TENANT LOCKBOX
First Claim
1. A computer-implemented method for providing tenant approval for operator access to a tenant'"'"'s data, comprising:
- receiving an indication to create an access control request for temporarily elevating a role of an operator to a security group giving the operator a set of permissions for allowing the operator to perform an action on behalf of the tenant and to enable operator access to the tenant'"'"'s data;
creating the access control request for temporarily elevating the role of the operator;
computing a set of one or more internal administrators authorized to grant a first set of permissions to temporarily elevate the role of the operator;
sending the access control request to the one or more internal administrators;
receiving an access control response from one of the one or more internal administrators;
determining whether the access control response from the internal administrator is an approval or a rejection of the access control request;
upon determining that the access control response from the internal administrator is an approval of the access control request, granting the first set of permissions to temporarily elevate the role of the operator;
computing a set of one or more tenant administrators authorized to grant a second set of permissions to temporarily elevate the role of the operator;
sending the access control request to the one or more tenant administrators;
receiving an access control response from one of the one or more tenant administrators;
determining whether the access control response from the tenant administrator is an approval or a rejection of the access control request;
upon determining that the access control response from the tenant administrator is an approval of the access control request, granting the second set of permissions to temporarily elevate the role of the operator; and
temporarily elevating the role of the operator to the security group giving the operator the set of permissions for allowing the operator to perform the action on behalf of the tenant and to enable operator access to the tenant'"'"'s data.
1 Assignment
0 Petitions
Accused Products
Abstract
Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant'"'"'s data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.
37 Citations
20 Claims
-
1. A computer-implemented method for providing tenant approval for operator access to a tenant'"'"'s data, comprising:
-
receiving an indication to create an access control request for temporarily elevating a role of an operator to a security group giving the operator a set of permissions for allowing the operator to perform an action on behalf of the tenant and to enable operator access to the tenant'"'"'s data; creating the access control request for temporarily elevating the role of the operator; computing a set of one or more internal administrators authorized to grant a first set of permissions to temporarily elevate the role of the operator; sending the access control request to the one or more internal administrators; receiving an access control response from one of the one or more internal administrators; determining whether the access control response from the internal administrator is an approval or a rejection of the access control request; upon determining that the access control response from the internal administrator is an approval of the access control request, granting the first set of permissions to temporarily elevate the role of the operator; computing a set of one or more tenant administrators authorized to grant a second set of permissions to temporarily elevate the role of the operator; sending the access control request to the one or more tenant administrators; receiving an access control response from one of the one or more tenant administrators; determining whether the access control response from the tenant administrator is an approval or a rejection of the access control request; upon determining that the access control response from the tenant administrator is an approval of the access control request, granting the second set of permissions to temporarily elevate the role of the operator; and temporarily elevating the role of the operator to the security group giving the operator the set of permissions for allowing the operator to perform the action on behalf of the tenant and to enable operator access to the tenant'"'"'s data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for providing tenant approval for operator access to a tenant'"'"'s data, the system comprising:
-
one or more processors; memory storing one or more modules that are executable by the one or more processors, the one or more modules comprising; a request creation module for; receiving an indication to create an access control request for temporarily elevating a role of an operator to a security group giving the operator a set of permissions for allowing the operator to perform an action on behalf of the tenant and to enable operator access to the tenant'"'"'s data; and creating the access control request for temporarily elevating the role of the operator; a request authentication and authorization module for; authenticating the access control request; computing a set of at least one internal administrator authorized to grant a first set of permissions to temporarily elevate the role of the operator; receiving an access control response from an internal administrator of the set of at least one internal administrator; determining whether the access control response from the internal administrator is an approval or a rejection of the access control request; upon determining that the access control response from the internal administrator is an approval of the access control request, granting the first set of permissions to temporarily elevate the role of the operator; and computing a set of at least one tenant administrator authorized to grant a second set of permissions to temporarily elevate the role of the operator; and a request notification and response module for; sending the access control request to the at least one internal administrator; receiving the access control response from the internal administrator; sending the access control request to the at least one tenant administrator; and receiving an access control response from a tenant administrator of the set of at least one tenant administrator. - View Dependent Claims (15, 16, 17, 18)
-
-
19. One or more computer storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform a method for providing tenant approval for operator access to a tenant'"'"'s data, the method comprising:
-
receiving an indication to create an access control request for temporarily elevating a role of an operator to a security group giving the operator a set of permissions for allowing the operator to perform an action on behalf of the tenant and to enable operator access to the tenant'"'"'s data; determining the security group that would give the operator the set of permissions needed to allow the operator to perform the action; creating the access control request for temporarily elevating the role of the operator; authenticating the access control request, wherein authenticating the access control request comprises determining a current role of the operator, and determining whether elevation to the role corresponding to the determined security group from the current role complies with at least one of a plurality of policies; generating a set of at least one internal administrator authorized to grant a first set of permissions to temporarily elevate the role of the operator; sending the access control request to the at least one internal administrator; receiving an access control response from one internal administrator of the set of at least one internal administrator; determining whether the access control response from the internal administrator is an approval or a rejection of the access control request; upon determining that the access control response from the internal administrator is an approval of the access control request; granting a first set of permissions to temporarily elevate the role of the operator; generating a set of at least one tenant administrator authorized to grant a second set of permissions to temporarily elevate the role of the operator; sending the access control request to the at least one tenant administrator; receiving an access control response from one tenant administrator of the set of at least one tenant administrator; determining whether the access control response from the tenant administrator is an approval or a rejection of the access control request; and upon determining that the response from the tenant administrator is an approval of the access control request; granting the second set of permissions to temporarily elevate the role of the operator; and temporarily elevating the role of the operator to the security group giving the operator the set of permissions for allowing the operator to perform the action on behalf of the tenant and to enable operator access to the tenant'"'"'s data. - View Dependent Claims (20)
-
Specification