Hierarchical Policy Management

US 20110093917A1
Filed: 06/13/2008
Published: 04/21/2011
Est. Priority Date: 06/13/2008
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a remote access device that requests access to a central resource; and

a computer executing a hierarchical policy manager that determines a policy for allowing the device to access the resource by evaluating access policies at a plurality of precedence levels of a policy hierarchy;

wherein the hierarchical policy manager allows the device to access the resource based on a policy set at the highest precedence level of the policy hierarchy at which access control is specified.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for administering access to a central resource by a remote access device. A system includes a remote access device and a computer executing a hierarchical policy manager. The remote access device requests access to a central resource. The hierarchical policy manager determines a policy for allowing the device to access the resource by evaluating access policies at a plurality of precedence levels of a policy hierarchy. The hierarchical policy manager allows the device to access the resource based on the policy set at the highest precedence level of the policy hierarchy at which access control is specified.

Citations

15 Claims

1. A system, comprising:
- a remote access device that requests access to a central resource; and
  
  a computer executing a hierarchical policy manager that determines a policy for allowing the device to access the resource by evaluating access policies at a plurality of precedence levels of a policy hierarchy;
  
  wherein the hierarchical policy manager allows the device to access the resource based on a policy set at the highest precedence level of the policy hierarchy at which access control is specified.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the hierarchical policy manager allows the device to access the resource based on a policy set at the lowest precedence level of the policy hierarchy at which access control is specified and at which an override flag is set.
  - 3. The system of claim 1, further comprising:
    - a policy selection that assigns no policy at a level of the policy hierarchy; and
      
      a policy selection that allows a user to control a parameter setting from the remote access device.
  - 4. The system of claim 1, wherein a policy determined by the hierarchical policy manager is transmitted to the remote access device and the remote access device applies the policy when accessing the central resource.
  - 5. The system of claim 1, wherein the precedence levels of the policy hierarchy comprise, from high to low precedence, user level, security group level, organizational unit level, role level, and global level, and a policy assigned at the user policy level assigns the policy to an individual user and assigns the policy at the highest level of precedence applicable to the user, and a policy assigned at a global policy level assigns the policy to all users and assigns the policy at the lowest level of the policy hierarchy applicable to a user.
  - 6. The system of claim 1, wherein a level of the policy hierarchy comprises a plurality of groups, each group comprising a policy and the first of the plurality of groups identified by the hierarchical policy manager provides the policy for the level.

7. A method, comprising:
- receiving a request for access to a central resource from a remote access device;
  
  determining a policy for allowing the device to access the resource by evaluating access policies specified at a plurality of hierarchical precedence levels within a policy hierarchy; and
  
  allowing the device to access the resource based on a policy set at the highest precedence level of the policy hierarchy at which access control is specified.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, further comprising providing a determined policy to the remote access device and applying the policy in the remote access device when the remote access device accesses the resource.
  - 9. The method of claim 7, further comprising allowing the device to access the resource based on a policy set at the lowest precedence level of the policy hierarchy at which access control is specified and at which an override flag is set.
  - 10. The method of claim 7, further comprising setting a policy at each of a user, security group, organizational unit, role, and global precedence levels, where each successive level is of lower precedence than the preceding level.
  - 11. The method of claim 7, further comprising setting security group level policy to be the policy of the first identified security group if the security group level of the policy hierarchy comprises a plurality of security groups.

12. A computer program product, comprising:
- a computer useable medium having computer readable program code embodied therein, the computer readable program code comprising;
  
  instructions that receive a request for access to a central resource from a remote access device;
  
  instructions that determine a policy for allowing the device to access the resource by evaluating access policies specified at a plurality of successive hierarchical precedence levels of a policy hierarchy; and
  
  instructions that allow the device to access the resource based on a policy set at the highest precedence level of the policy hierarchy at which access control is specified.
- View Dependent Claims (13, 14, 15)
- - 13. The computer program product of claim 12, further comprising instructions that allow the device to access the resource based on a policy set at the lowest precedence level of the policy hierarchy at which access control is specified and at which an override flag is set.
  - 14. The computer program product of claim 12, further comprising instructions that evaluate access policies at each of a user level, a security group level, an organizational unit level, a role level, and a global level, where each successive level is of lower precedence than the preceding level.
  - 15. The computer program product of claim 12, further comprising instructions that set a policy for a level to be a policy of the first group identified for the level if the level comprises a plurality of groups.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Hochmuth, Roland M., Pham, Quoc P., Popesicu, Valentin, Flynn, Thomas J., Alcorn, Byron A, Walls, Jeffrey J.

Granted Patent

US 8,533,775 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Hierarchical Policy Management

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical Policy Management

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links