Method, system, and software for enterprise access management control
First Claim
Patent Images
1. A computer implemented method of providing enterprise access management control, comprising the steps of:
- receiving respective access management control schemas from a plurality of registered applications;
centrally storing, in an access control data store, the respective received access management control schemas associated with their respective registered applications; and
providing, from the access control data store, a particular access management control schema to a requesting one of the plurality of applications when the requesting one of the plurality of applications first loads up, wherein the particular access control schema is stored associated with the requesting one of the plurality of applications in the access control data store, wherein the requesting one of the plurality of applications loads up the particular access control schema to control access to the application and components accessed by the application based on the particular access control schema.
28 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and software for automated enterprise access management control includes an access manager service that receives access management control schemas from a plurality of registered application. An access management data store stores the received access management control schemas associated with their respective registered applications, and the access management service provides a respective access management control schema to a requesting one of the plurality of applications.
-
Citations
33 Claims
-
1. A computer implemented method of providing enterprise access management control, comprising the steps of:
-
receiving respective access management control schemas from a plurality of registered applications;
centrally storing, in an access control data store, the respective received access management control schemas associated with their respective registered applications; and
providing, from the access control data store, a particular access management control schema to a requesting one of the plurality of applications when the requesting one of the plurality of applications first loads up, wherein the particular access control schema is stored associated with the requesting one of the plurality of applications in the access control data store, wherein the requesting one of the plurality of applications loads up the particular access control schema to control access to the application and components accessed by the application based on the particular access control schema. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
receiving privilege sets for users of a registered application; and
storing the received privilege sets for users of the registered application.
-
-
3. The computer implemented method according to claim 1, wherein the access control schema includes access control rules that control access to at least one of data or actions.
-
4. The computer implemented method according to claim 1, further comprising the steps of:
-
receiving an application identifier of one of the registered applications from an administrator; and
generating and displaying an administrative user interface with the administrator'"'"'s choices limited by the content of the access control schema for the application identified by the application identifier.
-
-
5. The method according to claim 1, wherein the particular access control schema controls access to the requesting one of the plurality of applications at an application layer level.
-
6. The computer implemented method according to claim 2, further comprising the steps:
-
receiving a request for a privilege set of a user of the registered application from the registered application; and
returning the requested privilege set to the registered application.
-
-
7. The computer implemented method according to claim 3, wherein the access control schema includes privilege sets that are available for assignment to users.
-
8. The method according to claim 5, wherein the plurality of applications execute on a same host computer.
-
9. The computer implemented method according to claim 6, further comprising the step of the registered application verifying an action request from the user against the returned privilege set and granting or denying the action request based on the results of verifying the action request.
-
10. The computer implemented method according to claim 7, wherein the privilege sets are defined for principals that include users, companies, or roles.
-
11. The computer implemented method according to claim 10, wherein the access control rules define which actions are permissible for which principals.
-
12. A computer readable data storage medium having program code recorded thereon that, when executed, causes a computing system to provide enterprise access management control, the program code comprising:
-
a first program code for receiving respective access management control schemas from a plurality of registered applications;
a second program code for centrally storing, in an access control data store, the respective received access management control schemas associated with their respective registered applications; and
a third program code for providing, from the access control data store, a particular access management control schema to a requesting one of the plurality of applications when the requesting one of the plurality of applications first loads up, wherein the particular access control schema is stored associated with the requesting one of the plurality of applications in the access control data store, wherein the requesting one of the plurality of applications loads up the particular access control schema to control access to the application and components accessed by the application based on the particular access control schema. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
a fourth program code that receives user privilege sets for users of a registered application; and
a fifth program code that stores the received user privilege sets for users of the registered application.
-
-
14. The computer readable data storage medium according to claim 12, wherein the access control schema includes access control rules that control access to at least one of data or actions.
-
15. The computer readable data storage medium according to claim 12, further comprising:
-
a fourth program code that receives an application identifier from an administrator; and
a fifth program code that generates and displays an administrative user interface with the administrator'"'"'s choices limited based on the content of the access control schema for the application identified by the application identifier.
-
-
16. The computer readable data storage medium according to claim 12, wherein the particular access control schema controls access to the requesting one of the plurality of applications at an application layer level.
-
17. The computer readable data storage medium according to claim 13, further comprising:
-
a sixth program code that receives a request for a user privilege set of a user of the registered application from the registered application; and
a seventh program code that returns the requested user privilege set to the registered application.
-
-
18. The computer readable data storage medium according to claim 14, wherein the access control schema includes privilege sets that are available for assignments to principals.
-
19. The computer readable data storage medium according to claim 16, wherein the plurality of applications execute on a same host computer.
-
20. The computer readable data storage medium according to claim 17, wherein the registered application verifies an action request from a user against the returned user privilege set and grants or denies the action request based on the results of verifying the action request.
-
21. The computer readable data storage medium according to claim 18, wherein the privilege sets are defined for principals that include users, companies, or roles.
-
22. The computer readable data storage medium according to claim 21, wherein the access control rules define which actions are permissible for which principals.
-
23. A system for automated enterprise access management control comprises:
-
an access manager service that receives respective access management control schemas from a plurality of registered applications; and
an access control data store that stores the respective received access management control schemas associated with the respective registered applications, wherein the access management service provides, from the access control data store, a particular access management control schema to a requesting one of the plurality of applications when the requesting one of the plurality of applications first loads up, wherein the particular access control schema is stored associated with the requesting one of the plurality of applications in the access management data store, wherein the requesting one of the plurality of applications loads up the particular access management control schema to control access to the application and components accessed by the application based on the particular access management control schema. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
wherein the access manager service returns the requested privilege set to the registered application. -
29. The system according to claim 24, wherein the access manager toolkit of the registered application verifies an action request from a user against the returned privilege set to grant or deny access to the user based on results of the verification.
-
30. The system according to claim 25, wherein the access management control schema includes privilege sets that are available for assignment to principals.
-
31. The system according to claim 27, wherein the plurality of applications execute on a same host computer.
-
32. The system according to claim 30, wherein the privilege sets are defined for principals that include users, companies, or roles.
-
33. The system according to claim 32, wherein the access control rules define which actions are permissible for which users.
-
Specification