发明名称 |
Automatic policy generation based on role entitlements and identity attributes |
摘要 |
Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.
|
申请公布号 |
US7284000(B2) |
申请公布日期 |
2007.10.16 |
申请号 |
US20030741708 |
申请日期 |
2003.12.19 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
KUEHR-MCLAREN DAVID G.;GUPTA PRATIK;SAMPATHKUMAR GOVINDARAJ;WILLIAMS VINCENT C.;CUTCHER SHARON L.;TAANK SUMIT;STUBE BRIAN A.;SHANKAR HARI |
分类号 |
G06F17/30;G06F17/00;G06Q10/00 |
主分类号 |
G06F17/30 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|