Systems and methods for event-based provisioning of elevated system privileges

US 8,185,550 B1
Filed: 10/06/2008
Issued: 05/22/2012
Est. Priority Date: 10/06/2008
Status: Active Grant

First Claim

Patent Images

1. A computing system implemented method for provisioning access to technical support person to work a ticket in a computing infrastructure, wherein the computing system includes a processor and memory and executable instructions stored in memory and executable on the processor to perform the method, comprising:

creating the ticket in accordance with information received regarding an incident and external rules;

querying a configuration management database to determine privileges needed to access systems identified in the ticket;

assigning the ticket to a technical support person, the technical support person being identified by a user ID;

provisioning access privileges to the systems to the user ID;

maintaining an association between the access privileges and the user ID;

placing the ticket in a queue to be pulled by the technical support person identified by the user ID;

querying a configuration management database to determine privileges needed to access systems affected by the incident; and

provisioning the user ID with the levels of privileges on the systems affected by the incident.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for providing elevated system access to users based on an alert from a monitoring tool or a request for change (RFC). Using the alert or RFC information, a provisioning server may reference the name of an impacted system against a database of privileges needed to allow elevated access to that system. The provisioning server may then initiate a task to provision a user'"'"'s existing ID or a new ID with the necessary elevated privileges. Once the person closes the alert or RFC, the provisioning server may then remove access for that person, thus providing indirect and temporary access to a company'"'"'s IT infrastructure and business applications without the use of a group ID or other mechanism to affect repairs on the impacted system(s).

53 Citations

View as Search Results

18 Claims

1. A computing system implemented method for provisioning access to technical support person to work a ticket in a computing infrastructure, wherein the computing system includes a processor and memory and executable instructions stored in memory and executable on the processor to perform the method, comprising:
- creating the ticket in accordance with information received regarding an incident and external rules;
  
  querying a configuration management database to determine privileges needed to access systems identified in the ticket;
  
  assigning the ticket to a technical support person, the technical support person being identified by a user ID;
  
  provisioning access privileges to the systems to the user ID;
  
  maintaining an association between the access privileges and the user ID;
  
  placing the ticket in a queue to be pulled by the technical support person identified by the user ID;
  
  querying a configuration management database to determine privileges needed to access systems affected by the incident; and
  
  provisioning the user ID with the levels of privileges on the systems affected by the incident.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - applying the external rules to determine a severity of the incident; and
      
      assigning the ticket by pushing the ticket to the technical support person identified by the user ID.
  - 3. The method of claim 2, further comprising:
    - querying a configuration management database to determine privileges needed to access systems affected by the incident; and
      
      automatically provisioning the user ID with the levels of privileges on the systems affected by the incident.
  - 4. The method of claim 1, further comprising maintaining an association of the privileges with the user ID until the privileges are de-provisioned.
  - 5. The method of claim 1, further comprising logging access to systems by the user ID while the user ID has the access privileges provisioned thereto.
  - 6. The method of claim 1, further comprising de-provisioning the access privileges from the user ID in accordance with information contained in the ticket.

7. A non-transitory computer-readable medium comprising computer-readable instructions for provisioning access to technical support person to work a ticket in a computing infrastructure, comprising:
- creating the ticket in accordance with information received regarding an incident and external rules;
  
  querying a configuration management database to determine privileges needed to access systems identified in the ticket;
  
  assigning the ticket to a technical support person, the technical support person being identified by a user ID;
  
  provisioning access privileges to the systems to the user ID;
  
  maintaining an association between the access privileges and the user ID;
  
  placing the ticket in a queue to be pulled by the technical support person identified by the user ID;
  
  querying a configuration management database to determine privileges needed to access systems affected by the incident; and
  
  provisioning the user ID with the levels of privileges on the systems affected by the incident.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable medium of claim 7, further comprising instructions for:
    - applying the external rules to determine a severity of the incident; and
      
      assigning the ticket by pushing the ticket to the technical support person identified by the user ID.
  - 9. The computer-readable medium of claim 8, further comprising instructions for:
    - querying a configuration management database to determine privileges needed to access systems affected by the incident; and
      
      automatically provisioning the user ID with the levels of privileges on the systems affected by the incident.
  - 10. The computer-readable medium of claim 7, further comprising instructions for maintaining an association of the privileges with the user ID until the privileges are de-provisioned.
  - 11. The computer-readable medium of claim 7, further comprising instructions for logging access to systems by the user ID while the user ID has the access privileges provisioned thereto.
  - 12. The computer-readable medium of claim 7, further comprising instructions for de-provisioning the access privileges from the user ID in accordance with information contained in the ticket.

13. A computing system having a processor and memory and a number of subsystems therein for provisioning access to technical support person to work a ticket in a computing infrastructure, comprising:
- at least one subsystem that creates the ticket in accordance with information received regarding an incident and external rules;
  
  at least one subsystem that queries a configuration management database to determine privileges needed to access systems identified in the ticket;
  
  at least one subsystem that assigns the ticket to a technical support person, the technical support person being identified by a user ID;
  
  at least one subsystem that provisions access privileges to the systems to the user ID;
  
  at least one subsystem that maintains an association between the access privileges and the user ID;
  
  placing the ticket in a queue to be pulled by the technical support person identified by the user ID;
  
  querying a configuration management database to determine privileges needed to access systems affected by the incident; and
  
  provisioning the user ID with the levels of privileges on the systems affected by the incident.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, further comprising:
    - applying the external rules to determine a severity of the incident; and
      
      assigning the ticket by pushing the ticket to the technical support person identified by the user ID.
  - 15. The system of claim 14, further comprising:
    - at least one subsystem that queries a configuration management database to determine privileges needed to access systems affected by the incident; and
      
      at least one subsystem that automatically provisions the user ID with the levels of privileges on the systems affected by the incident.
  - 16. The system of claim 13, further comprising at least one subsystem that maintains an association of the privileges with the user ID until the privileges are de-provisioned.
  - 17. The system of claim 13, further comprising at least one subsystem that logs access to systems by the user ID while the user ID has the access privileges provisioned thereto.
  - 18. The system of claim 13, further comprising at least one subsystem that de-provisions the access privileges from the user ID in accordance with information contained in the ticket.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Eichler, Ronnie Allen, Kilpatrick, Nathan Zane
Primary Examiner(s)
ALAM, SHAHID AL

Application Number

US12/245,848
Time in Patent Office

1,324 Days
Field of Search

707/802, 707/803, 707/661, 707/783, 709/224, 726/28
US Class Current

707/783
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0793   Remedial or corrective acti...

G06F 21/305   by remotely controlling dev...

G06F 21/554   involving event detection a...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

H04L 63/102   Entity profiles

Systems and methods for event-based provisioning of elevated system privileges

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for event-based provisioning of elevated system privileges

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links