ENTITLEMENT LIFECYCLE MANAGEMENT IN A RESOURCE MANAGEMENT SYSTEM

US 20120102489A1
Filed: 10/26/2010
Published: 04/26/2012
Est. Priority Date: 10/26/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for creating an entitlement resource in a resource management system, the method comprising:

receiving a user request to create a new entitlement related to accessing a target resource;

receiving one or more properties that define a scope of the new entitlement;

creating an entitlement resource for storing and managing information about the new entitlement;

setting an entitlement type on the created entitlement resource that identifies the resource as representing an entitlement;

storing the created entitlement resource in a resource store of the resource management system;

responding to the user request indicating the outcome of creating the new entitlement;

applying policy to create, update, or delete the resource which the connected system uses as a basis of controlling access or permission, in order to realize the policy intent of the entitlement; and

synchronizing the resource to a connected system,wherein the preceding steps are performed by at least one processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An entitlement management system is described herein that models each entitlement as a resource within a resource management system. In a resource management system that applies policy to all requests to create, update, and delete a resource, this approach allows rich application of policy to the creation, delegation, renewal, expiration, and deletion of entitlements. A resource management system that can synchronize data to connected systems can thereby grant or revoke these permissions in those systems. This approach also facilitates role mining, attestation, and compliance reporting. Entitlements stored as resources may also include properties, such as workflows and policies related to the entitlements. Thus, the entitlement management system provides a more formal and automated facility for managing entitlements in organizations.

Citations

20 Claims

1. A computer-implemented method for creating an entitlement resource in a resource management system, the method comprising:
- receiving a user request to create a new entitlement related to accessing a target resource;
  
  receiving one or more properties that define a scope of the new entitlement;
  
  creating an entitlement resource for storing and managing information about the new entitlement;
  
  setting an entitlement type on the created entitlement resource that identifies the resource as representing an entitlement;
  
  storing the created entitlement resource in a resource store of the resource management system;
  
  responding to the user request indicating the outcome of creating the new entitlement;
  
  applying policy to create, update, or delete the resource which the connected system uses as a basis of controlling access or permission, in order to realize the policy intent of the entitlement; and
  
  synchronizing the resource to a connected system,wherein the preceding steps are performed by at least one processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein receiving the request comprises receiving the request through a user interface provided by the system for managing entitlements.
  - 3. The method of claim 1 wherein receiving one or more properties comprises receiving a duration of the entitlement, after which the entitlement expires if the entitlement is not renewed, and further comprising, upon expiration of the entitlement, disabling or revoking access to the target resource.
  - 4. The method of claim 1 wherein receiving one or more properties comprises receiving a resource type associated with the entitlement that identifies the resource as an entitlement.
  - 5. The method of claim 1 wherein receiving one or more properties comprises extracting the properties as parameters from the received request.
  - 6. The method of claim 1 wherein receiving one or more properties comprises receiving a workflow associated with the entitlement that is executed upon a particular action taken related to the entitlement.
  - 7. The method of claim 1 wherein creating the entitlement resource comprises creating a resource to represent the entitlement that is stored alongside other types of resources in the resource management system.
  - 8. The method of claim 1 wherein creating the entitlement resource comprises distinguishing the entitlement resource from other resources managed by the system by setting the entitlement resource type.
  - 9. The method of claim 1 wherein storing the entitlement resource comprises storing the entitlement resource alongside other resource types managed by the resource management system so that entitlements can be tracked and reported on like other resource types.
  - 10. The method of claim 1 wherein storing the entitlement resource comprises storing the entitlement resource alongside other resource types managed by the resource management system to allow the system to automatically manage the entitlement life cycle.
  - 11. The method of claim 1 further comprising synchronizing the stored entitlement resource with another environment in an organization that is affected by the new entitlement.

12. A computer system for entitlement lifecycle management in an organization, the system comprising:
- a processor and memory configured to execute software instructions embodied by the following components;
  
  a user interface component configured to provide an interface through which one or more administrators can access the system to create and manage entitlements modeled as resources, wherein an entitlement describes access rights of one resource with respect to another resource;
  
  a resource store configured to store information describing each of the resources managed by the system, wherein the resources include one or more entitlements modeled as resources that describe one resource'"'"'s rights to access another resource;
  
  an entitlement creation component configured to create an entitlement represented by a resource in the resource store;
  
  an entitlement expiration component configured to handle expiration of entitlements represented by resources;
  
  an entitlement renewal component configured to handle renewal of expiring entitlements;
  
  an entitlement synchronization component configured to synchronize entitlement resources between multiple environments within the organization; and
  
  an entitlement auditing component configured to generate one or more reports that identify entitlements managed by the system.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12 wherein the processor and memory execute the software instructions within a virtual machine environment that emulates a physical machine.
  - 14. The system of claim 12 wherein the resource store is further configured to store one or more workflows associated with each entitlement resource, wherein the workflows specify business logic to be executed upon an occurrence of an event related to an entitlement resource.
  - 15. The system of claim 12 wherein the entitlement creation component is further configured to set one or more properties of the entitlement resource, wherein the properties include at least a resource type that identifies the resource as an entitlement resource.
  - 16. The system of claim 12 wherein the entitlement creation component is further configured to provide an interface exposed by the user interface component through which administrators or other users can access the entitlement creation component to create new entitlements.
  - 17. The system of claim 12 wherein the entitlement expiration component is further configured to periodically run a process that identifies entitlement resources that are due to expire, and, upon identifying an expiring entitlement resource, to remove the entitlement and inform a related connected system to remove one resource'"'"'s rights to access another resource.
  - 18. The system of claim 12 wherein the entitlement expiration component is further configured to periodically run a process that identifies entitlement resources that are due to expire, and, upon identifying an expiring entitlement resource, to execute business process logic for handling the expiring entitlement.
  - 19. The system of claim 12 wherein the entitlement renewal component is further configured to handle entitlement renewal by sending a notification to a user in the organization indicating the expiring entitlement and offering the user an option to renew the entitlement for a duration.

20. A computer-readable storage medium comprising instructions for controlling a computer system to report on entitlements managed by a resource management system, wherein the instructions, upon execution, cause a processor to perform actions comprising:
- receiving from a requestor a reporting request for auditing one or more entitlements managed by the resource management system;
  
  querying a resource store for resources having an entitlement type, wherein the system stores entitlements as resources with the entitlement type;
  
  receiving one or more entitlements stored as resources by the system;
  
  generating a report that includes the received entitlements; and
  
  sending the generated report to the requestor in response to the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wahl, Mark, Staiman, Jeffrey A.

Granted Patent

US 8,490,152 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06Q 10/0631 Resource planning, allocati...

ENTITLEMENT LIFECYCLE MANAGEMENT IN A RESOURCE MANAGEMENT SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ENTITLEMENT LIFECYCLE MANAGEMENT IN A RESOURCE MANAGEMENT SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links