According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to determine, for each of a plurality of members in a group, a respective least privilege level for a resource and determine, based on the determined respective least privilege levels, a privilege level to be assigned to the group for the resource. The instructions may also cause the processor to assign the determined privilege level to the group for the resource and apply the assigned privilege level to the members of the group for the resource.

A technique to implement access control from within an application begins by dynamically-generating a “management scope” for a transaction associated with a set of managed resources. The management scope is a collection of permissions defined by at least one of: a set of roles, and a set of resource administration rights, that are assigned to a first operator that issues the transaction. As the transaction executes, a request to alter the transaction is then received from a second operator. According to the technique, the management scope for the transaction and associated with the first operator is then evaluated against a management scope associated with the second operator. Upon determining the management scope associated with the first operator has a given relationship to the management scope for the second operator, the transaction is permitted to be altered in response to the request. The given relationship is scoped by one or more rules.

A method, system and computer program product assess risk of an unauthorized API login and mitigate damage from an unauthorized API login. The method includes collecting in a database license attributes of a user license, user profile attributes, and database content change attributes; receiving an API login request; comparing features of the API login request to at least one of the database license attributes, user profile attributes, and database content change attributes against a predetermined threshold; assessing a risk of the an unauthorized API login request based on a result of the comparison; and based on a level of the assessed risk, implemented protective action to mitigate harm that may result from an unauthorized user from accessing information or services from a computer system by way of an API.

Some embodiments use text and/or image processing methods to determine whether a user of an electronic messaging platform is subject to an online threat such as cyberbullying, sexual grooming, and identity theft, among others. In some embodiments, a text content of electronic messages is automatically harvested and aggregated into conversations. Conversation data are then analyzed to extract various threat indicators. A result of a text analysis may be combined with a result of an analysis of an image transmitted as part of the respective conversation. When a threat is detected, some embodiments automatically send a notification to a third party (e.g., parent, teacher, etc.)

An information processing system includes a linkage database in which a person is linked with a property; a person database in which the person is associated with a role of the person and one or more functions that can be used by the person; a property database in which the property is associated with one or more functions used in the property; a first permission management unit configured to manage one or more functions that can be used by the person in the property, by using the person database and the property database; and a second permission management unit configured to manage one or more properties whose information can be accessed by the person, by using the linkage database.

An app migration system including at least one processor which places an app in one of an inside and an outside of a space joined by at least one user in a user group in which information is shareable; sets, for the app, a permission corresponding to a placement location of the app; migrates the app in one of a route between a public space and a private space and a route between the inside and the outside of the space; and sets, for the migrated app, a permission corresponding to a migration destination of the app.

An embodiment for media transit management is provided. The embodiment may include receiving one or more images and one or more pre-set configuration criteria regarding management of an image file. The embodiment may also include monitoring for an attempted sharing of the image file. The embodiment may further include in response to determining each object in the one or more images matches each object in the image file, identifying at least one other user who is attempting to share the image file. The embodiment may also include in response to determining the at least one other user is not authorized to share the image file, analyzing the one or more pre-set configuration criteria correlated with the image file. The embodiment may further include in response to determining the image file does not meet the one or more pre-set configuration criteria, prompting the participating user to respond to a notification.

Methods and apparatuses are described for secure compliant storage of server access data. A server computing device generates one or more access logs based upon data access requests executed on a first compliant data storage container comprising a plurality of files. The server computing device stores the one or more access logs in a non-compliant data storage container and establishes a second compliant data storage container. The server computing device retrieves, from the non-compliant data storage container, the access logs stored therein and stores the access logs in the second compliant data storage container.

A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

A predetermined access control policy is generated with reference to a lineage table and a metadata table to be stored in a policy table, and an access control policy which should be applied or recommended to treated data is provided with reference to the policy table.