×

Enforcing security policies across heterogeneous systems

  • US 8,490,163 B1
  • Filed: 09/08/2006
  • Issued: 07/16/2013
  • Est. Priority Date: 09/08/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method for enforcing a universal security policy across a plurality of data management systems, the universal security policy comprising a plurality of universal security rules describing relationships among users and resources, each of the plurality of data management systems having a security component for enforcing local security rules in the associated data management system, comprising:

  • receiving information about the security components of the plurality of data management systems;

    for each of the plurality of data management systems;

    translating at least one of the universal security rules into local security rules based on the received information, the local security rules being compatible with the security component of the data management system, the local security rules being equivalent to the at least one of the universal security rules, andtransmitting the local security rules to the data management system, wherein the security component of the data management system enforces the local security rules in the data management system to restrict users from accessing resources available in the data management system;

    monitoring, by a computer, user activities occurring in the plurality of data management systems;

    responsive to a determination that an activity occurred in one of the plurality of data management systems changing a local security rule to permit a user to access a first resource that the user was restricted from accessing, modifying one or more of the plurality of universal security rules to reflect the change to the local security rule, wherein the change to the one or more universal security rules permits the user to access the first resource that the user was restricted from accessing prior to the change to the local security rule;

    following modification of the one or more universal security rules to permit the user to access the first resource, identifying a second resource, wherein a user having access to the first resource is restricted from accessing the second resource;

    modifying at least one of the plurality of universal security rules to restrict the user from accessing the second resource based at least in part on the modification of the one or more universal security rules permitting the user to access the first resource; and

    for each of the plurality of data management systems;

    translating the modified one or more universal security rules permitting the user to access the first resource and the modified at least one universal security rule restricting the user from accessing the second resource into modified local security rules; and

    transmitting the modified local security rules to the data management system, wherein the security component of the data management system enforces the modified local security rules in the data management system.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×