Context aware recertification
First Claim
1. A method, in a data processing system having a processor implemented in hardware, for recertification of a user access entitlement, comprising;
- collecting, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement of a specific user;
determining, by the processor, that recertification of the user access entitlement, with regard to the system resource, is to be performed;
determining, by the processor, a pattern of access based on the access information for the user access entitlement; and
outputting, by the processor, a recertification request graphical user interface to a user based on the pattern of access, wherein the graphical user interface comprises a representation of the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement, wherein the representation of the pattern of access comprises a comparison of a first access metric associated with the user access entitlement of the specific user to a second access metric associated with one or more other user access entitlements of one or more other specific users, and wherein the first access metric and the second access metric are statistical values indicative of previous access operations by corresponding user access entitlements.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.
25 Citations
21 Claims
-
1. A method, in a data processing system having a processor implemented in hardware, for recertification of a user access entitlement, comprising;
-
collecting, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement of a specific user; determining, by the processor, that recertification of the user access entitlement, with regard to the system resource, is to be performed; determining, by the processor, a pattern of access based on the access information for the user access entitlement; and outputting, by the processor, a recertification request graphical user interface to a user based on the pattern of access, wherein the graphical user interface comprises a representation of the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement, wherein the representation of the pattern of access comprises a comparison of a first access metric associated with the user access entitlement of the specific user to a second access metric associated with one or more other user access entitlements of one or more other specific users, and wherein the first access metric and the second access metric are statistical values indicative of previous access operations by corresponding user access entitlements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product comprising a non-transitory computer readable medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device of a data processing system, causes the computing device to:
-
collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement of a specific user; determine that recertification of the user access entitlement, with regard to the system resource, is to be performed; determine a pattern of access based on the access information for the user access entitlement; and output a recertification request graphical user interface to a user based on the pattern of access, wherein the graphical user interface comprises the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement, wherein the representation of the pattern of access comprises a comparison of a first access metric associated with the user access entitlement of the specific user to a second access metric associated with one or more other user access entitlements of one or more other specific users, and wherein the first access metric and the second access metric are statistical values indicative of previous access operations by corresponding user access entitlements. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus, comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to; collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement of a specific user; determine that recertification of the user access entitlement, with regard to the system resource, is to be performed; determine a pattern of access based on the access information for the user access entitlement; and output a recertification request graphical user interface to a user based on the pattern of access, wherein the graphical user interface comprises the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement, wherein the representation of the pattern of access comprises a comparison of a first access metric associated with the user access entitlement of the specific user to a second access metric associated with one or more other user access entitlements of one or more other specific users, and wherein the first access metric and the second access metric are statistical values indicative of previous access operations by corresponding user access entitlements.
-
Specification