Authorization policy customization and authorization policy lockdown

US 10,142,371 B2
Filed: 12/18/2015
Issued: 11/27/2018
Est. Priority Date: 04/24/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, from an administrative computer within a cloud services environment, a request to upgrade a cloud service application associated with a plurality of authorization policy artifacts, wherein;

upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts,the cloud service application is provided as a service to a plurality of companies,the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, andthe plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies;

in response to receiving the request to upgrade the cloud service application, analyzing the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts;

upgrading the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts;

requesting input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and

upgrading the second subset of the plurality of authorization policy artifacts based on the input.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Application customization enables many different types of customers, from small companies to large multinational enterprises, to use various applications provided by a cloud service provider. To accommodate these customizations, previous systems generally require manual human intervention to identify custom, customized, and cloud service provider authorization policies (also referred to herein as “seed” authorization policies) and to decide how each type of authorization policy should be upgraded. When applications are customized, artifacts that represent those customizations can be created. In some embodiments, the customizations can include new resources or entitlements, and grants to new roles. In addition to new resources, entitlements, and grants, existing resources, entitlements, and grants can be modified and artifacts corresponding to those modifications can be generated. Embodiments of the present invention provide improved techniques for tracking and managing customizations to simplify and automate upgrade processes.

42 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving, from an administrative computer within a cloud services environment, a request to upgrade a cloud service application associated with a plurality of authorization policy artifacts, wherein;
  
  upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts,the cloud service application is provided as a service to a plurality of companies,the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, andthe plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies;
  
  in response to receiving the request to upgrade the cloud service application, analyzing the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts;
  
  upgrading the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts;
  
  requesting input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and
  
  upgrading the second subset of the plurality of authorization policy artifacts based on the input.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein each authorization policy artifact is associated with metadata including an owner name and a modifiability flag.
  - 3. The computer-implemented method of claim 2, wherein the modifiability flag is associated with a modification policy that defines how the authorization policy artifact is modifiable.
  - 4. The computer-implemented method of claim 2, wherein analyzing the plurality of authorization policy artifacts further comprises:
    - identifying the first subset of the plurality of authorization policy artifacts and the second subset of the plurality of authorization policy artifacts based on the associated metadata.
  - 5. The computer-implemented method of claim 1, wherein the input includes upgrade instructions for each authorization policy artifact in the second subset of the plurality of authorization policy artifacts.
  - 6. The computer-implemented method of claim 1, wherein each authorization policy artifact in the first subset of the plurality of authorization policy artifacts is non-modifiable.
  - 7. The computer-implemented method of claim 1, wherein analyzing the plurality of authorization policy artifacts further comprises:
    - identifying one or more user modifications made to the plurality of authorization policy artifacts.

8. A system comprising:
- a cloud infrastructure system comprising a plurality of server computers configured to provide one or more services; and
  
  an administrative computer, including a user interface, wherein the administrative computer is configured to send an upgrade request to the cloud infrastructure system to upgrade a cloud service application deployed in the cloud infrastructure system, wherein;
  
  the cloud service application is associated with a plurality of authorization policy artifacts,upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts,the cloud service application is provided as a service to a plurality of companies,the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, andthe plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies;
  
  wherein when the upgrade request is received by the cloud infrastructure system, the cloud infrastructure system is configured to;
  
  analyze the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts;
  
  upgrade the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts;
  
  request input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and
  
  upgrade the second subset of the plurality of authorization policy artifacts based on the input.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein each policy artifact is associated with metadata including an owner name and a modifiability flag.
  - 10. The system of claim 9, wherein the modifiability flag is associated with a modification policy that defines how the policy artifact is modifiable.
  - 11. The system of claim 9, wherein analyzing the plurality of authorization policy artifacts further comprises:
    - identifying the first subset of the plurality of authorization policy artifacts and the second subset of the plurality of authorization policy artifacts based on the associated metadata.
  - 12. The system of claim 8, wherein the input includes upgrade instructions for each authorization policy artifact in the second subset of the plurality of authorization policy artifacts.
  - 13. The system of claim 8, wherein each authorization policy artifact in the first subset of the plurality of authorization policy artifacts is non-modifiable.
  - 14. The system of claim 8, wherein analyzing the plurality of authorization policy artifacts further comprises:
    - identifying one or more user modifications made to the plurality of authorization policy artifacts.

15. A non-transitory computer readable storage medium including instructions stored thereon which, when executed by a processor, cause the processor to perform a method comprising:
- receiving, from an administrative computer within a cloud services environment, a request to upgrade a cloud service application associated with a plurality of authorization policy artifacts, wherein;
  
  upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts,the cloud service application is provided as a service to a plurality of companies,the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, andthe plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies;
  
  in response to receiving the request to upgrade the cloud service application, analyzing the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts;
  
  upgrading the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts;
  
  requesting input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and
  
  upgrading the second subset of the plurality of authorization policy artifacts based on the input.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein each policy artifact is associated with metadata including an owner name and a modifiability flag.
  - 17. The non-transitory computer readable storage medium of claim 16, wherein the modifiability flag is associated with a modification policy that defines how the policy artifact is modifiable.
  - 18. The non-transitory computer readable storage medium of claim 16, wherein analyzing the plurality of authorization policy artifacts further comprises:
    - identifying the first subset of the plurality of authorization policy artifacts and the second subset of the plurality of authorization policy artifacts based on the associated metadata.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein the input includes upgrade instructions for each authorization policy artifact in the second subset of the plurality of authorization policy artifacts.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein analyzing the plurality of authorization policy artifacts further comprises:
    - identifying one or more user modifications made to the plurality of authorization policy artifacts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sastry, Hari, Sriramadhesikan, Krishnakumar, Garg, Vineet, Vepa, Sirish V., Manjunath, Srivatsa, Wang, Yi
Primary Examiner(s)
Alata, Ayoub

Application Number

US14/974,836
Publication Number

US 20160315965A1
Time in Patent Office

1,075 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Authorization policy customization and authorization policy lockdown

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization policy customization and authorization policy lockdown

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links