×

Automatic privilege determination

  • US 10,158,670 B1
  • Filed: 02/12/2016
  • Issued: 12/18/2018
  • Est. Priority Date: 05/01/2012
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • receiving, via a network and by a logging service of a system including one or more processors executing instructions from one or more memories, an access control policy, the access control policy identifying privileges of a client to use one or more resources to perform authorized actions with the one or more resources;

    receiving, via the network and by the logging service of the system, information about a set of actions performed by the client with the one or more resources;

    analyzing, by a policy determination service of the system, the information about the set of performed actions with respect to the privileges granted by the access control policy to identify utilization of the privileges granted by the access control policy to the client; and

    modifying, by the policy determination service of the system and based at least in part on the utilization of the privileges, the access control policy to form a modified policy by at least;

    adding, by the policy determination service of the system, a first privilege to the access control policy to authorize a first action, the first action not previously authorized under the access control policy;

    orremoving, by the policy determination service of the system, a second privilege from the access control policy to de-authorize a second action.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×