Enforcing alignment of approved changes and deployed changes in the software change life-cycle
First Claim
1. A method, comprising:
- intercepting a host content change request indicating a change to a persistent object on a host;
determining whether the change is authorized, as indicated by a set of change authorization policies;
allowing the change to take effect when the change is authorized;
blocking the change from taking effect when the change is not authorized;
indicating whether the change was a “
create”
, “
delete”
, “
rename”
, “
move”
or “
write”
operation, or whether the change set or modified an attribute of the persistent object;
indicating a time at which the change occurred;
indicating one or more attributes of the changed object after the change takes effect;
indicating information about which end user initiated the change; and
indicating a set of one or more differences for one or more changed portions of the object after the change, wherein each policy in the set of change authorization policies is in the group comprising;
policies indicating a set of persistent objects that can be changed without restriction;
policies indicating a set of users, programs or entities that can make changes to a specified set of persistent objects at any time; and
policies indicating a set of users, programs or entities that can make changes to a specified set of files or directories during one or more specified time windows.
11 Assignments
0 Petitions
Accused Products
Abstract
On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.
162 Citations
16 Claims
-
1. A method, comprising:
-
intercepting a host content change request indicating a change to a persistent object on a host; determining whether the change is authorized, as indicated by a set of change authorization policies; allowing the change to take effect when the change is authorized; blocking the change from taking effect when the change is not authorized; indicating whether the change was a “
create”
, “
delete”
, “
rename”
, “
move”
or “
write”
operation, or whether the change set or modified an attribute of the persistent object;indicating a time at which the change occurred; indicating one or more attributes of the changed object after the change takes effect; indicating information about which end user initiated the change; and indicating a set of one or more differences for one or more changed portions of the object after the change, wherein each policy in the set of change authorization policies is in the group comprising; policies indicating a set of persistent objects that can be changed without restriction; policies indicating a set of users, programs or entities that can make changes to a specified set of persistent objects at any time; and policies indicating a set of users, programs or entities that can make changes to a specified set of files or directories during one or more specified time windows. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable medium having computer-executable instructions for tracking of host content changes and enforcement of change authorization policies on a host, the instructions for performing steps comprising:
-
intercepting a host content change request indicating a change to a persistent object on the host; determining whether the change is authorized, as indicated by the set of change authorization policies; allowing the change to take effect when the change is authorized; blocking the change from taking effect when the change is not authorized; indicating whether the change was a “
create”
, “
delete”
, “
rename”
, “
move”
or “
write”
operation, or whether the change set or modified an attribute of the persistent object;indicating a time at which the change occurred; indicating one or more attributes of the changed object after the change takes effect; indicating information about which end user initiated the change; and indicating a set of one or more differences for one or more changed portions of the object after the change, wherein each policy in the set of change authorization policies is in the group comprising; policies indicating a set of persistent objects that can be changed without restriction; policies indicating a set of users, programs or entities that can make changes to a specified set of persistent objects at any time; and policies indicating a set of users, programs or entities that can make changes to a specified set of files or directories during one or more specified time windows.
-
-
11. A computer readable medium comprising data indicating a set of change authorization policies for real-time tracking of host content changes and enforcement of authorized change policies on a host, the change authorization policies indicating one or more of:
-
a set of persistent objects that can be changed without restriction; a set of users, programs or entities that can make changes to a specified set of persistent objects at any time; and a set of users, programs or entities that can make changes to a specified set of persistent objects during one or more specified time windows, wherein the change authorization policies are for use by an agent for; intercepting a host content change request indicating a change to a persistent object on the host; determining whether the change is authorized, as indicated by the set of change authorization policies; allowing the change to take effect when the change is authorized; blocking the change from taking effect when the change is not authorized; indicating whether the change was a “
create”
, “
delete”
, “
rename”
, “
move”
or “
write”
operation, or whether the change set or modified an attribute of the persistent object;indicating a time at which the change occurred; indicating one or more attributes of the changed object after the change takes effect; indicating information about which end user initiated the change; and indicating a set of one or more differences for one or more changed portions of the object after the change.
-
-
12. A host, comprising:
a management module for managing one or more persistent objects on the host, the management module being configured to interface with a processor and with a controller for; intercepting a host content change request indicating a change to a persistent object on the host; determining whether the change is authorized, as indicated by a set of change authorization policies; allowing the change to take effect when the change is authorized; blocking the change from taking effect when the change is not authorized, whereby the controller can track host content changes and enforce authorized change policies on the host; indicating whether the change was a “
create”
, “
delete”
, “
rename”
, “
move”
or “
write”
operation, or whether the change set or modified an attribute of the persistent object;indicating a time at which the change occurred; indicating one or more attributes of the changed object after the change takes effect; indicating information about which end user initiated the change; and indicating a set of one or more differences for one or more changed portions of the object after the change, wherein each policy in the set of change authorization policies is in the group comprising; policies indicating a set of persistent objects that can be changed without restriction; policies indicating a set of users, programs or entities that can make changes to a specified set of persistent objects at any time; and policies indicating a set of users. programs or entities that can make changes to a specified set of persistent objects during one or more specified time windows. - View Dependent Claims (13)
-
14. A method to generate a display, on a display device, representing approved change orders and deployed changes on a host, comprising:
-
allocating a first portion of the display device to correspond to one or more approved change orders for one or more hosts; allocating a second portion of the display device to correspond to one or more deployed changes on the one or more hosts; within the first portion, displaying a shape for each of the approved change orders; within the second portion, displaying a shape for each of the deployed changes; and representing each shape in the second portion as matched to a particular shape in the first portion when the deployed change indicated by the shape in the second portion corresponds to the approved change order indicated by the particular shape in the first portion, wherein the representing comprises coloring the particular shape in the first portion and the matched shapes in the second portion with a same color. - View Dependent Claims (15, 16)
-
Specification