Authorizing an action request in a networked computing environment

US 10,277,521 B2
Filed: 06/04/2013
Issued: 04/30/2019
Est. Priority Date: 06/04/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for minimizing an effect of a disruptive action in a networked computing environment, comprising:

receiving an action request to perform a disruptive action associated with a cloud computing resource, wherein the networked computing environment is a cloud computing environment and the disruptive action is an action that has a potential to have a disruptive effect;

determining connected systems potentially affected by the requested action from a list of systems capable of being affected by the disruptive action based on a port and a protocol being accessed by the connected systems, the connected systems having an open connection to the cloud computing resource;

determining actual users of each of the connected systems by referencing a database of the cloud computing environment to find a technical owner of each of the connected systems, wherein the actual users comprise active users having an open connection to the computing resource and being actively engaged with the computing resource, passive users having an open connection to the computing resource but not actively engaged with the computing resource, and inactive users comprising an administrator;

sending a notification requesting a response to one or more of the actual users, the notification comprising a message selected from the group consisting of;

an email message, a text message, an instant message, a pop-up window, and a mobile push notification;

receiving a response to the notification from one or more of the actual users, the response comprising a response activity to be executed by the cloud computing resource, the completion of which is a condition for the user to authorize the requested action, and the response comprising a message selected from the group consisting of;

an email message, a text message, an instant message, a pop-up window, and a mobile push notification;

analyzing user data comprising resource usage activity associated with each responding actual user and a role of each responding actual user;

weighting the response of each responding actual user based on the resource usage activity associated with each responding actual user and the role of each responding actual user, the weighting following a set of rules comprising;

assigning a higher priority to a response of an actual user having an active connection than to a response of an actual user having an inactive connection, assigning a higher priority to a response of an actual user with a history of database querying than to a response of an actual user having an open but inactive database connection, assigning a higher priority to a response of an actual user performing a database operation than to a response of an actual user having an open but inactive database connection, and assigning a higher priority to a response of an actual user who is an administrator than to a response of an actual user who is not an administrator; and

determining, based on the weighted responses, whether to grant authorization to perform the requested action, wherein the requested action is performed when authorization is granted and a sufficient failover server is available.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach for authorizing an action requested by a user in a networked computing environment (e.g., a cloud computing environment) is provided. In a typical embodiment, a request for a particular action associated with a computing resource is received. The connected systems which may be affected by the requested action are identified. The actual users of the connected systems are determined. A response from each of the actual users is requested. The responses are collected and weighted to determine if authorization for the requested action is granted.

16 Citations

View as Search Results

20 Claims

1. A computer-implemented method for minimizing an effect of a disruptive action in a networked computing environment, comprising:
- receiving an action request to perform a disruptive action associated with a cloud computing resource, wherein the networked computing environment is a cloud computing environment and the disruptive action is an action that has a potential to have a disruptive effect;
  
  determining connected systems potentially affected by the requested action from a list of systems capable of being affected by the disruptive action based on a port and a protocol being accessed by the connected systems, the connected systems having an open connection to the cloud computing resource;
  
  determining actual users of each of the connected systems by referencing a database of the cloud computing environment to find a technical owner of each of the connected systems, wherein the actual users comprise active users having an open connection to the computing resource and being actively engaged with the computing resource, passive users having an open connection to the computing resource but not actively engaged with the computing resource, and inactive users comprising an administrator;
  
  sending a notification requesting a response to one or more of the actual users, the notification comprising a message selected from the group consisting of;
  
  an email message, a text message, an instant message, a pop-up window, and a mobile push notification;
  
  receiving a response to the notification from one or more of the actual users, the response comprising a response activity to be executed by the cloud computing resource, the completion of which is a condition for the user to authorize the requested action, and the response comprising a message selected from the group consisting of;
  
  an email message, a text message, an instant message, a pop-up window, and a mobile push notification;
  
  analyzing user data comprising resource usage activity associated with each responding actual user and a role of each responding actual user;
  
  weighting the response of each responding actual user based on the resource usage activity associated with each responding actual user and the role of each responding actual user, the weighting following a set of rules comprising;
  
  assigning a higher priority to a response of an actual user having an active connection than to a response of an actual user having an inactive connection, assigning a higher priority to a response of an actual user with a history of database querying than to a response of an actual user having an open but inactive database connection, assigning a higher priority to a response of an actual user performing a database operation than to a response of an actual user having an open but inactive database connection, and assigning a higher priority to a response of an actual user who is an administrator than to a response of an actual user who is not an administrator; and
  
  determining, based on the weighted responses, whether to grant authorization to perform the requested action, wherein the requested action is performed when authorization is granted and a sufficient failover server is available.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein authorization is granted based on the weighted responses.
  - 3. The computer-implemented method of claim 1, wherein the user data comprises at least one of a data usage or user role.
  - 4. The computer-implemented method of claim 1, wherein an actual user comprises at least one of an active user, passive user, or inactive user.
  - 5. The computer-implemented method of claim 1, further comprising requesting a response from each actual user via a notification transmitted to each actual user.
  - 6. The computer-implemented method of claim 5, wherein each actual user is required to respond within a predefined amount of time and wherein, in the case that an actual user does not respond within the predefined amount of time, an automated profile, comprising response instructions of the non-responsive actual user, responds.
  - 7. The computer-implemented method of claim 6, wherein the system pauses until a set of responses are received from a particular set of actual uses, particular set of actual uses comprising at least one user selected from the group consisting of:
    - an application owner, a system owner, a user having a rate of current activity above a threshold, and a user currently administering an application.

8. A system for minimizing an effect of a disruptive action in a networked computing environment, comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the system to;
  
  receive an action request to perform a disruptive action associated with a cloud computing resource, wherein the networked computing environment is a cloud computing environment and the disruptive action is an action that has a potential to have a disruptive effect;
  
  determine connected systems potentially affected by the requested action from a list of systems capable of being affected by the disruptive action based on a port and a protocol being accessed by the connected systems, the connected systems having an open connection to the cloud computing resource;
  
  determine actual users of each of the connected systems by referencing a database of the cloud computing environment to find a technical owner of each of the connected systems, wherein the actual users comprise active users having an open connection to the computing resource and being actively engaged with the computing resource, passive users having an open connection to the computing resource but not actively engaged with the computing resource, and inactive users comprising an administrator;
  
  send a notification requesting a response to one or more of the actual users, the notification comprising a message selected from the group consisting of;
  
  an email message, a text message, an instant message, a pop-up window, and a mobile push notification;
  
  receive a response from one or more of the actual users, the response comprising a response activity to be executed by the cloud computing resource, the completion of which is a condition for the user to authorize the requested action, and the response comprising a message selected from the group consisting of;
  
  an email message, a text message, an instant message, a pop-up window, and a mobile push notification;
  
  analyze user data comprising resource usage activity associated with each responding actual user and a role of each responding actual user;
  
  weight the response of each responding actual user based on the resource usage activity associated with each responding actual user and the role of each responding actual user, the weighting following a set of rules comprising;
  
  assigning a higher priority to a response of an actual user having an active connection than to a response of an actual user having an inactive connection, assigning a higher priority to a response of an actual user with a history of database querying than to a response of an actual user having an open but inactive database connection, assigning a higher priority to a response of an actual user performing a database operation than to a response of an actual user having an open but inactive database connection, and assigning a higher priority to a response of an actual user who is an administrator than to a response of an actual user who is not an administrator; and
  
  determine, based on the weighted responses, whether to grant authorization to perform the requested action, wherein the requested action is performed when authorization is granted and a sufficient failover server is available.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein authorization is granted based on the weighted responses.
  - 10. The system of claim 8, wherein the user data comprises at least one of a data usage or user role.
  - 11. The system of claim 8, wherein an actual user comprises at least one of an active user, passive user, or inactive user.
  - 12. The system of claim 8, the computer readable storage media further comprising instructions to request a response from each actual user via a notification transmitted to each actual user.
  - 13. The system of claim 12, the computer readable storage media further comprising instructions to require each actual user to respond within a predefined amount of time and, in the case that an actual user does not respond within the predefined amount of time, obtain a response from an automated profile, comprising response instructions of the non-responsive actual user.
  - 14. The system of claim 13, wherein the system pauses until a set of responses are received from a particular set of actual uses, particular set of actual uses comprising at least one user selected from the group consisting of:
    - an application owner, a system owner, a user having a rate of current activity above a threshold, and a user currently administering an application.

15. A computer program product for minimizing an effect of a disruptive action in a cloud computing environment, the computer program product comprising a computer readable hardware storage device, and program instructions stored on the computer readable hardware storage device, to:
- receive an action request to perform a disruptive action associated with a cloud computing resource, wherein the networked computing environment is a cloud computing environment and the disruptive action is an action that has a potential to have a disruptive effect;
  
  determine connected systems potentially affected by the requested action from a list of systems capable of being affected by the disruptive action based on a port and a protocol being accessed by the connected systems, the connected systems having an open connection to the cloud computing resource;
  
  determine actual users of each of the connected systems by referencing a database of the cloud computing environment to find a technical owner of each of the connected systems, wherein the actual users comprise active users having an open connection to the computing resource and being actively engaged with the computing resource, passive users having an open connection to the computing resource but not actively engaged with the computing resource, and inactive users comprising an administrator;
  
  send a notification requesting a response to one or more of the actual users, the notification comprising a message selected from the group consisting of;
  
  an email message, a text message, an instant message, a pop-up window, and a mobile push notification;
  
  receive a response from one or more of the actual users, the response comprising a response activity to be executed by the cloud computing resource, the completion of which is a condition for the user to authorize the requested action, and the response comprising a message selected from the group consisting of;
  
  an email message, a text message, an instant message, a pop-up window, and a mobile push notification;
  
  analyze user data comprising resource usage activity associated with each responding actual user and a role of each responding actual user;
  
  weight the response of each responding actual user based on the resource usage activity associated with each responding actual user and the role of each responding actual user, the weighting following a set of rules comprising;
  
  assigning a higher priority to a response of an actual user having an active connection than to a response of an actual user having an inactive connection, assigning a higher priority to a response of an actual user with a history of database querying than to a response of an actual user having an open but inactive database connection, assigning a higher priority to a response of an actual user performing a database operation than to a response of an actual user having an open but inactive database connection, and assigning a higher priority to a response of an actual user who is an administrator than to a response of an actual user who is not an administrator; and
  
  determine, based on the weighted responses, whether to grant authorization to perform the requested action, wherein the requested action is performed when authorization is granted and a sufficient failover server is available.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein authorization is granted based on the weighted responses.
  - 17. The computer program product of claim 15, wherein the user data comprises at least one of a data usage or user role.
  - 18. The computer program product of claim 15, wherein an actual user comprises at least one of an active user, passive user, or inactive user.
  - 19. The computer program product of claim 15, the computer readable hardware storage device further comprising instructions to request a response from each actual user via a notification transmitted to each actual user.
  - 20. The computer program product of claim 19, the computer readable hardware storage device further comprising instructions to require each actual user to respond within a predefined amount of time and, in the case that an actual user does not respond within the predefined amount of time, obtain a response from an automated profile, comprising response instructions of the non-responsive actual user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Abuelsaad, Kelly, DeLuca, Lisa Seacat, Jang, Soobaek, Krook, Daniel C.
Primary Examiner(s)
Christensen, Scott B

Application Number

US13/909,127
Publication Number

US 20140359110A1
Time in Patent Office

2,156 Days
Field of Search

709223-226, 718104
US Class Current
CPC Class Codes

G06F 9/50   Allocation of resources, e....

H04L 47/70   Admission control; Resource...

H04L 47/83   based on usage prediction

Authorizing an action request in a networked computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Authorizing an action request in a networked computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others