Upon receiving a usage request that includes a file identifier and a version identifier from a user terminal 20, a control server 10 transmits a file request that is based on the usage request to a file management system, and transmits a permission information request that is based on the usage request to a distributed ledger system. Upon receiving the file request, the file management system acquires the file that corresponds to the combination of the file identifier and the version identifier and transmits the file to the control server 10. Upon receiving the permission information request, the distributed ledger system acquires permission information that corresponds to the combination of the file identifier and the version identifier from a distributed ledger, and transmits the permission information to the control server 10. The control server 10 transmits the file to the user terminal 20 if the user of the user terminal has viewing permission based on the permission information.

Systems, methods, and apparatus for medical device management are disclosed. An example tangible computer readable storage medium includes instructions that, when executed, cause a processor to at least launch a first user interface to configure a first user group based on a first role, generate a role mapping in response to configuring the first user group based on the first association, launch a second user interface to configure the first user group based on a first deployment location, generate a location mapping in response to configuring the first user group based on the second association, generate a combined location and role mapping based on the role mapping and the location mapping, and launch a third user interface to facilitate interaction of the first user account with the medical device in response to determining whether the first user account is authorized to access the medical device based on the combined mapping.

Examples of systems described herein include a file server virtual machine of a virtualized file server configured to manage storage of a plurality of storage items. The file server virtual machine including a file system configured to receive an access request directed to a storage item of the plurality of storage items and associated with a user. The file system is further configured to retrieve an access control list having permissions information associated with the storage item, and to cache a permissions profile for the user including all permissions pertaining to the user for the storage item. The file system is further configured to determine whether the access request is permissible based on the cached permissions profile.

Methods and systems are disclosed for data retrieval, from databases to clients, in an environment requiring runtime authorization. In response to a request for T data records, a learning module provides a prediction R of a suitable number of data records to retrieve from a database. Following retrieval of R records or record identifiers, authorization is sought from an authorization service, resulting in A of the records being authorized. The A authorized records are returned to the requesting client, and, if more records are needed, T is decremented and the cycle is repeated. A performance notification is provided to the learning module for training, with respect to providing values of prediction R. The performance notification can be based on a measure of authorization service performance, the number A of authorized records, latency, communication or resource costs, a measure of resource congestion, or other parameters. Variants are disclosed.

This disclosure provides systems, methods, and apparatuses, including computer programs encoded on computer storage media, for accessing information associated with an organization hierarchy. In one aspect of the disclosure, a method includes transmitting, from a device to a server in which multiple group models are stored, an access request to access a first group model of the multiple group models. Each group model of the multiple group models is associated with a different organization and includes multiple group data structures, multiple group type data structures, and multiple group member data structures. Each group model is associated with group hierarchy information that indicates a hierarchy associated with the multiple group data structures associated with the group model. The method further includes receiving, at the device and based on the access request, first hierarchy information associated with a first group model. Other aspects and features are also claimed and described.

A device configured to receive training data that includes user information for a plurality of users and a set of data identifiers for a plurality of data elements. The device is further configured to determine a data size for the training data is greater than a predetermined data size threshold value, and in response, send the training data to a quantum computing device. The quantum computing device is configured to train a first machine learning model using the training data. The device is further configured to receive a set of machine learning model parameters comprising a set of weight coefficients from the quantum computing device in response to training the first machine learning model and to configure a second machine learning model using the set of machine learning model parameters.

Examples described herein are generally directed towards file server access controls, and more specifically towards a mechanism to create consistent access control lists for local users across different file servers in a distributed file server environment. In operation, a local user system SID (e.g., external SID) may be generated for a first user of a first file server. A global ID based on attributes associated with the user of the first file server may also be generated. The global ID for the user may be stored in metadata associated with an access control list (ACL) for a file accessible through the first file server. Data, including the file may be migrated to a second file server. Based on receiving an access request at the second file server associated with the user based on the external ID, the external ID for the user may be translated into the global ID, and used to determine access to the file.

A method, performable by a data broker, of securely transferring data without passwords may include registering an entity using a FIDO authentication process. The method may include associating, based on a receipt of first access token generated by a data provider using a first OIDC authorization process, the data provider with the entity. The method may include generating a second access token, using a second OIDC authorization process, associated with a data recipient. The method may include receiving a request to transfer requested data from the data provider to the data recipient. The request may include the second access token. The method may include transmitting the first long-lived token to the data provider for receiving the requested data. The method may include transmitting the requested data to the data recipient.

Systems, computer program products, and methods are described herein for evaluating, validating, and implementing change requests to a system environment based on artificial intelligence input. The present invention may be configured to receive a change request including a change to be made to a configuration item of a system environment, determine, based on a change inference database, potential failure points associated with deploying the change request in the system environment, and determine, based on the potential failure points, a confidence score for the change. The present invention may be configured to determine whether the confidence score for the change satisfies a threshold limit for the configuration item and prevent the change request from being deployed in the system environment until the confidence score for the change satisfies the threshold limit for the configuration item.

Methods and systems disclosed herein extend an entity's private cloud security model to the entity's public cloud. Public cloud access permissions are defined, in accordance with a security model implemented in the entity's private cloud, for one or more of the entity's public cloud resources. The public cloud permissions are pushed or otherwise provided to an access module within the private cloud. Upon receiving a request to access a public cloud resource, the private cloud access module is invoked to grant or deny the access request in accordance with the public cloud access permissions. Similarly, upon receiving a request to access a private cloud resource, the private cloud access module is invoked to process the access request in accordance with private cloud access permissions, thereby beneficially enabling users to interact with a single access interface regardless of whether the resource reside within the entity's cloud platform.