	US 12,010,120 B2
	Computing system permission administration engine
Freeman Parks, San Francisco, CA (US); and Ryan D. Woebkenberg, Carmel, IN (US)
Assigned to Salesforce, Inc., San Francisco, CA (US)
Filed by Salesforce, Inc., San Francisco, CA (US)
Filed on Jul. 15, 2022, as Appl. No. 17/812,977.
Application 17/812,977 is a continuation of application No. 16/681,932, filed on Nov. 13, 2019, granted, now 11,425,130.
Prior Publication US 2022/0385666 A1, Dec. 1, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 18/24 (2023.01); G06N 7/01 (2023.01); G06N 20/00 (2019.01)

CPC H04L 63/104 (2013.01) [G06F 18/24 (2023.01); G06N 7/01 (2023.01); G06N 20/00 (2019.01); H04L 63/101 (2013.01); H04L 63/102 (2013.01)]

20 Claims

1. A method implemented in an on-demand computing services environment, the method comprising:

granting, to one or more user accounts, a first permission set including one or more permissions of a plurality of permissions associated with the on-demand computing services environment, each of the plurality of permissions corresponding to a respective one or more of a plurality of actions permitted to be performed by the on-demand computing services environment, wherein a machine learning classification procedure is used to generate the first permission set from the plurality of permissions associated with the on-demand computing services environment;

monitoring use of the one or more permissions by the one or more user accounts;

determining, based on the monitoring, one or more atypical permission set usages by the one or more user accounts;

in response to the determining, identifying a designated permission set based, at least in part, on the determined atypical permission set usages; and

recommending that the first permission set be updated to the designated permission set for the one or more user accounts.