System and method for managing user profiles

US 7,730,092 B2
Filed: 05/16/2007
Issued: 06/01/2010
Est. Priority Date: 04/26/2001
Status: Active Grant

First Claim

Patent Images

1. A method for managing user profile information, including managing access control to applications and data by implementing a level of security across the different applications that is the same for each application, using a web-based system that includes a server system coupled to a centralized interactive database and at least one client system, said method comprising the steps of:

providing capabilities for a user to request access to information that the user currently does not have access to;

tracking a status of a request using a tracking component coupled to the centralized interactive database;

determining whether to grant the user access to a user requested application from an owner of the application requested;

implementing the determining comprising;

if the user is denied access to the user requested application, notifying the user of the denial to access the user requested application;

if the user is granted access to the user requested application, determining whether to grant the user access to a set of specific data within the user requested application after completing an evaluation based on electronic profiles, pre-determined rules, and operating methodology in response to a request from the user for access to the set of specific data;

if the user is denied access to the set of specific data;

prompting the user to complete a request for quick approval wherein the request for quick approval includes a list of data for approval;

automatically determining, using an internal exception access process, an approval or a disapproval of request for quick approval based on pre-established criteria and the list of data for approval;

if the request for quick approval is approved, at least one of automatically adding a rule to the centralized interactive database and automatically adding the user to the centralized interactive database is processed for access to the set of specific data;

if the rule is added, updating an exception list;

if the user is added, updating the centralized interactive database to permit the user access to the set of specific data;

notifying the user of the approval of the request for quick approval;

if the request for quick approval is denied, notifying the user of the denial of the request for quick approval; and

if the user is granted access to the set of specific data, making the set of specific data available to the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and a method for managing user and data profiles utilizing a web-enabled interactive database to organize, store and retrieve the information to create a consistent security model through centralized administration, are disclosed. The system captures various rules and pre-determined methodologies to provide on-line, up-to-date decisions to the users when users request access to a set of specific data or an application. The system further provides the capability to the user to request access to information that the user currently does not have access to, tracks the status of the request, obtains approval/disapproval decision from the data owner, implements the decision, and notifies requester within a reasonable time.

36 Citations

View as Search Results

16 Claims

1. A method for managing user profile information, including managing access control to applications and data by implementing a level of security across the different applications that is the same for each application, using a web-based system that includes a server system coupled to a centralized interactive database and at least one client system, said method comprising the steps of:
- providing capabilities for a user to request access to information that the user currently does not have access to;
  
  tracking a status of a request using a tracking component coupled to the centralized interactive database;
  
  determining whether to grant the user access to a user requested application from an owner of the application requested;
  
  implementing the determining comprising;
  
  if the user is denied access to the user requested application, notifying the user of the denial to access the user requested application;
  
  if the user is granted access to the user requested application, determining whether to grant the user access to a set of specific data within the user requested application after completing an evaluation based on electronic profiles, pre-determined rules, and operating methodology in response to a request from the user for access to the set of specific data;
  
  if the user is denied access to the set of specific data;
  
  prompting the user to complete a request for quick approval wherein the request for quick approval includes a list of data for approval;
  
  automatically determining, using an internal exception access process, an approval or a disapproval of request for quick approval based on pre-established criteria and the list of data for approval;
  
  if the request for quick approval is approved, at least one of automatically adding a rule to the centralized interactive database and automatically adding the user to the centralized interactive database is processed for access to the set of specific data;
  
  if the rule is added, updating an exception list;
  
  if the user is added, updating the centralized interactive database to permit the user access to the set of specific data;
  
  notifying the user of the approval of the request for quick approval;
  
  if the request for quick approval is denied, notifying the user of the denial of the request for quick approval; and
  
  if the user is granted access to the set of specific data, making the set of specific data available to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method according to claim 1 wherein said implementing the determining further includes reviewing and auditing access privileges of the user.
  - 3. A method according to claim 1 wherein said implementing the determining further includes creating a consistent security model that includes centralized administration of security and uses single user profile and privilege for accessing different applications.
  - 4. A method according to claim 1 further comprising:
    - creating user profiles;
      
      providing access control to data associated with user profiles;
      
      defining permissions based on user identifiers associated with user profiles; and
      
      developing a specification for user interfaces.
  - 5. A method according to claim 4 wherein said creating user profiles comprises creating an electronic profile based on information available from at least one an Oracle Human Resource Application and a Request for Computer Access Application.
  - 6. A method according to claim 1:
    - further comprising providing administration of a common security model for access control and event notification.
  - 7. A method according to claim 1 further comprising:
    - updating electronic profiles automatically on at least one of a pre-determined timed interval and a change in organization hierarchy.
  - 8. A method according to claim 1 further comprising:
    - updating electronic profiles automatically when a user transfers departments.
  - 9. A method according to claim 1 further comprising:
    - generating access list reports that identify accessible and non-accessible data and restrictions for access.
  - 10. A method according to claim 1 further comprising:
    - retrieving information from the centralized interactive database in response to a specific inquiry from an administrator.
  - 11. A method according to claim 1 wherein the client system and the server system are connected via a network and wherein the network is one of a wide area network, a local area network, an intranet and the Internet.
  - 12. A method according to claim 1 further comprising creating data profiles.
  - 13. A method according to claim 12 wherein creating data profiles is based on at least one of Data Elements, Data Tags, Rules of Access, an Approver'"'"'s Name for Each Rule of Access, Rules of Exclusion, an Exception List, and Field Tags.
  - 14. A method according to claim 1 further comprising establishing rules based on at least one of Rule Based Access guidelines, Group Based Access guidelines, Search &
    - Subscribe Utilities guidelines, Active Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and Access Audits guidelines.
  - 15. A method according to claim 1 further comprising establishing access methods, wherein the access methods ensure timely and accurate decision making.
  - 16. A method according to claim 15 wherein said establishing access methods is based on criteria established by system administrators.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Electric Company
Original Assignee
General Electric Company
Inventors
Basu, Subroto Kumar, Lawson, Robert James, Creekmore, Mark Jr.
Primary Examiner(s)
Pham; Hung Q

Application Number

US11/749,379
Publication Number

US 20070214144A1
Time in Patent Office

1,112 Days
Field of Search

707/999.001, 707/999.002, 707/999.009, 707/999.1
US Class Current

707/783
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/102   Entity profiles

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99939   Privileged access

System and method for managing user profiles

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing user profiles

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links