Compliance monitoring
First Claim
Patent Images
1. A user interface device, comprising:
- a memory to store;
user information related to a plurality of users of system resources associated with a particular system;
system information related to the system resources; and
policy information related to a plurality of policies specifying access privileges for particular ones of the users with respect to particular ones of the system resources; and
a plurality of input devices to;
receive input information, from an operator, related to performing batch processing of particular ones of the plurality of policies, without performing a review of the user information pertaining to each user, of a set of the plurality of users, and without performing a review of the system information pertaining to a particular system resource, where performing the batch processing includes;
revoking access privileges, for the particular system resource, of a first group of users, of the set of the plurality of users, where revoking the access privileges is based on determining that each of the first group of users is associated with access privileges for the particular system resource, and that each of the first group of users is associated with a login identification and/or a login password, associated with the particular system, but is not associated with any other type of identifying information,revoking access privileges, for the particular system resource, of a second group of users, of the set of the plurality of users, based on the second group of users, of the set of the plurality of users, being identified, for disassociation from the particular system, by a system manager associated with the set of the plurality of users,granting continued access privileges, for the particular system resource, for a third group of users, of the set of the plurality of users, based on existing access privileges, for the particular system resource, that are common to each user, of the third group of users, andrevoking, for each user, of a fourth group of users, of the set of the plurality of users, particular user privileges, associated with the particular system resource, based on the particular user privileges not being identifiable by the system manager.
4 Assignments
0 Petitions
Accused Products
Abstract
A managed service may include a device configured to receive a request for access information and to send the access information to a reviewer based on the request. The managed service may receive input information from the reviewer, where the input information reflects changes to the access information and may update the access information based on the input information. The managed service may produce a report related to the updated access information, where the report is configured to reflect actions performed by the reviewer with respect to the access information and where the reviewer'"'"'s actions are related to a compliance policy.
-
Citations
21 Claims
-
1. A user interface device, comprising:
-
a memory to store; user information related to a plurality of users of system resources associated with a particular system; system information related to the system resources; and policy information related to a plurality of policies specifying access privileges for particular ones of the users with respect to particular ones of the system resources; and a plurality of input devices to; receive input information, from an operator, related to performing batch processing of particular ones of the plurality of policies, without performing a review of the user information pertaining to each user, of a set of the plurality of users, and without performing a review of the system information pertaining to a particular system resource, where performing the batch processing includes; revoking access privileges, for the particular system resource, of a first group of users, of the set of the plurality of users, where revoking the access privileges is based on determining that each of the first group of users is associated with access privileges for the particular system resource, and that each of the first group of users is associated with a login identification and/or a login password, associated with the particular system, but is not associated with any other type of identifying information, revoking access privileges, for the particular system resource, of a second group of users, of the set of the plurality of users, based on the second group of users, of the set of the plurality of users, being identified, for disassociation from the particular system, by a system manager associated with the set of the plurality of users, granting continued access privileges, for the particular system resource, for a third group of users, of the set of the plurality of users, based on existing access privileges, for the particular system resource, that are common to each user, of the third group of users, and revoking, for each user, of a fourth group of users, of the set of the plurality of users, particular user privileges, associated with the particular system resource, based on the particular user privileges not being identifiable by the system manager. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A managed service, comprising:
a device to; receive a request for access information corresponding to a plurality of system resources associated with a system, send the access information to a reviewer based on the request, display, via a user interface, a plurality of selectable batch processes with respect to the access information, where the selectable batch processes include; a first process to modify, based on a single input received from the reviewer, access information, associated with a first set of users, where each user, of the first set of users, is currently allowed to access a particular system resource, of the system, where each user, of the first set of users, is associated with a login identification and/or a login password, that is associated with user privileges for the particular system resource, and where the access information associated with the first set of users is modified based on a determination that each user, of the first set of users, is not associated with identifying information other than the login identification and/or the login password, a second process to modify, based on a single input received from the reviewer, access information, associated with a second set of users, where the access information associated with the second set of users is modified to prevent the second set of users from further accessing the system, and where modifying the access information associated with the second set of users is based on the second set of users being identified for disassociation from the system by a system manager associated with the second set of users, a third process to approve, based on a single input received from the reviewer, access information, associated with a third set of users, based on existing privileges that are common to each of the third set of users, and a fourth process to modify, based on a single input received from the reviewer, access information, associated with an individual user, receive input information from the reviewer selecting one or more of the batch processes, modify, based on performing the selected one or more batch processes, the access information, and produce a report related to the modified access information. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. A method comprising:
-
receiving, via a user interface, a request for at least one of user information, system information related to a particular system, or access level information related to a plurality of users of system resources, of the particular system, and corresponding user privileges associated with a particular system resource; displaying, via the user interface, a plurality of selectable batch processes with respect to the user privileges corresponding to the at least one of the user information, the system information, or the access level information, where the plurality of selectable batch processes include; a first process to revoke user privileges associated with a first set of users, of the plurality of users, where the user privileges associated with the first set of users allow the first set of users to access the particular system resource, where the first set of users are determined to be associated with a login identification and/or a login password, associated with the particular system, and not to be associated with any other identifying information for each of the first set of users, based on the at least one of the user information, the system information, or the access level information, and where the first process is performed without performing a review of the at least one of user information, the system information, or the access level information associated with each user, of the first set users, a second process to revoke user privileges associated with a second set of users, of the plurality of users, where the user privileges associated with the second set of users allow the second set of users to access the particular system, and where the second set of users are identified for disassociation from the particular system, by a system manager associated with the second set of users, without performing a review of the at least one of user information, the system information, or the access level information associated with each user, of the second set of users, a third process to grant continued user privileges associated with a third set of users, of the plurality of users, where granting the continued user privileges is based on existing privileges that are common to each user, of the third set of users, without performing a review of the at least one of user information, the system information, or the access level information associated with each user, of the third set of users, and a fourth process to deny user privileges associated with an individual user, of the plurality of users, where the user privileges, associated with the individual user, are denied based on not being able to identify one or more of the user privileges associated with the individual user, and without performing a review of the at least one of user information, the system information, or the access level information associated with the particular user; updating the at least one of the user information, the system information, or the access level information based on one or more of the batch processes selected by a reviewer; and generating a report based on the updating. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A system, comprising:
-
a processor; a database module to; store user information, system information, and access level information for each of a plurality of users associated with the system, and store updated user information, updated system information, or updated access level information based on a review performed on behalf of a subscriber associated with the system; an authorization module to; authorize a reviewer, on behalf of the subscriber, to perform the review; an interface module to; accept a request, from the authorized reviewer, related to retrieving the user information, the system information, or the access level information, display a plurality of selectable batch processes with respect to the retrieved user information, the retrieved system information, or the retrieved access level information via a browser, where the selectable batch processes include; a first process to modify, based on a single input received from the reviewer, access level information associated with a first set of users, of the plurality of users, each of the first set of users currently being allowed access to a particular resource of the system via an associated having a login identification and/or a login password associated with user privileges for the particular resource and where the first access level information associated with the first set of users is modified based on a determination that each of the first set of users is not associated with information to determine an identity of the respective user of the first set of users, a second process to modify, based on a single input received from the reviewer, access level information associated with a second set of users, of the plurality of users, identified for disassociation from the system, by a system manager associated with the second set, a third process to approve, based on a single input received from the reviewer, access level information associated with a third set of users, of the plurality of users, based on existing privileges that are common to each user of the third set of users, and a fourth process to modify, based on a single input received from the reviewer, access level information associated with an individual user, of the plurality of users, generate the updated system information or the updated access level information based on one or more of the selectable batch processes selected by the reviewer during the review, provide the updated system information or the updated access information to the database module, and generate a report on behalf of the subscriber. - View Dependent Claims (19, 20, 21)
-
Specification