| CPC G06F 21/6245 (2013.01) [G06F 9/54 (2013.01); G06F 21/45 (2013.01); G06F 21/604 (2013.01)] | 20 Claims |
|
1. A method comprising:
receiving, by at least one processor of a compliance provisioning sub-system, a database provisioning request associated with at least one entity;
wherein the database provisioning request specifies a database to be accessed by at least one user and at least one action command to be performed with the database;
wherein the database is external to the compliance provisioning sub-system;
wherein the compliance provisioning sub-system comprises:
an identity management mechanism,
an orchestrator, and
an identity index;
accessing, by the at least one processor, an identity governance platform via the orchestrator, to obtain a security configuration associated with the at least one user from a secret vault stored in the identity governance platform;
generating, by the at least one processor, at least one identity data record of the at least one user in the identity index via the identity management mechanism associated with the at least one entity based on the security configuration associated with the at least one user;
wherein the at least one identity data record specifies:
at least one credential identity associated with the at least one entity and the at least one user, and
at least one credential management policy associated with the at least one credential identity;
automatically controlling, by the at least one processor, the identity management mechanism to generate, in at least one security service, at least one privileged account for the at least one user based on the at least one credential identity;
wherein the at least one security service is configured to govern:
identity lifecycle management and access management, and
programmatic identity lifecycle management and programmatic access management;
automatically controlling, by the at least one processor, the identity management mechanism to define, for the at least one privileged account for the at least one user in the at least one security service, at least one access credential rule for the at least one user based on the at least one credential management policy;
wherein the identity management mechanism is configured to utilize the at least one access credential rule to automatically manage access credentials for accessing the database via the at least one privileged account;
automatically establishing, by the at least one processor, a secured port for the at least one user to access the database based on the at least one access credential rule for the at least one user;
wherein the secured port comprises a communication endpoint of the database;
wherein the communication endpoint is configured to implement an access policy to the database for the at least one user by applying the at least one access credential rule for the at least one user;
automatically connecting, by the at least one processor, based on the access policy for the at least one user, the identity management mechanism to the database via the secured port to establish at least one secure connection between the database and the at least one security service; and
automatically facilitating, by the at least one processor, a performance of the at least one action command with the database via the secured port that is configured to enforce the access policy to complete the database provisioning request.
|