ENTITLEMENT LIFECYCLE MANAGEMENT IN A RESOURCE MANAGEMENT SYSTEM
First Claim
1. A computer-implemented method for creating an entitlement resource in a resource management system, the method comprising:
- receiving a user request to create a new entitlement related to accessing a target resource;
receiving one or more properties that define a scope of the new entitlement;
creating an entitlement resource for storing and managing information about the new entitlement;
setting an entitlement type on the created entitlement resource that identifies the resource as representing an entitlement;
storing the created entitlement resource in a resource store of the resource management system;
responding to the user request indicating the outcome of creating the new entitlement;
applying policy to create, update, or delete the resource which the connected system uses as a basis of controlling access or permission, in order to realize the policy intent of the entitlement; and
synchronizing the resource to a connected system,wherein the preceding steps are performed by at least one processor.
2 Assignments
0 Petitions
Accused Products
Abstract
An entitlement management system is described herein that models each entitlement as a resource within a resource management system. In a resource management system that applies policy to all requests to create, update, and delete a resource, this approach allows rich application of policy to the creation, delegation, renewal, expiration, and deletion of entitlements. A resource management system that can synchronize data to connected systems can thereby grant or revoke these permissions in those systems. This approach also facilitates role mining, attestation, and compliance reporting. Entitlements stored as resources may also include properties, such as workflows and policies related to the entitlements. Thus, the entitlement management system provides a more formal and automated facility for managing entitlements in organizations.
-
Citations
20 Claims
-
1. A computer-implemented method for creating an entitlement resource in a resource management system, the method comprising:
-
receiving a user request to create a new entitlement related to accessing a target resource; receiving one or more properties that define a scope of the new entitlement; creating an entitlement resource for storing and managing information about the new entitlement; setting an entitlement type on the created entitlement resource that identifies the resource as representing an entitlement; storing the created entitlement resource in a resource store of the resource management system; responding to the user request indicating the outcome of creating the new entitlement; applying policy to create, update, or delete the resource which the connected system uses as a basis of controlling access or permission, in order to realize the policy intent of the entitlement; and synchronizing the resource to a connected system, wherein the preceding steps are performed by at least one processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for entitlement lifecycle management in an organization, the system comprising:
-
a processor and memory configured to execute software instructions embodied by the following components; a user interface component configured to provide an interface through which one or more administrators can access the system to create and manage entitlements modeled as resources, wherein an entitlement describes access rights of one resource with respect to another resource; a resource store configured to store information describing each of the resources managed by the system, wherein the resources include one or more entitlements modeled as resources that describe one resource'"'"'s rights to access another resource; an entitlement creation component configured to create an entitlement represented by a resource in the resource store; an entitlement expiration component configured to handle expiration of entitlements represented by resources; an entitlement renewal component configured to handle renewal of expiring entitlements; an entitlement synchronization component configured to synchronize entitlement resources between multiple environments within the organization; and an entitlement auditing component configured to generate one or more reports that identify entitlements managed by the system. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-readable storage medium comprising instructions for controlling a computer system to report on entitlements managed by a resource management system, wherein the instructions, upon execution, cause a processor to perform actions comprising:
-
receiving from a requestor a reporting request for auditing one or more entitlements managed by the resource management system; querying a resource store for resources having an entitlement type, wherein the system stores entitlements as resources with the entitlement type; receiving one or more entitlements stored as resources by the system; generating a report that includes the received entitlements; and sending the generated report to the requestor in response to the request.
-
Specification