1. Technical Field
The invention relates to the field of information technology (IT) management systems and in particular to a method and system for determining access rights to IT resources.
2. Related Art
A large proportion of failures of information technology (IT) systems are caused by operator error. Operator error often occurs because the operator enters an incorrect command into the system. This problem is compounded by IT systems becoming more complex, with often, hundreds of components to manage. These components may comprise network components, servers, peripherals, software applications, desktop computers and many other devices. As a business's dependency on IT systems increase, the malfunction of an IT system may have a high impact on the way in which a business can perform its business functions.
As IT systems become more reliable, operators have less frequent involvement in any one specific system and the operator's activities are often spread across many IT systems. Hence, an operator is not able to develop knowledge of any one particular IT system. Further, it is not feasible in a business environment to maintain an in-depth knowledge of one particular IT system which may not be used frequently. A rising pressure on business costs is leading to a work environment in which shared groups of operators are managing large and complex IT systems, which in turn increases the probability of operator input error.
Today, the above problems are managed by a combination of carefully trained staff and an investment in operational procedures. Where ever possible automated responses are used to eliminate the need for operator intervention. However when operator intervention is needed, neither of the above techniques are very satisfactory because for a business they increase costs.
An additional problem is created by regulatory frameworks, such as, FDA, which require each operational staff working on regulated systems to be trained and certified as competent to use the regulated system.
European patent application EP1 381 199 A1 discloses a firewall for dynamically granting and denying network resources. EP1 381 199 A1 relates to a personalized access policy server with respect to user's grants and with respect to already accessed resources. A method is disclosed for providing dynamically defined limited Internet access from a user's terminal, wherein a portal server provides a portal website with portal information identifying the set of accessible resources.
A disadvantage of EP1 381 199 A1 is that although, EP1 381 199 A1 dynamically controls access to network resources, it does not address the problem of access rights to specific commands once access has been given to a network resource.
Therefore there is a need to provide a method and a system which alleviates the above aforementioned problems.