Access permissions management system and method
First Claim
1. A data governance system for use with an existing organizational file system, said data governance system comprising a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to automatically manage access permissions, said system comprising:
- a probe engine communicating with said organizational file system and being operative to collect access information from said organizational file system in an ongoing manner;
a redundancy reducing engine receiving an output from said probe engine and providing a redundancy reduced information stream; and
a redundancy reduced information database receiving and storing said redundancy reduced information stream;
said redundancy-reduced information database storing information relating to a subset of a set of access permissions to said organization file system, said subset being created by said redundancy reducing engine,said redundancy reducing engine being operative;
to ascertain whether there exists a first subset of said multiplicity of access permissions permitting access to a portion of said organizational file system, which permitted access is identical to access permitted by a second subset, different from said first subset, of said multiplicity of access permissions to said portion of said organizational file system, said first subset of said multiplicity of access permissions therefore being redundant; and
responsive to said ascertaining whether any of said access permissions are redundant, to eliminate from said multiplicity of access permissions to said organizational file system, said access permissions to said organizational file system which are redundant.
1 Assignment
0 Petitions
Accused Products
Abstract
An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permissions in the repository.
-
Citations
2 Claims
-
1. A data governance system for use with an existing organizational file system, said data governance system comprising a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to automatically manage access permissions, said system comprising:
-
a probe engine communicating with said organizational file system and being operative to collect access information from said organizational file system in an ongoing manner; a redundancy reducing engine receiving an output from said probe engine and providing a redundancy reduced information stream; and a redundancy reduced information database receiving and storing said redundancy reduced information stream; said redundancy-reduced information database storing information relating to a subset of a set of access permissions to said organization file system, said subset being created by said redundancy reducing engine, said redundancy reducing engine being operative; to ascertain whether there exists a first subset of said multiplicity of access permissions permitting access to a portion of said organizational file system, which permitted access is identical to access permitted by a second subset, different from said first subset, of said multiplicity of access permissions to said portion of said organizational file system, said first subset of said multiplicity of access permissions therefore being redundant; and responsive to said ascertaining whether any of said access permissions are redundant, to eliminate from said multiplicity of access permissions to said organizational file system, said access permissions to said organizational file system which are redundant.
-
-
2. An access permissions management method comprising:
-
communicating with an organizational file system and collecting access information from said organizational file system in an ongoing manner; responsive to said collecting access information; ascertaining whether there exists a first subset of said multiplicity of access permissions permitting access to a portion of said organizational file system, which permitted access is identical to access permitted by a second subset, different from said first subset, of said multiplicity of access permissions to said portion of said organizational file system, said first subset of said multiplicity of access permissions therefore being redundant; and responsive to said ascertaining whether any of said access permissions are redundant, eliminating from said multiplicity of access permissions to said organizational file system, said access permissions to said organizational file system which are redundant; and providing and storing, a redundancy reduced information stream, said redundancy reduced information stream comprising information relating to a subset of a set of access permissions to said organizational file system.
-
Specification
-
- Resources
-
Current AssigneeVaronis Systems, Inc.
-
Original AssigneeVaronis Systems, Inc.
-
InventorsFaitelson, Yakov, Korkus, Ohad, Kretzer-Katzir, Ophir, Keysar, Yzhar
-
Primary Examiner(s)Kerzhner, Aleksandr
-
Assistant Examiner(s)Cheung, Eddy
-
Application NumberUS15/381,239Publication NumberTime in Patent Office669 DaysField of SearchNoneUS Class CurrentCPC Class CodesG06F 21/41 where a single sign-on prov...G06F 21/45 Structures or tools for the...G06F 21/604 Tools and structures for ma...G06F 21/62 Protecting access to data v...G06F 21/6218 to a system of files or obj...H04L 63/101 Access control lists [ACL]
