Visualization of access permission status
First Claim
1. A method for indicating data access privilege status for data in an enterprise, the method comprising:
- defining user groups offering common rights of access to a plurality of file servers, said file servers being organized as a hierarchy of storage elements having ancestors, said storage elements comprising first storage elements that have only inherited access permissions that are inherited from one of said ancestors thereof, and second storage elements that have at least non-inherited access permissions;
maintaining a storage element permissions database containing only said non-inherited access permissions for said second storage elements, and an inheritance indicator employing at least partially identical permission profiles that identifies other said second storage elements that are ancestral thereto in said hierarchy thereby to reduce data storage requirements; and
consulting said storage element permissions database to ascertain a storage element-oriented set of said user groups that provide said common rights of access to selected ones of said storage elements.
0 Assignments
0 Petitions
Accused Products
Abstract
Queries regarding access permissions of users and rights to directories in a complex enterprise are executed in near real-time, using lookups to tables that form a condensed database maintained for each file server. User information is condensed by arranging users in user groups having common data access rights. Directory permissions storage is condensed by showing only distinctive permissions to a directory in a table entry, and referencing inherited permissions of parent directories. The tables indicate recursive and ancestral relationships among the user groups and directories. They are developed and updated in advance of any queries. A consolidated view of the query results is presented on a single display screen. Using the tables results can be obtained without exhaustive searches of large file system tables.
-
Citations
33 Claims
-
1. A method for indicating data access privilege status for data in an enterprise, the method comprising:
-
defining user groups offering common rights of access to a plurality of file servers, said file servers being organized as a hierarchy of storage elements having ancestors, said storage elements comprising first storage elements that have only inherited access permissions that are inherited from one of said ancestors thereof, and second storage elements that have at least non-inherited access permissions; maintaining a storage element permissions database containing only said non-inherited access permissions for said second storage elements, and an inheritance indicator employing at least partially identical permission profiles that identifies other said second storage elements that are ancestral thereto in said hierarchy thereby to reduce data storage requirements; and consulting said storage element permissions database to ascertain a storage element-oriented set of said user groups that provide said common rights of access to selected ones of said storage elements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
- 14. A computer product for indicating data access privilege status for data in an enterprise, including a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to define user groups possessing common rights of access to a plurality of file servers, said file servers being organized as a hierarchy of storage elements having ancestors, said storage elements comprising first storage elements that have only inherited access permissions that are inherited from one of said ancestors thereof, and second storage elements that have at least non-inherited access permissions, maintain a storage element permissions database containing only said non-inherited access permissions for said second storage elements, and an inheritance indicator employing at least partially identical permission profiles that identifies other said second storage elements that are ancestral thereto in said hierarchy thereby to reduce data storage requirements, and consult said storage element permissions database to ascertain a storage element-oriented set of said user groups that provide said common rights of access to selected ones of said storage elements, respectively.
-
24. A data processing system for indicating data access privilege status for data in an enterprise, the system comprising:
-
a processor linked to a plurality of file servers, said file servers being organized as a hierarchy of storage elements having ancestors, said storage elements comprising first storage elements that have only inherited access permissions that are inherited from one of said ancestors thereof, and second storage elements that have at least non-inherited access permissions, a display; and a memory accessible by said processor, wherein said processor is operative to define user groups possessing common rights of access to said file servers and to maintain a storage element permissions database containing only said non-inherited access permissions for said second storage elements, and an inheritance indicator employing at least partially identical permission profiles that identifies other said second storage elements that are ancestral thereto in said hierarchy thereby to reduce data storage requirements, and consult said storage element permissions database to ascertain a storage element-oriented set of said user groups that provide said common rights of access to selected ones of said storage elements, respectively. - View Dependent Claims (29, 30, 31, 32, 33)
-
Specification