×

Delegating security policy management authority to managed accounts

  • US 10,419,488 B2
  • Filed: 03/03/2017
  • Issued: 09/17/2019
  • Est. Priority Date: 03/03/2017
  • Status: Active Grant
First Claim
Patent Images

1. A system comprising:

  • at least one processor; and

    at least one memory in communication with the at least one processor, the at least one memory having computer-readable instructions stored thereupon that, when executed by the at least one processor, cause the at least one processor to;

    obtain a security policy that includes application management settings that are generated from at least one administrative authority account that corresponds to a greater level of administrative rights than a managed account, wherein the application management settings indicate a set of permitted applications that are permitted to access one or more enterprise resources from the managed account;

    receive a request to access a particular data resource through a particular application that is operating from the managed account;

    determine, based on the request, that the particular data resource is tagged as an enterprise data resource and that the particular application is not included in the set of permitted applications;

    expose an application exemption manager that is configured to enable a standard user to generate, from the managed account, an exemption instruction to at least partially exempt the particular application from the security policy, wherein the exemption instruction is generated from the managed account independently from the at least one administrative authority account; and

    permit, based on the exemption instruction, the particular application to access the particular data resource from the managed account.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×