DELEGATED PRIVILEGED ACCESS GRANTS

US 20160092802A1
Filed: 08/06/2015
Published: 03/31/2016
Est. Priority Date: 09/25/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor; and

a memory device including instructions that, when executed by a processor, cause the processor to;

enable creation of a first resource group comprising a first subset of resources from a plurality of resources, a number of resources in the first resource group being less than a number of resources in the plurality of resources;

assign to each administrative entity in a first group of administrative entities, a first set of privileges on the first resource group; and

assign to each administrative entity in a second group of administrative entities, a second set of privileges on a second resource group, the first resource group being different from the second resource group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A privileged account management system is provided that controls the management and access of resources within the organization. Resources may include target systems and accounts of the organization. In an embodiment, the privileged account management system is configured to enable the creation of one or more resource groups. A resource group includes a subset of a plurality of resources provided by the organization. In certain embodiments, the privileged account management system is configured to define one or more groups of administrative entities within the organization and assign to each administrative entity in a group of administrative entities, a set of privileges on a resource group. In certain embodiments, the privileged account manager system may be configured to enable an administrative entity from a group of administrative entities to delegate a subset of privileges associated with a resource group to a user entity not in the group of administrative entities.

39 Citations

View as Search Results

20 Claims

1. A system comprising:
- a processor; and
  
  a memory device including instructions that, when executed by a processor, cause the processor to;
  
  enable creation of a first resource group comprising a first subset of resources from a plurality of resources, a number of resources in the first resource group being less than a number of resources in the plurality of resources;
  
  assign to each administrative entity in a first group of administrative entities, a first set of privileges on the first resource group; and
  
  assign to each administrative entity in a second group of administrative entities, a second set of privileges on a second resource group, the first resource group being different from the second resource group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14)
- - 2. The system of claim 1, wherein the processor is further configured to:
    - enable a first administrative entity from the first group of administrative entities to delegate a subset of the first set of privileges associated with the first resource group to a user entity or a group of user entities not in the first group of administrative entities.
  - 3. The system of claim 2, wherein information related to delegation of the subset of the first set of privileges is stored in a delegation policy.
  - 4. The system of claim 3, wherein the information related to the delegation comprises location-based policies or temporal policies associated with the delegation of the subset of the first set of privileges.
  - 5. The system of claim 1, wherein the plurality of resources comprise at least one of one or more accounts or one or more target systems of the organization.
  - 6. The system of claim 1, wherein the plurality of resources comprise one or more sub-resource groups comprising at least one or more accounts or one or more target systems of the organization.
  - 7. The system of claim 1, wherein the first set of privileges and the second set of privileges comprise at least one of security administration privileges or user manager administration privileges associated with the first resource group or the second resource group.
  - 8. The system of claim 2, wherein the processor is further configured to provide, to the user entity or the group of user entities, access to the resources in the first resource group upon delegation of the subset of the first set of privileges.
  - 13. The method of claim 1, wherein the plurality of resources comprise at least one of one or more accounts or one or more target systems of the organization.
  - 14. The method of claim 1, wherein the first set of privileges and the second set of privileges comprise at least one of security administration privileges or user manager administration privileges associated with the first resource group or the second resource group.

9. A computer-implemented method comprising:
- enabling creation, by a computer system, of a first resource group comprising a first subset of resources from a plurality of resources, a number of resources in the first resource group being less than a number of resources in the plurality of resources;
  
  assigning, by the computer system, to each administrative entity in a first group of administrative entities, a first set of privileges on the first resource group; and
  
  assigning, by the computer system, to each administrative entity in a second group of administrative entities, a second set of privileges on a second resource group, the first resource group being different from the second resource group.
- View Dependent Claims (10, 11, 12, 15)
- - 10. The computer-implemented method of claim 9, further comprising:
    - enabling a first administrative entity from the first group of administrative entities to delegate a subset of the first set of privileges associated with the first resource group to a user entity or a group of user entities not in the first group of administrative entities.
  - 11. The method of claim 10, wherein information related to delegation of the subset of the first set of privileges is stored in a delegation policy.
  - 12. The method of claim 11, wherein the information related to the delegation comprises location-based policies or temporal policies associated with the delegation of the subset of the first set of privileges.
  - 15. The method of claim 10, further comprising providing to the user entity or the group of user entities, by the computing system, access to the resources in the first resource group upon delegation of the subset of the first set of privileges.

16. A non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
- instructions that cause the one or more processors to enable creation of a first resource group comprising a first subset of resources from a plurality of resources, a number of resources in the first resource group being less than a number of resources in the plurality of resources;
  
  instructions that cause the one or more processors to assign to each administrative entity in a first group of administrative entities, a first set of privileges on the first resource group; and
  
  instructions that cause the one or more processors to assign to each administrative entity in a second group of administrative entities, a second set of privileges on a second resource group, the first resource group being different from the second resource group.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable media of claim 16, the instructions further comprising instructions that cause the one or more processors to:
    - enable a first administrative entity from the first group of administrative entities to delegate a subset of the first set of privileges associated with the first resource group to a user entity or a group of user entities not in the first group of administrative entities.
  - 18. The computer-readable media of claim 17, wherein information related to delegation of the subset of the first set of privileges is stored in a delegation policy.
  - 19. The computer-readable media of claim 16, the instructions further comprising instructions that cause the one or more processors to provide, to the user entity or the group of user entities, access to the resources in the first resource group upon delegation of the subset of the first set of privileges.
  - 20. The computer-readable media of claim 17, wherein the first set of privileges and the second set of privileges comprise at least one of security administration privileges or user manager administration privileges associated with the first resource group or the second resource group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Theebaprakasam, Arun, Shih, Kuang-Yu, Wang, Zhe

Granted Patent

US 10,482,404 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 10/0631 Resource planning, allocati...

DELEGATED PRIVILEGED ACCESS GRANTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DELEGATED PRIVILEGED ACCESS GRANTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links