Access requests at IAM system implementing IAM data model
First Claim
1. A computer-implemented method of provisioning access rights to physical computing resources comprising:
- receiving, at a computing device, a request to provision one or more access rights for a user account wherein the request specifies a business activity;
identifying, by the computing device, a set of logical permissions based, at least in part, on the request by obtaining a set of business tasks associated with the business activity and identifying, as the set of logical permissions, one or more logical permissions respectively associated with individual business tasks in the set of business tasks;
deriving, by the computing device, a set of logical entitlements based, at least in part, on the set of logical permissions;
translating, by the computing device, the set of logical entitlements to a physical entitlement specification based, at least in part, on a set of physical permission specifications wherein each one of the physical permission specifications in the set of physical permission specifications is associated with one of the logical permissions in the set of logical permissions; and
provisioning, by the computing device, access rights for the user account to at least one physical computing resource indicated in the physical entitlement specification.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for provisioning access rights to physical computing resources using an IAM system implementing an IAM data model. The IAM data model may identify logical and physical computing resources. An access request handler may receive an access request and identify a set of logical permissions based on the access request. The access request handler may derive a set of logical entitlements based on the set of logical permissions. An entitlement translator may translate the set of logical entitlements to a physical entitlement specification based on a set of physical permission specifications associated with the set of logical permissions. A physical permission specification may be obtained by mapping a logical permission to one or more physical permissions. An access control manager may then provision access rights to at least one physical computing resource indicated in the physical entitlement specification.
235 Citations
7 Claims
-
1. A computer-implemented method of provisioning access rights to physical computing resources comprising:
-
receiving, at a computing device, a request to provision one or more access rights for a user account wherein the request specifies a business activity; identifying, by the computing device, a set of logical permissions based, at least in part, on the request by obtaining a set of business tasks associated with the business activity and identifying, as the set of logical permissions, one or more logical permissions respectively associated with individual business tasks in the set of business tasks; deriving, by the computing device, a set of logical entitlements based, at least in part, on the set of logical permissions; translating, by the computing device, the set of logical entitlements to a physical entitlement specification based, at least in part, on a set of physical permission specifications wherein each one of the physical permission specifications in the set of physical permission specifications is associated with one of the logical permissions in the set of logical permissions; and provisioning, by the computing device, access rights for the user account to at least one physical computing resource indicated in the physical entitlement specification. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification