AUTOMATED ROLE ADJUSTMENT IN A COMPUTER SYSTEM
First Claim
1. In association with a computer system wherein a specified role controls user access, the specified role comprises one or more users and one or more permissions, and a set of prespecified rules pertains to the specified role, a computer program product executable in a recordable storage medium comprising:
- instructions for recording access data pertaining to each of a succession of access events in an access log, wherein each event comprises an instance of the computer system being accessed by a particular user;
instructions for analyzing recorded data contained in the access log at selected time intervals, in order to detect one of a plurality of prespecified conditions;
instructions responsive to detecting a prespecified condition, for selectively determining whether any change to the users or to the permissions of the specified role is needed; and
instructions for implementing each needed change to the users or to the permissions.
0 Assignments
0 Petitions
Accused Products
Abstract
An embodiment of the invention is associated with a system having a role for controlling user access, the role comprising users, permissions, and a set of rules. The embodiment records each of a succession of access events in an access log, each event comprising an instance of the system being accessed by a user. The embodiment further analyzes recorded access events in the access log at selected time intervals, to detect a condition or violation of rules of the set of rules. Responsive to detecting a condition or violation, the embodiment selectively determines whether any change to the users or permissions of a specified role is needed. Each needed change is then implemented.
-
Citations
20 Claims
-
1. In association with a computer system wherein a specified role controls user access, the specified role comprises one or more users and one or more permissions, and a set of prespecified rules pertains to the specified role, a computer program product executable in a recordable storage medium comprising:
-
instructions for recording access data pertaining to each of a succession of access events in an access log, wherein each event comprises an instance of the computer system being accessed by a particular user; instructions for analyzing recorded data contained in the access log at selected time intervals, in order to detect one of a plurality of prespecified conditions; instructions responsive to detecting a prespecified condition, for selectively determining whether any change to the users or to the permissions of the specified role is needed; and instructions for implementing each needed change to the users or to the permissions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. In association with an access control system wherein a specified role controls user access, the specified role comprises one or more users and one or more permissions, and a set of prespecified rules pertains to the specified role, a computer system comprising:
-
a bus; a memory connected to the bus, wherein program code is stored on the memory; and a processor unit connected to the bus, wherein the processor unit executes the program code; to record access data pertaining to each of a succession of access events in an access log, wherein each event comprises an instance of the computer system being accessed by a particular user; to analyze recorded data contained in the access log at selected time intervals, in order to detect one of a plurality of prespecified conditions; responsive to detecting a prespecified condition, to selectively determine whether any change to the users or to the permissions of the specified role is needed; and to implement each needed change to the users or to the permissions. - View Dependent Claims (17, 18, 19, 20)
-
Specification