TREA

Access permissions management system and method

Follow

Information

  • Patent Grant
  • 10721234
  • Patent Number
    10,721,234
  • Date Filed
    Thursday, November 24, 2011
    13 years ago
  • Date Issued
    Tuesday, July 21, 2020
    4 years ago
Information
Abstract
A system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.
Description
FIELD OF THE INVENTION

The present invention relates to data management generally and more particularly access permissions management.


BACKGROUND OF THE INVENTION

The following patent publications are believed to represent the current state of the art:


U.S. Pat. Nos.: 5,465,387; 5,899,991; 6,338,082; 6,393,468; 6,928,439; 7,031,984; 7,068,592; 7,403,925; 7,421,740; 7,555,482, 7,606,801 and 7,743,420; and


U.S. Published patent application Nos.: 2003/0051026; 2004/0249847; 2005/0108206; 2005/0203881; 2005/0086529; 2006/0064313; 2006/0184530; 2006/0184459; 2007/0203872; 2007/0244899; 2008/0271157; 2009/0100058; 2009/0119298 and 2009/0265780.


SUMMARY OF THE INVENTION

The present invention provides improved systems and methodologies for access permissions management.


There is thus provided in accordance with a preferred embodiment of the present invention a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


The term “SAC” for the purposes of this application is defined as a container which includes network objects such as computers, user groups and printers, but which may exclude data elements such as files and file folders. The authority of a user over a SAC for the purposes of this application is defined as the ability of a user to modify properties of network objects in the SAC.


The term “network object” for the purposes of this application is defined to include enterprise computer network resources. Examples of network objects include structured and unstructured computer data resources such as files and folders, disparate users and user groups.


Preferably, the SACs do not include data elements and the functionality for providing user-wise visualization does not provide visualization of authority of a given user over data elements. Alternatively, the SACs do not include data elements and the functionality for providing user-wise visualization also provides visualization of authority of a given user over data elements. Alternatively, the SACs include data elements and the functionality for providing user-wise visualization does not provide visualization of authority of a given user over the data elements. Alternatively, the SACs include data elements and the functionality for providing user-wise visualization also provides visualization of authority of a given user over the data elements.


Preferably, the system also includes functionality for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority, and functionality for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over the given SAC.


There is also provided in accordance with another preferred embodiment of the present invention a system for providing monitoring and bi-directional reporting of the exercise of authority by users and SACs in an enterprise-wide network, the system including functionality for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority, and functionality for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over the given SAC.


Preferably, the system also includes functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


Preferably, the SACs do not include data elements and the functionality for providing user-wise visualization does not provide visualization of authority of a given user over data elements. Alternatively, the SACs do not include data elements and the functionality for providing user-wise visualization also provides visualization of authority of a given user over data elements. Alternatively, the SACs include data elements and the functionality for providing user-wise visualization does not provide visualization of authority of a given user over the data elements. Alternatively, the SACs include data elements and the functionality for providing user-wise visualization also provides visualization of authority of a given user over the data elements.


There is further provided in accordance with yet another preferred embodiment of the present invention a method for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the method including providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


Preferably, the SACs do not include data elements and providing user-wise visualization does not include providing visualization of authority of a given user over data elements. Alternatively, the SACs do not include data elements and providing user-wise visualization also includes providing visualization of authority of a given user over data elements. Alternatively, the SACs include data elements and providing user-wise visualization does not include providing visualization of authority of a given user over the data elements. Alternatively, the SACs include data elements and providing user-wise visualization also includes providing visualization of authority of a given user over the data elements.


Preferably, the method also includes providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority, and providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over the given SAC.


There is yet further provided in accordance with still another preferred embodiment of the present invention a method for providing monitoring and bi-directional reporting of the exercise of authority by users and SACs in an enterprise-wide network, the method including providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority, and providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over the given SAC.


Preferably, the the method also includes providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


Preferably, the SACs do not include data elements and providing user-wise visualization does not include providing visualization of authority of a given user over data elements. Alternatively, the SACs do not include data elements and providing user-wise visualization also includes providing visualization of authority of a given user over data elements. Alternatively, the SACs include data elements and providing user-wise visualization does not include providing visualization of authority of a given user over the data elements. Alternatively, the SACs include data elements and providing user-wise visualization also includes providing visualization of authority of a given user over the data elements.





BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which:



FIGS. 1A, 1B and 1C are simplified pictorial illustrations of the use of a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, constructed and operative in accordance with a preferred embodiment of the present invention;



FIGS. 2A, 2B and 2C are simplified pictorial illustrations of the use of a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, constructed and operative in accordance with another preferred embodiment of the present invention;



FIGS. 3A, 3B and 3C are simplified pictorial illustrations of the use of a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, constructed and operative in accordance with yet another preferred embodiment of the present invention; and



FIGS. 4A, 4B and 4C are simplified pictorial illustrations of the use of a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, constructed and operative in accordance with a further preferred embodiment of the present invention; and



FIG. 5 is a simplified block diagram illustration of the system of FIGS. 1A-4C.





DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Reference is now made to FIGS. 1A, 1B and 1C, which are simplified pictorial illustrations of the use of a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, constructed and operative in accordance with a preferred embodiment of the present invention.


The term “SAC” for the purposes of this application is defined as a container which includes network objects such as computers, user groups and printers, but which may exclude data elements such as files and file folders. The authority of a user over a SAC for the purposes of this application is defined as the ability of a user to modify properties of network objects in the SAC.


The term “network object” for the purposes of this application is defined to include enterprise computer network resources. Examples of network objects include structured and unstructured computer data resources such as files and folders, disparate users and user groups.


The system for providing bi-directional visualization of authority of users over SACs (SPBDVAUS) of FIGS. 1A-1C is preferably suitable for operating in an enterprise computer environment which includes an enterprise level directory services management system which enables management of a plurality of SACs, and preferably includes functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


The SPBDVAUS also preferably includes functionality for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority and functionality for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC.


As shown in FIG. 1A, at a particular time, such as on Jan. 20, 2011 at 3:15 PM, an HR manager of a company notifies John, an employee of the company, that his employment with the company is terminated. Shortly thereafter, such as at 3:20 PM, the IT manager of the enterprise network 100 of the company accesses a SPBDVAUS user interface 102 to obtain a user-wise visualization of the authority that users of network 100 have over SACs in network 100. The SPBDVAUS preferably resides on a server 104 which is preferably connected to network 100. Network 100 preferably also includes a plurality of disparate computers 106, servers 108 and storage devices 110.


As further shown in FIG. 1A, SPBDVAUS user interface 102 provides, for each of the users of network 100, user-wise visualization of the authority of a given user has over any of legal SAC 120, HR SAC 122 and finance SAC 124 of network 100. SPBDVAUS user interface 102 also provides, for each of SACs 120, 122 and 124, SAC-wise visualization for a given SAC of the authority that any of the users has over the given SAC.


As clearly shown in FIG. 1A, SACs 120, 122 and 124 do not include data elements such as files and file folders. Furthermore, user interface 102 does not provide visualization of access permissions of users included in SACs 120, 122 and 124 to data elements 132 such as files and file folders which reside on network 100.


Turning now to FIG. 1B, it is shown that the IT manager, utilizing SPBDVAUS user interface 102, ascertains that John has authority over legal SAC 120, HR SAC 122 and finance SAC 124, and immediately further utilizes user interface 102 to revoke John's authority over SACs 120, 122 and 124.


Turning now to FIG. 1C, the IT manager subsequently utilizes SPBDVAUS user interface 102 to obtain a user-wise report of the exercise of authority by John over SACs with respect to which John had authority. As seen in FIG. 1C, the IT manager ascertains that prior to termination of employment, John had granted access permissions to a legal folder to Susan, access permissions to a HR folder to Jerry and access permissions to a finance folder to Tim. The IT manager can then assess whether access permissions granted by John should be revoked.


As further shown in FIG. 1C, the IT manager utilizes SPBDVAUS user interface 102 to obtain a SAC-wise report of the exercise of authority over the legal SAC by the users having authority over the legal SAC. As seen in FIG. 1C, the IT manager ascertains that John granted access permissions to a legal folder to Susan, that Mary granted access permissions to a legal folder to Ron, and that Jim granted access permissions to a legal folder to David.


Reference is now made to FIGS. 2A, 2B and 2C, which are simplified pictorial illustrations of the use of a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, constructed and operative in accordance with another preferred embodiment of the present invention.


The system for providing bi-directional visualization of authority of users over SACs (SPBDVAUS) of FIGS. 2A-2C is preferably suitable for operating in an enterprise computer environment which includes an enterprise level directory services management system which enables management of a plurality of SACs, and preferably includes functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


The SPBDVAUS also preferably includes functionality for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority and functionality for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC.


As shown in FIG. 2A, at a particular time, such as on Jan. 20, 2011 at 3:15 PM, an HR manager of a company notifies John, an employee of the company, that his employment with the company is terminated. Shortly thereafter, such as at 3:20 PM, the IT manager of the enterprise network 200 of the company accesses a SPBDVAUS user interface 202 to obtain a user-wise visualization of the authority that users of network 200 have over SACs in network 200. The SPBDVAUS preferably resides on a server 204 which is preferably connected to network 200. Network 200 preferably also includes a plurality of disparate computers 206, servers 208 and storage devices 210.


As further shown in FIG. 2A, SPBDVAUS user interface 202 provides, for each of the users of network 220, user-wise visualization of the authority of a given user has over any of legal SAC 220, HR SAC 222 and finance SAC 224 of network 200. SPBDVAUS user interface 202 also provides, for each of SACs 220, 222 and 224, SAC-wise visualization for a given SAC of the authority that any of the users has over the given SAC.


As clearly shown in FIG. 2A, SACs 220, 222 and 224 do not include data elements such as files and file folders. However, user interface 202 provides visualization of access permissions of users included in SACs 220, 222 and 224 to data elements 232 such as files and file folders which reside on network 200.


Turning now to FIG. 2B, it is shown that the IT manager, utilizing SPBDVAUS user interface 202, ascertains that John has authority over legal SAC 220, HR SAC 222 and finance SAC 224, and immediately further utilizes user interface 202 to revoke John's authority over SACs 220, 222 and 224.


Turning now to FIG. 2C, the IT manager subsequently utilizes SPBDVAUS user interface 202 to obtain a user-wise report of the exercise of authority by John over SACs with respect to which John had authority. As seen in FIG. 2C, the IT manager ascertains that prior to termination of employment, John had granted access permissions to a legal folder to Susan, access permissions to a HR folder to Jerry and access permissions to a finance folder to Tim. The IT manager can then assess whether access permissions granted by John should be revoked.


As further shown in FIG. 2C, the IT manager utilizes SPBDVAUS user interface 202 to obtain a SAC-wise report of the exercise of authority over the legal SAC by the users having authority over the legal SAC. As seen in FIG. 2C, the IT manager ascertains that John granted access permissions to a legal folder to Susan, that Mary granted access permissions to a legal folder to Ron, and that Jim granted access permissions to a legal folder to David.


Reference is now made to FIGS. 3A, 3B and 3C, which are simplified pictorial illustrations of the use of a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, constructed and operative in accordance with yet another preferred embodiment of the present invention.


The system for providing bi-directional visualization of authority of users over SACs (SPBDVAUS) of FIGS. 3A-3C is preferably suitable for operating in an enterprise computer environment which includes an enterprise level directory services management system which enables management of a plurality of SACs, and preferably includes functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


The SPBDVAUS also preferably includes functionality for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority and functionality for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC.


As shown in FIG. 3A, at a particular time, such as on Jan. 20, 2011 at 3:15 PM, an HR manager of a company notifies John, an employee of the company, that his employment with the company is terminated. Shortly thereafter, such as at 3:20 PM, the IT manager of the enterprise network 300 of the company accesses a SPBDVAUS user interface 302 to obtain a user-wise visualization of the authority that users of network 300 have over SACs in network 300. The SPBDVAUS preferably resides on a server 304 which is preferably connected to network 300. Network 300 preferably also includes a plurality of disparate computers 306, servers 308 and storage devices 310.


As further shown in FIG. 3A, SPBDVAUS user interface 302 provides, for each of the users of network 320, user-wise visualization of the authority of a given user has over any of legal SAC 320, HR SAC 322 and finance SAC 324 of network 300. SPBDVAUS user interface 302 also provides, for each of SACs 320, 322 and 324, SAC-wise visualization for a given SAC of the authority that any of the users has over the given SAC.


As clearly shown in FIG. 3A, SACs 320, 322 and 324 include data elements 332 such as files and file folders. However, user interface 302 does not provide visualization of access permissions of users included in SACs 320, 322 and 324 to data elements 332 such as files and file folders which reside on network 300.


Turning now to FIG. 3B, it is shown that the IT manager, utilizing SPBDVAUS user interface 302, ascertains that John has authority over legal SAC 320, HR SAC 322 and finance SAC 324, and immediately further utilizes user interface 302 to revoke John's authority over SACs 320, 322 and 324.


Turning now to FIG. 3C, the IT manager subsequently utilizes SPBDVAUS user interface 302 to obtain a user-wise report of the exercise of authority by John over SACs with respect to which John had authority. As seen in FIG. 3C, the IT manager ascertains that prior to termination of employment, John had granted access permissions to a legal folder to Susan, access permissions to a HR folder to Jerry and access permissions to a finance folder to Tim. The IT manager can then assess whether access permissions granted by John should be revoked.


As further shown in FIG. 3C, the IT manager utilizes SPBDVAUS user interface 302 to obtain a SAC-wise report of the exercise of authority over the legal SAC by the users having authority over the legal SAC. As seen in FIG. 3C, the IT manager ascertains that John granted access permissions to a legal folder to Susan, that Mary granted access permissions to a legal folder to Ron, and that Jim granted access permissions to a legal folder to David.


Reference is now made to FIGS. 4A, 4B and 4C, which are simplified pictorial illustrations of the use of a system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, constructed and operative in accordance with yet another preferred embodiment of the present invention.


The system for providing bi-directional visualization of authority of users over SACs (SPBDVAUS) of FIGS. 4A-4C is preferably suitable for operating in an enterprise computer environment which includes an enterprise level directory services management system which enables management of a plurality of SACs, and preferably includes functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


The SPBDVAUS also preferably includes functionality for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority and functionality for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC.


As shown in FIG. 4A, at a particular time, such as on Jan. 20, 2011 at 3:15 PM, an HR manager of a company notifies John, an employee of the company, that his employment with the company is terminated. Shortly thereafter, such as at 3:20 PM, the IT manager of the enterprise network 400 of the company accesses a SPBDVAUS user interface 402 to obtain a user-wise visualization of the authority that users of network 400 have over SACs in network 400. The SPBDVAUS preferably resides on a server 404 which is preferably connected to network 400. Network 400 preferably also includes a plurality of disparate computers 406, servers 408 and storage devices 410.


As further shown in FIG. 4A, SPBDVAUS user interface 402 provides, for each of the users of network 420, user-wise visualization of the authority of a given user has over any of legal SAC 420, HR SAC 422 and finance SAC 424 of network 400. SPBDVAUS user interface 402 also provides, for each of SACs 420, 422 and 424, SAC-wise visualization for a given SAC of the authority that any of the users has over the given SAC.


As clearly shown in FIG. 4A, SACs 420, 422 and 424 include data elements 432 such as files and file folders. Furthermore, user interface 402 provides visualization of access permissions of users included in SACs 420, 422 and 424 to data elements 432 such as files and file folders which reside on network 400.


Turning now to FIG. 4B, it is shown that the IT manager, utilizing SPBDVAUS user interface 402, ascertains that John has authority over legal SAC 420, HR SAC 422 and finance SAC 424, and immediately further utilizes user interface 402 to revoke John's authority over SACs 420, 422 and 424.


Turning now to FIG. 4C, the IT manager subsequently utilizes SPBDVAUS user interface 402 to obtain a user-wise report of the exercise of authority by John over SACs with respect to which John had authority. As seen in FIG. 4C, the IT manager ascertains that prior to termination of employment, John had granted access permissions to a legal folder to Susan, access permissions to a HR folder to Jerry and access permissions to a finance folder to Tim. The IT manager can then assess whether access permissions granted by John should be revoked.


As further shown in FIG. 4C, the IT manager utilizes SPBDVAUS user interface 402 to obtain a SAC-wise report of the exercise of authority over the legal SAC by the users having authority over the legal SAC. As seen in FIG. 4C, the IT manager ascertains that John granted access permissions to a legal folder to Susan, that Mary granted access permissions to a legal folder to Ron, and that Jim granted access permissions to a legal folder to David.


Reference is now made to FIG. 5, which is a simplified block diagram illustration of the system of FIGS. 1A-4C. As shown in FIG. 5, the SPBDVAUS 500 preferably includes user-wise visualization functionality 502 for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority and SAC-wise visualization functionality 504 for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.


SPBDVAUS 500 also preferably includes user-wise monitoring and reporting functionality 506 for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority, and SAC-wise monitoring and reporting functionality 508 for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC.


It will be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. Rather, the invention also includes various combinations and subcombinations of the features described hereinabove as well as modifications and variations thereof, which would occur to persons skilled in the art upon reading the foregoing and which are not in the prior art.

Claims
  • 1. A system comprising a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to automatically provide bi-directional visualization of authority of users over SACs in an enterprise-wide network and to enable modification of said authority of said users over said SACs to provide improved systems and methodologies for access permissions management in enterprise computer network, said SACs comprising containers, each of said containers comprising network objects, said authority of a user over a SAC comprising an ability of said user to modify properties of said network objects, said system comprising: a user interface for displaying, in a single view, bi-directional visualization of authority of all users of said enterprise-wide network over all SACs in said enterprise-wide network, said users being users other than owners of said SACs, each of said network objects of each of said SACs comprising only at least one of at least one user and at least one user group, said bi-directional visualization in said single view comprising: a first uni-directional visualization comprising, for a given user, user-wise visualization of the authority of said given user over at least one SAC in respect of which said given user has authority, said given user being a user other than an owner of said at least one SAC; anda second uni-directional visualization comprising SAC-wise visualization for a given SAC of the authority of at least one user over said given SAC, said at least one user being a user other than an owner of said given SAC; anda user interface for enabling a human viewer of said bi-directional visualization to modify said authority of said given user over said SACs.
  • 2. A system according to claim 1 and wherein: said SACs do not include data elements; andsaid user-wise visualization does not provide visualization of authority of a given user over data elements.
  • 3. A system according to claim 1 and wherein: said SACs do not include data elements; andsaid user-wise visualization also provides visualization of authority of a given user over data elements.
  • 4. A system according to claim 1 and also comprising: a user interface for providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority; anda user interface for providing SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC.
  • 5. A system according to claim 1 and wherein said user interface enables said human viewer to revoke said authority of said user over said SACs.
  • 6. A method for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network and enabling modification of said authority of said users over said SACs to provide improved systems and methodologies for access permissions management in enterprise computer network, said SACs comprising containers, each of said containers comprising network objects, said authority of a user over a SAC comprising an ability of said user to modify properties of said network objects, said method comprising: displaying, in a single view, a first uni-directional visualization comprising, for each given user of said enterprise-wide network, visualization of the authority of said given user over each SAC of said enterprise-wide network in respect of which said given user has authority, said given user being a user other than an owner of said at least one SAC, and a second uni-directional visualization comprising SAC-wise visualization for a each given SAC of the authority of each user of said enterprise-wide network over each said given SAC, said at least one user being a user other than an owner of said given SAC, each of said network objects of each of said SACs comprising only at least one of at least one user and at least one user group; andenabling a human viewer of said bi-directional visualization to modify said authority of said given user over said SACs.
  • 7. A method according to claim 6 and wherein: said SACs do not include data elements; andsaid providing user-wise visualization does not include providing visualization of authority of a given user over data elements.
  • 8. A method according to claim 6 and wherein: said SACs do not include data elements; andsaid providing user-wise visualization also includes providing visualization of authority of a given user over data elements.
  • 9. A method according to claim 6 and also comprising: providing user-wise monitoring and reporting of the exercise of authority by a given user over at least one SAC with respect to which the user has authority; andproviding SAC-wise monitoring and reporting of the exercise of authority over a given SAC by at least one user having authority over said given SAC.
  • 10. A method according to claim 6 and wherein said enabling said human viewer comprises enabling said human viewer to revoke said authority of said user over said SACs.
REFERENCE TO RELATED APPLICATIONS

Reference is made to U.S. patent application Ser. No. 13/014,762, filed Jan. 27, 2011, and entitled “AUTOMATIC RESOURCE OWNERSHIP ASSIGNMENT SYSTEMS AND METHODS”, the disclosure of which is hereby incorporated by reference and priority of which is hereby claimed pursuant to 37 CFR 1.78(a) (1) and (2)(i). Reference is also made to U.S. Provisional Patent Application Ser. No. 61/477,662, filed Apr. 21, 2011 and entitled “ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD”, the disclosure of which is hereby incorporated by reference and priority of which is hereby claimed pursuant to 37 CFR 1.78(a) (4) and (5)(i). Reference is also made to U.S. patent application Ser. No. 13/106,023, filed May 12, 2011, and entitled “AUTOMATIC RESOURCE OWNERSHIP ASSIGNMENT SYSTEM AND METHOD”, the disclosure of which is hereby incorporated by reference and priority of which is hereby claimed pursuant to 37 CFR 1.78(a) (1) and (2)(i). Reference is also made to U.S. patent application Ser. No. 13/159,903, filed Jun. 14, 2011, and entitled “ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD”, the disclosure of which is hereby incorporated by reference and priority of which is hereby claimed pursuant to 37 CFR 1.78(a) (1) and (2)(i). Reference is also made to U.S. patent application Ser. No. 13/303,826, filed Nov. 23, 2011, and entitled “ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD”, the disclosure of which is hereby incorporated by reference and priority of which is hereby claimed pursuant to 37 CFR 1.78(a) (1) and (2)(i). Reference is also made to the following patents and patent applications, owned by assignee, the disclosures of which are hereby incorporated by reference: U.S. Pat. Nos. 7,555,482 and 7,606,801; U.S. Published patent application Nos.: 2007/0244899, 2008/0271157, 2009/0100058, 2009/0119298; 2009/0265780; 2011/0010758; 2011/0060916; 2011/0061093; 2011/0061111 and 2011/0184989; U.S. patent application Ser. Nos.: 12/861,059; 12/861,953 and 13/106,023; 13/159,903; and 13/303,826. PCT Applications PCT/IL2011/000409 and PCT/IL2011/000408.

PCT Information
Filing Document Filing Date Country Kind 371c Date
PCT/IL2011/000903 11/24/2011 WO 00 2/29/2012
Publishing Document Publishing Date Country Kind
WO2012/101621 8/2/2012 WO A
US Referenced Citations (125)
Number Name Date Kind
5465387 Mukherjee Nov 1995 A
5761669 Montague et al. Jun 1998 A
5889952 Hunnicutt et al. Mar 1999 A
5899991 Karch May 1999 A
6023765 Kuhn Feb 2000 A
6178505 Schneider et al. Jan 2001 B1
6308173 Glasser et al. Oct 2001 B1
6338082 Schneider Jan 2002 B1
6393468 McGee May 2002 B1
6772350 Belani et al. Aug 2004 B1
6928439 Satoh Aug 2005 B2
6993137 Fransdonk Jan 2006 B2
6996577 Kiran et al. Feb 2006 B1
7007032 Chen et al. Feb 2006 B1
7017183 Frey et al. Mar 2006 B1
7031984 Kawamura et al. Apr 2006 B2
7068592 Duvaut et al. Jun 2006 B1
7124272 Kennedy et al. Oct 2006 B1
7185192 Kahn Feb 2007 B1
7219234 Ashland et al. May 2007 B1
7305562 Bianco et al. Dec 2007 B1
7403925 Schlesinger et al. Jul 2008 B2
7421740 Fey et al. Sep 2008 B2
7529748 Wen et al. May 2009 B2
7555482 Korkus Jun 2009 B2
7580934 Futatsugi Aug 2009 B2
7606801 Faitelson et al. Oct 2009 B2
7716240 Lim May 2010 B2
7743420 Shulman et al. Jun 2010 B2
7849496 Ahern et al. Dec 2010 B2
7983264 Etheridge Jul 2011 B2
8239925 Faitelson et al. Aug 2012 B2
8327419 Korablev et al. Dec 2012 B1
8447829 Geller May 2013 B1
20020002557 Straube et al. Jan 2002 A1
20020026592 Gavrila et al. Feb 2002 A1
20020174307 Yoshida et al. Nov 2002 A1
20030048301 Menninger Mar 2003 A1
20030051026 Carter et al. Mar 2003 A1
20030074580 Knouse et al. Apr 2003 A1
20030188198 Holdsworth et al. Oct 2003 A1
20030231207 Huang Dec 2003 A1
20040030915 Sameshima et al. Feb 2004 A1
20040186809 Schlesinger et al. Sep 2004 A1
20040205342 Roegner Oct 2004 A1
20040249847 Wang et al. Dec 2004 A1
20040254919 Giuseppini Dec 2004 A1
20040260952 Newman et al. Dec 2004 A1
20050007619 Minato Jan 2005 A1
20050044396 Vogel et al. Feb 2005 A1
20050044399 Dorey Feb 2005 A1
20050065823 Ramraj et al. Mar 2005 A1
20050086529 Buchsbaum Apr 2005 A1
20050108206 Lam et al. May 2005 A1
20050120054 Shulman et al. Jun 2005 A1
20050187937 Kawabe et al. Aug 2005 A1
20050203881 Sakamoto et al. Sep 2005 A1
20050246762 Girouard et al. Nov 2005 A1
20050278334 Fey et al. Dec 2005 A1
20050278785 Lieberman Dec 2005 A1
20060037062 Araujo Feb 2006 A1
20060064313 Steinbarth et al. Mar 2006 A1
20060090208 Smith Apr 2006 A1
20060184459 Parida Aug 2006 A1
20060184530 Song et al. Aug 2006 A1
20060271523 Brookler Nov 2006 A1
20060277184 Faitelson et al. Dec 2006 A1
20060294578 Burke et al. Dec 2006 A1
20070033340 Tulskie et al. Feb 2007 A1
20070061487 Moore et al. Mar 2007 A1
20070073698 Kanayama et al. Mar 2007 A1
20070094265 Korkus Apr 2007 A1
20070101387 Hua et al. May 2007 A1
20070112743 Giampaolo et al. May 2007 A1
20070121501 Bryson May 2007 A1
20070136603 Kuecuekyan Jun 2007 A1
20070156659 Lim Jul 2007 A1
20070156693 Soin et al. Jul 2007 A1
20070198608 Prahlad et al. Aug 2007 A1
20070203872 Flinn et al. Aug 2007 A1
20070214497 Montgomery et al. Sep 2007 A1
20070244899 Faitelson et al. Oct 2007 A1
20070261121 Jacobson Nov 2007 A1
20070266006 Buss Nov 2007 A1
20070276823 Borden et al. Nov 2007 A1
20070282855 Chen et al. Dec 2007 A1
20080031447 Geshwind et al. Feb 2008 A1
20080034205 Alain et al. Feb 2008 A1
20080034402 Botz et al. Feb 2008 A1
20080091682 Lim Apr 2008 A1
20080097998 Herbach Apr 2008 A1
20080162707 Beck et al. Jul 2008 A1
20080172720 Botz et al. Jul 2008 A1
20080184330 Lal et al. Jul 2008 A1
20080270462 Thomsen Oct 2008 A1
20080271157 Faitelson et al. Oct 2008 A1
20090031418 Matsuda et al. Jan 2009 A1
20090100058 Faitelson et al. Apr 2009 A1
20090119298 Faitelson et al. May 2009 A1
20090150981 Amies et al. Jun 2009 A1
20090182715 Falkenberg Jul 2009 A1
20090198892 Alvarez et al. Aug 2009 A1
20090249446 Jenkins et al. Oct 2009 A1
20090265780 Korkus et al. Oct 2009 A1
20090320088 Gill et al. Dec 2009 A1
20100011438 Bartley et al. Jan 2010 A1
20100037324 Grant et al. Feb 2010 A1
20100058434 Chusing et al. Mar 2010 A1
20100070881 Hanson et al. Mar 2010 A1
20100076972 Baron et al. Mar 2010 A1
20100262625 Pittenger Oct 2010 A1
20110010758 Faitelson et al. Jan 2011 A1
20110060916 Faitelson et al. Mar 2011 A1
20110061093 Korkus et al. Mar 2011 A1
20110061111 Faitelson et al. Mar 2011 A1
20110126111 Gill et al. May 2011 A1
20110184989 Faitelson et al. Jul 2011 A1
20110296490 Faitelson et al. Dec 2011 A1
20120011161 Marathe Jan 2012 A1
20120054283 Korkus et al. Mar 2012 A1
20120078965 Laitkorpi Mar 2012 A1
20120221550 Korkus et al. Aug 2012 A1
20120271853 Faitelson et al. Oct 2012 A1
20120271855 Faitelson et al. Oct 2012 A1
20120291100 Faitelson et al. Nov 2012 A1
Foreign Referenced Citations (6)
Number Date Country
1588889 Mar 2005 CN
2005267237 Sep 2005 JP
2010287171 Dec 2010 JP
2011030324 Mar 2011 WO
2011148376 Dec 2011 WO
2011148377 Dec 2011 WO
Non-Patent Literature Citations (63)
Entry
U.S. Appl. No. 60/688,486, filed Jun. 7, 2005, Specification and Claims.
Sahadeb De, et al; “Secure Access Control in a Multi-user Geodatabase”, available on the Internet at the URL http://www10.giscafe.com.2005.
Sara C. Madeira, et al; “Biclustering Algorithms for Biological Data Analysis: A Survey”, IEEE Transactions on Computational Biology and Bioinformatics, vol. 1, No. 1, Jan.-Mar. 2004, 22 pages; http://www.cs.princeton.edu/cources/archive/spr05/cos598E/bib/bicluster.pdf.
Sara C. Madeira; Clustering, Fuzzy Clustering and Biclustering: An Overview; Jun. 27, 2003, pp. 31-53.
Genunix; “Writing Filesystems—VFS and Vnode Interfaces”, 5 pages, Oct. 2007.
S.R. Kleiman; “Vnodes: An Architecture for Multiple File System Types in Sun UNIX”, USENIX Association: Summer Conference Proceedings, Atlanta 1986, 10 pages.
Findutils; GNU Project-Free Software Foundation (FSF), 3 pages, Nov. 2006.
DatAdvantage User Guide by Varonis, Version 1.0, Aug. 30, 2005, 71 pages.
DatAdvantage User Guide by Varonis, Version 2.0, Aug. 24, 2006, 118 pages.
DatAdvantage User Guide by Varonis, Version 2.5, Nov. 27, 2006, 124 pages.
DatAdvantage User Guide by Varonis, Version 2.6, Dec. 15, 2006, 127 pages.
DatAdvantage User Guide by Varonis, Version 2.7, Feb. 6, 2007, 131 pages.
DatAdvantage User Guide by Varonis, Version 3.0, Jun. 20, 2007, 153 pages.
A List of database tables in DatAdvantage 2.7, Feb. 6, 2007, 1 page.
A List of database tables in DatAdvantage 3.0, Jun. 20, 2007, 1 page.
White Paper; “Entitlement Reviews: A Practitioner's Guide”, Varonis 2007, 16 pages.
Alex Woodie; Varonis Prevents Unauthorized Access to Unstructured Data:, Published Jul. 31, 2007, 6 pages.
Varonis; “Accelerating Audits with Automation: Understanding Who's Accessing Your Unstructured Data”, Oct. 8, 2007; 7 pages.
Varonis; “The Business Case for Data Governance”, Mar. 27, 2007; 8 pages.
USPTO NFOA dated Feb. 12, 2008 in connection with U.S. Appl. No. 11/258,256.
USPTO FOA dated Aug. 1, 2008 in connection with U.S. Appl. No. 11/258,256.
USPTO NFOA dated Oct. 31, 2008 in connection with U.S. Appl. No. 11/635,736.
USPTO NFOA dated Dec. 14, 2010 in connection with U.S. Appl. No. 11/786,522.
USPTO FOA dated Apr. 18, 2011 in connection with U.S. Appl. No. 11/786,522.
USPTO FOA dated Sep. 20, 2011 in connection with U.S. Appl. No. 11/786,522.
USPTO NFOA dated Mar. 13, 2012 in connection with U.S. Appl. No. 11/786,522.
USPTO NFOA dated Jul. 9, 2010 in connection with U.S. Appl. No. 11/789,884.
USPTO FOA dated Dec. 14, 2010 in connection with U.S. Appl. No. 11/789,884.
USPTO NOA dated Apr. 12, 2012 in connection with U.S. Appl. No. 11/789,884.
USPTO NFOA dated Sep. 16, 2010 in connection with U.S. Appl. No. 11/871,028.
USPTO FOA dated Apr. 28, 2011 in connection with U.S. Appl. No. 11/871,028.
USPTO NFOA dated Apr. 25, 2012 in connection with U.S. Appl. No. 12/498,675.
USPTO NFOA dated Aug. 28, 2012 in connection with U.S. Appl. No. 12/673,691.
USPTO NFOA dated Jul. 5, 2012 in connection with U.S. Appl. No. 12/772,450.
USPTO NFOA dated Jun. 22, 2012 in connection with U.S. Appl. No. 12/814,807.
USPTO NFOA dated Sep. 14, 2012 in connection with U.S. Appl. No. 12/861,967.
USPTO NFOA dated Jul. 11, 2012 in connection with U.S. Appl. No. 13/014,762.
USPTO RR dated Nov. 21, 2012 in connection with U.S. Appl. No. 13/106,023.
USPTO NFOA dated Sep. 19, 2012 in connection with U.S. Appl. No. 13/303,826.
ISR and Written Opinion dated Nov. 15, 2011 issued during prosecution of PCT/IL11/00408.
ISR and Written Opinion dated May 20, 2010 issued during prosecution of PCT/IL10/00069.
IPRP dated Mar. 13, 2012 issued during prosecution of PCT/IL2010/000069.
ISR and Written Opinion dated May 9, 2011 issued during prosecution of PCT/IL10/01090.
ISR dated May 23, 2011; PCT/IL11/00065.
IPRP dated Jul. 31, 2012 issued during prosecution of PCT/IL2011/000065.
ISR and Written Opinion dated Jun. 14, 2011 issued during prosecution of PCT/IL11/00066.
ISR and Written Opinion dated Jun. 13, 2011 issued during prosecution of PCT/IL11/00076.
ISR and Written Opinion dated May 24, 2011 issued during prosecution of PCT/IL11/00077.
ISR and Written Opinion dated May 25, 2011 issued during prosecution of PCT/IL11/00078.
IPRP dated Jul. 31, 2012 issued during prosecution of PCT/IL2011/000078.
ISR and Writted Opinion dated Apr. 13, 2012 issued during prosecution of PCT/IL11/00902.
ISR and Written Opinion dated Apr. 13, 2012 issued during prosecution of PCT/IL11/00903.
ISR and Written Opinion dated Aug. 31, 2012 issued during prosecution of PCT/IL2012/000163.
ISR and Written Opinion dated Oct. 1, 2012 issued during prosecution of PCT/IL2012/000240.
An Office Action dated Mar. 25, 2013, which issued during the prosecution of U.S. Appl. No. 13/303,826.
An Office Action dated Mar. 13, 2014, which issued during the prosecution of U.S. Appl. No. 13/159,903.
An Office Action dated Jun. 4, 2014 which issued during the prosecution of U.S. Appl. No. 13/303,826.
An English translation of an Office Action dated Aug. 5, 2015 which issued during the prosecution of Chinese Patent Application No. 201180065969.1.
An Office Action dated Apr. 19, 2017, which issued during the prosecution of U.S. Appl. No. 15/381,239.
European Search Report dated May 3, 2016, which issued during the prosecution of Applicant's European App No. 12774249.2.
Dennis Lu et al: “Jesse Dyer” (Jul. 15, 2004).
Ebell: “Access Control Lists-alfrescowiki” (Jun. 5, 2008).
USPTO FOA dated Oct. 30, 2014 in connection with U.S. Appl. No. 13/159,903.
Related Publications (1)
Number Date Country
20120272294 A1 Oct 2012 US
Provisional Applications (1)
Number Date Country
61477662 Apr 2011 US