DELEGATED PRIVILEGED ACCESS GRANTS
First Claim
1. A system comprising:
- a processor; and
a memory device including instructions that, when executed by a processor, cause the processor to;
enable creation of a first resource group comprising a first subset of resources from a plurality of resources, a number of resources in the first resource group being less than a number of resources in the plurality of resources;
assign to each administrative entity in a first group of administrative entities, a first set of privileges on the first resource group; and
assign to each administrative entity in a second group of administrative entities, a second set of privileges on a second resource group, the first resource group being different from the second resource group.
1 Assignment
0 Petitions
Accused Products
Abstract
A privileged account management system is provided that controls the management and access of resources within the organization. Resources may include target systems and accounts of the organization. In an embodiment, the privileged account management system is configured to enable the creation of one or more resource groups. A resource group includes a subset of a plurality of resources provided by the organization. In certain embodiments, the privileged account management system is configured to define one or more groups of administrative entities within the organization and assign to each administrative entity in a group of administrative entities, a set of privileges on a resource group. In certain embodiments, the privileged account manager system may be configured to enable an administrative entity from a group of administrative entities to delegate a subset of privileges associated with a resource group to a user entity not in the group of administrative entities.
39 Citations
20 Claims
-
1. A system comprising:
-
a processor; and a memory device including instructions that, when executed by a processor, cause the processor to; enable creation of a first resource group comprising a first subset of resources from a plurality of resources, a number of resources in the first resource group being less than a number of resources in the plurality of resources; assign to each administrative entity in a first group of administrative entities, a first set of privileges on the first resource group; and assign to each administrative entity in a second group of administrative entities, a second set of privileges on a second resource group, the first resource group being different from the second resource group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14)
-
-
9. A computer-implemented method comprising:
-
enabling creation, by a computer system, of a first resource group comprising a first subset of resources from a plurality of resources, a number of resources in the first resource group being less than a number of resources in the plurality of resources; assigning, by the computer system, to each administrative entity in a first group of administrative entities, a first set of privileges on the first resource group; and assigning, by the computer system, to each administrative entity in a second group of administrative entities, a second set of privileges on a second resource group, the first resource group being different from the second resource group. - View Dependent Claims (10, 11, 12, 15)
-
-
16. A non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
-
instructions that cause the one or more processors to enable creation of a first resource group comprising a first subset of resources from a plurality of resources, a number of resources in the first resource group being less than a number of resources in the plurality of resources; instructions that cause the one or more processors to assign to each administrative entity in a first group of administrative entities, a first set of privileges on the first resource group; and instructions that cause the one or more processors to assign to each administrative entity in a second group of administrative entities, a second set of privileges on a second resource group, the first resource group being different from the second resource group. - View Dependent Claims (17, 18, 19, 20)
-
Specification