| 发明名称 | Logging access system events | ||
| 摘要 | A system is disclosed that logs access system events. When an access system event occurs, a log entry is created for the access system event. Information from an identity profile is stored in the log entry. The identity profile pertains to a first user. The first user is the entity who caused or was involved with the access system event. In one embodiment, the access system includes identity management and access management functionality. | ||
| 申请公布号 | US9038170(B2) | 申请公布日期 | 2015.05.19 |
| 申请号 | US200109792915 | 申请日期 | 2001.02.26 |
| 申请人 | Oracle International Corporation | 发明人 | Joshi Vrinda S.;Ramamurthy Srinivasagapala |
| 分类号 | G06F12/14;G06F7/04;G06F17/00;H04L29/06;H04L9/32;G06F15/173;H04L29/12;G06F17/30;G06F21/62;H04L29/08 | 主分类号 | G06F12/14 |
| 代理机构 | Kilpatrick Townsend & Stockon LLP | 代理人 | Kilpatrick Townsend & Stockon LLP |
| 主权项 | 1. A method for logging access system events, comprising: detecting an access system event which includes accessing a resource and access information; testing whether access to the resource is authorized based on the access information without granting authorization to the resource, wherein the testing includes accessing an authorization rule for the resource and accessing an identity profile for a first user to determine whether at least a portion of the authorization rule is satisfied based on information in the identity profile; reporting whether access to the resource is authorized based on the testing by: creating in an audit log a log entry for said access system event which includes an indication of whether access to the resource is authorized based on the testing,storing the authorization rule for the resource and used during said testing in said log entry, andstoring information from the identity profile for the first user in said log entry, the information from the identity profile stored in the log entry comprising one or more attributes of the identity profile for the first user, the attributes identified by an audit rule associated with the resource; monitoring the audit log with an audit log sensor for events associated with at least one of one or more event types associated with the access system event; accessing instructions for an event type associated with the access system event, wherein the instructions specify that a value of one or more attributes of the attributes in the identity profile is to be added to the audit log entry; accessing the identity profile for the user in response to the instructions; adding the value of one or more attributes of the plurality of attributes in the identity profile of the user to the audit log entry in accordance with the instructions; and storing the audit log entry including the one or more attribute values in an application server. | ||
| 地址 | Redwood Shores CA US | ||