Systems and methods for managing user permissions
US8601539B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Sep 5, 2007 |
| Grant date | Dec 3, 2013 |
| Priority date | — |
| Expiry date | Jan 1, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2101
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Multi-tiered systems and methods for identifying and monitoring user permissions in a computer network are described. A data structure, such as an index, for each network device identifies all the security identifiers (SIDs) and their associated permissions for accessing the resources on the network device. Each data structure can be initially populated by scanning access control lists (ACLs) of the respective network device. A collection server in communication with the network devices stores an aggregate index that identifies the SIDs in the network and the network devices on which each SID is granted, denied or revoked one or more permissions. The individual data structures and/or aggregate index are updated based on permission changes detected through real-time or periodic monitoring. The aggregate index can also be replicated to multiple servers. In certain examples, the multi-tiered arrangement facilitates identifying the network resources for which a user has been granted, denied or revoked a permission.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.