Systems and methods for centralized management of policies and access controls
First Claim
Patent Images
1. A method of centralized policy control comprising:
- reading information, by a processor, from a database including a plurality of directives, the plurality of directives including criteria, wherein the plurality of directives include conflicting directives;
selecting, by the processor, at least one resource based on the criteria, wherein the at least one resource is identified by the criteria, wherein the plurality of directives includes a list of principals who can access the at least one resource;
resolving, by the processor, the plurality of directives that are conflicting directives by applying a function to obtain at least one action that is free of conflicts, wherein the function applies set arithmetic including at least one of intersect function, union function, and subtraction function, wherein the at least one action that is free of conflicts includes access controls that are free of conflicts; and
performing, in accordance with the plurality of directives, the at least one action by the processor on the at least one resource or on a metadata associated with the at least one resource,wherein performing, in accordance with the plurality of directives, the at least one action comprises applying the access controls that are free of conflicts to the metadata associated with the at least one resource, the metadata having access controls that are free of conflicts applied thereon blocking anyone other than the principals on the list from accessing the at least one resource.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for centralized management of policies and access controls which provide for the storing and managing of business rules and elements of policy, and for implementing the rules and policy across heterogeneous business systems. Where rules and policies may conflict in certain cases, mechanisms for reconciling such conflicts may be provided.
26 Citations
89 Claims
-
1. A method of centralized policy control comprising:
-
reading information, by a processor, from a database including a plurality of directives, the plurality of directives including criteria, wherein the plurality of directives include conflicting directives; selecting, by the processor, at least one resource based on the criteria, wherein the at least one resource is identified by the criteria, wherein the plurality of directives includes a list of principals who can access the at least one resource; resolving, by the processor, the plurality of directives that are conflicting directives by applying a function to obtain at least one action that is free of conflicts, wherein the function applies set arithmetic including at least one of intersect function, union function, and subtraction function, wherein the at least one action that is free of conflicts includes access controls that are free of conflicts; and performing, in accordance with the plurality of directives, the at least one action by the processor on the at least one resource or on a metadata associated with the at least one resource, wherein performing, in accordance with the plurality of directives, the at least one action comprises applying the access controls that are free of conflicts to the metadata associated with the at least one resource, the metadata having access controls that are free of conflicts applied thereon blocking anyone other than the principals on the list from accessing the at least one resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method of centralized policy control comprising:
-
reading information, by a processor, from a database including a plurality of directives, the plurality of directives including criteria, wherein the plurality of directives include conflicting directives; selecting, by the processor, at least one resource based on the criteria, wherein the at least one resource is identified by the criteria, wherein the plurality of directives includes a list of principals who cannot access the at least one resource; resolving, by the processor, the plurality of directives that are conflicting directives by applying a function to obtain at least one action that is free of conflicts, wherein the function applies set arithmetic including at least one of intersect function, union function, and subtraction function, wherein the at least one action that is free of conflicts includes access controls that are free of conflicts; and performing, in accordance with the plurality of directives, at least one action by the processor on the at least one resource or on a metadata associated with the at least one resource, wherein performing, in accordance with the plurality of directives, the at least one action comprises applying the access controls that are free of conflicts to the metadata associated with the at least one resource, the metadata having access controls that are free of conflicts applied thereon blocking principals on the list of principals from accessing the at least one resource. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
-
61. A non-transitory computer-readable storage medium having instructions stored thereon, which when executed by a computer, causes the computer to perform operations comprising:
-
reading information from a database including a plurality of directives, the plurality of directives including criteria, wherein the plurality of directives include conflicting directives; selecting at least one resource based on the criteria, wherein the at least one resource is identified by the criteria, wherein the plurality of directives includes a list of principals who can access the at least one resource; resolving the plurality of directives that are conflicting directives by applying a function to obtain at least one action that is free of conflicts, wherein the function applies set arithmetic including at least one of intersect function, union function, and subtraction function, wherein the at least one action that is free of conflicts includes access controls that are free of conflicts; and performing, in accordance with the plurality of directives, at least one action on the at least one resource or on a metadata associated with the at least one resource, wherein performing, in accordance with the plurality of directives, the at least one action comprises applying the access controls that are free of conflicts to the metadata associated with the at least one resource, the metadata having access controls that are free of conflicts applied thereon blocking anyone other than the principals on the list from accessing the at least one resource. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
-
Specification