Role engineering scoping and management
First Claim
1. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a data processing system, causes the data processing system to:
- receive a plurality of data objects representing one or more user identities, permissions, and resources of an organization computing system;
receive one or more filter criteria for filtering the plurality of data objects to generate a subset of data objects for consideration during a role engineering project, wherein the one or more filter criteria specify a scope of the role engineering project, and wherein the role engineering project comprises generating one or more security roles that do not previously exist in an organization computing system;
apply the one or more filter criteria to generate the subset of data objects;
perform role engineering project operations on the subset of data objects to generate the one or more security roles;
deploy the one or more security roles to the organization computing system to control access operations targeting resources of the organization computing system; and
at least one of;
merge at least one of the one or more filter criteria, the subset of data objects, or the one or more security roles of the role engineering project with at least one of filter criteria, data objects, or security roles of another role engineering project;
orsplit the at least one of the one or more filter criteria, the subset of data objects, or the one or more security roles of the role engineering project into two or more sub-projects of the role engineering project.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms are provided for performing a role engineering project for applying security roles to access operations targeting resources. A plurality of data objects representing one or more user identities, permissions, and resources of an organization computing system are received. One or more filter criteria for filtering the plurality of data objects to generate a subset of data objects for consideration during the role engineering project are received. The one or more filter criteria specify a scope of the role engineering project. The one or more filter criteria are applied to generate the subset of data objects. Role engineering project operations are performed on the subset of data objects to generate one or more security roles. The one or more security roles are deployed to the organization computing system to control access operations targeting resources of the organization computing system.
15 Citations
16 Claims
-
1. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a data processing system, causes the data processing system to:
-
receive a plurality of data objects representing one or more user identities, permissions, and resources of an organization computing system; receive one or more filter criteria for filtering the plurality of data objects to generate a subset of data objects for consideration during a role engineering project, wherein the one or more filter criteria specify a scope of the role engineering project, and wherein the role engineering project comprises generating one or more security roles that do not previously exist in an organization computing system; apply the one or more filter criteria to generate the subset of data objects; perform role engineering project operations on the subset of data objects to generate the one or more security roles; deploy the one or more security roles to the organization computing system to control access operations targeting resources of the organization computing system; and
at least one of;merge at least one of the one or more filter criteria, the subset of data objects, or the one or more security roles of the role engineering project with at least one of filter criteria, data objects, or security roles of another role engineering project;
orsplit the at least one of the one or more filter criteria, the subset of data objects, or the one or more security roles of the role engineering project into two or more sub-projects of the role engineering project. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus, comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to; receive a plurality of data objects representing one or more user identities, permissions, and resources of an organization computing system; receive one or more filter criteria for filtering the plurality of data objects to generate a subset of data objects for consideration during a role engineering project, wherein the one or more filter criteria specify a scope of the role engineering project, and wherein the role engineering project comprises generating one or more security roles that do not previously exist in an organization computing system; apply the one or more filter criteria to generate the subset of data objects; perform role engineering project operations on the subset of data objects to generate the one or more security roles; and deploy the one or more security roles to the organization computing system to control access operations targeting resources of the organization computing system; and
at least one of;merge at least one of the one or more filter criteria, the subset of data objects, or the one or more security roles of the role engineering project with at least one of filter criteria, data objects, or security roles of another role engineering project;
orsplit the at least one of the one or more filter criteria, the subset of data objects, or the one or more security roles of the role engineering project into two or more sub-projects of the role engineering project. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification