Automated organizational role modeling for role based access controls

US 7,650,633 B2
Filed: 01/04/2007
Issued: 01/19/2010
Est. Priority Date: 01/04/2007
Status: Active Grant

First Claim

Patent Images

1. A method for generating a role based access control model, the method comprising:

accessing existing permissions granted to users in an organizational environment;

analyzing the permissions to create permission characteristics;

performing cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment; and

generating a role based access control model for the organizational environment based on the determined role perspective relationships between individual users of the organizational environment.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally speaking, systems, methods and media for automatically generating a role based access control model (RBAC) for an organizational environment with a role based access control system such as a hierarchical RBAC (HRBAC) system are disclosed. Embodiments may include a method for generating an RBAC model. Embodiments of the method may include accessing existing permissions granted to users of an organizational environment and analyzing the permissions to create permission characteristics. Embodiments of the method may also include performing cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment. Embodiments of the method may also include generating an RBAC model based on the determined role perspective relationships between individual users of the organizational environment. Further embodiments of the method may include where generating the RBAC model includes generating a cladogram based on the determined role perspective relationships.

66 Citations

View as Search Results

20 Claims

1. A method for generating a role based access control model, the method comprising:
- accessing existing permissions granted to users in an organizational environment;
  
  analyzing the permissions to create permission characteristics;
  
  performing cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment; and
  
  generating a role based access control model for the organizational environment based on the determined role perspective relationships between individual users of the organizational environment.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising receiving a request to generate the role based access control model for the organizational environment.
  - 3. The method of claim 1, further comprising providing the generated role based access control model to an access control module of the organizational environment.
  - 4. The method of claim 1, wherein the role based access control model is a hierarchical role based access control model.
  - 5. The method of claim 1, wherein generating a role based access control model comprises generating a cladogram based on the determined role perspective relationships.
  - 6. The method of claim 1, wherein generating a role based access control model comprises receiving an indication of one or more modifications to the determined role perspective relationships.

7. A computer program product comprising a computer-useable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- accessing existing permissions granted to users in an organizational environment;
  
  analyzing the permissions to create permission characteristics;
  
  performing cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment; and
  
  generating a role based access control model for the organizational environment based on the determined role perspective relationships between individual users of the organizational environment.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, further comprising receiving a request to generate the role based access control model for the organizational environment.
  - 9. The computer program product of claim 7, further comprising providing the generated role based access control model to an access control module of the organizational environment.
  - 10. The computer program product of claim 7, wherein the role based access control model is a hierarchical role based access control model.
  - 11. The computer program product of claim 7, wherein generating a role based access control model comprises generating a cladogram based on the determined role perspective relationships.
  - 12. The computer program product of claim 7, wherein generating a role based access control model comprises receiving an indication of one or more modifications to the determined role perspective relationships.

13. A hierarchical role based access control (HRBAC) modeling system, the system comprising:
- an environment interface module to receive an indication of existing permissions granted to users in an organizational environment;
  
  a role mining module in communication with the environment interface module to analyze the permissions to create permission characteristics and to perform cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment; and
  
  a role perspective analyzer module in communication with the role mining module to generate a role based access control model based on the determined role perspective relationships.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, further comprising a user interface module to receive input from an administrator.
  - 15. The system of claim 13, wherein the role mining module further comprises a cladistics analysis sub-module to generate a cladogram for the users of the organizational environment based on the determined role perspective relationships.
  - 16. The system of claim 13, wherein the role perspective analyzer module further comprises a HRBAC model builder to receive an indication of one or more modifications to the determined role perspective relationships and to modify the role perspective relationships in response.

17. A method for providing a hierarchical role based access control (HRBAC) model service to a client, the method comprising:
- receiving an indication of existing permissions granted to users of an organizational environment of the client;
  
  analyzing the permissions to create permission characteristics;
  
  performing cladistics analysis on the permission characteristics and generating an HRBAC model specifying role perspective relationships between individual users of the client organizational environment; and
  
  providing the generated HRBAC model to the client.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising receiving a request from the client to provide an HRBAC model for the organizational environment of the client.
  - 19. The method of claim 17, further comprising analyzing the role perspective relationships of the generated HRBAC model to generate an HRBAC model business analysis.
  - 20. The method of claim 17, further comprising performing an ongoing HRBAC model service to the client by receiving updates to permissions granted to users of the client organizational environment and generating revised HRBAC models in response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
X Corp. (f/k/a Twitter, Inc.) (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Whitson, John
Primary Examiner(s)
Le; Vu
Assistant Examiner(s)
Lagor; Alexander

Application Number

US11/619,918
Publication Number

US 20080168063A1
Time in Patent Office

1,111 Days
Field of Search

726 2- 7, 726 16- 18, 726 26- 28, 707/1, 707/9, 709/227, 709/229
US Class Current

726/6
CPC Class Codes

G06F 21/604 Tools and structures for ma...

Automated organizational role modeling for role based access controls

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Automated organizational role modeling for role based access controls

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others