Authorization policy customization and authorization policy lockdown
First Claim
1. A computer-implemented method comprising:
- receiving, from an administrative computer within a cloud services environment, a request to upgrade a cloud service application associated with a plurality of authorization policy artifacts, wherein;
upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts,the cloud service application is provided as a service to a plurality of companies,the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, andthe plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies;
in response to receiving the request to upgrade the cloud service application, analyzing the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts;
upgrading the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts;
requesting input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and
upgrading the second subset of the plurality of authorization policy artifacts based on the input.
1 Assignment
0 Petitions
Accused Products
Abstract
Application customization enables many different types of customers, from small companies to large multinational enterprises, to use various applications provided by a cloud service provider. To accommodate these customizations, previous systems generally require manual human intervention to identify custom, customized, and cloud service provider authorization policies (also referred to herein as “seed” authorization policies) and to decide how each type of authorization policy should be upgraded. When applications are customized, artifacts that represent those customizations can be created. In some embodiments, the customizations can include new resources or entitlements, and grants to new roles. In addition to new resources, entitlements, and grants, existing resources, entitlements, and grants can be modified and artifacts corresponding to those modifications can be generated. Embodiments of the present invention provide improved techniques for tracking and managing customizations to simplify and automate upgrade processes.
42 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, from an administrative computer within a cloud services environment, a request to upgrade a cloud service application associated with a plurality of authorization policy artifacts, wherein; upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts, the cloud service application is provided as a service to a plurality of companies, the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, and the plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies; in response to receiving the request to upgrade the cloud service application, analyzing the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts; upgrading the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; requesting input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and upgrading the second subset of the plurality of authorization policy artifacts based on the input. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a cloud infrastructure system comprising a plurality of server computers configured to provide one or more services; and an administrative computer, including a user interface, wherein the administrative computer is configured to send an upgrade request to the cloud infrastructure system to upgrade a cloud service application deployed in the cloud infrastructure system, wherein; the cloud service application is associated with a plurality of authorization policy artifacts, upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts, the cloud service application is provided as a service to a plurality of companies, the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, and the plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies; wherein when the upgrade request is received by the cloud infrastructure system, the cloud infrastructure system is configured to; analyze the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts; upgrade the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; request input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and upgrade the second subset of the plurality of authorization policy artifacts based on the input. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium including instructions stored thereon which, when executed by a processor, cause the processor to perform a method comprising:
-
receiving, from an administrative computer within a cloud services environment, a request to upgrade a cloud service application associated with a plurality of authorization policy artifacts, wherein; upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts, the cloud service application is provided as a service to a plurality of companies, the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, and the plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies; in response to receiving the request to upgrade the cloud service application, analyzing the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts; upgrading the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; requesting input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and upgrading the second subset of the plurality of authorization policy artifacts based on the input. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification