Automation framework

US 9,177,167 B2
Filed: 05/26/2011
Issued: 11/03/2015
Est. Priority Date: 05/27/2010
Status: Active Grant

First Claim

Patent Images

1. An information technology management system for use in enterprise data management, said system comprising:

a computer including;

a processor;

a memory; and

a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by said computer, cause the computer to enable efficient management of access permissions;

a metadata supply subsystem which receives metadata from a network, said metadata relating to actual access and access permissions;

an access permissions management subsystem employing said metadata for managing access permissions to data elements in said network; and

an access permissions management operation implementation subsystem which automatically governs the operation of said access permissions management subsystem, said access permissions management operation implementation subsystem having at least one of first and second modes of operation, and at least one of third and fourth modes of operation,said first mode of operation including simulating the operation of said access permissions management subsystem in changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating simulated changes in access permissions;

said second mode of operation including providing a report of proposed changes in access permissions without first simulating the operation of said access permissions management subsystem;

said third mode of operation including providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval before automatic execution of said multiple steps; and

said fourth mode of operation including operating said access permissions management subsystem to change access permissions to at least some of said data elements in said network and thereafter providing a report indicating actual changes in access permissions,said access permissions management operation implementation subsystem being configured, responsive to executing one of said first and second modes of operation, to execute at least one of said third and fourth modes of operation;

and wherein said access permissions management operation implementation subsystem comprises at least one of;

access permissions modification task scope granularity selection functionality operative to enable selection of a selectable scope of an access permissions modification task;

access permissions modification task scheduling granularity selection functionality operative to enable selection of a selectable schedule of said access permissions modification task;

access permissions modification granularity selection functionality operative to enable selection of selectable granularity of said access permissions modification task;

access permissions modification execution mode granularity selection functionality operative to enable selection of a selectable execution mode of said access permissions modification task; and

access permissions modification task approval functionality operative to enable approval of said access permissions modification task;

and wherein said scope is defined by a set of rules based on at least one of said metadata.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information technology management system for use in enterprise data management including a metadata supply subsystem which receives metadata from a network, an access permissions management subsystem for managing access permissions to data elements in the network and an access permissions management operation implementation subsystem which automatically governs the operation of the access permissions management subsystem, the access permissions management operation implementation subsystem having at least one of first, second, third and fourth modes of operation. The first mode of operation includes operating the access permissions management subsystem, the second mode of operation includes simulating the operation of the access permissions management subsystem, the third mode of operation included providing a report of proposed changes in access permissions and the fourth mode of operation includes providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval.

Citations

26 Claims

1. An information technology management system for use in enterprise data management, said system comprising:
- a computer including;
  
  a processor;
  
  a memory; and
  
  a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by said computer, cause the computer to enable efficient management of access permissions;
  
  a metadata supply subsystem which receives metadata from a network, said metadata relating to actual access and access permissions;
  
  an access permissions management subsystem employing said metadata for managing access permissions to data elements in said network; and
  
  an access permissions management operation implementation subsystem which automatically governs the operation of said access permissions management subsystem, said access permissions management operation implementation subsystem having at least one of first and second modes of operation, and at least one of third and fourth modes of operation,said first mode of operation including simulating the operation of said access permissions management subsystem in changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating simulated changes in access permissions;
  
  said second mode of operation including providing a report of proposed changes in access permissions without first simulating the operation of said access permissions management subsystem;
  
  said third mode of operation including providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval before automatic execution of said multiple steps; and
  
  said fourth mode of operation including operating said access permissions management subsystem to change access permissions to at least some of said data elements in said network and thereafter providing a report indicating actual changes in access permissions,said access permissions management operation implementation subsystem being configured, responsive to executing one of said first and second modes of operation, to execute at least one of said third and fourth modes of operation;
  
  and wherein said access permissions management operation implementation subsystem comprises at least one of;
  
  access permissions modification task scope granularity selection functionality operative to enable selection of a selectable scope of an access permissions modification task;
  
  access permissions modification task scheduling granularity selection functionality operative to enable selection of a selectable schedule of said access permissions modification task;
  
  access permissions modification granularity selection functionality operative to enable selection of selectable granularity of said access permissions modification task;
  
  access permissions modification execution mode granularity selection functionality operative to enable selection of a selectable execution mode of said access permissions modification task; and
  
  access permissions modification task approval functionality operative to enable approval of said access permissions modification task;
  
  and wherein said scope is defined by a set of rules based on at least one of said metadata.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The information technology management system for use in enterprise data management according to claim 1 and wherein said access permissions management operation implementation subsystem has said first and said second modes of operation, and at least one of said third and said fourth modes of operation.
  - 3. The information technology management system for use in enterprise data management according to claim 1 and wherein said access permissions management operation implementation subsystem has said third and said fourth modes of operation, and at least one of said first and said second modes of operation.
  - 4. The information technology management system for use in enterprise data management according to claim 1 and wherein said access permissions management operation implementation subsystem has said first, said second, said third and said fourth modes of operation.
  - 5. The information technology management system for use in enterprise data management according to claim 1 and wherein said access permissions management operation implementation subsystem comprises at least two of said access permissions modification task scope granularity selection functionality, said access permissions modification task scheduling granularity selection functionality, said access permissions modification granularity selection functionality, said access permissions modification execution mode granularity selection functionality, and said access permissions modification task approval functionality.
  - 6. The information technology management system for use in enterprise data management according to claim 1 and wherein said access permissions management operation implementation subsystem comprises at least three of said access permissions modification task scope granularity selection functionality, said access permissions modification task scheduling granularity selection functionality, said access permissions modification granularity selection functionality, said access permissions modification execution mode granularity selection functionality, and said access permissions modification task approval functionality.
  - 7. The information technology management system for use in enterprise data management according to any of claims 1 and wherein said access permissions management operation implementation subsystem comprises at least four of said access permissions modification task scope granularity selection functionality, said access permissions modification task scheduling granularity selection functionality, said access permissions modification granularity selection functionality, said access permissions modification execution mode granularity selection functionality, and said access permissions modification task approval functionality.
  - 8. The information technology management system for use in enterprise data management according to claim 1 and wherein said access permissions management operation implementation subsystem comprises said access permissions modification task scope granularity selection functionality, said access permissions modification task scheduling granularity selection functionality, said access permissions modification granularity selection functionality, said access permissions modification execution mode granularity selection functionality, and said access permissions modification task approval functionality.
  - 9. The information technology management system for use in enterprise data management according to claim 1 and wherein said access permissions modification task is a remediation process.
  - 10. The information technology management system for use in enterprise data management according to claim 1 and wherein said selectable schedule is one of a future one-time execution schedule and a repetitive schedule.
  - 11. The information technology management system for use in enterprise data management according to claim 1 and wherein said selectable granularity is one of full execution and step-by-step execution.
  - 12. The information technology management system for use in enterprise data management according to claim 1 and wherein said selectable execution mode is one of actual execution, simulation of execution and generation of a report of proposed execution.
  - 13. The information technology management system for use in enterprise data management according to claim 1 and wherein said metadata relates to at least one of actual access, access permissions and content of each of said data elements.
  - 14. The information technology management system for use in enterprise data management according to claim 1 and wherein said second mode of operation includes providing a report of user selectable granularity of proposed changes in access permissions.

15. An information technology management method for use in enterprise data management comprising:
- receiving metadata from a network, said metadata relating to actual access and access permissions;
  
  employing said metadata for managing access permissions to data elements in said network;
  
  automatically governing said employing at least part of said metadata for managing access permissions to data elements in said network;
  
  one of;
  
  simulating changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating simulated changes in access permissions; and
  
  providing a report of proposed changes in access permissions without first simulating changing access permissions to at least some of said data elements in said network;
  
  followed by at least one of;
  
  providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval before automatic execution of said multiple steps; and
  
  changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating actual changes in access permissions; and
  
  at least one of;
  
  selecting a selectable scope of an access permissions modification task;
  
  selecting a selectable schedule of said access permissions modification task;
  
  selecting selectable granularity of said access permissions modification task;
  
  selecting a selectable execution mode of said access permissions modification task; and
  
  enabling approval of said access permissions modification task;
  
  wherein said scope is defined by a set of rules based on at least one of said metadata.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The information technology management method for use in enterprise data management according to claim 15 and comprising:
    - one of;
      
      simulating changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating simulated changes in access permissions; and
      
      providing a report of proposed changes in access permissions without first simulating changing access permissions to at least some of said data elements in said network;
      
      followed by both;
      
      providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval before automatic execution of said multiple steps; and
      
      changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating actual changes in access permissions.
  - 17. The information technology management method for use in enterprise data management according to claim 15 and also comprising at least two of:
    - selection of a selectable scope of an access permissions modification task;
      
      selection of a selectable schedule of said access permissions modification task;
      
      selection of selectable granularity of said access permissions modification task;
      
      selection of a selectable execution mode of said access permissions modification task; and
      
      enabling approval of said access permissions modification task.
  - 18. The information technology management method for use in enterprise data management according to claim 15 and also comprising at least three of:
    - selection of a selectable scope of an access permissions modification task;
      
      selection of a selectable schedule of said access permissions modification task;
      
      selection of selectable granularity of said access permissions modification task;
      
      selection of a selectable execution mode of said access permissions modification task; and
      
      enabling approval of said access permissions modification task.
  - 19. The information technology management method for use in enterprise data management according to claim 15 and also comprising at least four of:
    - selection of a selectable scope of an access permissions modification task;
      
      selection of a selectable schedule of said access permissions modification task;
      
      selection of selectable granularity of said access permissions modification task;
      
      selection of a selectable execution mode of said access permissions modification task; and
      
      enabling approval of said access permissions modification task.
  - 20. The information technology management method for use in enterprise data management according to claim 15 and also comprising:
    - selection of a selectable scope of an access permissions modification task;
      
      selection of a selectable schedule of said access permissions modification task;
      
      selection of selectable granularity of said access permissions modification task;
      
      selection of a selectable execution mode of said access permissions modification task; and
      
      enabling approval of said access permissions modification task.
  - 21. The information technology management method for use in enterprise data management according to claim 15 and wherein said access permissions modification task is a remediation process.
  - 22. The information technology management method for use in enterprise data management according to claim 15 and wherein said selectable schedule is one of a future one-time execution schedule and a repetitive schedule.
  - 23. The information technology management method for use in enterprise data management according to claim 15 and wherein said selectable granularity is one of full execution and step-by-step execution.
  - 24. The information technology management method for use in enterprise data management according to claim 15 and wherein said selectable execution mode is one of actual execution, simulation of execution and generation of a report of proposed execution.
  - 25. The information technology management method for use in enterprise data management according to claim 15 and wherein said metadata relates to at least one of actual access, access permissions and content of each of said data elements.
  - 26. The information technology management method for use in enterprise data management according to claim 15 and wherein said providing a report of proposed changes in access permissions without first simulating changing access permissions to at least some of said data elements in said network includes providing a report of user selectable granularity of proposed changes in access permissions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Varonis Systems, Inc.
Original Assignee
Varonis Systems, Inc.
Inventors
Faitelson, Yakov, Korkus, Ohad, Kretzer-Katzir, Ophir, Bass, David
Primary Examiner(s)
Morrison, Jay
Assistant Examiner(s)
GORTAYO, DANGELINO N

Application Number

US13/384,452
Publication Number

US 20120173583A1
Time in Patent Office

1,622 Days
Field of Search

707/783, 707/661, 707/713, 707/741, 707/812, 707/603, 707/694, 707/781
US Class Current

1/1
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/14   Details of searching files ...

G06F 16/48   Retrieval characterised by ...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06Q 10/0633   Workflow analysis

Automation framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Automation framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links