Techniques for managing access to physical assets based on captured digital data and a database are provided. In one technique, one or more functions in an application that executes on a client device are locked. A smart badge that is associated with healthcare information is then received from a remote server system. In response to receiving the smart badge, the one or more functions are unlocked. After unlocking the one or more functions and in response to user input that selects a particular function of the one or more functions, a request and identification data that pertain to the particular function are transmitted over a computer network.

A tool is disclosed for searching information redacted from electronic communications. The tool receives, based on input by a user into an interface of an electronic communication repository, a request to search through vaulted information, the vaulted information redacted from the electronic communication repository. The tool transmits an identity verification challenge to a device of the user and determines whether the identity verification challenge is successful. Responsive to determining that the identity verification challenge is successful, the tool searches the vaulted information for one or more files comprising a symbol input by the user, and generates, for display within the interface, identifiers corresponding to each of the one or more files.

A distribution network communicates content to tenant groups in a secure manner. An engine of the distribution network receives content created utilizing an application having different customers and partners. The engine also receives: a first identifier indicating a customer of the application with which a tenant is associated, and a second identifier indicating a partner of the application with which the tenant is associated. The engine references a stored database table to correlate the first identifier and the second identifier. Based upon the first identifier and the second identifier, the engine evaluates whether the tenant is to be provided access to the content. The engine may provide the tenant with the content according to an access right determined from the first identifier and the second identifier. Certain embodiments may find particular use disseminating content to new tenants of a customer, based upon prior distribution to other tenants of that customer.

An endpoint determines whether a client is authorized to access data. A database stores separate authorizations of a permission model in a data table along with the data. Mapping templates of the endpoint convert a client request for data into a database query for client authorization and the requested data. In response to the query, the database returns to the endpoint the requested data as well as an indication of authorization from the data table. The mapping templates of the endpoint are then used to generate an appropriate response to the client. When the database response indicates the client is authorized, the endpoint can return the requested data to the client. When the database response indicates the client is not authorized, the endpoint can return an error. In some embodiments, the endpoint is an application programming interface (API) gateway that conforms to representational state transfer (REST) software architecture.

Systems and methods for controlling and tracking computer devices using a secure communication path between a central server and a machine control-file watchdog program. One or more machine control-files can be generated to control, limit and track a computer device using a machine control-file watchdog program. The system sets limits on the computer device to ensure the user operating the computer device stays within a restricted set of usage limitations. The machine control-file watchdog program protects the one or more machine control-files and additionally can report on all activities performed by the computer device to the central server.

A facility management system comprises a server, a biometric identification unit, and a processing circuit. The server is configured to store a list of registered users, and biometric information and access rights pertaining to each registered users. The biometric identification unit is associated with the building equipment. The biometric identification unit is enabled to facilitate a user desiring access to the associated building equipment to scan at least one biometric parameter, and subsequent to scanning of the biometric parameter the biometric identification unit is configured to generate a scanned biometric information. The processing circuit is communicatively coupled with the server and the biometric identification unit, and is configured to: authenticate the user based on the biometric information and the scanned biometric information; determine the access rights for the authenticated user; and subsequently provide access to the authenticated user to operate the associated building equipment based on the determined access rights.

An information handling system may include at least one processor and a non-transitory, computer-reading medium having instructions thereon that are executable by the at least one processor for: providing access to one or more objects via a plurality of application programming interface (API) endpoints; receiving a call to a particular API endpoint from an app; and determining, based on a security identifier (SID) of the app, whether the call should be allowed; wherein the SID of the app is based on one or more custom capabilities defined in a manifest of the app.

A method at a first domain for obtaining at least one insight from a second domain, the method including synchronizing a permissions table at the first domain with a master permissions table at a network element; receiving a request for an insight from an application at a bridge in the first domain; confirming an identity of the application; verifying, at the bridge, application permissions using the permissions table at the first domain, the verifying confirming that the application has permission to access the insight; sending a request message from the first domain to the second domain, the request message being signed by a private key of the first domain and requesting the insight; and receiving the insight from the second domain.

A method performed by a cloud computing platform of a cloud service is disclosed to assess a data security of a database deployed in a cloud environment associated with a user of the cloud service. The method includes creating a sandbox environment in the cloud environment associated with the user, loading scanner code in the sandbox environment, wherein the scanner code includes code for performing a data security assessment, loading and restoring a snapshot of the database in the sandbox environment, setting a unique password for admin access to the restored snapshot of the database, executing the scanner code in the sandbox environment to perform the data security assessment on the restored snapshot of the database, and tearing down the sandbox environment in response to a determination that the scanner code has finished execution.

Provided herein are systems, methods, and computer readable media for document hierarchy permissions. This may include providing a permission database comprising a plurality of users, a plurality of advisors, and a plurality of categories. A candidate document is received at a network device. A candidate user, a candidate routing action, and a candidate document category are identified from the candidate document. A candidate document permission attribute is generated identifying the candidate user, candidate file location, and the candidate document category. The candidate document is stored, and the candidate document permission attribute corresponding to the candidate document is stored.