Quality assurance checks of access rights in a computing system
First Claim
1. A computer-implemented method of managing identity and access management information comprising:
- storing, at a data store of a computing device, access right information indicating a plurality of granted access rights associated with a computing resource of a computing system, wherein each of the plurality of granted access rights grants one of a plurality of users access to the computing resource, wherein the plurality of granted access rights comprises a plurality of entitlements, wherein each entitlement comprises an indication of a permission to access the computing resource, and wherein the permission is provisioned to one of the plurality of users;
receiving, by the computing device, access right utilization information indicating a plurality of utilized access rights, wherein each of the plurality of utilized access rights has been used to access the computing resource;
comparing, by the computing device, each granted access right of the plurality of granted access rights to the plurality of utilized access rights in order to determine whether that granted access right has been used to access the computing resource;
generating, by the computing device, a report based on the comparing, wherein the report indicates which of the plurality of granted access rights have not been used to access the computing resource, wherein the report indicates, for each granted access right of the plurality of granted access rights, whether that granted access right has or has not been used to access the computing resource based on whether that granted access right corresponds to one of the plurality of utilized access rights, and wherein the report indicates which of the plurality of entitlements have not been used to access the computing resource; and
based on determining that a granted access right of the plurality of granted access rights has not been used to access the computing resource, removing the granted access right.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for ensuring the quality of identity and access management information at a computing system are described. Access right information that respectively corresponds to one or more access rights may be stored at a data store. The access right information may be stored in accordance with a data model that defines respective relationships between the access rights and both the users having access to the computing system and the computing resources of the computing system. At least a portion of the access right information may be retrieved, and quality assurance tasks may be performed using the portion of the access right information retrieved.
288 Citations
16 Claims
-
1. A computer-implemented method of managing identity and access management information comprising:
-
storing, at a data store of a computing device, access right information indicating a plurality of granted access rights associated with a computing resource of a computing system, wherein each of the plurality of granted access rights grants one of a plurality of users access to the computing resource, wherein the plurality of granted access rights comprises a plurality of entitlements, wherein each entitlement comprises an indication of a permission to access the computing resource, and wherein the permission is provisioned to one of the plurality of users; receiving, by the computing device, access right utilization information indicating a plurality of utilized access rights, wherein each of the plurality of utilized access rights has been used to access the computing resource; comparing, by the computing device, each granted access right of the plurality of granted access rights to the plurality of utilized access rights in order to determine whether that granted access right has been used to access the computing resource; generating, by the computing device, a report based on the comparing, wherein the report indicates which of the plurality of granted access rights have not been used to access the computing resource, wherein the report indicates, for each granted access right of the plurality of granted access rights, whether that granted access right has or has not been used to access the computing resource based on whether that granted access right corresponds to one of the plurality of utilized access rights, and wherein the report indicates which of the plurality of entitlements have not been used to access the computing resource; and based on determining that a granted access right of the plurality of granted access rights has not been used to access the computing resource, removing the granted access right. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing device for managing identity and access management information comprising:
at least one processor; a data store storing access right information indicating a plurality of granted access rights associated with a computing resource of a computing system, wherein each of the plurality of access rights grants one of a plurality of users access to the computing resource, wherein the plurality of granted access rights comprises a plurality of entitlements, wherein each entitlement comprises an indication of a permission to access the computing resource, and wherein the permission is provisioned to one of the plurality of users; and memory storing computer-executable instructions that, when executed by the at least one processor, cause the computing device to; receive access right utilization information indicating a plurality of utilized access rights, wherein each utilized access right has been used to access the computing resource; compare each granted access right of the plurality of granted access rights to the plurality of utilized access rights in order to determine whether that granted access right has been used to access the computing resource; generate a report based on the comparing, wherein the report indicates which of the plurality of granted access rights have not been used to access the computing resource, wherein the report indicates, for each granted access right of the plurality of granted access rights, whether that granted access right has or has not been used to access the computing resource based on whether that granted access right corresponds to one of the plurality of utilized access rights, and wherein the report indicates which of the plurality of entitlements have not been used to access the computing resource; and based on determining that a granted access right of the plurality of granted access rights has not been used to access the computing resource, remove the granted access right. - View Dependent Claims (10, 11, 12)
-
13. Non-transitory computer-readable media storing instructions for managing identity and access management information, wherein the instructions, when executed by at least one processor of a computing device, cause the computing device to:
-
store, at a data store, access right information indicating a plurality of granted access rights associated with a computing resource of a computing system, wherein each of the plurality of granted access rights grants one of a plurality of users access to the computing resource, wherein the plurality of granted access rights comprises a plurality of entitlements, wherein each entitlement comprises an indication of a permission to access the computing resource, and wherein the permission is provisioned to one of the plurality of users; receive access right utilization information indicating a plurality of utilized access rights, wherein each utilized access right has been used to access the computing resource; compare each granted access right of the plurality of granted access rights to the plurality of utilized access rights in order to determine whether that granted access right has been used to access the computing resource; generate a report based on the comparing, wherein the report indicates which of the plurality of granted access rights have not been used to access the computing resource, wherein the report indicates, for each granted access right of the plurality of granted access rights, whether that granted access right has or has not been used to access the computing resource based on whether that granted access right corresponds to one of the plurality of utilized access rights, and wherein the report indicates which of the plurality of entitlements have not been used to access the computing resource; and based on determining that a granted access right of the plurality of granted access rights has not been used to access the computing resource, remove the granted access right. - View Dependent Claims (14, 15, 16)
-
Specification