Enterprise entitlement framework

US 20080060058A1
Filed: 08/31/2006
Published: 03/06/2008
Est. Priority Date: 08/31/2006
Status: Active Grant

First Claim

Patent Images

1. A computer readable medium storing a data infrastructure for managing a privilege corresponding to a resource type, the data infrastructure comprising:

a hierarchy object defining a hierarchy structure associated with the resource type, wherein the resource type corresponds to one or more applications to which the privilege applies and wherein the hierarchy structure includes a hierarchy node;

a hierarchy node object configured to store the hierarchy node; and

a resource attribute set object storing a set of one or more resource attributes, wherein the one or more attributes include at least one of a hierarchy attribute and a list item attribute,wherein a scope of the privilege is defined based on the one or more resource attributes, andwherein the scope of the privilege is automatically redefined in response to a modification to a component of the infrastructure.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for managing privilege information across multiple applications and/or databases is provided. A flexible and extensible privilege management infrastructure may be implemented to store and manage various types of privileges, access rights and resources. The privilege management infrastructure may include a variety of data objects and structures configured to store various components and/or aspects of a privilege. The data objects may include resource type objects, user objects, role objects, action objects, resource attribute objects, list item object and/or hierarchy objects. The data objects defined for a particular privilege may further be linked according to relationships between one or more objects. The privilege management infrastructure is extensible for use with new applications by defining new objects compatible with the privilege structures of the new applications.

109 Citations

View as Search Results

20 Claims

1. A computer readable medium storing a data infrastructure for managing a privilege corresponding to a resource type, the data infrastructure comprising:
- a hierarchy object defining a hierarchy structure associated with the resource type, wherein the resource type corresponds to one or more applications to which the privilege applies and wherein the hierarchy structure includes a hierarchy node;
  
  a hierarchy node object configured to store the hierarchy node; and
  
  a resource attribute set object storing a set of one or more resource attributes, wherein the one or more attributes include at least one of a hierarchy attribute and a list item attribute,wherein a scope of the privilege is defined based on the one or more resource attributes, andwherein the scope of the privilege is automatically redefined in response to a modification to a component of the infrastructure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer readable medium of claim 1, wherein the hierarchy node object is configured by modifying data associated with one or more parameters of the node object.
  - 3. The computer readable medium of claim 2, wherein the hierarchy node object specifies a level in the hierarchy structure to which the hierarchy node belongs.
  - 4. The computer readable medium of claim 1, wherein the data infrastructure further includes a privilege action map object storing a privilege action map, wherein the privilege action map identifies one or more actions corresponding to the privilege.
  - 5. The computer readable medium of claim 1, wherein the component of the infrastructure includes at least one of the hierarchy structure, the set of one or more resource attributes and an item list.
  - 6. The computer readable medium of claim 1, wherein the data infrastructure further includes a privilege cascade object storing a privilege cascade, wherein the privilege cascade identifies one or more additional hierarchy nodes to which the privilege applies based on a specified characteristic.
  - 7. The computer readable medium of claim 6, wherein the specified characteristic includes a hierarchy node relationship.
  - 8. The computer readable medium of claim 7, wherein the node relationship includes children.
  - 9. The computer readable medium of claim 1, wherein the data infrastructure further comprises a privilege rule object defining a privilege rule for qualifying the privilege.
  - 10. The computer readable medium of claim 1, wherein a validity of the privilege for a user depends on an evaluation of one or more characteristics of the user based on a privilege rule.

11. A computer readable medium storing a data model for managing privileges, the data model comprising:
- a privilege object storing a privilege corresponding to a resource type;
  
  a hierarchy object storing a hierarchy structure having a hierarchy node, wherein the hierarchy structure is defined based on the resource type;
  
  a list object storing a target item list, wherein a target item to which the privilege applies is selected from the target item list; and
  
  a privilege cascade object storing a privilege cascade that specifies a characteristic, wherein a scope of the privilege is modified based on the specified characteristic.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer readable medium of claim 11, wherein the specified characteristic includes at least one of a list item relationship and a hierarchy node relationship.
  - 13. The computer readable medium of claim 12, wherein an additional target item whose relationship with the selected target item matches the list item relationship is added to the scope of the privilege.
  - 14. The computer readable medium of claim 12, wherein an additional hierarchy node whose relationship with the hierarchy node matches the hierarchy node relationship is added to the scope of the privilege.
  - 15. The computer readable medium of claim 11, wherein the specific characteristic is membership in the target item list.
  - 16. The computer readable medium of claim 15, wherein the scope of the privilege is automatically updated with a new target item upon the new target item being added to the target item list.

17. A computer readable medium storing a data model, the data model comprising:
- a hierarchy object defining a hierarchy structure associated with a resource type, wherein the hierarchy structure includes one or more hierarchy nodes;
  
  a privilege object storing a privilege, wherein the privilege is at least one of user based and role based;
  
  a resource attribute set object storing a set of one or more resource attributes, wherein the one or more attributes include at least one of a hierarchy attribute and a list item attribute and wherein a scope of the privilege is defined based on the one or more attributes; and
  
  a privilege rule object defining a privilege rule that qualifies the scope of the privilege.
- View Dependent Claims (18, 19, 20)
- - 18. The computer readable medium of claim 17, wherein the privilege rule corresponds to one or more privilege rule types, the one or more privilege rules including at least one of a date range, a time range, a less than date, a numeric range, a list item condition, a value list, greater than qualifications and text matches.
  - 19. The computer readable medium of claim 17, wherein the scope of the privilege is automatically redefined in response to a change in the hierarchy structure.
  - 20. The computer readable medium of claim 17, wherein a validity of the privilege for a user is automatically modified in response to a change in one or more of the user'"'"'s characteristics.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services GmbH (Accenture PLC)
Inventors
Motta, Angelo A., Shea, Michael R., Alfieri, Scott A.

Granted Patent

US 8,931,055 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2145   Inheriting rights or proper...

H04L 63/20   for managing network securi...

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99939   Privileged access

Y10S 707/9994   Distributed or remote access

Y10S 707/99944   Object-oriented database st...

Y10S 707/99945   Object-oriented database st...

Y10S 707/99946   Object-oriented database st...

Y10S 707/99947   Object-oriented database st...

Enterprise entitlement framework

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise entitlement framework

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links