| 发明名称 |
Role engineering scoping and management |
| 摘要 |
Mechanisms are provided for performing a role engineering project for applying security roles to access operations targeting resources. A plurality of data objects representing one or more user identities, permissions, and resources of an organization computing system are received. One or more filter criteria for filtering the plurality of data objects to generate a subset of data objects for consideration during the role engineering project are received. The one or more filter criteria specify a scope of the role engineering project. The one or more filter criteria are applied to generate the subset of data objects. Role engineering project operations are performed on the subset of data objects to generate one or more security roles. The one or more security roles are deployed to the organization computing system to control access operations targeting resources of the organization computing system. |
| 申请公布号 |
US8918425(B2) |
申请公布日期 |
2014.12.23 |
| 申请号 |
US201113278441 |
申请日期 |
2011.10.21 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Casco-Arias Sanchez Luis B.;Jordan Todd D.;Kuehr-McLaren David G.;Love Oriana J.;Palmieri David W.;Plachco Chrystian L.;Rajamani Magesh;Robke Jeffrey T. |
| 分类号 |
G06F17/30;H04L29/06;G06Q10/06;G06F21/60 |
主分类号 |
G06F17/30 |
| 代理机构 |
|
代理人 |
Walder, Jr. Stephen J.;LaBaw Jeffrey S. |
| 主权项 |
1. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a data processing system, causes the data processing system to:
receive a plurality of data objects representing one or more user identities, permissions, and resources of an organization computing system; receive one or more filter criteria for filtering the plurality of data objects to generate a subset of data objects for consideration during a role engineering project, wherein the one or more filter criteria specify a scope of the role engineering project, and wherein the role engineering project comprises generating one or more security roles that do not previously exist in an organization computing system; apply the one or more filter criteria to generate the subset of data objects; perform role engineering project operations on the subset of data objects to generate the one or more security roles; deploy the one or more security roles to the organization computing system to control access operations targeting resources of the organization computing system; and at least one of: merge at least one of the one or more filter criteria, the subset of data objects, or the one or more security roles of the role engineering project with at least one of filter criteria, data objects, or security roles of another role engineering project; or split the at least one of the one or more filter criteria, the subset of data objects, or the one or more security roles of the role engineering project into two or more sub-projects of the role engineering project. |
| 地址 |
Armonk NY US |
