US 12,170,675 B2
Effective permissions from IAM (identity and access management) policies
Tarun Thakur, Los Gatos, CA (US); and Maohua Lu, Fremont, CA (US)
Assigned to Veza Technologies, Inc., Los Gatos, CA (US)
Filed by Veza Technologies, Inc., Los Gatos, CA (US)
Filed on Mar. 8, 2022, as Appl. No. 17/689,104.
Claims priority of provisional application 63/157,976, filed on Mar. 8, 2021.
Prior Publication US 2022/0286466 A1, Sep. 8, 2022
Int. Cl. G06F 21/78 (2013.01); G06F 21/62 (2013.01); H04L 9/40 (2022.01); G06F 21/60 (2013.01)
CPC H04L 63/105 (2013.01) [H04L 63/102 (2013.01); H04L 63/104 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A method comprising:
in an effective permissions service:
retrieving one or more access policies that define access permissions between a principal and a resource of a plurality of resources;
determining an effective permission defining the access of the principal to the resource based on the access policies, including processing the one or more policies in order of priority, wherein a higher priority policy controls over a lower priority policy when the lower priority policy conflicts with the higher priority policy;
defining the effective permission in a canonical format;
storing the effective permission for reference when the principal attempts to access the resource;
including the effective permission in a privilege graph with connections between the principal and a plurality of resources that include the resource, wherein the connections indicate a plurality of effective permissions, which include the effective permission, for the plurality of resources;
identifying a changed access policy;
determining that the changed access policy applies to the access of the principal to the resource; and
determining an update to the effective permission based on the changed access policy.