Enterprise security management system using hierarchical organization and multiple ownership structure
First Claim
1. A method comprising:
- identifying an administrator that has access rights and permissions to all network resources in a set of network resources;
identifying a plurality of different groups of users not including the administrator and wherein the plurality of different groups including at least one parent group having at least one child group, wherein access rights and permissions are established for each group and wherein individuals in parent groups inherit access rights and permissions for their respective child groups;
for a user in either the at least one parent group or the at least one child group, associating one or more network resources in the set of network resources with the user;
assigning a persona to the user, wherein the user is granted permission to access the one or more network resources of others or certain documents among the one or more network resources that are not accessible by the user or other individuals in the user'"'"'s group by affiliation of the user with the user'"'"'s group, wherein the user is not the administrator and wherein the assigning of the persona enables sharing of ownership over a respective network resource of the one or more network resources with the user regardless of group affiliation;
receiving a request from the user to access the one or more network resources of others or certain documents among the one or more network resources;
determining whether the requestor has permission to access the network resource including determining when an identifier associated with the requestor is associated with the persona;
determining which privileges the requestor is given relative to the network resource including when or if the requestor has permission to access the network resource based at least in part on the persona; and
providing the requestor with the network resource based on the determined privileges;
wherein the network resources are associated with a loan origination software system and the shared network resources includes loan data for an individual, wherein the administrator and the parent and child groups form a hierarchal structure that is an organizational structure based on roles, departments, offices or other divisions.
6 Assignments
0 Petitions
Accused Products
Abstract
A hierarchical security model for networked computer users is described. Files and resources are controlled or created by users within the network. Each user within the network has an account that is managed by a network administrator. The account specifies the user identifier and password. Users are grouped into organizations depending upon function or other organizational parameter. The groups within the network are organized hierarchically in terms of access and control privileges. Users within a higher level group may exercise access and control privileges over files or resources owned by users in a lower level group. The account for each user further specifies the group that the owner belongs to and an identifier for any higher level groups that have access privileges over the user'"'"'s group. All users within a group inherit the rights and restrictions of the group.
166 Citations
7 Claims
-
1. A method comprising:
-
identifying an administrator that has access rights and permissions to all network resources in a set of network resources; identifying a plurality of different groups of users not including the administrator and wherein the plurality of different groups including at least one parent group having at least one child group, wherein access rights and permissions are established for each group and wherein individuals in parent groups inherit access rights and permissions for their respective child groups; for a user in either the at least one parent group or the at least one child group, associating one or more network resources in the set of network resources with the user; assigning a persona to the user, wherein the user is granted permission to access the one or more network resources of others or certain documents among the one or more network resources that are not accessible by the user or other individuals in the user'"'"'s group by affiliation of the user with the user'"'"'s group, wherein the user is not the administrator and wherein the assigning of the persona enables sharing of ownership over a respective network resource of the one or more network resources with the user regardless of group affiliation; receiving a request from the user to access the one or more network resources of others or certain documents among the one or more network resources; determining whether the requestor has permission to access the network resource including determining when an identifier associated with the requestor is associated with the persona; determining which privileges the requestor is given relative to the network resource including when or if the requestor has permission to access the network resource based at least in part on the persona; and providing the requestor with the network resource based on the determined privileges; wherein the network resources are associated with a loan origination software system and the shared network resources includes loan data for an individual, wherein the administrator and the parent and child groups form a hierarchal structure that is an organizational structure based on roles, departments, offices or other divisions. - View Dependent Claims (2, 3)
-
-
4. A method of organizing users in an enterprise, the method comprising:
-
assigning a user identifier and a password to an administrator for the enterprise; assigning a user identifier and password to at least two users of a plurality of users; assigning a group identifier to a first user for associating with a group; specifying a parent group identifier for the group assigned to the first user, the parent group identifier identifying a parent group containing one or more superior users who have access to resources owned by the at least one user, wherein the one or more superior users are not the administrator and wherein the specifying the parent group identifier enables sharing of ownership over a respective network resource between users in a respective parent group and the first user; assigning a persona to the first user wherein users with the assigned persona are assigned access to one or more enterprise resources irrespective of their respective group affiliation, and wherein the first user is provided with access rights to one or more resources that are not accessible by other users of the group; enabling access by the first user to the one or more enterprise resources; and assigning, by one or more processors, co-ownership to the one or more enterprise resources of the first user with a second different user in the plurality of users and being one of the two users having an assigned user identifier and password, wherein the second different user is not the administrator or a user in the group or the parent group associated with the first user.
-
-
5. A system comprising:
-
a plurality of first devices; and a server coupled with the plurality of first devices through a network, wherein the server includes one or more processors that are configured to; identify an administrator that has access rights and permissions to all network resources in a set of network resources and a plurality of different groups of users including at least one parent group having at least one child group, wherein parent groups inherit access rights and permissions for their respective child groups; for a user in either the at least one parent group of the at least one child group, associating one or more network resources in the set of network resources with the user; assign, by the one or more processors, a set of identifiers to the user including a persona, the persona being associated with one or more additional resources that are accessible by the user irrespective of the user'"'"'s group affiliation and not being accessible by others in the user'"'"'s group; receive a request from a requestor to access the one or more additional network resources; determine whether the requestor has permission to access the network resource including determining when an identifier associated with the requestor is associated with the persona; determine which privileges the requestor is given relative to the network resource if the requestor has permission to access the network resource based at least in part on the identifier associated with the requestor; and provide the requestor with the network resource based on the determined privileges; wherein the network resources are associated with a loan origination software system and the shared network resources includes loan data for an individual, wherein the administrator and the parent and child groups form a hierarchal structure that is an organizational structure based on roles, departments, offices or other divisions. - View Dependent Claims (6, 7)
-
Specification