Hybrid meta-directory
First Claim
1. A computer-implemented method for providing separation of duty detection and compliance, comprising:
- displaying, on a display device, a hierarchical list of resources for selection of at least one of a plurality of privileges associated with the resources;
in response to a user selecting, through a user interface at least one of the privileges from the hierarchical list, adding the selected privilege to a request cart to allow the user to initiate a request for the privilege;
for each item added to the request cart, checking a separation of duty privilege list to determine whether any of the privileges in the request cart conflict with any privilege currently granted to the target user or present in the request cart;
in response to detecting a conflict, indicating to the user that the privilege cannot be granted concurrently with the conflicting privilege, thereby facilitating compliance with separation of duties requirements;
allowing the separation of duty conflict to be cured by prompting the user to choose between removing the requested privilege from the request cart, removing the conflicting privilege that is already present in the request cart, and having the conflicting privilege currently granted to the target user removed; and
in response to the user submitting the request cart, automatically invoking a workflow process to approve the request for the privilege, wherein the workflow is dynamically generated at least in part from a structure of the hierarchical list of resources and a location of the privilege within the hierarchical list;
wherein approval for the request of the privilege is granted by requesting approval from a chain of one or more people associated with the privilege and its corresponding resource as defined by the structure of the hierarchical list; and
wherein the workflow process is configured such that a countdown timer having a designated duration is associated with each privilege in the hierarchical list, wherein once the request for the privilege is submitted the corresponding countdown timer is started, and as the countdown timer begins to expire, the workflow process sends approval request reminders at increasingly rapid intervals to people who have yet to respond.
2 Assignments
0 Petitions
Accused Products
Abstract
Exemplary embodiments provide a method and system for providing a hybrid meta-directory for recording a grant of privileges. In one embodiment method and system aspects of the exemplary embodiment include: assigning a privilege identifier to each privilege stored in a privilege repository; in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID.
-
Citations
12 Claims
-
1. A computer-implemented method for providing separation of duty detection and compliance, comprising:
-
displaying, on a display device, a hierarchical list of resources for selection of at least one of a plurality of privileges associated with the resources; in response to a user selecting, through a user interface at least one of the privileges from the hierarchical list, adding the selected privilege to a request cart to allow the user to initiate a request for the privilege; for each item added to the request cart, checking a separation of duty privilege list to determine whether any of the privileges in the request cart conflict with any privilege currently granted to the target user or present in the request cart; in response to detecting a conflict, indicating to the user that the privilege cannot be granted concurrently with the conflicting privilege, thereby facilitating compliance with separation of duties requirements; allowing the separation of duty conflict to be cured by prompting the user to choose between removing the requested privilege from the request cart, removing the conflicting privilege that is already present in the request cart, and having the conflicting privilege currently granted to the target user removed; and in response to the user submitting the request cart, automatically invoking a workflow process to approve the request for the privilege, wherein the workflow is dynamically generated at least in part from a structure of the hierarchical list of resources and a location of the privilege within the hierarchical list; wherein approval for the request of the privilege is granted by requesting approval from a chain of one or more people associated with the privilege and its corresponding resource as defined by the structure of the hierarchical list; and wherein the workflow process is configured such that a countdown timer having a designated duration is associated with each privilege in the hierarchical list, wherein once the request for the privilege is submitted the corresponding countdown timer is started, and as the countdown timer begins to expire, the workflow process sends approval request reminders at increasingly rapid intervals to people who have yet to respond. - View Dependent Claims (2, 3, 4)
-
-
5. An executable software product stored on a computer-readable non-transitory medium containing program instructions for providing separation of duty detection and compliance, a program instructions for:
-
displaying a hierarchical list of resources for selection of at least one of a plurality of privileges associated with the resources; in response to a user selecting at least one of the privileges from the hierarchical list, adding the selected privilege to a request cart to allow the user to initiate a request for the privilege; for each item added to the request cart, checking a separation of duty privilege list to determine whether any of the privileges in the request cart conflict with any privilege currently granted to the target user or present in the request cart; in response to detecting a conflict, indicating to the user that the privilege cannot be granted concurrently with the conflicting privilege, thereby facilitating compliance with separation of duties requirements; allowing the separation of duty conflict to be cured by prompting the user to choose between removing the requested privilege from the request cart, removing the conflicting privilege that is already present in the request cart, and having the conflicting privilege currently granted to the target user removed; and in response to the user submitting the request cart, automatically invoking a workflow process to approve the request for the privilege, wherein the workflow is dynamically generated at least in part from a structure of the hierarchical list of resources and a location of the privilege within the hierarchical list; wherein approval for the request of the privilege is granted by requesting approval from a chain of one or more people associated with the privilege and its corresponding resource as defined by the structure of the hierarchical list; and wherein the workflow process is configured such that a countdown timer having a designated duration is associated with each privilege in the hierarchical list, wherein once the request for the privilege is submitted the corresponding countdown timer is started, and as the countdown timer begins to expire, the workflow process sends approval request reminders at increasingly rapid intervals to people who have yet to respond. - View Dependent Claims (6, 7, 8)
-
-
9. A hybrid meta-directory system for providing separation of duty detection and compliance, comprising:
-
a network; and a computer coupled to the network and executing an identity management application, the identity management application configured to; display a hierarchical list of resources for selection of at least one of a plurality of privileges associated with the resources; in response to a user selecting at least one of the privileges from the hierarchical list, add the selected privilege to a request cart to allow the user to initiate a request for the privilege; for each item added to the request cart, checking a separation of duty privilege list to determine whether any of the privileges in the request cart conflict with any privilege currently granted to the target user or present in the request cart; in response to detecting a conflict, indicating to the user that the privilege cannot be granted concurrently with the conflicting privilege, thereby facilitating compliance with separation of duties requirements; allowing the separation of duty conflict to be cured by prompting the user to choose between removing the requested privilege from the request cart, removing the conflicting privilege that is already present in the request cart, and having the conflicting privilege currently granted to the target user removed; and in response to the user submitting the request cart, automatically invoking a workflow process to approve the request for the privilege, wherein the workflow is dynamically generated at least in part from a structure of the hierarchical list of resources and a location of the privilege within the hierarchical list; wherein approval for the request of the privilege is granted by requesting approval from a chain of one or more people associated with the privilege and its corresponding resource as defined by the structure of the hierarchical list; and wherein the workflow process is configured such that a countdown timer having a designated duration is associated with each privilege in the hierarchical list, wherein once the request for the privilege is submitted the corresponding countdown timer is started, and as the countdown timer begins to expire, the workflow process sends approval request reminders at increasingly rapid intervals to people who have yet to respond. - View Dependent Claims (10, 11, 12)
-
Specification