Authorization server access system

摘要

Systems and techniques are provided for authorizing restricted action (e.g., data access) requests using a tiered arrangement. A rule set is generated based on a policy received by an authorization server and is transmitted to a broker associated with an enterprise server. A restricted action request is received by an agent associated with the enterprise server and is provided to the broker associated with the enterprise server. The broker analyzes the request in view of the rule set and determines if the restricted action request should be granted or denied. The policy and/or rule set are updated based on activities and/or events within the system and a new rule set is generated based on the updated policy.

主权项

1. A method comprising:
receiving, by an authorization server, a policy that defines a restricted action for an endpoint device, the policy established by a third enterprise server providing a third service and based on at least one action monitored by the third enterprise server, wherein the restricted action is access by the endpoint device of one or more of a file with a specified file name, a URL, an application, a directory, a document, and a file location; generating, by the authorization server, a first rule set for a first enterprise server providing a first service, the first rule set based upon the policy; generating, by the authorization server, a second rule set for a second enterprise server, the second rule set based upon the policy, the second enterprise server providing a second service different from the first service; distributing, by the authorization server, the first rule set to the first enterprise server; and distributing, by the authorization server, the second rule set to the second enterprise server.