Presentation is loading. Please wait.

Presentation is loading. Please wait.

Setting up Privilege Management with Signet Metadata.

Published byJustina Hunter Modified over 8 years ago

Similar presentations

Presentation on theme: "Setting up Privilege Management with Signet Metadata."— Presentation transcript:

1 Setting up Privilege Management with Signet Metadata

2

3 3 Distributed Access Management CAMP Privileges Building Blocks Functional view Subsystems Categories Functions Scope, Limits Prerequisites & Conditions System view Subject Action Resource Privileges → Permissions

4 4 Distributed Access Management CAMP Signet Components Define domains of ownership and responsibility Reflect real world boundaries Can be large or small Financial system Student Administration HR system Network access management Research administration Clinical resources Programmatic resources Collaboration resources Subsystems

5 5 Distributed Access Management CAMP Functional View Signet configuration declares … Limits Qualifiers, constraints for a privilege Limit types Limit choice sets Scope Trees Organizational hierarchy governing distributed delegation Functions The things a person can do; what they are getting privileges for Categories Provide useful arrangement of functions within a subsystem; for reporting, ease of use

6 6 Distributed Access Management CAMP Functional View Categories Functions Subsystems Clinical Trial Protocol A Patient Records Materials Control Manage Grant Lab Access Admin Student Admin Course Support Add/Drop students Schedule Classes Process Applicants Award Scholarships Manage Accounts Financial Aid Limits Which term From Fund… Read/Write Hours For school… For fund… Which campus Qty/day $ constraints organizing actions

7 7 Distributed Access Management CAMP Systems View Permissions Atomic units of control that map to specific access rules in systems Includes limits that must be evaluated when interpreting permissions Resources The target of a specific privilege; things that have access rules to control their use

8 8 Distributed Access Management CAMP Functional View  Permissions Resources/Permissions Student Admin Functional View Course Support Add/Drop students Schedule Classes Process Applicants Award Scholarships Manage Accounts Financial Aid reserve_time view_schedules student_records applicant_data view_fund_data update_fund_data update_course_data reserve_room Calendar Course Facilities Financial Student categoriesfunctions

9 9 Distributed Access Management CAMP Privileges Lifecycle Conditions Provides automatic revocation of privileges Date controls -- from date, until date Will be based on person’s status, affiliation, etc. e.g., as long as person is at Stanford Prerequisites Pre-conditions that must be met to activate privileges e.g., training

10 10 Distributed Access Management CAMP Other features Assignments can be To an individual To a Group With/without ability to further delegate Distributed delegation using organizational hierarchy Records “chain of command ” Proxy assignment Temporary granting of one’s privilege to another

11

Download ppt "Setting up Privilege Management with Signet Metadata."

Similar presentations

EzScoreboard.com A Fully Integrated Administration Service.

EzScoreboard.com A Fully Integrated Administration Service.
Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
STS access granted to account managers; validated through Banner HR/Banner Finance Account managers grant access/permission to other staff members.

STS access granted to account managers; validated through Banner HR/Banner Finance Account managers grant access/permission to other staff members.
CCI Town Hall Carrie Hall April 2, 2015 2-3PM Center for Clinical Investigation Town Hall for Epic.

CCI Town Hall Carrie Hall April 2, PM Center for Clinical Investigation Town Hall for Epic.
Privilege Management with Signet: Steps to an Application Keith Hazelton University of Wisconsin-Madison Internet2 MACE Broomfield, Colorado 1-July-04.

Privilege Management with Signet: Steps to an Application Keith Hazelton University of Wisconsin-Madison Internet2 MACE Broomfield, Colorado 1-July-04.
Hiring Hourly Employees Student Employees Temporary & Casual Employees Work-Study Student Employees.

Hiring Hourly Employees Student Employees Temporary & Casual Employees Work-Study Student Employees.
Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.

Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.
Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use.

Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Ken Klingenstein Director, Internet2 Middleware and Security Current stuff (or things no one else has talked about yet) (at least while I was in the meeting)

Ken Klingenstein Director, Internet2 Middleware and Security Current stuff (or things no one else has talked about yet) (at least while I was in the meeting)
Handling Groups and Permissions: Grouper and Signet and uPortal Lynn McRae, Stanford University Keith Hazelton, University of Wisconsin With thanks to.

Handling Groups and Permissions: Grouper and Signet and uPortal Lynn McRae, Stanford University Keith Hazelton, University of Wisconsin With thanks to.
PAWN Progress July 06, 2006. Overview of changes New flexible environment for setting up and managing interactions between producers and the archive Domains.

PAWN Progress July 06, Overview of changes New flexible environment for setting up and managing interactions between producers and the archive Domains.
Administering Active Directory

Administering Active Directory
Employee Central Presentation

Employee Central Presentation
 SAP AG 1999 filename (author) / 1 Elvira Wallis SAP AG Update on Previous Development Requests.

 SAP AG 1999 filename (author) / 1 Elvira Wallis SAP AG Update on Previous Development Requests.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Understanding Active Directory

Understanding Active Directory
JIRA Defect Tracking Tool Tool to Record, Track and Resolve Issues, Bugs, Defects, Improvements and New Feature Requests LIGO-G080616-00-M.

JIRA Defect Tracking Tool Tool to Record, Track and Resolve Issues, Bugs, Defects, Improvements and New Feature Requests LIGO-G M.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.

Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.
Signet and Grouper for Distributed Attribute Administration

Signet and Grouper for Distributed Attribute Administration

Similar presentations

Ads by Google