9 system for precisely cutting DNA in eukaryotic cells to change how genes work, opening the door for gene editing in complex organisms.
Massachusetts Institute of Technology
US 7657849 · 2010
How the iPhone's Slide-to-Unlock Gesture Works
Apple's 2010 patent describes unlocking a device by dragging a specific graphical image across the touchscreen along a predefined path, a gesture that became iconic with the original iPhone.
Apple Inc
US 4733665 · 1988
How Doctors Implant a Permanent Stent Using a Balloon
This patent describes the method for placing a permanent, expandable wire mesh tube inside a blood vessel or other body tube using a balloon-tipped catheter to widen it and keep it open.
Expandable Grafts Partnership
US 4965188 · 1990
How to Make Many Copies of a DNA Piece with Heat
This patent describes the Polymerase Chain Reaction (PCR) method, a technique to make millions of copies of a specific DNA segment using a heat-resistant enzyme and repeated temperature changes.
Cetus Corp
US 4235871 · 1980
How to Encapsulate Active Materials in Lipid Bubbles Efficiently
This patent describes a method for trapping biologically active substances inside tiny, multi-layered fat bubbles called liposomes, using a specific water-in-oil emulsion and gel-forming process to improve how much material gets captured.
Individual
More to explore
More in Software & Internet
US 4405829 · 1983 · Massachusetts Institute of Technology
How RSA Public-Key Encryption Keeps Digital Messages Secret
US 6285999 · 2001 · Leland Stanford Junior University
How Websites Get Ranked by Importance
US 5960411 · 1999 · Amazon com Inc
How Amazon's One-Click Ordering Works for Online Purchases
US 7669123 · 2010 · Facebook Inc
Displaying Friends' Activities in a Social Network Feed
New to patents?
Common Questions
Frequently Asked Questions
What does Managing Who Can Do What in Complex Business Workflows cover?
A system that uses two separate, configurable matrices to strictly control which users can view specific data or perform specific actions within a business process based on their assigned roles.
Who owns patent US 9741006?
Oracle International Corp owns this patent, granted in 2017.
When does this patent expire?
This patent is expected to expire on August 22, 2037, when the invention enters the public domain.
What is patent US 9741006 cited by?
This patent has been cited by 1 later patents that build on its ideas.
What problem does this patent solve?
In large enterprise environments, managing permissions for complex workflows is error-prone. This patent provides a structured, visual method for administrators to define granular access rules that adapt to the lifecycle of a business process, reducing the risk of unauthorized data exposure or improper task execution.
What does this patent NOT cover?
Does not cover access control systems that rely solely on static, global permissions rather than task-state-dependent matrices.
Same assignee
More from Oracle International Corp
Patent monitoring