Intelligent system for enabling automated secondary authorization for service requests in an agile information technology environment
First Claim
Patent Images
1. A method comprising:
- receiving, by an access control system, a service request for at least one managed computer system from an entity, the entity having an access right for requesting the received service request of the managed computer system;
subsequent to the service request receiving a primary authorization, determining dynamically, according to a context of the managed computer system and an authorization profile for the received service request, by the access control system that the service request requires secondary authorization, the authorization profile for the received service request being retrieved from at least one knowledge system associated with the managed computer system;
sending, by the access control system and based upon the determination, the service request and a secondary authorization request to a secondary authorization management system;
resolving, by the secondary authorization management system, the secondary authorization request;
returning, by the secondary authorization management system, a resolution of the secondary authorization request to the access control system;
logging the context for the managed computer system, the service request, a secondary authorization result, and a service request result;
identifying a pattern and adding the pattern to the at least one knowledge system with the secondary authorization result; and
determining whether to provide the secondary authorization result in response to a secondary authorization request for another received service request based upon a comparison with the identified pattern.
6 Assignments
0 Petitions
Accused Products
Abstract
A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.
-
Citations
12 Claims
-
1. A method comprising:
-
receiving, by an access control system, a service request for at least one managed computer system from an entity, the entity having an access right for requesting the received service request of the managed computer system; subsequent to the service request receiving a primary authorization, determining dynamically, according to a context of the managed computer system and an authorization profile for the received service request, by the access control system that the service request requires secondary authorization, the authorization profile for the received service request being retrieved from at least one knowledge system associated with the managed computer system; sending, by the access control system and based upon the determination, the service request and a secondary authorization request to a secondary authorization management system; resolving, by the secondary authorization management system, the secondary authorization request; returning, by the secondary authorization management system, a resolution of the secondary authorization request to the access control system; logging the context for the managed computer system, the service request, a secondary authorization result, and a service request result; identifying a pattern and adding the pattern to the at least one knowledge system with the secondary authorization result; and determining whether to provide the secondary authorization result in response to a secondary authorization request for another received service request based upon a comparison with the identified pattern. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising a managed computer system, an access control system and a secondary authorization management system,
wherein the access control system comprises at least one hardware processor that is configured to (i) receive a service request for at least one managed computer system from an entity, the entity having an access right for requesting the received service request of the managed computer system, (ii) subsequent to the service request receiving a primary authorization, dynamically determine, according to a context of the managed computer system and an authorization profile for the received service request, that the service request requires secondary authorization, the authorization profile for the received service request being retrieved from at least one knowledge system associated with the managed computer system, and (iii) send, based upon the determination, the service request and a secondary authorization request to a secondary authorization management system; - and
wherein the secondary authorization management system comprises at least one hardware processor that is configured to (i) resolve the secondary authorization request;
(ii) return a resolution of the secondary authorization request to the access control system;
(iii) log the context for the managed computer system, the service request, a secondary authorization result, and a service request result;
(iv) identify a pattern and adding the pattern to the at least one knowledge system with the secondary authorization result; and
(v) determine whether to provide the secondary authorization result in response to a secondary authorization request for another received service request based upon a comparison with the identified pattern. - View Dependent Claims (8, 9, 10, 11, 12)
- and
Specification