-
公开(公告)号:US09525691B2
公开(公告)日:2016-12-20
申请号:US13159903
申请日:2011-06-14
摘要: An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permissions in the repository.
-
公开(公告)号:US09195759B2
公开(公告)日:2015-11-24
申请号:US13430710
申请日:2012-03-27
申请人: Yakov Faitelson , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
发明人: Yakov Faitelson , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
CPC分类号: G06F17/3053 , G06F17/30321 , G06F17/30528 , G06F17/30554 , G06F17/30867 , G06F21/6218
摘要: A method for a secure search in a computerized system having a storage, comprising searching for objects in the storage of the computerized system according to search criteria provided by a user wherein the criteria comprise at least one attribute of the objects, identifying objects that meet the criteria and displaying representations respective of identified objects that are accessible to the user, and an apparatus for performing the same.
摘要翻译: 一种用于具有存储器的计算机化系统中的安全搜索的方法,包括根据由用户提供的搜索标准来搜索计算机化系统的存储中的对象,其中标准包括对象的至少一个属性,识别符合 标准和显示对用户可访问的识别对象的表示,以及用于执行该对象的装置。
-
公开(公告)号:US08909673B2
公开(公告)日:2014-12-09
申请号:US13303826
申请日:2011-11-23
CPC分类号: G06F21/604 , G06F17/30091 , G06F17/30165 , G06F17/30203
摘要: In a hierarchical access permissions environment, a method for enabling efficient management of project-wise permissions including maintaining project-wise lists of network objects, access permissions to which cannot be managed together via a hierarchical folder structure and employing the project-wise lists of network objects to make project-wise changes in access permissions to the network objects without the need to individually modify access permissions to individual ones of the network objects.
摘要翻译: 在分级访问权限环境中,一种用于实现对项目权限的有效管理的方法,包括维护网络对象的项目式列表,不能通过分层文件夹结构一起管理的访问权限,并采用网络上的项目级列表 对象可以对网络对象的访问权限进行项目式更改,而无需单独修改对单个网络对象的访问权限。
-
公开(公告)号:US20130263221A1
公开(公告)日:2013-10-03
申请号:US13430710
申请日:2012-03-27
申请人: Yakov FAITELSON , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
发明人: Yakov FAITELSON , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
CPC分类号: G06F17/3053 , G06F17/30321 , G06F17/30528 , G06F17/30554 , G06F17/30867 , G06F21/6218
摘要: A method for a secure search in a computerized system having a storage, comprising searching for objects in the storage of the computerized system according to search criteria provided by a user wherein the criteria comprise at least one attribute of the objects, identifying objects that meet the criteria and displaying representations respective of identified objects that are accessible to the user, and an apparatus for performing the same.
摘要翻译: 一种用于具有存储器的计算机化系统中的安全搜索的方法,包括根据由用户提供的搜索标准来搜索计算机化系统的存储中的对象,其中标准包括对象的至少一个属性,识别符合 标准和显示对用户可访问的识别对象的表示,以及用于执行该对象的装置。
-
公开(公告)号:US20120291100A1
公开(公告)日:2012-11-15
申请号:US13106023
申请日:2011-05-12
IPC分类号: H04L9/32
CPC分类号: G06F21/6218 , G06F17/30082 , G06F17/30091 , G06F17/30115 , G06F17/30194 , G06F17/30221 , G06F17/30235 , G06F17/3097 , G06F21/60 , G06F21/604 , G06F21/6227 , G06Q10/10 , H04L63/10
摘要: A method for automatic folder ownership assignment, including ascertaining which first folders, among a first multiplicity of folders, have at least one of modify and write permissions to non-IT administration entities, adding the first folders to a list of candidates for ownership assignment, defining a second multiplicity of folders which is a subset of the first multiplicity of folders and not including the first folders and descendents and ancestors thereof, ascertaining which second folders among the second multiplicity of folders, have permissions to non-IT administration entities, adding the second folders to the candidates, defining a third multiplicity of folders, which is a subset of the second multiplicity of folders and not including the second folders and descendents and ancestors thereof, ascertaining which third folders among the third multiplicity of folders are topmost folders, adding the third folders to the candidates, and recommending possible assignment of ownership of the candidates.
摘要翻译: 一种用于自动文件夹所有权分配的方法,包括确定第一多个文件夹中的哪些第一文件夹具有对非IT管理实体的修改和写入权限中的至少一个,将第一文件夹添加到所有权分配的候选者列表中, 定义第二多个文件夹,其是第一多个文件夹的子集,并且不包括第一文件夹及其后代和祖先,确定第二多个文件夹中的哪些第二文件夹具有对非IT管理实体的许可,添加 定义第三多个文件夹,其是第二多个文件夹的子集,并且不包括第二文件夹及其后代和祖先,确定第三多个文件夹中的哪些第三文件夹是最上面的文件夹,添加 候选人的第三个文件夹,并建议可能分配的所有者 p的候选人。
-
公开(公告)号:US20120191646A1
公开(公告)日:2012-07-26
申请号:US13384465
申请日:2011-05-26
申请人: Yakov Faitelson , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
发明人: Yakov Faitelson , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
CPC分类号: G06F17/3012 , G06F17/30997
摘要: A method for characterizing data elements in an enterprise including ascertaining at least one of an access metric and a data identifier for each of a plurality of data elements and employing the at least one of an access metric and a data identifier to automatically apply a metatag to ones of the plurality of data elements.
摘要翻译: 一种用于表征企业中的数据元素的方法,包括确定多个数据元素中的每一个的访问度量和数据标识符中的至少一个,并且采用访问度量和数据标识符中的至少一个来自动应用元标记 多个数据元素中的一个。
-
公开(公告)号:US20120173583A1
公开(公告)日:2012-07-05
申请号:US13384452
申请日:2011-05-26
申请人: Yakov Faiteson , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
发明人: Yakov Faiteson , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
IPC分类号: G06F17/30
CPC分类号: G06F21/6218 , G06F17/30038 , G06F17/30082 , G06F17/301 , G06F21/604 , G06F2221/2101 , G06F2221/2141 , G06Q10/0633
摘要: An information technology management system for use in enterprise data management including a metadata supply subsystem which receives metadata from a network, an access permissions management subsystem for managing access permissions to data elements in the network and an access permissions management operation implementation subsystem which automatically governs the operation of the access permissions management subsystem, the access permissions management operation implementation subsystem having at least one of first, second, third and fourth modes of operation. The first mode of operation includes operating the access permissions management subsystem, the second mode of operation includes simulating the operation of the access permissions management subsystem, the third mode of operation included providing a report of proposed changes in access permissions and the fourth mode of operation includes providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval.
摘要翻译: 一种用于企业数据管理的信息技术管理系统,包括从网络接收元数据的元数据供应子系统,用于管理对网络中的数据元素的访问权限的访问权限管理子系统,以及自动管理网络中的数据元素的访问权限管理操作实现子系统 访问权限管理子系统的操作,具有第一,第二,第三和第四操作模式中的至少一个的访问许可管理操作实现子系统。 第一操作模式包括操作访问许可管理子系统,第二操作模式包括模拟访问许可管理子系统的操作,第三操作模式包括提供访问权限中提出的改变的报告和第四操作模式 包括提供一个可执行的报告,其中包括多个步骤来实施对数据元素的访问权限的建议更改以供批准。
-
公开(公告)号:US20110296490A1
公开(公告)日:2011-12-01
申请号:US12861059
申请日:2010-08-23
申请人: Yakov FAITELSON , Ohad KORKUS , Ophir KRETZER-KATZIR , David BASS
发明人: Yakov FAITELSON , Ohad KORKUS , Ophir KRETZER-KATZIR , David BASS
CPC分类号: G06F21/6218 , G06F21/6263 , G06F2221/2101 , G06F2221/2141 , G06F2221/2149 , G06Q10/103 , H04L63/105
摘要: A system for automatically replacing a user security group-based computer security policy by a computer security policy based at least partially on actual access, including a learned access permissions subsystem operative to learn current access permissions of users to network objects in an enterprise computer environment and to provide an indication of which users are members of which user security groups having access permissions to which network objects, a learned actual access subsystem operative to learn actual access history of users in the enterprise to the network objects and to provide indications of which users have had actual access to which network objects, and a computer security policy administration subsystem, receiving indications from the learned access permission subsystem and the learned actual access subsystem and being operative to automatically replace pre-selected user-security group-based access permissions with at least partially actual access-based access permissions without disrupting access to network objects.
摘要翻译: 一种用于通过至少部分地基于实际访问的计算机安全策略来自动替换基于用户安全组的计算机安全策略的系统,所述系统包括学习的访问许可子系统,该子系统用于学习用户在企业计算机环境中的网络对象的当前访问许可,以及 提供指示哪个用户是哪个用户安全组具有访问权限的成员,哪个网络对象,学习的实际访问子系统可操作地学习企业中的用户到网络对象的实际访问历史,并且提供哪些用户具有的指示 实际访问哪些网络对象以及计算机安全策略管理子系统,从学习的访问许可子系统和学习的实际访问子系统接收指示,并且可操作以至少自动地替换基于预先选择的基于用户安全组的访问许可 部分实际访问访问权限 而不会中断对网络对象的访问。
-
公开(公告)号:US20110061111A1
公开(公告)日:2011-03-10
申请号:US12814807
申请日:2010-06-14
申请人: Yakov Faitelson , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
发明人: Yakov Faitelson , Ohad Korkus , Ophir Kretzer-Katzir , David Bass
IPC分类号: G06F17/30 , G06F21/00 , G06F15/173
CPC分类号: H04L63/104 , G06F21/604 , G06F2221/2141 , G06Q10/10 , H04L63/101 , H04L63/105 , H04L63/20
摘要: A system for operating an enterprise computer network including multiple network objects, said system comprising monitoring and collection functionality for obtaining continuously updated information regarding at least one of access permissions and actual usage of said network objects, and entitlement review by owner functionality operative to present to at least one owner of at least one network object a visually sensible indication of authorization status including a specific indication of users which were not yet authorized by said at least one owner of said at least one network object.
摘要翻译: 一种用于操作包括多个网络对象的企业计算机网络的系统,所述系统包括监视和收集功能,用于获得关于所述网络对象的访问权限和实际使用中的至少一个的持续更新的信息,以及由所有者功能进行的授权审查, 至少一个网络对象的至少一个所有者具有授权状态的视觉敏感指示,包括尚未被所述至少一个网络对象的所述至少一个所有者授权的用户的特定指示。
-
公开(公告)号:US20110061093A1
公开(公告)日:2011-03-10
申请号:US12861967
申请日:2010-08-24
申请人: Ohad KORKUS , Yakov FAITELSON , Ophir KRETZER-KATZIR , David BASS
发明人: Ohad KORKUS , Yakov FAITELSON , Ophir KRETZER-KATZIR , David BASS
IPC分类号: G06F17/30
摘要: A network object access permission management system useful with a computer network including at least one server and a multiplicity of clients, the system including an access permissions subsystem which governs access permissions of users to network objects in the computer network in real time and a future condition based permissions instruction subsystem providing instructions to the access permission subsystem to grant or revoke access permissions of the users to network objects in real time in response to future fulfillment of conditions which are established by an operator in advance.
摘要翻译: 一种对包括至少一个服务器和多个客户端的计算机网络有用的网络对象访问权限管理系统,该系统包括访问权限子系统,其实时地管理用户对计算机网络中的网络对象的访问权限,以及将来的条件 基于权限的指令子系统向访问许可子系统提供指令,以响应于将来实现由运营商建立的条件而实时地授权或撤销网络对象的访问权限。
-
-
-
-
-
-
-
-
-
搜索结果
40 条记录 (耗时 0.016 秒)
