Self-service systems and methods for granting access to resources

US 9,202,043 B1
Filed: 01/07/2014
Issued: 12/01/2015
Est. Priority Date: 04/23/2010
Status: Active Grant

First Claim

Patent Images

1. Non-transitory physical computer storage comprising instructions stored thereon for implementing, in one or more processors, a method of automatically identifying suitable groups for a user to join and thereby gain access to a network resource, the method comprising:

receiving a request for access to a network resource for which a user does not currently have access;

identifying available groups that have access to the network resource;

computing a suitability of each of the available groups based on one or more suitability factors, the one or more suitability factors reflecting one or more of the following;

access rights held by the available groups, one or more characteristics of the available groups, one or more characteristics of the resource, and one or more characteristics of the user; and

outputting one or more of the available groups as one or more suitable groups based on the computed suitability for the one or more available groups.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A self-service system is provided that can automatically identify one or more existing groups to which a user can self-select to access a resource. The self-service system can identify any suitable existing group without requiring an administrator to predefine groups according to roles. In some implementations, the system intelligently identifies one or more suitable groups for a user from a list of available groups by analyzing a set of rules or criteria. For instance, the system can perform a weighted analysis of various rules and/or criteria to automatically and dynamically identify groups that have a closest fit to the access rights needed or requested by the user. Further, the system can evaluate certain best or preferred grouping practices to identify suitable groups. As a result, in certain embodiments, the self-service system alleviates planning burdens on administrators and provides greater flexibility in providing users with access to resources.

Citations

20 Claims

1. Non-transitory physical computer storage comprising instructions stored thereon for implementing, in one or more processors, a method of automatically identifying suitable groups for a user to join and thereby gain access to a network resource, the method comprising:
- receiving a request for access to a network resource for which a user does not currently have access;
  
  identifying available groups that have access to the network resource;
  
  computing a suitability of each of the available groups based on one or more suitability factors, the one or more suitability factors reflecting one or more of the following;
  
  access rights held by the available groups, one or more characteristics of the available groups, one or more characteristics of the resource, and one or more characteristics of the user; and
  
  outputting one or more of the available groups as one or more suitable groups based on the computed suitability for the one or more available groups.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The non-transitory physical computer storage of claim 1, wherein said identifying the available groups comprises accessing a security descriptor of the network resource.
  - 3. The non-transitory physical computer storage of claim 1, wherein the one or more characteristics of the available groups comprise a type of the available groups.
  - 4. The non-transitory physical computer storage of claim 1, wherein the one or more characteristics of the available groups comprise a domain of the available groups.
  - 5. The non-transitory physical computer storage of claim 1, wherein the one or more characteristics of the available groups comprise a number of users of the available groups.
  - 6. The non-transitory physical computer storage of claim 1, wherein the one or more characteristics of the available groups comprise a nesting distance of the available groups from the resource.
  - 7. The non-transitory physical computer storage of claim 1, wherein the one or more characteristics of the available groups comprise a number of resources to which the available groups have access.
  - 8. The non-transitory physical computer storage of claim 1, wherein said outputting comprises making the one or more suitable groups available for selection by the user.
  - 9. The non-transitory physical computer storage of claim 1, wherein said outputting comprises making the one or more suitable groups available for selection by an administrator.

10. A system for automatically identifying suitable groups for a user to join and thereby gain access to a network resource, the system comprising:
- a group identifier module configured to receive a request for access to a network resource for which a user does not currently have access and to identify available groups that have access to the network resource;
  
  a suitability calculator implemented by a computer system comprising computer hardware, the suitability calculator configured to compute a suitability of each of the available groups based on one or more suitability factors, the one or more suitability factors reflecting one or more of the following;
  
  access rights held by the available groups, one or more characteristics of the available groups, and one or more characteristics of the user; and
  
  a recommendation module configured to output one or more of the available groups as one or more suitable groups based on the computed suitability for the one or more available groups.
- View Dependent Claims (11, 12, 13)
- - 11. The system of claim 10, wherein the recommendation module is further configured to receive a user selection of one of the one or more suitable groups.
  - 12. The system of claim 11, further comprising a management console configured to report the user selection to an administrator for approval.
  - 13. The system of claim 11, wherein the one or more characteristics of the available groups comprises one or more of the following:
    - a type of the available groups, a domain of the available groups, a nesting distance of the available groups from the resource, a number of resources to which the available groups have access, and publication status of the available groups.

14. A method of automatically identifying suitable groups for a user to join and thereby gain access to a network resource, the method comprising:
- receiving a request for access to a network resource for which a user does not currently have access;
  
  identifying available groups that have access to the network resource;
  
  computing a suitability of each of the available groups based on one or more suitability factors, the one or more suitability factors reflecting one or more of the following;
  
  access rights held by the available groups, one or more characteristics of the available groups, one or more characteristics of the resource, and one or more characteristics of the user; and
  
  outputting one or more of the available groups as one or more suitable groups based on the computed suitability for the one or more available groups.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein said identifying the available groups comprises accessing a security descriptor of the network resource.
  - 16. The method of claim 14, wherein the one or more characteristics of the available groups comprise a type of the available groups.
  - 17. The method of claim 14, wherein the one or more characteristics of the available groups comprise a domain of the available groups.
  - 18. The method of claim 14, wherein the one or more characteristics of the available groups comprise a number of users of the available groups.
  - 19. The method of claim 14, wherein the one or more characteristics of the available groups comprise a nesting distance of the available groups from the resource.
  - 20. The method of claim 14, wherein the one or more characteristics of the available groups comprise a number of resources to which the available groups have access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Dinn, Stephen Brian, Frosst, Ian Murray
Primary Examiner(s)
Song, Hosuk

Application Number

US14/149,658
Time in Patent Office

693 Days
Field of Search

726 2- 7, 726 17- 19, 726 27- 29, 713/168, 709/225, 709/229, 709/217
US Class Current

1/1
CPC Class Codes

G06F 21/45   Structures or tools for the...

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

Self-service systems and methods for granting access to resources

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Self-service systems and methods for granting access to resources

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links