Crafting effective policies for identity and access management roles

Crafting effective policies for identity and access management roles

Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the sco...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: McGrew, Gavin, Powley, Devon, Ghiold, Matthew A, Greene, Jr., Dale
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator McGrew, Gavin
Powley, Devon
Ghiold, Matthew A
Greene, Jr., Dale
description Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role. The specified solution operates to generate an effective permission for accessing a resource and evaluating whether that effective permission is outside of a permissible scope of access for the role.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US11562082B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US11562082B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US11562082B23</originalsourceid><addsrcrecordid>eNqNyjEKAjEQRuE0FrJ6h_EAC25EsXZV7NV6GbJ_loFsEjJB8PZaeACrV3xvac59YV8lTgTv4aq8QDkFcQIlnwrJiFilvonjSOwcVGnmyBPmL1BJAboyC89Bsf61MZvr5dHfWuQ0QDM7RNThee-6_cFuj_Zkd_88H88AMyA</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Crafting effective policies for identity and access management roles</title><source>esp@cenet</source><creator>McGrew, Gavin ; Powley, Devon ; Ghiold, Matthew A ; Greene, Jr., Dale</creator><creatorcontrib>McGrew, Gavin ; Powley, Devon ; Ghiold, Matthew A ; Greene, Jr., Dale</creatorcontrib><description>Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role. The specified solution operates to generate an effective permission for accessing a resource and evaluating whether that effective permission is outside of a permissible scope of access for the role.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2023</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230124&amp;DB=EPODOC&amp;CC=US&amp;NR=11562082B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76289</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230124&amp;DB=EPODOC&amp;CC=US&amp;NR=11562082B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>McGrew, Gavin</creatorcontrib><creatorcontrib>Powley, Devon</creatorcontrib><creatorcontrib>Ghiold, Matthew A</creatorcontrib><creatorcontrib>Greene, Jr., Dale</creatorcontrib><title>Crafting effective policies for identity and access management roles</title><description>Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role. The specified solution operates to generate an effective permission for accessing a resource and evaluating whether that effective permission is outside of a permissible scope of access for the role.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2023</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNyjEKAjEQRuE0FrJ6h_EAC25EsXZV7NV6GbJ_loFsEjJB8PZaeACrV3xvac59YV8lTgTv4aq8QDkFcQIlnwrJiFilvonjSOwcVGnmyBPmL1BJAboyC89Bsf61MZvr5dHfWuQ0QDM7RNThee-6_cFuj_Zkd_88H88AMyA</recordid><startdate>20230124</startdate><enddate>20230124</enddate><creator>McGrew, Gavin</creator><creator>Powley, Devon</creator><creator>Ghiold, Matthew A</creator><creator>Greene, Jr., Dale</creator><scope>EVB</scope></search><sort><creationdate>20230124</creationdate><title>Crafting effective policies for identity and access management roles</title><author>McGrew, Gavin ; Powley, Devon ; Ghiold, Matthew A ; Greene, Jr., Dale</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US11562082B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2023</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>McGrew, Gavin</creatorcontrib><creatorcontrib>Powley, Devon</creatorcontrib><creatorcontrib>Ghiold, Matthew A</creatorcontrib><creatorcontrib>Greene, Jr., Dale</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>McGrew, Gavin</au><au>Powley, Devon</au><au>Ghiold, Matthew A</au><au>Greene, Jr., Dale</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Crafting effective policies for identity and access management roles</title><date>2023-01-24</date><risdate>2023</risdate><abstract>Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role. The specified solution operates to generate an effective permission for accessing a resource and evaluating whether that effective permission is outside of a permissible scope of access for the role.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US11562082B2
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
title Crafting effective policies for identity and access management roles
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-10T23%3A37%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=McGrew,%20Gavin&rft.date=2023-01-24&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS11562082B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true