Policy implementation delegation
First Claim
1. A computer-implemented method for delegating policy implementation, comprising:
- parsing a policy to determine a minimum set of access rights needed to implement the policy;
analyzing a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
identifying at least one user from the set of users to implement the policy for the computerized resource.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention allows a user (e.g., a policy implementer) to be identified and delegated responsibility for implementing a policy. This can occur, implicitly, semi-implicitly or explicitly. In a typical embodiment, a policy provided (e.g., by a policy owner) is automatically parsed to determine a minimum set of access rights needed to implement the policy. For example, the policy might indicate that an implementing user only needs simple read privileges. Alternatively, the policy might require read/write privileges. In any event, a list (e.g., an access control list) will be analyzed to identify a set (e.g., one or more) of users of a computerized resource subject to the policy that meets the minimum set of access rights. Once this set of users has been identified, a hierarchy can be optionally analyzed to determine who among the set of users is permitted to implement the policy.
52 Citations
26 Claims
-
1. A computer-implemented method for delegating policy implementation, comprising:
-
parsing a policy to determine a minimum set of access rights needed to implement the policy;
analyzing a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
identifying at least one user from the set of users to implement the policy for the computerized resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for delegating policy implementation, comprising:
-
a system for parsing a policy to determine a minimum set of access rights needed to implement the policy;
a system for analyzing a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
a system for identifying at least one user from the set of users to implement the policy for the computerized resource. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A program product stored on a computer readable medium for delegating policy implementation, the computer readable medium including program code, which when executed on a computer causes the computer to:
-
parse a policy to determine a minimum set of access rights needed to implement the policy;
analyze a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
identify at least one user from the set of users to implement the policy for the computerized resource. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for deploying an application for delegating policy implementation:
providing a computer infrastructure being operable to;
parse a policy to determine a minimum set of access rights needed to implement the policy;
analyze a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
identify at least one user from the set of users to implement the policy for the computerized resource. - View Dependent Claims (26)
Specification