System and method of performing risk analysis using a portal

摘要

In one embodiment the present invention includes a system and method of performing risk analysis on a portal. In one embodiment, risk analysis software sends requests for user information and user authorization data to an agent. The agent may be coupled to a portal and may generate queries for accessing information on the portal. The portal may include user information and authorization data useful for performing risk analysis. The agent may retrieve information used in a risk analysis process and send the information to the risk analysis software.

主权项

1. A computer-implemented method comprising:
receiving a plurality of requests from a risk analysis software component across a network in an agent software component, wherein the agent is coupled to an enterprise system portal software component, wherein said portal is coupled to a plurality of enterprise software systems and stores a plurality of user information and user authorization data for a plurality of users for specifying actions a user is authorized to perform in said enterprise software systems, the requests to said agent each including parameters corresponding to a risk analysis process executing on said risk analysis software, wherein a risk results according to a function that combines two or more of the actions the user is authorized to perform; generating, by said agent, a plurality of queries in response to said plurality of requests, each query retrieving data based on parameters from a corresponding request; retrieving, by said portal, said user information stored in a user management component of said portal in response to a first query generated in response to a first request of said plurality of requests, and returning said user information to said agent in response to the first query; retrieving, by said portal, said user authorization data stored in a content directory component of said portal in response to a second query generated in response to a second request of said plurality of requests, and returning said user authorization data to said agent in response to the second query; sending said user information and said user authorization data from said agent across said network to said risk analysis software; and executing said risk analysis process using said user information and said user authorization data to determine the risk resulting from said user information and said user authorization data, wherein said user information or said user authorization data is mapped by said agent from a first format used by said portal to a second format used by said risk analysis software, wherein said agent comprises a plurality of different objects instantiated from a plurality of different classes for processing different data types, wherein said plurality of classes includes a new roles class corresponding to new roles of the plurality of users, a modified roles class corresponding to modified roles of the plurality of users, a deleted roles class corresponding to deleted roles of the plurality of users, and an users class corresponding to the plurality of users, and wherein said portal is configured to receive real time updates of said plurality of user information and said user authorization data from said plurality of enterprise software systems, and in accordance therewith, said agent sends real time user information and real time user authorization data to said risk analysis software for use in executing said risk analysis process.