Methods and systems for managing user access to computer software application programs

US 7,401,083 B2
Filed: 05/23/2005
Issued: 07/15/2008
Est. Priority Date: 05/23/2005
Status: Active Grant

First Claim

Patent Images

1. A method of operating a computer system, the method comprising:

installing a plurality of application software programs in a plurality of server computers in said computer system;

defining user access assignments in said server computers for each of said application software programs for a respective plurality of users;

loading user access assignment data from each of said plurality of servers to an authorization monitoring server computer in said computer system;

storing, in a user access repository in said authorization monitoring server computer, said loaded user access assignment data, said loaded user access assignment data representing all of said user access assignments;

defining a user access rule, said user access rule forbidding at least one user access assignment or at least one combination of user access assignments; and

analyzing said user access assignment data stored in said user access repository to determine whether said user access rule is violated by said user access assignments.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to some embodiments, a method of operating a computer system includes installing a plurality of application software programs in the computer system. The method further includes defining user access assignments for each of the application software programs for a respective plurality of users. The method further includes storing, in a user access repository, data which represents all of the user access assignments. The method further includes defining a user access rule, and analyzing the data in the user access repository to determine whether the user access rule is violated by the user access assignments.

28 Citations

View as Search Results

35 Claims

1. A method of operating a computer system, the method comprising:
- installing a plurality of application software programs in a plurality of server computers in said computer system;
  
  defining user access assignments in said server computers for each of said application software programs for a respective plurality of users;
  
  loading user access assignment data from each of said plurality of servers to an authorization monitoring server computer in said computer system;
  
  storing, in a user access repository in said authorization monitoring server computer, said loaded user access assignment data, said loaded user access assignment data representing all of said user access assignments;
  
  defining a user access rule, said user access rule forbidding at least one user access assignment or at least one combination of user access assignments; and
  
  analyzing said user access assignment data stored in said user access repository to determine whether said user access rule is violated by said user access assignments.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising:
    - generating a report to indicate each user access assignment that violates said user access rule.
  - 3. The method of claim 2, further comprising:
    - displaying said report on a display device of said computer system.
  - 4. The method of claim 2, further comprising:
    - printing said report.
  - 5. The method of claim 1, further comprising:
    - automatically deleting and/or disabling each of said user access assignments that violates said user access rule.
  - 6. The method of claim 1, wherein said user access rule forbids any of said users to have access both to a first one of said applications and to a second one of said applications.
  - 7. The method of claim 1, wherein said user access rule forbids any of said users who is a member of a certain department to have access to a certain one of said applications.
  - 8. The method of claim 1, wherein said user access rule forbids any of said users who is located in a certain office to have access to a certain one of said applications.
  - 9. The method of claim 1, wherein said user access assignment data includes, with respect to at least one of said application software programs, data that indicates respective levels of access granted to users assigned access to said at least one application software program.
  - 10. The method of claim 9, wherein said user access rule forbids any of said users having a certain level of access to a first one of said applications to have access to a second one of said applications.
  - 11. The method of claim 9, wherein said user access rule forbids any of said users having a certain level of access to a first one of said applications to have a certain level of access to a second one of said applications.
  - 12. The method of claim 1, wherein defining said rule includes entering logical connectors together with user and/or application attributes into a screen display.
  - 13. The method of claim 1, wherein said application software programs include at least twenty application software programs.
  - 14. The method of claim 13, wherein said application software programs include at least one hundred application software programs.
  - 15. The method of claim 1, wherein defining user access assignments includes generating access control lists for said application software programs.
  - 16. The method of claim 1, further comprising:
    - proposing a change in an attribute of a user; and
      
      analyzing said user access assignment data to determine whether said user access rule is violated by the proposed change.
  - 17. The method of claim 1, further comprising:
    - proposing a new user access assignment; and
      
      analyzing said user access assignment data to determine whether said user access rule is violated by the proposed new user access assignment.
  - 18. The method of claim 1, further comprising:
    - allowing an administrator to override said rule with respect to a particular user access assignment.

19. A method of operating a computer system, the method comprising:
- installing a plurality of application software programs in a plurality of server computers in said computer system;
  
  defining user access assignments in said server computers for each of said application software programs for a respective plurality of users;
  
  loading user access assignment data from each of said plurality of servers to an authorization monitoring server computer in said computer system;
  
  storing, in a user access repository in said authorization monitoring server computer, said loaded user access assignment data, said loaded user access assignment data representing all of said user access assignments; and
  
  archiving said user access assignment data stored in said user access repository on each of a plurality of occasions.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The method of claim 19, wherein said plurality of occasions includes three occasions.
  - 21. The method of claim 20, wherein said plurality of occasions includes ten occasions.
  - 22. The method of claim 21, further comprising:
    - simultaneously holding in a storage device said archived user access assignment data for all of said plurality of occasions.
  - 23. The method of claim 21, further comprising:
    - on an occasion later than said plurality of occasions, printing a report of all of said user access assignment data archived on all of said plurality of occasions.
  - 24. The method of claim 19, further comprising:
    - defining a user access rule, said user access rule forbidding at least one user access assignment or at least one combination of user access assignments;
      
      analyzing said user access assignment data in said user access repository to determine whether said user access rule is violated by said user access assignments; and
      
      archiving said rule and results of said analyzing step.
  - 25. The method of claim 19, wherein defining user access assignments includes generating access control lists for said application software programs.
  - 26. The method of claim 19, further comprising:
    - auditing said archived data.

27. A method of operating a computer system, the method comprising:
- installing a plurality of application software programs in a plurality of server computers in said computer system;
  
  defining user access assignments in said server computers for each of said application software programs for a respective plurality of users;
  
  loading user access assignment data from each of said plurality of servers to an authorization monitoring server computer in said computer system;
  
  storing, in a user access repository in said authorization monitoring server computer, said loaded user access assignment data, said loaded user access assignment data representing all of said user access assignments;
  
  displaying in a screen display some of said data, said screen display including a display element to indicate that one of said user access assignments is to be revoked;
  
  detecting actuation of said display element; and
  
  responding to said detected actuation of said display element by sending an electronic mail message to a system administrator or another computer system to indicate that said one of said user access assignments is to be revoked.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The method of claim 27, wherein said screen display also includes data to identify a department and a location of a user who corresponds to said one of said user access assignments.
  - 29. The method of claim 27, wherein said display element is a check-box.
  - 30. The method of claim 27, further comprising:
    - displaying in said screen display at least one of;
      
      a display element to indicate that one of said user access assignments is to be allowed; and
      
      a display element to indicate that a forbidden user access assignment is to be allowed by temporarily overriding revocation of user access.
  - 31. The method of claim 27, further comprising:
    - archiving said user access assignment data.
  - 32. The method of claim 27, wherein all user access assignments indicated on said display are for users in a single department and/or location.
  - 33. The method of claim 27, wherein an operator is allowed to override a user access assignment rule.
  - 34. The method of claim 33, wherein said operator is allowed to indicate whether said override is temporary or permanent.
  - 35. The method of claim 34, further comprising:
    - detecting expiration of a temporary rule override; and
      
      providing an indication of a rule violation resulting from said expiration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Goldman Sachs & Co. LLC (Goldman Sachs Group Incorporated)
Original Assignee
Goldman Sachs & Company (Goldman Sachs Group Incorporated)
Inventors
Daemke, Valery, Horsfield, John, Nason, Bonnie, Simuni, Ilya, Sood, Sachindra
Primary Examiner(s)
Ali, Mohammad
Assistant Examiner(s)
Ruiz, Angelica

Application Number

US11/134,973
Publication Number

US 20060265760A1
Time in Patent Office

1,149 Days
Field of Search

705 1- 80, 707 1-200, 709201-209
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

Methods and systems for managing user access to computer software application programs

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for managing user access to computer software application programs

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links