×

Systems and methodologies for controlling access to a file system

  • US 10,320,798 B2
  • Filed: 02/01/2016
  • Issued: 06/11/2019
  • Est. Priority Date: 02/20/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for controlling access to a the system having data elements, comprising the steps of:

  • maintaining a record of respective actual accesses by users of said file system to said data elements, said users being organized in a user hierarchy;

    employing entitlement review by owner functionality for automatically proposing a removal of a set of said users from a superset of said users, wherein members of said superset have common access privileges to a portion of said data elements, and wherein following an implementation of said proposed simulated removal, members of said set retain respective proposed residual access permissions to said data elements, said entitlement review by owner functionality being configured to present to at least one owner of said data elements, a visually sensible indication of authorization status including a specific indication of users which were not yet authorized by the at least one owner of said data elements, and to require the at least one owner to confirm or modify the authorization status;

    automatically ascertaining, prior to said implementation of said proposed removal, whether at least one of said respective actual accesses are disallowed to non-members of said set by said respective proposed residual access permissions, said non-members of said set having actual access profiles which are similar to the actual access profiles of said members of said set, said members of said set being nondescendants of said non-members of said set in said user hierarchy; and

    responsive to said automatically ascertaining that said at least one of said respective actual accesses are not disallowed to said non-members of said set by said respective proposed residual access permissions, obtaining a consent to said proposed removal from at least one of a data owner of said data elements and a data authorizer established to act on behalf of said data owner of said data elements.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×