# Managing Who Can Do What in Complex Business Workflows > A system that uses two separate, configurable matrices to strictly control which users can view specific data or perform specific actions within a business process based on their assigned roles. - **Patent:** US 9741006 - **Original title:** System and method for providing complex access control in workflows - **Owner:** Oracle International Corp - **Granted:** 2017 - **Status:** Active - **Times cited:** 1 - **Field:** software, enterprise_software ## What it does This system manages access control in business workflows by decoupling task contents from task actions. It uses a workflow manager with a graphical user interface to display two distinct matrices: one for controlling access to data (task contents) and another for controlling access to operations (task actions). These matrices map logical roles—such as creator, assignee, or reviewer—against specific items, allowing the system to dynamically disable or enable options in real-time as the state of a task changes. For example, if a document is in the 'Review' state, the system automatically restricts the 'Edit' action for the 'Reviewer' role while allowing it for the 'Owner' role. ## What it does NOT cover - Does not cover access control systems that rely solely on static, global permissions rather than task-state-dependent matrices. - Does not cover systems that do not distinguish between access to data contents versus access to specific task actions. - Does not cover basic role-based access control (RBAC) that lacks the two-matrix graphical interface structure defined in the claims. ## The clever bit The innovation lies in splitting the access control into two distinct matrices—one for 'what' (contents) and one for 'how' (actions)—and linking them to the real-time state of a workflow task, allowing for highly granular security that updates automatically. ## Real-world examples 1. Oracle BPM Suite 2. Enterprise workflow automation platforms 3. Corporate document approval systems ## Why it matters In large enterprise environments, managing permissions for complex workflows is error-prone. This patent provides a structured, visual method for administrators to define granular access rules that adapt to the lifecycle of a business process, reducing the risk of unauthorized data exposure or improper task execution. ## Frequently asked questions ### What does Managing Who Can Do What in Complex Business Workflows cover? A system that uses two separate, configurable matrices to strictly control which users can view specific data or perform specific actions within a business process based on their assigned roles. ### Who owns patent US 9741006? Oracle International Corp owns this patent, granted in 2017. ### When does this patent expire? This patent is expected to expire on August 22, 2037, when the invention enters the public domain. ### What is patent US 9741006 cited by? This patent has been cited by 1 later patents that build on its ideas. ### What problem does this patent solve? In large enterprise environments, managing permissions for complex workflows is error-prone. This patent provides a structured, visual method for administrators to define granular access rules that adapt to the lifecycle of a business process, reducing the risk of unauthorized data exposure or improper task execution. ### What does this patent NOT cover? Does not cover access control systems that rely solely on static, global permissions rather than task-state-dependent matrices. **Full plain-English explainer:** https://patentbrief.org/patent/us/9741006/amazon-go-just-walk-out **Original patent:** https://patents.google.com/patent/US9741006 --- _Source: PatentBrief — https://patentbrief.org. Patent facts are from public records; the plain-English explanation is PatentBrief's._