JP2005503596A5

JP2005503596A5 -

Info

Publication number: JP2005503596A5
Application number: JP2002561749A
Authority: JP
Filing date: 2002-01-28
Publication date: 2009-03-26

Claims

A method for sharing resources to users,
Establishing a set of attributes, organizational information, user roles,
Defining multiple resource sharing policies based on selected attributes, organizational information, and user roles;
Receiving attribute information, organization information, user role information about a specific user, resource or database;
Determining which resource sharing information is applicable to the user based on the received role information, organization information, and attribute information of the user;
Sharing resources to the user based on the applicable resource sharing policy;
A method comprising the steps of:

The method of claim 1, comprising:
The method wherein the user role has a value of “Yes” and “No” and the attribute is a plurality of non-binary values.

The method of claim 2, comprising:
In addition, the resource currently assigned to the user is compared with a list of resources that should be assigned to the user based on the applicable resource access policy, and the resource is verified by identifying the difference. A method comprising steps.

The method of claim 3, comprising:
The method further includes sharing or releasing sharing of the resource to the user based on the difference detected by the verification check.

The method of claim 2, comprising:
The method further comprises the step of releasing the sharing of the user with respect to some or all of the resources to which the user has been assigned when the user has retired, taken a leave of work, or took a leave. .

The method of claim 2, comprising:
And receiving timing information about sharing timing or resources;
Sharing resources to the user at a specific timing specified by the timing information;
A method comprising the steps of:

The method of claim 2, comprising:
The method is characterized in that the attribute is a user attribute and a resource attribute.

The method of claim 2, comprising:
The method further includes the step of sharing "hard" resources and "soft" resources to the user.

The method of claim 2, comprising:
The method further includes the step of sharing a bundle (bundle) of resources to the user.

The method of claim 2, comprising:
The method further comprises the step of defining a plurality of resource sharing policies using a decision statement, whereby irrelevant steps can be omitted.

The method of claim 2, comprising:
The method of sharing the resource to the user comprises communicating the request for the resource to an application or a person.

The method of claim 1, comprising:
The method further includes the step of sharing or releasing sharing of the resource with respect to the user based on a resource usage state.

The method of claim 1, comprising:
The method further comprises sharing or unsharing resources for the user using an identity policy.

The method of claim 1, comprising:
The method further includes sharing or unsharing resources for the user using a password policy.

A system for sharing resources to users,
A series of attributes, organization information, user roles, selected attributes, organization information, multiple resource sharing policies based on user roles, memory for storing attribute information and user role information for a particular user or resource,
One or more processors coupled to the memory and an organizational network;
With
The processor is
Based on the stored role information, organization information, and attribute information of the user, it is determined which resource sharing policy is applicable to a specific user, and resource sharing for the user is performed based on the applicable resource sharing policy. A system that is programmed to do.

The system of claim 15, comprising:
The system, wherein the user role has a value of “Yes” and “No”, and the attribute is a plurality of non-binary values.

The system of claim 16, comprising:
The one or more processors further compare resources currently shared by the user with a list of resources that should be allocated to the user based on the applicable resource sharing policy and identify differences. A system that is programmed to check resources.

The system of claim 17, comprising:
The system wherein the one or more processors are further programmed to share and unshare resources for the user based on differences detected by verification.

The system of claim 16, comprising:
The one or more processors are further programmed to release sharing to the user for some or all of the resources allocated to the user when the user leaves, suspends, or goes on vacation. System characterized by being.

The system of claim 16, comprising:
The one or more processors further includes
A system that is programmed to receive sharing timing or timing information about resources and to share resources to the user at a specific timing specified by the timing information.

The system of claim 16, comprising:
The system is characterized in that the attributes are a user attribute and a resource attribute.

The system of claim 16, comprising:
The system is characterized in that a “hard” resource and a “soft” resource are shared with the user.

The system of claim 16, comprising:
A system in which a bundle of several resources is shared with the user.

The system of claim 16, comprising:
A system characterized in that a decision statement is used to establish a plurality of resource sharing policies, thereby eliminating irrelevant steps.

A method for sharing resources to users,
Establishing a set of attributes, organizational information, user roles,
Defining multiple resource sharing policies based on selected attributes, organizational information, and user roles;
Receiving attribute information, organization information and user role information for a particular user, resource or database;
Determining which resource sharing policy is applicable to the user based on the received user role information, organization information, attribute information;
Seeking additional information or permission from a third party in accordance with applicable resource sharing policies;
Sharing to the user the resource specified by the applicable resource sharing policy if all necessary additional information or permissions are received from the third party.

26. The method of claim 25, comprising:
The method of receiving attribute information, organization information, and user role information is a method of receiving input from a user interface.

26. The method of claim 25, comprising:
The method of receiving attribute information, organization information, and user role information related to a specific user is a step of receiving attribute information and user role information from an employee record database.

27. The method of claim 26, comprising:
Said step of asking for additional information or permission from a third party
Providing the third party with access to the user interface;
Indicating to the third party what information or permission is required;
Stopping sharing resources to the user until the additional information or permission is provided;
A method comprising the steps of:

26. The method of claim 25, comprising:
The step of asking additional information or permission from the third party comprises:
Receiving first additional information or permission from a third party in accordance with the applicable resource sharing policy;
Based on the received first additional information or permission and the received attribute information, organization information, user role information, requesting second additional information or permission from another third party or the user;
A method comprising the steps of: