TREA

Access permissions management system and method

Follow

Information

  • Patent Grant
  • 10476878
  • Patent Number
    10,476,878
  • Date Filed
    Friday, September 7, 2018
    6 years ago
  • Date Issued
    Tuesday, November 12, 2019
    5 years ago
Information
Abstract
An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permissions in the repository.
Description
FIELD OF THE INVENTION

The present invention relates to access permissions management.


BACKGROUND OF THE INVENTION

The following patent publications are believed to represent the current state of the art:


U.S. Pat. Nos. 5,465,387; 5,899,991; 6,338,082; 6,393,468; 6,928,439; 7,031,984; 7,068,592; 7,403,925; 7,421,740; 7,555,482, 7,606,801 and 7,743,420; and


U.S. Published Patent Application Nos.: 2003/0051026; 2004/0249847; 2005/0108206; 2005/0203881; 2005/0086529; 2006/0064313; 2006/0184530; 2006/0184459; 2007/0203872; 2007/0244899; 2008/0271157; 2009/0100058; 2009/0119298; 2009/0265780; 2011/0060916 and 2011/0061111.


SUMMARY OF THE INVENTION

The present invention provides improved systems and methodologies for access permissions redundancy prevention.


There is thus provided in accordance with a preferred embodiment of the present invention an access permissions management system including a hierarchical access permissions repository including a multiplicity of access permissions relating to a multiplicity of data elements which are arranged in a data element hierarchy and wherein some of the multiplicity of data elements have associated therewith only access permissions which are inherited from data elements ancestral thereto, some of the multiplicity of data elements are prevented from having associated therewith inherited access permissions and thus have associated therewith only unique access permissions which are not inherited and some of the multiplicity of data elements are not prevented from having associated therewith inherited access permissions and have associated therewith not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and responsively thereto not to store the unique access permissions which are redundant with inherited access permissions in the repository.


There is also provided in accordance with another preferred embodiment of the present invention an access permissions management system including a hierarchical access permissions repository including a multiplicity of access permissions relating to a multiplicity of data elements which are arranged in a data element hierarchy and wherein some of the multiplicity of data elements are inherited data elements, which have associated therewith only access permissions which are inherited from data elements ancestral thereto, some of the multiplicity of data elements are protected data elements, which are prevented from having associated therewith inherited access permissions and thus have associated therewith only unique access permissions which are not inherited and some of the multiplicity of data elements are hybrid data elements, which are not prevented from having associated therewith inherited access permissions and have associated therewith not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions overlap prevention engine operative to ascertain which of the unique access permissions associated with a protected data element are identical to access permissions associated with a data element immediately above the protected data element in the hierarchy and responsively thereto not to store the unique access permissions which are associated with the protected data element.


There is further provided in accordance with yet another preferred embodiment of the present invention an access permissions management method including maintaining a hierarchical access permissions repository including a multiplicity of access permissions relating to a multiplicity of data elements which are arranged in a data element hierarchy and wherein some of the multiplicity of data elements have associated therewith only access permissions which are inherited from data elements ancestral thereto, some of the multiplicity of data elements are prevented from having associated therewith inherited access permissions and thus have associated therewith only unique access permissions which are not inherited and some of the multiplicity of data elements are not prevented from having associated therewith inherited access permissions and have associated therewith not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and preventing access permissions redundancy by ascertaining which of the unique access permissions are redundant with inherited access permissions and responsively thereto not to store the unique access permissions which are redundant with inherited access permissions in the repository.


There is yet further provided in accordance with still another preferred embodiment of the present invention an access permissions management method including maintaining a hierarchical access permissions repository including a multiplicity of access permissions relating to a multiplicity of data elements which are arranged in a data element hierarchy and wherein some of the multiplicity of data elements are inherited data elements, which have associated therewith only access permissions which are inherited from data elements ancestral thereto, some of the multiplicity of data elements are protected data elements, which are prevented from having associated therewith inherited access permissions and thus have associated therewith only unique access permissions which are not inherited and some of the multiplicity of data elements are hybrid data elements, which are not prevented from having associated therewith inherited access permissions and have associated therewith not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and preventing access permissions overlap by ascertaining which of the unique access permissions associated with a protected data element are identical to access permissions associated with a data element immediately above the protected data element in the hierarchy and responsively thereto not to store the unique access permissions which are associated with the protected data element.





BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which:



FIG. 1 is a simplified block diagram illustration of an access permissions management system, constructed and operative in accordance with a preferred embodiment of the present invention;



FIG. 2 is a simplified flowchart indicating steps in the operation of the access permissions management system of FIG. 1;



FIG. 3 is a simplified block diagram illustration of an access permissions management system, constructed and operative in accordance with another preferred embodiment of the present invention; and



FIG. 4 is a simplified flowchart indicating steps in the operation of the access permissions management system of FIG. 3.





DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Reference is now made to FIG. 1, which is a simplified block diagram illustration of an access permissions management system, constructed and operative in accordance with a preferred embodiment of the present invention, and to FIG. 2, which is a simplified flowchart indicating steps in the operation of the access permissions management system of FIG. 1. The access permissions management system of FIGS. 1 & 2 is preferably suitable for operating in an enterprise computer network including multiple disparate clients, computer hardware resources and computer software resources, and a file system comprising a data element hierarchy.


Preferably, the system of FIGS. 1 & 2 includes a hierarchical access permissions repository including a multiplicity of access permissions relating to a multiplicity of data elements which are arranged in the data element hierarchy and wherein some of the multiplicity of data elements have associated therewith only access permissions which are inherited from data elements ancestral thereto, some of the multiplicity of data elements are prevented from having associated therewith inherited access permissions and thus have associated therewith only unique access permissions which are not inherited, and some of the multiplicity of data elements are not prevented from having associated therewith inherited access permissions and have associated therewith not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions. It is appreciated that prevention of association of inherited access permissions with a data element may be accomplished, for example, by configuring of the data element, such as by an IT Administrator, as a data element which is not allowed to inherit access permissions from any of its ancestors.


In accordance with a preferred embodiment of the present invention, the system of FIGS. 1 & 2 also includes an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and responsively thereto not to store the unique access permissions which are redundant with inherited access permissions in the repository.


As shown in FIG. 2, for each data element in the data element hierarchy the system ascertains whether the data element has unique access permissions associated therewith. Thereafter, the system ascertains whether the data element also has inherited access permissions associated therewith. Thereafter, the system ascertains whether any of the unique access permissions associated with the data element are redundant with any of the inherited access permissions associated with the data element. Thereafter, for each data element, the system stores in the repository only the unique access permissions which are not redundant with any of the inherited access permissions.


Reference is now made to FIG. 3, which is a simplified block diagram illustration of an access permissions management system, constructed and operative in accordance with another preferred embodiment of the present invention, and to FIG. 4, which is a simplified flowchart indicating steps in the operation of the access permissions management system of FIG. 3. The access permissions management system of FIGS. 3 & 4 is preferably suitable for operating in an enterprise computer network including multiple disparate clients, computer hardware resources and computer software resources, and a file system comprising a data element hierarchy.


Preferably, the system of FIGS. 3 & 4 includes a hierarchical access permissions repository including a multiplicity of access permissions relating to a multiplicity of data elements which are arranged in the data element hierarchy and wherein some of the multiplicity of data elements are inherited data elements, which have associated therewith only access permissions which are inherited from data elements ancestral thereto, some of the multiplicity of data elements are protected data elements, which are prevented from having associated therewith inherited access permissions and thus have associated therewith only unique access permissions which are not inherited, and some of the multiplicity of data elements are hybrid data elements, which are not prevented from having associated therewith inherited access permissions and have associated therewith not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions.


In accordance with a preferred embodiment of the present invention, the system of FIGS. 3 & 4 also includes an access permissions overlap prevention engine operative to ascertain which of the unique access permissions associated with a protected data element are identical to access permissions associated with a data element immediately above the protected data element in the hierarchy and responsively thereto not to store the unique access permissions which are associated with the protected data element.


As shown in FIG. 4, for each protected data element in the data element hierarchy the system ascertains whether the unique access permissions associated therewith are identical to the access permissions associated with the data element immediately above the protected data element in the hierarchy. Thereafter, only for protected data elements which have unique access permissions associated therewith that are not identical to the access permissions associated with the data element immediately above the protected data element in the hierarchy, the system stores in the repository the unique access permissions associated with the protected data element.


It will be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. Rather, the invention also includes various combinations and subcombinations of the features described hereinabove as well as modifications and variations thereof, which would occur to persons skilled in the art upon reading the foregoing and which are not in the prior art.

Claims
  • 1. A data governance system for use with an existing organizational file system and an access control list associated therewith, said data governance system comprising a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to automatically manage access permissions, said system comprising: a probe engine communicating with said organizational file system and with said access control list and being operative to collect access information from said organizational file system and from said access control list in an ongoing manner,a redundancy reducing engine receiving an output from said probe engine and providing a redundancy reduced information stream; anda redundancy reduced information database receiving and storing said redundancy reduced information stream;said redundancy-reduced information database storing information relating to a subset of a set of user groups having access permissions to said organizational file system, said subset being created by said redundancy reducing engine,said redundancy reducing engine being operative: to ascertain which of a multiplicity of user groups having access permissions to said organizational file system are unique user groups, said unique user groups having access permissions to said organizational file system which are not inherited from other user groups;to ascertain which of said multiplicity of user groups having access permissions to said organizational file system are inherited user groups, said inherited user groups having access permissions to said organizational file system which are inherited from other user groups;to ascertain whether any of said unique user groups are redundant with any of said inherited user groups; andresponsive to said ascertaining whether any of said unique user groups are redundant with any of said inherited user groups, to eliminate from said multiplicity of user groups having access permissions to said organization file system, said unique user groups having access permissions to said organization file system which are redundant with said inherited user groups.
  • 2. An access permissions management method comprising: communicating with an organizational file system and with an access control list associated therewith. and collecting access information from said organizational file system and from said access control list in an ongoing manner,responsive to said collecting access information: ascertaining which of a multiplicity of user groups having access permissions to said organization file system are unique user groups, said unique user groups having access permissions which are not inherited from other user groups;ascertaining which of said multiplicity of user groups having access permissions to said organization file system are inherited user groups, said inherited user groups having access permissions to said organizational file system which are inherited from other user groups;ascertaining whether any of said unique user groups are redundant with any of said inherited user groups; andresponsive to said ascertaining whether any of said unique user groups are redundant with any of said inherited user groups, eliminating from said multiplicity of user groups having access permissions to said organization file system, said unique user groups which are redundant with said inherited user groups; andproviding and storing a redundancy reduced information stream, said redundancy reduced information stream comprising information relating to a subset of a set of user groups having access permissions to said organization file system.
REFERENCE TO RELATED APPLICATIONS

Reference is made to U.S. Provisional Patent Application Ser. No. 61/477,662, filed Apr. 21, 2011 and entitled “ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD”, the disclosure of which is hereby incorporated by reference and priority of which is hereby claimed pursuant to 37 CFR 1.78(a) (4) and (5)(i). Reference is also made to U.S. patent application Ser. No. 13/014,762, filed Jan. 27, 2011, and entitled “AUTOMATIC RESOURCE OWNERSHIP ASSIGNMENT SYSTEMS AND METHODS”, the disclosure of which is hereby incorporated by reference and priority of which is hereby claimed pursuant to 37 CFR 1.78(a) (1) and (2)(i). Reference is also made to the following patents and patent applications, owned by assignee, the disclosures of which are hereby incorporated by reference: U.S. Pat. Nos. 7,555,482 and 7,606,801; U.S. Published Patent Application Nos. 2007/0244899, 2008/0271157, 2009/0100058, 2009/0119298, 2009/0265780, 2011/0060916 and 2011/0061111; and U.S. patent application Ser. No. 12/673,691.

US Referenced Citations (140)
Number Name Date Kind
5465387 Mukherjee Nov 1995 A
5761669 Montague et al. Jun 1998 A
5889952 Hunnicutt et al. Mar 1999 A
5899991 Karch May 1999 A
6023765 Kuhn Feb 2000 A
6178505 Schneider et al. Jan 2001 B1
6308173 Glasser et al. Oct 2001 B1
6338082 Schneider Jan 2002 B1
6393468 McGee May 2002 B1
6772350 Belani et al. Aug 2004 B1
6928439 Satoh Aug 2005 B2
6993137 Fransdonk Jan 2006 B2
6996577 Kiran et al. Feb 2006 B1
7007032 Chen et al. Feb 2006 B1
7017183 Frey et al. Mar 2006 B1
7031984 Kawamura et al. Apr 2006 B2
7068592 Duvaut et al. Jun 2006 B1
7124272 Kennedy et al. Oct 2006 B1
7185192 Kahn Feb 2007 B1
7219234 Ashland et al. May 2007 B1
7305562 Bianco et al. Dec 2007 B1
7403925 Schlesinger et al. Jul 2008 B2
7421740 Fey et al. Sep 2008 B2
7529748 Wen et al. May 2009 B2
7555482 Korkus Jun 2009 B2
7580934 Futatsugi Aug 2009 B2
7606801 Faitelson et al. Oct 2009 B2
7716240 Lim May 2010 B2
7743420 Shulman et al. Jun 2010 B2
7849496 Ahern et al. Dec 2010 B2
7983264 Etheridge Jul 2011 B2
8239925 Faitelson et al. Aug 2012 B2
8327419 Korablev et al. Dec 2012 B1
8447829 Geller et al. May 2013 B1
8533787 Faitelson et al. Sep 2013 B2
8621610 Oberheide et al. Dec 2013 B2
8639724 Sorenson, III et al. Jan 2014 B1
8683560 Brooker et al. Mar 2014 B1
8805884 Faitelson et al. Aug 2014 B2
8909673 Faitelson et al. Dec 2014 B2
9679148 Faitelson et al. Jun 2017 B2
9680839 Faitelson et al. Jun 2017 B2
10102389 Faitelson et al. Oct 2018 B2
20020002557 Straube et al. Jan 2002 A1
20020026592 Gavrila et al. Feb 2002 A1
20020174307 Yoshida et al. Nov 2002 A1
20030048301 Menninger Mar 2003 A1
20030051026 Carter et al. Mar 2003 A1
20030074580 Knouse et al. Apr 2003 A1
20030188198 Holdsworth et al. Oct 2003 A1
20030231207 Huang Dec 2003 A1
20040030915 Sameshima et al. Feb 2004 A1
20040186809 Schlesinger et al. Sep 2004 A1
20040205342 Roegner Oct 2004 A1
20040249847 Wang et al. Dec 2004 A1
20040254919 Giuseppini Dec 2004 A1
20040260952 Newman et al. Dec 2004 A1
20050007619 Minato Jan 2005 A1
20050044396 Vogel et al. Feb 2005 A1
20050044399 Dorey Feb 2005 A1
20050065823 Ramraj et al. Mar 2005 A1
20050086529 Buchsbaum Apr 2005 A1
20050108206 Lam et al. May 2005 A1
20050120054 Shulman et al. Jun 2005 A1
20050187937 Kawabe et al. Aug 2005 A1
20050203881 Sakamoto et al. Sep 2005 A1
20050246762 Girouard et al. Nov 2005 A1
20050278334 Fey et al. Dec 2005 A1
20050278785 Lieberman Dec 2005 A1
20060037062 Araujo et al. Feb 2006 A1
20060064313 Steinbarth et al. Mar 2006 A1
20060090208 Smith Apr 2006 A1
20060184459 Parida Aug 2006 A1
20060184530 Song et al. Aug 2006 A1
20060271523 Brookler et al. Nov 2006 A1
20060277184 Faitelson et al. Dec 2006 A1
20060294578 Burke et al. Dec 2006 A1
20070033340 Tulskie et al. Feb 2007 A1
20070061487 Moore et al. Mar 2007 A1
20070073698 Kanayama et al. Mar 2007 A1
20070094265 Korkus Apr 2007 A1
20070101387 Hua et al. May 2007 A1
20070112743 Giampaolo et al. May 2007 A1
20070121501 Bryson May 2007 A1
20070136603 Kuecuekyan Jun 2007 A1
20070156659 Lim Jul 2007 A1
20070156693 Soin Jul 2007 A1
20070198608 Prahlad et al. Aug 2007 A1
20070203872 Flinn et al. Aug 2007 A1
20070214497 Montgomery et al. Sep 2007 A1
20070244899 Faitelson et al. Oct 2007 A1
20070261121 Jacobson Nov 2007 A1
20070266006 Buss Nov 2007 A1
20070276823 Borden et al. Nov 2007 A1
20070282855 Chen et al. Dec 2007 A1
20080031447 Geshwind et al. Feb 2008 A1
20080034205 Alain et al. Feb 2008 A1
20080034402 Botz et al. Feb 2008 A1
20080071785 Kabra et al. Mar 2008 A1
20080091682 Lim Apr 2008 A1
20080097998 Herbach Apr 2008 A1
20080104663 Tokutani et al. May 2008 A1
20080162707 Beck et al. Jul 2008 A1
20080172720 Botz et al. Jul 2008 A1
20080184330 Lal et al. Jul 2008 A1
20080270462 Thomsen Oct 2008 A1
20080271157 Faitelson et al. Oct 2008 A1
20080306954 Hornqvist Dec 2008 A1
20090031418 Matsuda et al. Jan 2009 A1
20090100058 Faitelson et al. Apr 2009 A1
20090119298 Faitelson et al. May 2009 A1
20090150981 Amies et al. Jun 2009 A1
20090182715 Falkenberg Jul 2009 A1
20090198892 Alvarez et al. Aug 2009 A1
20090249446 Jenkins et al. Oct 2009 A1
20090265780 Korkus et al. Oct 2009 A1
20090320088 Gill et al. Dec 2009 A1
20100011438 Bartley et al. Jan 2010 A1
20100023491 Huang et al. Jan 2010 A1
20100037324 Grant et al. Feb 2010 A1
20100058434 Chusing et al. Mar 2010 A1
20100070881 Hanson et al. Mar 2010 A1
20100076972 Baron et al. Mar 2010 A1
20100262625 Pittenger Oct 2010 A1
20110010758 Faitelson et al. Jan 2011 A1
20110060916 Faitelson et al. Mar 2011 A1
20110061093 Korkus et al. Mar 2011 A1
20110061111 Faitelson et al. Mar 2011 A1
20110126111 Gill et al. May 2011 A1
20110184989 Faitelson et al. Jul 2011 A1
20110296490 Faitelson et al. Dec 2011 A1
20120011161 Marathe Jan 2012 A1
20120078965 Laitkorpi et al. Mar 2012 A1
20120221550 Korkus et al. Aug 2012 A1
20120271853 Faitelson et al. Oct 2012 A1
20120271855 Faitelson et al. Oct 2012 A1
20120272294 Faitelson et al. Oct 2012 A1
20120291100 Faitelson et al. Nov 2012 A1
20150026778 Faitelson et al. Jan 2015 A1
20170098091 Faitelson et al. Apr 2017 A1
Foreign Referenced Citations (12)
Number Date Country
1588889 Mar 2005 CN
1860723 Nov 2006 CN
101316273 Dec 2008 CN
101692278 Apr 2010 CN
2007-075950 Mar 2007 JP
012-132276 Jul 2012 JP
2011030324 Mar 2011 WO
2011148376 Dec 2011 WO
2011148377 Dec 2011 WO
2012101620 Aug 2012 WO
2012101621 Aug 2012 WO
2012143920 Oct 2012 WO
Non-Patent Literature Citations (116)
Entry
A NFOA dated Aug. 26, 2016, which issued during the prosecution of Applicant's U.S. Appl. No. 14/508,390.
A NFOA dated Aug. 28, 2012, which issued during the prosecution of Applicant's U.S. Appl. No. 12/673,691.
A NFOA dated Sep. 14, 2012, which issued during the prosecution of U.S. Appl. No. 12/861,967.
A NFOA dated Sep. 16, 2010, which issued during the prosecution of Applicant's U.S. Appl. No. 11/871,028.
A NFOA dated Sep. 19, 2012, which issued during the prosecution of Applicant's U.S. Appl. No. 13/303,826.
A NFOA dated Oct. 31, 2008, which issued during the prosecution of Applicant's U.S. Appl. No. 11/635,736.
A NFOA dated Dec. 11, 2015, which issued during the prosecution of Applicant's U.S. Appl. No. 13/378,115.
A NFOA dated Dec. 14, 2010, which issued during the prosecution of Applicant's U.S. Appl. No. 11/786,522.
NOA dated Feb. 9, 2017, which issued during the prosecution of Applicant's U.S. Appl. No. 14/508,390.
NOA dated Feb. 10, 2017, which issued during the prosecution of U.S. Appl. No. 13/159,903.
NOA dated Apr. 12, 2012, which issued during the prosecution of Applicant's U.S. Appl. No. 11/789,884.
NOA dated Jun. 11, 2018, which issued during the prosecution of Applicant's U.S. Appl. No. 15/381,239.
NOA dated Jul. 11, 2014, which issued during the prosecution of U.S. Appl. No. 13/303,826.
NOA dated Aug. 12, 2016, which issued during the prosecution of U.S. Appl. No. 13/159,903.
A RR dated Nov. 21, 2012, which issued during the prosecution Applicant's U.S. Appl. No. 13/106,023.
An Interview Summary dated Sep. 11, 2014, which issued during the prosecution of Applicant's U.S. Appl. No. 13/378,115.
An Internationai Search Report and a Written Opinion both dated Oct. 1, 2012, which issued during the prosecution of Applicant's PCT/IL2012/000240.
An Internationai Search Report and a Written Opinion both dated Nov. 15, 2011, which issued during the prosecution of Applicant's PCT/IL11/00408.
U.S. Appl. No. 60/688,486, filed Jun. 7, 2005.
U.S. Appl. No. 61/477,662, filed Apr. 21, 2011.
USPTO AA dated Jan. 8, 2018 in connection with U.S. Appl. No. 15/381,239.
USPTO AA dated Jan. 22, 2014 in connection with U.S. Appl. No. 13/378,115.
USPTO AA dated Mar. 24, 2016 in connection with U.S. Appl. No. 13/159,903.
USPTO AA dated Jun. 7, 2013 in connection with U.S. Appl. No. 13/303,826.
USPTO AA dated Jun. 15, 2015 in connection with U.S. Appl. No. 13/378,115.
USPTO AA dated Dec. 27, 2013 in connection with U.S. Appl. No. 13/378,115.
A Patent Board Decision on Appeal dated Aug. 29, 2017, which issued during the prosecution of U.S. Appl. No. 13/378,115.
A FOA dated Mar. 25, 2013, which issued during the prosecution of Applicant's U.S. Appl. No. 13/303,826.
A FOA dated Mar. 25, 2013, which issued during the prosecution of Applicant's U.S. Appl. No. 13/384,452.
A FOA dated Apr. 18, 2011, which issued during the prosecution of Applicant's U.S. Appl. No. 11/786,522.
A FOA dated Apr. 28, 2011, which issued during the prosecution of Applicant's U.S. Appl. No. 11/871,028.
A FOA dated Aug. 1, 2008, which issued during the prosecution of Applicant's U.S. Appl. No. 11/258,256.
A FOA dated Sep. 6, 2013, which issued during the prosecution of Applicant's U.S. Appl. No. 13/378,115.
A FOA dated Sep. 20, 2011, which issued during the prosecution of Applicant's U.S. Appl. No. 11/786,522.
A FOA dated Oct. 18, 2017, which issued during the prosecution of Applicant's U.S. Appl. No. 15/381,239.
A FOA dated Oct. 30, 2014, which issued during the prosecution of U.S. Appl. No. 13/159,903.
A FOA dated Dec. 9, 2015, which issued during the prosecution of U.S. Appl. No. 13/159,903.
A FOA dated Dec. 14, 2010, which issued during the prosecution of Applicant's U.S. Appl. No. 11/789,884.
A FOA dated Dec. 26, 2014, which issued during the prosecution of Applicant's U.S. Appl. No. 13/378,115.
An Interview Summary dated Mar. 5, 2018, which issued during the prosecution of U.S. Appl. No. 15/381,239.
An Interview Summary dated Mar. 7, 2016, which issued during the prosecution of U.S. Appl. No. 13/159,903.
An Interview Summary dated Mar. 7, 2016, which issued during the prosecution of U.S. Appl. No. 13/378,115.
An Interview Summary dated Apr. 15, 2014, which issued during the prosecution of U.S. Appl. No. 13/159,903.
An Interview Summary dated May 12, 2015, which issued during the prosecution of U.S. Appl. No. 13/378,115.
An Interview Summary dated May 13, 2013, which issued during the prosecution of U.S. Appl. No. 13/159,903.
An Interview Summary dated May 15, 2013, which issued during the prosecution of U.S. Appl. No. 13/378,115.
An Interview Summary dated Jul. 17, 2017, which issued during the prosecution of U.S. Appl. No. 15/381,239.
An Interview Summary dated Sep. 9, 2015, which issued during the prosecution of U.S. Appl. No. 13/378,115.
An Interview Summary dated Sep. 10, 2015, which issued during the prosecution of U.S. Appl. No. 13/159,903.
An Interview Summary dated Sep. 10, 2014, which issued during the prosecution of U.S. Appl. No. 13/159,903.
An Interview Summary dated Nov. 14, 2013, which issued during the prosecution of U.S. Appl. No. 13/378,115.
An Interview Summary dated Nov. 22, 2013, which issued during the prosecution of U.S. Appl. No. 13/159,903.
An Interview Summary dated Nov. 22, 2017, which issued during the prosecution of U.S. Appl. No. 15/381,239.
A NFOA dated Jan. 12, 2018, which issued during the prosecution of Applicant's U.S. Appl. No. 13/378,115.
A NFOA dated Jan. 15, 2013, which issued during the prosecution of Applicant's U.S. Appl. No. 13/159.903.
A NFOA dated Feb. 12, 2008, which issued during the prosecution of U.S. Appl. No. 11/258,256.
A NFOA dated Mar. 13, 2012, which issued during the prosecution of U.S. Appl. No. 11/786,522.
A NFOA dated Mar. 13, 2014, which issued during the prosecution of Applicant's U.S. Appl. No. 13/159,903.
A NFOA dated Apr. 4, 2013, which issued during the prosecution of Applicant's U.S. Appl. No. 13/378,115.
A NFOA dated Apr. 19, 2017, which issued during the prosecution of Applicant's U.S. Appl. No. 15/381,239.
A NFOA dated Apr. 25, 2012, which issued during the prosecution of Applicant's U.S. Appl. No. 12/498,675.
A NFOA dated Jun. 4, 2014, which issued during the prosecution of U.S. Appl. No. 13/303,826.
A NFOA dated Jun. 10, 2015, which issued during the prosecution of U.S. Appl. No. 13/159,903.
A NFOA dated Jun. 22, 2012, which issued during the prosecution of Applicant's U.S. Appl. No. 12/814,807.
A NFOA dated Jul. 5, 2012, which issued during the prosecution of Applicant's U.S. Appl. No. 12/772,450.
A NFOA dated Jul. 8, 2014, which issued during the prosecution of Applicant's U.S. Appl. No. 13/378,115.
A NFOA dated Jul. 9, 2010, which issued during the prosecution of Applicant's U.S. Appl. No. 11/789,884.
A NFOA dated Jul. 11, 2012, which issued during the prosecution of Applicant's U.S. Appl. No. 13/014,762.
Sahadeb DE, et al; “Secure Access Control in a Multi-user Geodatabase,” available on the Internet at the URL htto://www10.qiscafe.com. 2005, 10 pages.
Ebell: “Access Centrol Lists—alfrescowiki” (Jun. 5, 2008).
Findutils; GNU Project—Free Software Foundation (FSF), 3 pages, Nov. 2006.
Genunix; “Writing Filesystems—VFS and Vnode Interfaces”, 5 pages, Oct. 2007.
S.R. Kleiman; “Vnodes: An Architecture for Multiple File System Types in Sun UNIX”, USENIX Association: Summer Conference Proceedings, Atlanta 1986; 10 pages.
Dennis Lu et al: “Jesse Dyer” (Jul. 15, 2004).
Sara C. Madeira and Arlindo L. Oliveira; Biclustering Algorithms for Biological data Analysis: A Survey; Mar. 2004; http://www.cs.princeton.edu/courses/archive/spr05/cos598E/bib/bicluster.pdf.
Sara C. Madeira; Clustering, Fuzzy Clustering and Biclustering: An Overview; p. 31 to 53, Jun. 27, 2003.
Varonis; “Accelerating Audits with Automation: Understanding Who's Accessing Your Unstructured Data”, Oct. 8, 2007, 7 pages.
“Entitlement reviews: A Practitioner's Guide” by Varonis, 2007.
Varonis; “White Paper: The Business Case for Data Governance”, dated Mar. 27, 2007, 8 pages.
Alex Woodie; “Varonis Prevents Unauthorized Access to Unstructured Data”, Four Hundred Stuff, vol. 7, No. 9, Jul. 31, 2007, 6 pages.
DatAdvantage User Guide by Varonis, Version 1.0, Aug. 30, 2005.
DatAdvantage User Guide by Varonis, Version 2.0, Aug. 24, 2006.
DatAdvantage User Guide by Varonis, Version 2.5, Nov. 27, 2006.
DatAdvantage User Guide by Varonis, Version 2.6, Dec. 15, 2006.
DatAdvantage User Guide by Varonis, Version 2.7, Feb. 6, 2007.
DatAdvantage User Guide by Varonis, Version 3.0, Jun. 20, 2007.
A List of database tables in DatAdvantage 2.7, Feb. 6, 2007.
A List of database tables in DatAdvantage 3.0, Jun. 20, 2007.
Supplementary European Search Report dated Apr. 17, 2015 which issued during the prosecution of Applicant's European App No. 11856923.5.
Supplementary European Search Report dated May 3, 2016, which issued during the prosecution of Applicant's European App No. 12774249.2.
European Search Report dated May 13, 2015, which issued during the prosecution of Applicant's European App No. 11857276.7.
An English translation of an Office Action dated Jun. 26, 2015, which issued during the prosecution of Chinese Patent Application No. 2011800662618.
An English translation of an Office Action dated Jun. 29, 2016, which issued during the prosecution of Chinese Patent Application No. 201280029360.3.
An English translation of an Office Action dated Aug. 5, 2015, which issued during the prosecution of Chinese Patent Application No. 201180065969.1.
An English translation of an Office Action dated Mar. 15, 2016, which issued during the prosecution of Chinese Patent Application No. 201180065969.1.
An English translation of an Office Action dated Aug. 30, 2016, which issued during the prosecution of Chinese Patent Application No. 201180065969.1.
An English translation of an Office Action dated Feb. 27, 2017, which issued during the prosecution of Chinese Patent Application No. 201180065969.1.
An International Preliminary Report on Patentability dated Mar. 13, 2012, which issued during the prosecution of Applicant's PCT/IL2010/000069.
An International Preliminary Report on Patentability dated May 12, 2015, which issued during the prosecution of Applicant's PCT/IL2012/000163.
An International Preliminary Report on Patentability dated Jul. 30, 2013, which issued during the prosecution of Applicant's PCT/IL2011/000903.
An International Preliminary Report on Patentability dated Jul. 31, 2012, which issued during the prosecution of Applicant's PCT/IL2011/000065.
An International Preliminary Report on Patentability dated Jul. 31, 2012, which issued during the prosecution of Applicant's PCT/IL2011/000078.
An International Preliminary Report on Patentability dated Jul. 30, 2013, which issued during the prosecution of Applicant's PCT/IL2011/000902.
An International Search Report and a Written Opinion both dated Apr. 13, 2012, which issued during the prosecution of Applicant's PCT/IL2011/000902.
An International Search Report and a Written Opinion both dated Apr. 13, 2012, which issued during the prosecution of Applicant's PCT/IL2011/000903.
An International Search Report and a Written Opinion both dated May 9, 2011, which issued during the prosecution of Applicant's PCT/IL10/01090.
An International Search Report and a Written Opinion both dated May 20, 2010, which issued during the prosecution of Applicant's PCT/IL10/00069.
An International Search Report and a Written Opinion both dated May 23, 2011, which issued during the prosecution of Applicant's PCT/IL11/00065.
An International Search Report and a Written Opinion both dated May 24, 2011 which issued during the prosecution of Applicant's PCT/IL11/00077.
An International Search Report and a Written Opinion both dated May 25, 2011, which issued during the prosecution of Applicant's PCT/IL11/00078.
An International Search Report and a Written Opinion both dated Jun. 13, 2011 which issued during the prosecution of Applicant's PCT/IL11/00076.
An International Search Report and a Written Opinion both dated Jun. 14, 2011 which issued during the prosecution of Applicant's PCT/IL11/00066.
An International Search Report and a Written Opinion both dated Aug. 31, 2012 which issued during the prosecution of Applicant's PCT/IL2012/000163.
U.S. Appl. No. 13/159,903, filed Jun. 14, 2011 published as 2012/0271853, issued as U.S. Pat. No. 9,680,839.
U.S. Appl. No. 13/014,762, filed Jan. 27, 2011 published as 2011/0184989, issued as U.S. Pat. No. 8,805,884.
U.S. Appl. No. 15/381,239, filed Dec. 16, 2016 published as 2017/0098091, issued as U.S. Pat. No. 10,102,389.
Related Publications (1)
Number Date Country
20190007413 A1 Jan 2019 US
Provisional Applications (1)
Number Date Country
61477662 Apr 2011 US
Continuations (2)
Number Date Country
Parent 15381239 Dec 2016 US
Child 16124658 US
Parent 13159903 Jun 2011 US
Child 15381239 US
Continuation in Parts (1)
Number Date Country
Parent 13014762 Jan 2011 US
Child 13159903 US