Methods and systems for managing user access to computer software application programs
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-007/00
G06F-017/30
출원번호
US-0134973
(2005-05-23)
등록번호
US-7401083
(2008-07-15)
발명자
/ 주소
Daemke,Valery
Horsfield,John
Nason,Bonnie
Simuni,Ilya
Sood,Sachindra
출원인 / 주소
Goldman Sachs & Co.
대리인 / 주소
Buckley, Maschoff & Talwalkar LLC
인용정보
피인용 횟수 :
6인용 특허 :
12
초록▼
According to some embodiments, a method of operating a computer system includes installing a plurality of application software programs in the computer system. The method further includes defining user access assignments for each of the application software programs for a respective plurality of use
According to some embodiments, a method of operating a computer system includes installing a plurality of application software programs in the computer system. The method further includes defining user access assignments for each of the application software programs for a respective plurality of users. The method further includes storing, in a user access repository, data which represents all of the user access assignments. The method further includes defining a user access rule, and analyzing the data in the user access repository to determine whether the user access rule is violated by the user access assignments.
대표청구항▼
What is claimed is: 1. A method of operating a computer system, the method comprising: installing a plurality of application software programs in a plurality of server computers in said computer system; defining user access assignments in said server computers for each of said application software
What is claimed is: 1. A method of operating a computer system, the method comprising: installing a plurality of application software programs in a plurality of server computers in said computer system; defining user access assignments in said server computers for each of said application software programs for a respective plurality of users; loading user access assignment data from each of said plurality of servers to an authorization monitoring server computer in said computer system; storing, in a user access repository in said authorization monitoring server computer, said loaded user access assignment data, said loaded user access assignment data representing all of said user access assignments; defining a user access rule, said user access rule forbidding at least one user access assignment or at least one combination of user access assignments; and analyzing said user access assignment data stored in said user access repository to determine whether said user access rule is violated by said user access assignments. 2. The method of claim 1, further comprising: generating a report to indicate each user access assignment that violates said user access rule. 3. The method of claim 2, further comprising: displaying said report on a display device of said computer system. 4. The method of claim 2, further comprising: printing said report. 5. The method of claim 1, further comprising: automatically deleting and/or disabling each of said user access assignments that violates said user access rule. 6. The method of claim 1, wherein said user access rule forbids any of said users to have access both to a first one of said applications and to a second one of said applications. 7. The method of claim 1, wherein said user access rule forbids any of said users who is a member of a certain department to have access to a certain one of said applications. 8. The method of claim 1, wherein said user access rule forbids any of said users who is located in a certain office to have access to a certain one of said applications. 9. The method of claim 1, wherein said user access assignment data includes, with respect to at least one of said application software programs, data that indicates respective levels of access granted to users assigned access to said at least one application software program. 10. The method of claim 9, wherein said user access rule forbids any of said users having a certain level of access to a first one of said applications to have access to a second one of said applications. 11. The method of claim 9, wherein said user access rule forbids any of said users having a certain level of access to a first one of said applications to have a certain level of access to a second one of said applications. 12. The method of claim 1, wherein defining said rule includes entering logical connectors together with user and/or application attributes into a screen display. 13. The method of claim 1, wherein said application software programs include at least twenty application software programs. 14. The method of claim 13, wherein said application software programs include at least one hundred application software programs. 15. The method of claim 1, wherein defining user access assignments includes generating access control lists for said application software programs. 16. The method of claim 1, further comprising: proposing a change in an attribute of a user; and analyzing said user access assignment data to determine whether said user access rule is violated by the proposed change. 17. The method of claim 1, further comprising: proposing a new user access assignment; and analyzing said user access assignment data to determine whether said user access rule is violated by the proposed new user access assignment. 18. The method of claim 1, further comprising: allowing an administrator to override said rule with respect to a particular user access assignment. 19. A method of operating a computer system, the method comprising: installing a plurality of application software programs in a plurality of server computers in said computer system; defining user access assignments in said server computers for each of said application software programs for a respective plurality of users; loading user access assignment data from each of said plurality of servers to an authorization monitoring server computer in said computer system; storing, in a user access repository in said authorization monitoring server computer, said loaded user access assignment data, said loaded user access assignment data representing all of said user access assignments; and archiving said user access assignment data stored in said user access repository on each of a plurality of occasions. 20. The method of claim 19, wherein said plurality of occasions includes three occasions. 21. The method of claim 20, wherein said plurality of occasions includes ten occasions. 22. The method of claim 21, further comprising: simultaneously holding in a storage device said archived user access assignment data for all of said plurality of occasions. 23. The method of claim 21, further comprising: on an occasion later than said plurality of occasions, printing a report of all of said user access assignment data archived on all of said plurality of occasions. 24. The method of claim 19, further comprising: defining a user access rule, said user access rule forbidding at least one user access assignment or at least one combination of user access assignments; analyzing said user access assignment data in said user access repository to determine whether said user access rule is violated by said user access assignments; and archiving said rule and results of said analyzing step. 25. The method of claim 19, wherein defining user access assignments includes generating access control lists for said application software programs. 26. The method of claim 19, further comprising: auditing said archived data. 27. A method of operating a computer system, the method comprising: installing a plurality of application software programs in a plurality of server computers in said computer system; defining user access assignments in said server computers for each of said application software programs for a respective plurality of users; loading user access assignment data from each of said plurality of servers to an authorization monitoring server computer in said computer system; storing, in a user access repository in said authorization monitoring server computer, said loaded user access assignment data, said loaded user access assignment data representing all of said user access assignments; displaying in a screen display some of said data, said screen display including a display element to indicate that one of said user access assignments is to be revoked; detecting actuation of said display element; and responding to said detected actuation of said display element by sending an electronic mail message to a system administrator or another computer system to indicate that said one of said user access assignments is to be revoked. 28. The method of claim 27, wherein said screen display also includes data to identify a department and a location of a user who corresponds to said one of said user access assignments. 29. The method of claim 27, wherein said display element is a check-box. 30. The method of claim 27, further comprising: displaying in said screen display at least one of: a display element to indicate that one of said user access assignments is to be allowed; and a display element to indicate that a forbidden user access assignment is to be allowed by temporarily overriding revocation of user access. 31. The method of claim 27, further comprising: archiving said user access assignment data. 32. The method of claim 27, wherein all user access assignments indicated on said display are for users in a single department and/or location. 33. The method of claim 27, wherein an operator is allowed to override a user access assignment rule. 34. The method of claim 33, wherein said operator is allowed to indicate whether said override is temporary or permanent. 35. The method of claim 34, further comprising: detecting expiration of a temporary rule override; and providing an indication of a rule violation resulting from said expiration.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (12)
Bowman-Amuah, Michael K., Activity component in a presentation services patterns environment.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Alsina, Thomas M.; Fernandez, Todd R.; Ciudad, Jean-Pierre; Walsh, Raymond N.; Kelly, Sean B., Using receipts to control assignments of items of content to users.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.