Access permissions management system and method
First Claim
1. A data governance system for use with an existing organizational file system and an access control list associated therewith, said data governance system comprising a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to automatically manage access permissions, said system comprising:
- a probe engine communicating with said organizational file system and with said access control list and being operative to collect access information from said organizational file system and from said access control list in an ongoing manner,a redundancy reducing engine receiving an output from said probe engine and providing a redundancy reduced information stream; and
a redundancy reduced information database receiving and storing said redundancy reduced information stream;
said redundancy-reduced information database storing information relating to a subset of a set of user groups having access permissions to said organizational file system, said subset being created by said redundancy reducing engine,said redundancy reducing engine being operative;
to ascertain which of a multiplicity of user groups having access permissions to said organizational file system are unique user groups, said unique user groups having access permissions to said organizational file system which are not inherited from other user groups;
to ascertain which of said multiplicity of user groups having access permissions to said organizational file system are inherited user groups, said inherited user groups having access permissions to said organizational file system which are inherited from other user groups;
to ascertain whether any of said unique user groups are redundant with any of said inherited user groups; and
responsive to said ascertaining whether any of said unique user groups are redundant with any of said inherited user groups, to eliminate from said multiplicity of user groups having access permissions to said organization file system, said unique user groups having access permissions to said organization file system which are redundant with said inherited user groups.
0 Assignments
0 Petitions
Accused Products
Abstract
An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permissions in the repository.
140 Citations
2 Claims
-
1. A data governance system for use with an existing organizational file system and an access control list associated therewith, said data governance system comprising a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to automatically manage access permissions, said system comprising:
-
a probe engine communicating with said organizational file system and with said access control list and being operative to collect access information from said organizational file system and from said access control list in an ongoing manner, a redundancy reducing engine receiving an output from said probe engine and providing a redundancy reduced information stream; and a redundancy reduced information database receiving and storing said redundancy reduced information stream; said redundancy-reduced information database storing information relating to a subset of a set of user groups having access permissions to said organizational file system, said subset being created by said redundancy reducing engine, said redundancy reducing engine being operative; to ascertain which of a multiplicity of user groups having access permissions to said organizational file system are unique user groups, said unique user groups having access permissions to said organizational file system which are not inherited from other user groups; to ascertain which of said multiplicity of user groups having access permissions to said organizational file system are inherited user groups, said inherited user groups having access permissions to said organizational file system which are inherited from other user groups; to ascertain whether any of said unique user groups are redundant with any of said inherited user groups; and responsive to said ascertaining whether any of said unique user groups are redundant with any of said inherited user groups, to eliminate from said multiplicity of user groups having access permissions to said organization file system, said unique user groups having access permissions to said organization file system which are redundant with said inherited user groups.
-
-
2. An access permissions management method comprising:
-
communicating with an organizational file system and with an access control list associated therewith. and collecting access information from said organizational file system and from said access control list in an ongoing manner, responsive to said collecting access information; ascertaining which of a multiplicity of user groups having access permissions to said organization file system are unique user groups, said unique user groups having access permissions which are not inherited from other user groups; ascertaining which of said multiplicity of user groups having access permissions to said organization file system are inherited user groups, said inherited user groups having access permissions to said organizational file system which are inherited from other user groups; ascertaining whether any of said unique user groups are redundant with any of said inherited user groups; and responsive to said ascertaining whether any of said unique user groups are redundant with any of said inherited user groups, eliminating from said multiplicity of user groups having access permissions to said organization file system, said unique user groups which are redundant with said inherited user groups; and providing and storing a redundancy reduced information stream, said redundancy reduced information stream comprising information relating to a subset of a set of user groups having access permissions to said organization file system.
-
Specification