CN103975324B - 访问权限管理系统及方法 - Google Patents

访问权限管理系统及方法 Download PDF

Info

Publication number
CN103975324B
CN103975324B CN201280029360.3A CN201280029360A CN103975324B CN 103975324 B CN103975324 B CN 103975324B CN 201280029360 A CN201280029360 A CN 201280029360A CN 103975324 B CN103975324 B CN 103975324B
Authority
CN
China
Prior art keywords
access rights
redundancy
data element
act system
exclusive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201280029360.3A
Other languages
English (en)
Other versions
CN103975324A (zh
Inventor
雅各布·费特尔松
奥哈德·科尔库斯
奥菲尔·克雷策-卡齐尔
伊扎尔·基萨尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Varonis Systems Inc
Original Assignee
Varonis Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Varonis Systems Inc filed Critical Varonis Systems Inc
Publication of CN103975324A publication Critical patent/CN103975324A/zh
Application granted granted Critical
Publication of CN103975324B publication Critical patent/CN103975324B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

一种访问权限管理系统,包括:层次化访问权限存储库,包括与以数据元素层次结构布置的数据元素相关的访问权限,其中,数据元素中的一些仅具有继承自祖先的数据元素的访问权限;多重数据元素中的一些被阻止具有继承的访问权限,并且因此仅具有非继承的独有访问权限;以及数据元素中的一些未被阻止具有继承的访问权限,并且不仅具有继承的访问权限,还具有非继承的独有访问权限,独有访问权限中的一些与继承的访问权限可能是冗余的;以及访问权限冗余阻止引擎,操作为确定哪些独有访问权限与继承的访问权限是冗余的,并且响应于此,不在存储库中存储与继承的访问权限冗余的独有访问权限。

Description

访问权限管理系统及方法
相关申请的交叉引用
引用了于2011年4月21日提交的题为“ACCESS PERMISSIONS MANAGEMENT SYSTEMAND METHOD”的美国临时专利申请第61/477,662号,其公开内容通过引用结合于此,并且依照37CFR1.78(a)(4)和(5)(i)要求其优先权。
还引用了于2011年6月14日提交的题为“ACCESS PERMISSIONS MANAGEMENTSYSTEM AND METHOD”的美国专利申请第13/159,903号,其公开内容通过引用结合于此,并且依照37CFR1.78(a)(1)和(2)(i)要求其优先权.
还引用了受让人所拥有的以下专利和专利申请,其公开内容通过引用结合于此:
美国专利第7,555,482和7,606,801号;
美国公开专利申请第2007/0244899,2008/0271157,2009/0100058,2009/0119298,2009/0265780,2011/0060916和2011/0061111号;以及
美国专利申请第12/673,691&13/014,762号。
技术领域
本发明涉及访问权限管理。
背景技术
以下专利公开被认为是代表本领域的当前状态:
美国专利第5,465,387;5,899,991;6,338,082;6,393,468;6,928,439;7,031,984;7,068,592;7,403,925;7,421,740;7,555,482;7,606,801和7,743,420号;以及
美国公开专利申请第2003/0051026;2004/0249847;2005/0108206;2005/0203881;2005/0086529;2006/0064313;2006/0184530;2006/0184459;2007/0203872;2007/0244899;2008/0271157;2009/0100058;2009/0119298;2009/0265780;2011/0060916和2011/0061111号。
发明内容
本发明提供了用于防止访问权限冗余的改进的系统和方法。
因此,根据本发明的优选实施方式,提供了一种访问权限管理系统,包括:层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次结构布置的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些被阻止与继承的访问权限相关联,并且因此仅与非继承的独有访问权限相关联,以及多重数据元素中的一些未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,该独有访问权限中的一些与继承的访问权限可能是冗余的;以及访问权限冗余阻止引擎,操作为确定哪些独有访问权限与继承的访问权限是冗余的,并且响应于此,不在存储库中存储与继承的访问权限冗余的独有访问权限。
根据本发明的另一优选实施方式,还提供了一种访问权限管理系统,包括:层次化访问权限存储库,包括与以数据元素层次结构布置的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些是继承的数据元素,其仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些是受保护的数据元素,其被阻止与继承的访问权限相关联并且因此仅与非继承的独有访问权限相关联,以及多重数据元素中的一些是混合数据元素,其未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,该独有访问权限中的一些与继承的访问权限可能是冗余的;以及访问权限重叠阻止引擎,操作为确定与受保护的数据元素相关联的哪些独有访问权限是与层次结构中该受保护的数据元素的直接上级的数据元素相关联的访问权限相同的,并且响应于此,不存储与受保护的数据元素相关联的独有访问权限。
仍根据本发明的另一优选实施方式,进一步提供了一种访问权限管理方法,包括:保持(maintain)层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次结构布置的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些被阻止与继承的访问权限相关联,并且因此仅与非继承的独有访问权限相关联,以及多重数据元素中的一些未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,该独有访问权限中的一些与继承的访问权限可能是冗余的;以及通过确定哪些独有访问权限与继承的访问权限是冗余的并且响应于此不在存储库中存储与继承的访问权限冗余的独有访问权限,来阻止访问权限冗余。
仍根据本发明的另一优选实施方式,更进一步地提供了一种访问权限管理方法,包括:保持层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次结构布置的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些是继承的数据元素,其仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些是受保护的数据元素,其被阻止与继承的访问权限相关联并且因此仅与非继承的独有访问权限相关联,以及多个数据元素中的一些是混合数据元素,其未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,该独有访问权限中的一些与继承的访问权限可能是冗余的;以及通过确定与受保护的数据元素相关联的哪些独有访问权限是与层次结构中直接在该受保护的数据元素上方的数据元素相关联的访问权限相同的,并且响应于此,不存储与受保护的数据元素相关联的独有访问权限,来阻止访问权限重叠。
附图说明
通过以下结合附图的详细描述将更全面地理解和认识本发明,附图中:
图1是示出了根据本发明优选实施方式构造和操作的访问权限管理系统的简化框图;
图2是指示图1的访问权限管理系统的操作中的步骤的简化流程图;
图3是示出了根据本发明另一优选实施方式构造和操作的访问权限管理系统的简化框图;以及
图4是指示图3的访问权限管理系统的操作中的步骤的简化流程图。
具体实施方式
现在参考图1和图2,图1是示出了根据本发明优选实施方式构造和操作的访问权限管理系统的简化框图,图2是指示图1的访问权限管理系统的操作中的步骤的简化流程图。图1和图2的访问权限管理系统优选地适合于在包括多个不同的客户端、计算机硬件资源和计算机软件资源的企业计算机网络以及包括数据元素层次结构的文件系统中操作。
优选地,图1&图2的系统包括层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次结构排列的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些被阻止与继承的访问权限相关联并且因此仅与非继承的独有访问权限相关联,以及多重数据元素中的一些未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,独有访问权限中的一些可能与继承的访问权限是冗余的。应当理解,例如,可以通过诸如由IT管理员将数据元素配置为不允许从其任一祖先继承访问权限的数据元素来实现阻止继承的访问权限与数据元素相关联。
根据本发明的优选实施方式,图1&图2的系统还包括访问权限冗余阻止引擎,操作为确定哪些独有访问权限与继承的访问权限是冗余的,并且响应于此,而不在存储库中存储与继承的访问权限冗余的独有访问权限。
如图2所示,对于数据元素层次结构中的每个数据元素,系统确定数据元素是否具有与其相关联的独有访问权限。此后,该系统确定数据元素是否也具有与其相关联的继承的访问权限。此后,该系统确定与数据元素相关联的任一独有访问权限是否与关联于数据元素的任一继承的访问权限相冗余。此后,对于每个数据元素,系统在存储库中仅存储与任一继承的访问权限都不冗余的独有访问权限。
现在参照图3和图4,图3是示出了根据本发明另一优选实施方式构造和操作的访问权限管理系统的简化框图,图4是指示在图3的访问权限管理系统的操作中的步骤的简化流程图。图3&图4的访问权限管理系统优选地适合于在包括多个不同客户端、计算机硬件资源和计算机软件资源的企业级计算机网络以及包括数据元素层次结构的文件系统中操作。
优选地,图3&图4的系统包括层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次排列的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些是继承的数据元素,其仅与自其祖先的数据元素继承的访问权限相关联;多重数据元素中的一些是受保护的数据元素,其被阻止与继承的访问权限相关联并且因此仅与非继承的独有访问权限相关联,并且多重数据元素中的一些是混合数据元素,其未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,独有访问权限中的一些与继承的访问权限可能是冗余的(redundant)。
根据本发明的优选实施方式,图3&图4的系统还包括访问权限重叠阻止引擎,操作为确定与受保护的数据元素相关联的哪些独有访问权限是与在层次结构中受保护的数据元素的直接上级的数据元素相关联的访问权限相同的,并且响应于此而不存储与受保护的数据元素相关联的独有访问权限。
如在图4中所示,对于数据元素层次结构中的每个受保护的数据元素,系统确定与其相关联的独有访问权限是否是与层次结构中受保护的数据元素的直接上级的数据元素相关联的访问权限相同的。此后,仅对于与其相关联的独有访问权限不同于与层次结构中的受保护的数据元素的直接上级的数据元素相关联的访问权限的受保护的数据元素,系统将与该受保护的数据元素相关联的独有访问权限存储在存储库中。
本领域中的普通技术人员将会理解,本发明不限于上文中具体示出和描述的内容。相反,本领域普通技术人员在阅读前述内容时,会想到本发明还包括上文中所描述的特征的各种组合和子组合及其变形和改变,并且其不在现有技术中。

Claims (2)

1.一种数据管理系统,用于供现有的组织文件系统使用,所述数据管理系统包括存储有计算机程序指令的非临时性有形的计算机可读介质,所述计算机程序指令在被计算机读取时,使所述计算机自动管理访问权限,所述数据管理系统包括:
探针引擎,与所述组织文件系统进行通信并用于以在线的方式从所述组织文件系统收集访问权限信息;
冗余减少引擎,从所述探针引擎接收输出并且提供冗余减少的信息流;以及
冗余减少信息数据库,接收并存储所述冗余减少的信息流;
所述冗余减少信息数据库存储与所述组织文件系统的一组访问许可的子组相关的信息,所述子组由所述冗余减少引擎创建,
所述冗余减少引擎用于:
确认对所述组织文件系统的多重访问权限中的哪些是独有访问权限,所述独有访问权限是不被继承的访问权限;
确认对所述组织文件系统的所述多重访问权限中的哪些是继承的访问权限;
确认所述独有访问权限的任一个与所述继承的访问权限中的任一个是否是冗余的;以及
响应于确认所述独有访问权限的任一个与所述继承的访问权限中的任一个是冗余的,从对所述组织文件系统的所述多重访问权限中去除所述组织文件系统的、与所述继承的访问权限是冗余的所述独有访问权限。
2.一种数据管理方法,包括:
通过探针引擎与组织文件系统进行通信并用于以在线的方式从所述组织文件系统收集访问权限信息;
通过冗余减少引擎从所述探针引擎接收输出并且提供冗余减少的信息流;以及
通过冗余减少信息数据库接收并存储所述冗余减少的信息流;
通过所述冗余减少信息数据库存储与所述组织文件系统的一组访问许可的子组相关的信息,所述子组由所述冗余减少引擎创建,
所述数据管理方法还包括通过所述冗余减少引擎执行的以下步骤:
确认对所述组织文件系统的多重访问权限中的哪些是独有访问权限,所述独有访问权限是不被继承的访问权限;
确认对所述组织文件系统的所述多重访问权限中的哪些是继承的访问权限;
确认所述独有访问权限的任一个与所述继承的访问权限中的任一个是否是冗余的;以及
响应于确认所述独有访问权限的任一个与所述继承的访问权限中的任一个是冗余的,从对所述组织文件系统的所述多重访问权限中去除所述组织文件系统的、与所述继承的访问权限是冗余的所述独有访问权限。
CN201280029360.3A 2011-04-21 2012-04-18 访问权限管理系统及方法 Expired - Fee Related CN103975324B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201161477662P 2011-04-21 2011-04-21
US61/477,662 2011-04-21
US13/159,903 US9680839B2 (en) 2011-01-27 2011-06-14 Access permissions management system and method
US13/159,903 2011-06-14
PCT/IL2012/000163 WO2012143920A2 (en) 2011-04-21 2012-04-18 Access permissions management system and method

Publications (2)

Publication Number Publication Date
CN103975324A CN103975324A (zh) 2014-08-06
CN103975324B true CN103975324B (zh) 2017-03-15

Family

ID=47022107

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201280029360.3A Expired - Fee Related CN103975324B (zh) 2011-04-21 2012-04-18 访问权限管理系统及方法

Country Status (4)

Country Link
US (4) US9680839B2 (zh)
EP (1) EP2700028A4 (zh)
CN (1) CN103975324B (zh)
WO (1) WO2012143920A2 (zh)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10296596B2 (en) 2010-05-27 2019-05-21 Varonis Systems, Inc. Data tagging
US9680839B2 (en) 2011-01-27 2017-06-13 Varonis Systems, Inc. Access permissions management system and method
EP2668562A4 (en) * 2011-01-27 2015-05-20 Varonis Systems Inc SYSTEM AND METHOD FOR MANAGING ACCESS RIGHTS
US8909673B2 (en) 2011-01-27 2014-12-09 Varonis Systems, Inc. Access permissions management system and method
US9515999B2 (en) 2011-12-21 2016-12-06 Ssh Communications Security Oyj Automated access, key, certificate, and credential management
US9613052B2 (en) * 2012-06-05 2017-04-04 International Business Machines Corporation Establishing trust within a cloud computing system
US11151515B2 (en) 2012-07-31 2021-10-19 Varonis Systems, Inc. Email distribution list membership governance method and system
US9251363B2 (en) 2013-02-20 2016-02-02 Varonis Systems, Inc. Systems and methodologies for controlling access to a file system
US10277601B1 (en) 2015-05-11 2019-04-30 Google Llc System and method for recursive propagating application access control

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6772350B1 (en) * 1998-05-15 2004-08-03 E.Piphany, Inc. System and method for controlling access to resources in a distributed environment
CN101316273A (zh) * 2008-05-12 2008-12-03 华中科技大学 一种分布式安全存储系统

Family Cites Families (131)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5465387A (en) 1993-10-08 1995-11-07 At&T Corp. Adaptive fraud monitoring and control
US5956715A (en) 1994-12-13 1999-09-21 Microsoft Corporation Method and system for controlling user access to a resource in a networked computing environment
US5761669A (en) 1995-06-06 1998-06-02 Microsoft Corporation Controlling access to objects on multiple operating systems
US5889952A (en) 1996-08-14 1999-03-30 Microsoft Corporation Access check system utilizing cached access permissions
US6023765A (en) 1996-12-06 2000-02-08 The United States Of America As Represented By The Secretary Of Commerce Implementation of role-based access control in multi-level secure systems
DE69818008T2 (de) 1997-01-20 2004-08-05 British Telecommunications P.L.C. Datenzugriffssteuerung
US6178505B1 (en) 1997-03-10 2001-01-23 Internet Dynamics, Inc. Secure delivery of information in a network
US5899991A (en) 1997-05-12 1999-05-04 Teleran Technologies, L.P. Modeling technique for system access control and management
US6735701B1 (en) 1998-06-25 2004-05-11 Macarthur Investments, Llc Network policy management and effectiveness system
US6446077B2 (en) 1998-09-21 2002-09-03 Microsoft Corporation Inherited information propagator for objects
US7305562B1 (en) 1999-03-09 2007-12-04 Citibank, N.A. System, method and computer program product for an authentication management infrastructure
US6338082B1 (en) 1999-03-22 2002-01-08 Eric Schneider Method, product, and apparatus for requesting a network resource
JP2001188699A (ja) 1999-12-28 2001-07-10 Ibm Japan Ltd アクセス制御機構を備えたデータ処理システム
AU6985601A (en) 2000-06-16 2002-01-02 Mindport Usa Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (drm)
US20020026592A1 (en) 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
US7185192B1 (en) * 2000-07-07 2007-02-27 Emc Corporation Methods and apparatus for controlling access to a resource
US20030051026A1 (en) 2001-01-19 2003-03-13 Carter Ernst B. Network surveillance and security system
US7185364B2 (en) 2001-03-21 2007-02-27 Oracle International Corporation Access system interface
US6622220B2 (en) 2001-03-15 2003-09-16 Hewlett-Packard Development Company, L.P. Security-enhanced network attached storage device
US20030048301A1 (en) 2001-03-23 2003-03-13 Menninger Anthony Frank System, method and computer program product for editing supplier site information in a supply chain management framework
US7068592B1 (en) 2001-05-10 2006-06-27 Conexant, Inc. System and method for increasing payload capacity by clustering unloaded bins in a data transmission system
US7017183B1 (en) 2001-06-29 2006-03-21 Plumtree Software, Inc. System and method for administering security in a corporate portal
US7260555B2 (en) 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
JP2003242123A (ja) 2002-02-21 2003-08-29 Hitachi Ltd 合議型アクセス制御方法
US6996577B1 (en) 2002-02-25 2006-02-07 Novell, Inc. Method and system for automatically grouping objects in a directory system based on their access patterns
US20030231207A1 (en) 2002-03-25 2003-12-18 Baohua Huang Personal e-mail system and method
GB0207354D0 (en) 2002-03-28 2002-05-08 Ibm Inheritance of access controls within a hierarchy of data processing system resources
US7007032B1 (en) 2002-07-01 2006-02-28 Cisco Technology, Inc. Method and apparatus for removing redundancies from a list of data structures
US7219234B1 (en) 2002-07-24 2007-05-15 Unisys Corporation System and method for managing access rights and privileges in a data processing system
JP4393762B2 (ja) 2002-12-19 2010-01-06 株式会社日立製作所 データベース処理方法及び装置並びにその処理プログラム
US7779247B2 (en) 2003-01-09 2010-08-17 Jericho Systems Corporation Method and system for dynamically implementing an enterprise resource policy
US7403925B2 (en) 2003-03-17 2008-07-22 Intel Corporation Entitlement security and control
US7124272B1 (en) 2003-04-18 2006-10-17 Symantec Corporation File usage history log for improved placement of files in differential rate memory according to frequency of utilizations and volatility of allocation space
US20070276823A1 (en) 2003-05-22 2007-11-29 Bruce Borden Data management systems and methods for distributed data storage and management using content signatures
EP1480104A3 (en) * 2003-05-22 2007-05-30 Ricoh Company, Ltd. Information processing apparatus entry information management method, certification function control method, a computer program and a computer readable storage medium
EP1627286A1 (en) 2003-05-28 2006-02-22 Belarc, Inc. Secure user access subsystem for use in a computer information database system
US20040249847A1 (en) 2003-06-04 2004-12-09 International Business Machines Corporation System and method for identifying coherent objects with applications to bioinformatics and E-commerce
US20040254919A1 (en) 2003-06-13 2004-12-16 Microsoft Corporation Log parser
US7350237B2 (en) 2003-08-18 2008-03-25 Sap Ag Managing access control information
US7421555B2 (en) 2003-08-22 2008-09-02 Bluearc Uk Limited System, device, and method for managing file security attributes in a computer file storage system
US20050065823A1 (en) 2003-09-23 2005-03-24 Siemens Medical Solutions Usa, Inc. Method and apparatus for privacy checking
US20050086529A1 (en) 2003-10-21 2005-04-21 Yair Buchsbaum Detection of misuse or abuse of data by authorized access to database
US7251822B2 (en) 2003-10-23 2007-07-31 Microsoft Corporation System and methods providing enhanced security model
US20050108206A1 (en) 2003-11-14 2005-05-19 Microsoft Corporation System and method for object-oriented interaction with heterogeneous data stores
US8600920B2 (en) 2003-11-28 2013-12-03 World Assets Consulting Ag, Llc Affinity propagation in adaptive network-based systems
US7743420B2 (en) 2003-12-02 2010-06-22 Imperva, Inc. Dynamic learning method and adaptive normal behavior profile (NBP) architecture for providing fast protection of enterprise applications
US8078481B2 (en) 2003-12-05 2011-12-13 John Steinbarth Benefits administration system and methods of use and doing business
JP2005242586A (ja) 2004-02-25 2005-09-08 Fuji Xerox Co Ltd 文書ビュー提供のためのプログラム、装置、システム及び方法
US20050203881A1 (en) 2004-03-09 2005-09-15 Akio Sakamoto Database user behavior monitor system and method
JP4390263B2 (ja) 2004-03-18 2009-12-24 日立ソフトウエアエンジニアリング株式会社 セキュアosにおけるプロセスのアクセス権限可視化表示方法
US20050246762A1 (en) 2004-04-29 2005-11-03 International Business Machines Corporation Changing access permission based on usage of a computer resource
US7568230B2 (en) 2004-06-09 2009-07-28 Lieberman Software Corporation System for selective disablement and locking out of computer system objects
US7421740B2 (en) 2004-06-10 2008-09-02 Sap Ag Managing user authorizations for analytical reporting based on operational authorizations
US20050289127A1 (en) 2004-06-25 2005-12-29 Dominic Giampaolo Methods and systems for managing data
US20060037062A1 (en) 2004-08-09 2006-02-16 International Business Machines Corporation Method, system and program product for securing resources in a distributed system
JP4455239B2 (ja) * 2004-09-10 2010-04-21 キヤノン株式会社 情報処理方法及び装置
CN1291569C (zh) 2004-09-24 2006-12-20 清华大学 一种附网存储设备中用户访问行为的异常检测方法
US7669244B2 (en) 2004-10-21 2010-02-23 Cisco Technology, Inc. Method and system for generating user group permission lists
US20060184459A1 (en) 2004-12-10 2006-08-17 International Business Machines Corporation Fuzzy bi-clusters on multi-feature data
US8200700B2 (en) 2005-02-01 2012-06-12 Newsilike Media Group, Inc Systems and methods for use of structured and unstructured distributed data
US8245280B2 (en) 2005-02-11 2012-08-14 Samsung Electronics Co., Ltd. System and method for user access control to content in a network
EP1873650A4 (en) 2005-04-21 2010-11-10 Mitsubishi Electric Corp COMPUTERS, METHOD OF CONTROLLING ACCESS TO COMPUTER DEVICES AND ACCESS CONTROL PROGRAM
US20090320088A1 (en) 2005-05-23 2009-12-24 Jasvir Singh Gill Access enforcer
US7664737B2 (en) * 2005-05-31 2010-02-16 Sap, Ag Method for generating documents using layer-specific inheritance rules
US7606801B2 (en) 2005-06-07 2009-10-20 Varonis Inc. Automatic management of storage access control
US20070011147A1 (en) 2005-06-22 2007-01-11 Affiniti, Inc. Systems and methods for retrieving data
US8365254B2 (en) 2005-06-23 2013-01-29 Microsoft Corporation Unified authorization for heterogeneous applications
US8341345B2 (en) 2005-08-08 2012-12-25 International Business Machines Corporation System and method for providing content based anticipative storage management
JP2007075950A (ja) 2005-09-14 2007-03-29 Kobe Steel Ltd マイクロ流体デバイスおよびその製法
JP4208086B2 (ja) 2005-09-27 2009-01-14 インターナショナル・ビジネス・マシーンズ・コーポレーション 情報の機密性を管理する装置、および、その方法
US20070136603A1 (en) * 2005-10-21 2007-06-14 Sensis Corporation Method and apparatus for providing secure access control for protected information
US8180826B2 (en) 2005-10-31 2012-05-15 Microsoft Corporation Media sharing and authoring on the web
US20070156693A1 (en) 2005-11-04 2007-07-05 Microsoft Corporation Operating system roles
US7529748B2 (en) 2005-11-15 2009-05-05 Ji-Rong Wen Information classification paradigm
US7707178B2 (en) 2005-11-28 2010-04-27 Commvault Systems, Inc. Systems and methods for classifying and transferring information in a storage network
US7652990B2 (en) 2005-11-29 2010-01-26 Alcatel-Lucent Usa Inc. Method and apparatus for providing quality of service level in broadband communications systems
US8321437B2 (en) 2005-12-29 2012-11-27 Nextlabs, Inc. Detecting behavioral patterns and anomalies using activity profiles
US7716240B2 (en) 2005-12-29 2010-05-11 Nextlabs, Inc. Techniques and system to deploy policies intelligently
US8447829B1 (en) * 2006-02-10 2013-05-21 Amazon Technologies, Inc. System and method for controlling access to web services resources
US20070214497A1 (en) * 2006-03-10 2007-09-13 Axalto Inc. System and method for providing a hierarchical role-based access control
US8561146B2 (en) 2006-04-14 2013-10-15 Varonis Systems, Inc. Automatic folder access management
US8769604B2 (en) 2006-05-15 2014-07-01 Oracle International Corporation System and method for enforcing role membership removal requirements
US7552126B2 (en) 2006-06-02 2009-06-23 A10 Networks, Inc. Access record gateway
US20080031447A1 (en) 2006-08-04 2008-02-07 Frank Geshwind Systems and methods for aggregation of access to network products and services
US20080034402A1 (en) 2006-08-07 2008-02-07 International Business Machines Corporation Methods, systems, and computer program products for implementing policy-based security control functions
US7685194B2 (en) * 2006-08-31 2010-03-23 Microsoft Corporation Fine-grained access control in a database by preventing information leakage and removing redundancy
US8554749B2 (en) 2006-10-23 2013-10-08 Adobe Systems Incorporated Data file access control
JP4882671B2 (ja) * 2006-11-01 2012-02-22 富士通株式会社 アクセス制御方法及びアクセス制御システム並びにプログラム
US7849496B2 (en) 2006-12-28 2010-12-07 International Business Machines Corporation Providing enterprise management of amorphous communities
US20080162707A1 (en) 2006-12-28 2008-07-03 Microsoft Corporation Time Based Permissioning
US20080172720A1 (en) 2007-01-15 2008-07-17 Botz Patrick S Administering Access Permissions for Computer Resources
US20080184330A1 (en) 2007-01-25 2008-07-31 Lal Rakesh M Levels of access to medical diagnostic features based on user login
CN101282330B (zh) 2007-04-04 2013-08-28 华为技术有限公司 网络存储访问权限管理方法及装置、网络存储访问控制方法
US20080270451A1 (en) 2007-04-24 2008-10-30 Interse A/S System and Method of Generating a Metadata Model for Use in Classifying and Searching for Information Objects Maintained in Heterogeneous Data Stores
US8239925B2 (en) 2007-04-26 2012-08-07 Varonis Systems, Inc. Evaluating removal of access permissions
US8239351B2 (en) * 2007-06-07 2012-08-07 Apple Inc. Methods and systems for managing permissions data
US8621610B2 (en) 2007-08-06 2013-12-31 The Regents Of The University Of Michigan Network service for the detection, analysis and quarantine of malicious and unwanted files
US7983264B2 (en) * 2007-08-21 2011-07-19 Cyber Operations, Inc. Access control list management system
US8438611B2 (en) 2007-10-11 2013-05-07 Varonis Systems Inc. Visualization of access permission status
US20090249446A1 (en) 2007-10-22 2009-10-01 Paul Thomas Jenkins Method and system for managing enterprise content
US8438612B2 (en) 2007-11-06 2013-05-07 Varonis Systems Inc. Visualization of access permission status
US8132231B2 (en) 2007-12-06 2012-03-06 International Business Machines Corporation Managing user access entitlements to information technology resources
US8032485B2 (en) 2008-02-01 2011-10-04 American Express Travel Related Services Company, Inc. Rapid caching and data delivery system and method
US20090265780A1 (en) 2008-04-21 2009-10-22 Varonis Systems Inc. Access event collection
US8224873B1 (en) * 2008-05-22 2012-07-17 Informatica Corporation System and method for flexible security access management in an enterprise
US8196195B2 (en) * 2008-07-11 2012-06-05 International Business Machines Corporation Role-based privilege management
US8286255B2 (en) 2008-08-07 2012-10-09 Sophos Plc Computer file control through file tagging
US9213849B2 (en) * 2008-08-28 2015-12-15 International Business Machines Corporation Hierarchical access control administration preview
US8527522B2 (en) 2008-09-05 2013-09-03 Ramp Holdings, Inc. Confidence links between name entities in disparate documents
US20100070881A1 (en) 2008-09-12 2010-03-18 At&T Intellectual Property I, L.P. Project facilitation and collaboration application
US20100262625A1 (en) 2009-04-08 2010-10-14 Glenn Robert Pittenger Method and system for fine-granularity access control for database entities
JP2010287171A (ja) 2009-06-15 2010-12-24 Nippon Telegr & Teleph Corp <Ntt> アクセス制御可視化装置、アクセス制御可視化方法、及びそのプログラム
US9641334B2 (en) 2009-07-07 2017-05-02 Varonis Systems, Inc. Method and apparatus for ascertaining data access permission of groups of users to groups of data elements
US8639724B1 (en) 2009-07-31 2014-01-28 Amazon Technologies, Inc. Management of cached object mapping information corresponding to a distributed storage system
US8578507B2 (en) 2009-09-09 2013-11-05 Varonis Systems, Inc. Access permissions entitlement review
US20110061093A1 (en) 2009-09-09 2011-03-10 Ohad Korkus Time dependent access permissions
US9904685B2 (en) 2009-09-09 2018-02-27 Varonis Systems, Inc. Enterprise level data management
CN101692278A (zh) 2009-10-30 2010-04-07 北京阿林网络信息服务有限公司 由服务器实现物品赠送信息或受赠信息的传播与控制的方法及系统
WO2011063269A1 (en) * 2009-11-20 2011-05-26 Alert Enterprise, Inc. Method and apparatus for risk visualization and remediation
US9870480B2 (en) 2010-05-27 2018-01-16 Varonis Systems, Inc. Automatic removal of global user security groups
EP2577445A4 (en) 2010-05-27 2014-04-02 Varonis Systems Inc DATA MARK
US8533787B2 (en) 2011-05-12 2013-09-10 Varonis Systems, Inc. Automatic resource ownership assignment system and method
CN108920502B (zh) 2010-05-27 2021-11-23 瓦欧尼斯系统有限公司 数据分类
US8959115B2 (en) * 2010-07-09 2015-02-17 Symantec Corporation Permission tracking systems and methods
US9147180B2 (en) 2010-08-24 2015-09-29 Varonis Systems, Inc. Data governance for email systems
US8996575B2 (en) 2010-09-29 2015-03-31 M-Files Oy Method, an apparatus, a computer system, a security component and a computer readable medium for defining access rights in metadata-based file arrangement
JP2012132276A (ja) 2010-12-24 2012-07-12 Sougokaihatsu Co Ltd 暗渠疎水材投入装置
US8683560B1 (en) * 2010-12-29 2014-03-25 Amazon Technologies, Inc. Techniques for credential generation
US9680839B2 (en) 2011-01-27 2017-06-13 Varonis Systems, Inc. Access permissions management system and method
US8909673B2 (en) * 2011-01-27 2014-12-09 Varonis Systems, Inc. Access permissions management system and method
EP2668562A4 (en) 2011-01-27 2015-05-20 Varonis Systems Inc SYSTEM AND METHOD FOR MANAGING ACCESS RIGHTS

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6772350B1 (en) * 1998-05-15 2004-08-03 E.Piphany, Inc. System and method for controlling access to resources in a distributed environment
CN101316273A (zh) * 2008-05-12 2008-12-03 华中科技大学 一种分布式安全存储系统

Also Published As

Publication number Publication date
US20170098091A1 (en) 2017-04-06
US9680839B2 (en) 2017-06-13
WO2012143920A2 (en) 2012-10-26
WO2012143920A3 (en) 2015-06-18
US20190007413A1 (en) 2019-01-03
US10102389B2 (en) 2018-10-16
US20120272294A1 (en) 2012-10-25
US20120271853A1 (en) 2012-10-25
EP2700028A4 (en) 2016-06-01
US10476878B2 (en) 2019-11-12
US10721234B2 (en) 2020-07-21
EP2700028A2 (en) 2014-02-26
CN103975324A (zh) 2014-08-06

Similar Documents

Publication Publication Date Title
CN103975324B (zh) 访问权限管理系统及方法
EP3195556B1 (de) Verteilte datenspeicherung mittels berechtigungstoken
US8474012B2 (en) Progressive consent
EP1625691B1 (en) System and method for electronic document security
EP1770546A1 (en) Electronic document management system
CA2636810C (en) Anticipatory changes to resources managed by locks
EP1513075A2 (en) Method and apparatus for protecting regions of an electronic document
US20100036861A1 (en) Method and System for Implementing Parallel Transformations of Records
US8166472B2 (en) Installation utility system and method
US20080244738A1 (en) Access control
US10789423B2 (en) Controlling a collaborative data preparation process
US20110307457A1 (en) Integrated duplicate elimination system, data storage device, and server device
US8856467B2 (en) Management of metadata in a storage subsystem
US20130219470A1 (en) Systems and methods for integration of business applications with enterprise content management systems
JP5072550B2 (ja) 情報処理装置及び情報処理方法及びプログラム
CN105630418A (zh) 一种数据存储方法及装置
CN103514216B (zh) 基于数据库系统的流水号生成方法
US20110004583A1 (en) Database system, database update method, database, and database update program
WO2007013983A2 (en) Access based file system directory enumeration
CN102436633A (zh) 数据管理方法及系统、数据库系统
US8019729B2 (en) System and method for updating file
US9977912B1 (en) Processing backup data based on file system authentication
KR101661789B1 (ko) 양방향 동기 중에 자기 참조 필드의 동기
CN102792273B (zh) 双模式读写锁
CN112883105A (zh) 共享数据的差异访问控制的系统和方法

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170315

CF01 Termination of patent right due to non-payment of annual fee