SYSTEM FOR PROVISIONING DIVERSE TYPES OF RESOURCES THROUGH A UNIFIED INTERFACE
First Claim
1. A computer-implemented method comprising:
- in response to detecting an occurrence of a first type of event relative to a user, automatically provisioning, to the user, access to at least (a) a first resource that is of a first resource type and (b) a second resource that is of a second resource type that differs from the first resource type; and
in response to detecting an occurrence of a second type of event relative to the user, automatically revoking, from the user, access to both the first resource and the second resource;
wherein said first resource is a specific instance of an abstract resource concept;
wherein said second resource is a specific instance of said abstract resource concept;
wherein said provisioning and said revocation are performed by a system that unifies a data model, a resource privilege model, and a user interface; and
wherein the method is performed by one or more computing devices.
2 Assignments
0 Petitions
Accused Products
Abstract
By using a unified generic resource provisioning system, all of an organization'"'"'s resources may be provisioned through a single user interface system, a single cohesive data model, and a single consistent model of access. The system described herein provisions an organization'"'"'s resources to both new and existing employees in response to different employee events. For example, in response to a single event that indicates that an employee has been hired by the company, he is automatically given access to a phone, a badge, a virtual machine, and SSL certificates that he can use during his employment with the company. Much later, when the same employee terminates his employment with the company, that employee'"'"'s access to all of these resources is revoked in response to another single event, such as an event originating from a human resources department, indicating that employee'"'"'s last date of hire with the company.
37 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
in response to detecting an occurrence of a first type of event relative to a user, automatically provisioning, to the user, access to at least (a) a first resource that is of a first resource type and (b) a second resource that is of a second resource type that differs from the first resource type; and in response to detecting an occurrence of a second type of event relative to the user, automatically revoking, from the user, access to both the first resource and the second resource; wherein said first resource is a specific instance of an abstract resource concept; wherein said second resource is a specific instance of said abstract resource concept; wherein said provisioning and said revocation are performed by a system that unifies a data model, a resource privilege model, and a user interface; and wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 8, 11, 12, 13, 14, 15, 16, 18)
-
-
7. A computer-implemented method comprising:
-
receiving, from a user, a first request to provision a specified resource for use in a specified project; in response to the first request, determining, based on a particular rule within a set of stored rules, whether less than a specified maximum quantity of resources of a same type as a particular type of the specified resource have been provisioned for use with the specified project; and in response to determining that less than the specified maximum quantity of resources of the particular type have been provisioned for use with the specified project, forwarding the first request to a service provider that provisions resources of the particular type; and in response to the service provider provisioning a resource of the particular type, updating stored data that indicates a quantity of resources of the particular type that are currently provisioned for use with the specified project; wherein the method is performed by one or more computing devices. - View Dependent Claims (17)
-
-
9. A computer-implemented method comprising:
-
storing data that defines a hierarchical tree of nodes in which at least some nodes are associated with one or more resources and one or more users; in response to a request, from a first user, to access a particular resource that is associated with a particular node of the tree, determining whether the first user is associated with a node that is either the particular node or an ancestor of the particular node in the tree; and in response to determining that the first user is associated with a node that is either the particular node or an ancestor of the particular node in the tree, granting the first user access to the particular resource; wherein the method is performed by one or more computing devices. - View Dependent Claims (10, 19, 20)
-
Specification