| 摘要 |
One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided. |
| 主权项 |
1. An apparatus configured for performing access validation, comprising:
one or more processors; an access validation application executable by said one or more processors, said access validation application configured for:
receiving, at a server from a requesting entity over a network, a request to perform access validation of a particular resource at an organization site or at a site external to the organization site, to which access had previously been granted; wherein the particular resource has a corresponding owner and is at a particular location within a hierarchy of resources, wherein the owner causes a chain of validation of entities which are in its realm of responsibility, each entity comprising one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner of each said sub-resource causing a chain of validation of entities which are in its realm of responsibility until there are no more sub-resources;
responsive to receiving the request, determining, at said server, whether the previously granted access to said particular resource is valid, said determining comprising:
identifying, by the server and from configuration data stored at configuration database, the owner of the particular resource and a list of at least one sub-resources and its owner;responsive to identifying the owner of the particular resource and the list of at least one sub-resource and its owner, sending, by said owner of the particular resource over the network, a request for access validation intended for said at least one owner of said at least one sub-resource of the particular resource, said request for access validation causing said at least one owner to send a request for access validation intended for at least one owner of its sub-resource, when present, iteratively, until no more sub-resources are present;sending by said owner of the particular resource over the network, a request for access validation intended for said remaining owners of said remaining sub-resources of the particular resource, until there are no more sub-resources, causing each owner of each remaining sub-resource to send a request for access validation intended for each of its corresponding sub-resource, iteratively, until there are no more sub-resources; andin response to determining whether the previously granted access to said resource is valid, sending, over the network by said server for delivery to said requesting entity, a response having any of the following five options:
an affirmation of validity;a negative indication that said previously granted access to said resource is not valid;a stronger condition;an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; andan exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required; wherein configuring said access validation application does not require business rules. |
