Automation framework
First Claim
1. An information technology management system for use in enterprise data management, said system comprising:
- a computer including;
a processor;
a memory; and
a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by said computer, cause the computer to enable efficient management of access permissions;
a metadata supply subsystem which receives metadata from a network, said metadata relating to actual access and access permissions;
an access permissions management subsystem employing said metadata for managing access permissions to data elements in said network; and
an access permissions management operation implementation subsystem which automatically governs the operation of said access permissions management subsystem, said access permissions management operation implementation subsystem having at least one of first and second modes of operation, and at least one of third and fourth modes of operation,said first mode of operation including simulating the operation of said access permissions management subsystem in changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating simulated changes in access permissions;
said second mode of operation including providing a report of proposed changes in access permissions without first simulating the operation of said access permissions management subsystem;
said third mode of operation including providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval before automatic execution of said multiple steps; and
said fourth mode of operation including operating said access permissions management subsystem to change access permissions to at least some of said data elements in said network and thereafter providing a report indicating actual changes in access permissions,said access permissions management operation implementation subsystem being configured, responsive to executing one of said first and second modes of operation, to execute at least one of said third and fourth modes of operation;
and wherein said access permissions management operation implementation subsystem comprises at least one of;
access permissions modification task scope granularity selection functionality operative to enable selection of a selectable scope of an access permissions modification task;
access permissions modification task scheduling granularity selection functionality operative to enable selection of a selectable schedule of said access permissions modification task;
access permissions modification granularity selection functionality operative to enable selection of selectable granularity of said access permissions modification task;
access permissions modification execution mode granularity selection functionality operative to enable selection of a selectable execution mode of said access permissions modification task; and
access permissions modification task approval functionality operative to enable approval of said access permissions modification task;
and wherein said scope is defined by a set of rules based on at least one of said metadata.
1 Assignment
0 Petitions
Accused Products
Abstract
An information technology management system for use in enterprise data management including a metadata supply subsystem which receives metadata from a network, an access permissions management subsystem for managing access permissions to data elements in the network and an access permissions management operation implementation subsystem which automatically governs the operation of the access permissions management subsystem, the access permissions management operation implementation subsystem having at least one of first, second, third and fourth modes of operation. The first mode of operation includes operating the access permissions management subsystem, the second mode of operation includes simulating the operation of the access permissions management subsystem, the third mode of operation included providing a report of proposed changes in access permissions and the fourth mode of operation includes providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval.
-
Citations
26 Claims
-
1. An information technology management system for use in enterprise data management, said system comprising:
-
a computer including; a processor; a memory; and a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by said computer, cause the computer to enable efficient management of access permissions; a metadata supply subsystem which receives metadata from a network, said metadata relating to actual access and access permissions; an access permissions management subsystem employing said metadata for managing access permissions to data elements in said network; and an access permissions management operation implementation subsystem which automatically governs the operation of said access permissions management subsystem, said access permissions management operation implementation subsystem having at least one of first and second modes of operation, and at least one of third and fourth modes of operation, said first mode of operation including simulating the operation of said access permissions management subsystem in changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating simulated changes in access permissions; said second mode of operation including providing a report of proposed changes in access permissions without first simulating the operation of said access permissions management subsystem; said third mode of operation including providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval before automatic execution of said multiple steps; and said fourth mode of operation including operating said access permissions management subsystem to change access permissions to at least some of said data elements in said network and thereafter providing a report indicating actual changes in access permissions, said access permissions management operation implementation subsystem being configured, responsive to executing one of said first and second modes of operation, to execute at least one of said third and fourth modes of operation; and wherein said access permissions management operation implementation subsystem comprises at least one of; access permissions modification task scope granularity selection functionality operative to enable selection of a selectable scope of an access permissions modification task; access permissions modification task scheduling granularity selection functionality operative to enable selection of a selectable schedule of said access permissions modification task; access permissions modification granularity selection functionality operative to enable selection of selectable granularity of said access permissions modification task; access permissions modification execution mode granularity selection functionality operative to enable selection of a selectable execution mode of said access permissions modification task; and access permissions modification task approval functionality operative to enable approval of said access permissions modification task; and wherein said scope is defined by a set of rules based on at least one of said metadata. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An information technology management method for use in enterprise data management comprising:
-
receiving metadata from a network, said metadata relating to actual access and access permissions; employing said metadata for managing access permissions to data elements in said network; automatically governing said employing at least part of said metadata for managing access permissions to data elements in said network; one of; simulating changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating simulated changes in access permissions; and providing a report of proposed changes in access permissions without first simulating changing access permissions to at least some of said data elements in said network; followed by at least one of; providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval before automatic execution of said multiple steps; and changing access permissions to at least some of said data elements in said network and thereafter providing a report indicating actual changes in access permissions; and at least one of; selecting a selectable scope of an access permissions modification task; selecting a selectable schedule of said access permissions modification task; selecting selectable granularity of said access permissions modification task; selecting a selectable execution mode of said access permissions modification task; and enabling approval of said access permissions modification task; wherein said scope is defined by a set of rules based on at least one of said metadata. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification