Evaluation of effective access permissions in identity and access management (IAM) systems

Evaluation of effective access permissions in identity and access management (IAM) systems

Disclosed herein are system, method, and computer program product embodiments for generating a list of deny policy statements associated with an allow policy statement with respect to the effective access permissions for a principal in an identity and access management system. The operations can inc...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Chen, Joseph, Lee, Britton, Simonetti, James, Kotakis, Nicholas, Valin, John, Gera, Anika, Feinstein, Jessica, Mirallegro, Nicholas
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Chen, Joseph
Lee, Britton
Simonetti, James
Kotakis, Nicholas
Valin, John
Gera, Anika
Feinstein, Jessica
Mirallegro, Nicholas
description Disclosed herein are system, method, and computer program product embodiments for generating a list of deny policy statements associated with an allow policy statement with respect to the effective access permissions for a principal in an identity and access management system. The operations can include identifying a first policy statement that specifies members of a first identity set including the principal are allowed to access a first system resource set. The operations further include identifying a second policy statement specifying that members of a second identity set are denied access to a second system resource set. Moreover, the operations include determining that the second policy statement overlaps with the first policy statement with respect to the effective access permissions for the principal, and placing the second policy statement into the list of deny policy statements associated with an allow policy statement.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US12155666B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US12155666B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US12155666B23</originalsourceid><addsrcrecordid>eNqNyq0OwjAUhuEaBAHu4eBAIDayeiAjIFCAwSwn3VfSZP0JpyzZ3TMBHvWK552qR91z9-bsYqBoCdbCZNeD2BiIUMLLO5GRhVwg1yJklwfi0P4Wz4Gf8CPQ6ry7rEkGyfAyVxPLnWDx7Uwtj_XtcNogxQaS2CAgN_drURZVpbXel9t_ng8WxDrk</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Evaluation of effective access permissions in identity and access management (IAM) systems</title><source>esp@cenet</source><creator>Chen, Joseph ; Lee, Britton ; Simonetti, James ; Kotakis, Nicholas ; Valin, John ; Gera, Anika ; Feinstein, Jessica ; Mirallegro, Nicholas</creator><creatorcontrib>Chen, Joseph ; Lee, Britton ; Simonetti, James ; Kotakis, Nicholas ; Valin, John ; Gera, Anika ; Feinstein, Jessica ; Mirallegro, Nicholas</creatorcontrib><description>Disclosed herein are system, method, and computer program product embodiments for generating a list of deny policy statements associated with an allow policy statement with respect to the effective access permissions for a principal in an identity and access management system. The operations can include identifying a first policy statement that specifies members of a first identity set including the principal are allowed to access a first system resource set. The operations further include identifying a second policy statement specifying that members of a second identity set are denied access to a second system resource set. Moreover, the operations include determining that the second policy statement overlaps with the first policy statement with respect to the effective access permissions for the principal, and placing the second policy statement into the list of deny policy statements associated with an allow policy statement.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2024</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20241126&amp;DB=EPODOC&amp;CC=US&amp;NR=12155666B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76289</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20241126&amp;DB=EPODOC&amp;CC=US&amp;NR=12155666B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Chen, Joseph</creatorcontrib><creatorcontrib>Lee, Britton</creatorcontrib><creatorcontrib>Simonetti, James</creatorcontrib><creatorcontrib>Kotakis, Nicholas</creatorcontrib><creatorcontrib>Valin, John</creatorcontrib><creatorcontrib>Gera, Anika</creatorcontrib><creatorcontrib>Feinstein, Jessica</creatorcontrib><creatorcontrib>Mirallegro, Nicholas</creatorcontrib><title>Evaluation of effective access permissions in identity and access management (IAM) systems</title><description>Disclosed herein are system, method, and computer program product embodiments for generating a list of deny policy statements associated with an allow policy statement with respect to the effective access permissions for a principal in an identity and access management system. The operations can include identifying a first policy statement that specifies members of a first identity set including the principal are allowed to access a first system resource set. The operations further include identifying a second policy statement specifying that members of a second identity set are denied access to a second system resource set. Moreover, the operations include determining that the second policy statement overlaps with the first policy statement with respect to the effective access permissions for the principal, and placing the second policy statement into the list of deny policy statements associated with an allow policy statement.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2024</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNyq0OwjAUhuEaBAHu4eBAIDayeiAjIFCAwSwn3VfSZP0JpyzZ3TMBHvWK552qR91z9-bsYqBoCdbCZNeD2BiIUMLLO5GRhVwg1yJklwfi0P4Wz4Gf8CPQ6ry7rEkGyfAyVxPLnWDx7Uwtj_XtcNogxQaS2CAgN_drURZVpbXel9t_ng8WxDrk</recordid><startdate>20241126</startdate><enddate>20241126</enddate><creator>Chen, Joseph</creator><creator>Lee, Britton</creator><creator>Simonetti, James</creator><creator>Kotakis, Nicholas</creator><creator>Valin, John</creator><creator>Gera, Anika</creator><creator>Feinstein, Jessica</creator><creator>Mirallegro, Nicholas</creator><scope>EVB</scope></search><sort><creationdate>20241126</creationdate><title>Evaluation of effective access permissions in identity and access management (IAM) systems</title><author>Chen, Joseph ; Lee, Britton ; Simonetti, James ; Kotakis, Nicholas ; Valin, John ; Gera, Anika ; Feinstein, Jessica ; Mirallegro, Nicholas</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US12155666B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2024</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Chen, Joseph</creatorcontrib><creatorcontrib>Lee, Britton</creatorcontrib><creatorcontrib>Simonetti, James</creatorcontrib><creatorcontrib>Kotakis, Nicholas</creatorcontrib><creatorcontrib>Valin, John</creatorcontrib><creatorcontrib>Gera, Anika</creatorcontrib><creatorcontrib>Feinstein, Jessica</creatorcontrib><creatorcontrib>Mirallegro, Nicholas</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Chen, Joseph</au><au>Lee, Britton</au><au>Simonetti, James</au><au>Kotakis, Nicholas</au><au>Valin, John</au><au>Gera, Anika</au><au>Feinstein, Jessica</au><au>Mirallegro, Nicholas</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Evaluation of effective access permissions in identity and access management (IAM) systems</title><date>2024-11-26</date><risdate>2024</risdate><abstract>Disclosed herein are system, method, and computer program product embodiments for generating a list of deny policy statements associated with an allow policy statement with respect to the effective access permissions for a principal in an identity and access management system. The operations can include identifying a first policy statement that specifies members of a first identity set including the principal are allowed to access a first system resource set. The operations further include identifying a second policy statement specifying that members of a second identity set are denied access to a second system resource set. Moreover, the operations include determining that the second policy statement overlaps with the first policy statement with respect to the effective access permissions for the principal, and placing the second policy statement into the list of deny policy statements associated with an allow policy statement.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US12155666B2
source esp@cenet
subjects ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Evaluation of effective access permissions in identity and access management (IAM) systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-05T06%3A21%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Chen,%20Joseph&rft.date=2024-11-26&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS12155666B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true