VISUALIZATION OF ACCESS PERMISSION STATUS

摘要

Queries regarding access permissions of users and rights to directories in a complex enterprise are executed in near real-time, using lookups to tables that form a condensed database maintained for each file server. User information is condensed by arranging users in user groups having common data access rights. Directory permissions storage is condensed by showing only distinctive permissions to a directory in a table entry, and referencing inherited permissions of parent directories. The tables indicate recursive and ancestral relationships among the user groups and directories. They are developed and updated in advance of any queries. A consolidated view of the query results is presented on a single display screen. Using the tables results can be obtained without exhaustive searches of large file system tables.

主权项

1. A method for displaying data access privilege status for data in an enterprise:
defining user groups offering common rights of access to a plurality of file servers, said file servers being organized as a hierarchy of storage elements having ancestors, said storage elements comprising nondistinctive elements that offer only inherited access privileges that are inherited from one of said ancestors thereof, and distinctive elements that offer at least non-inherited access privileges; maintaining a directory database only for said distinctive elements, entries in said directory database comprising one of said distinctive elements and a list that identifies other said distinctive elements that are ancestral thereto in said hierarchy; and consulting said directory database to determine a directory-oriented set of said user groups that offer said common rights of access to selected ones of said storage elements.