Abstract: Described embodiments provide systems and methods for resource appropriation in a multi-tenant environment using risk and value modeling. A resource server can provide a plurality of applications access to a plurality of resources in response to requests from clients based in part on risk scores and value scores. The resource server can generate and execute a risk model and a value model to determine a risk score and a value score for each of the applications. The resource server can use the risk and value scores to determine access to a particular resource for a requested application. The resource server can assign a first allocation of resource tokens to an application. The resource tokens can correspond to access privileges to plurality of resources. The resource server can dynamically modify the resource allocation for applications responsive to changes to a risk score or value score of a respective application.

Abstract: Described embodiments provide systems and methods for resource appropriation in a multi-tenant environment using risk and value modeling. A resource server can provide a plurality of applications access to a plurality of resources in response to requests from clients based in part on risk scores and value scores. The resource server can generate and execute a risk model and a value model to determine a risk score and a value score for each of the applications. The resource server can use the risk and value scores to determine access to a particular resource for a requested application. The resource server can assign a first allocation of resource tokens to an application. The resource tokens can correspond to access privileges to plurality of resources. The resource server can dynamically modify the resource allocation for applications responsive to changes to a risk score or value score of a respective application.

Abstract: Described embodiments provide systems and methods for resource appropriation in a multi-tenant environment using risk and value modeling. A resource server can provide a plurality of applications access to a plurality of resources in response to requests from clients based in part on risk scores and value scores. The resource server can generate and execute a risk model and a value model to determine a risk score and a value score for each of the applications. The resource server can use the risk and value scores to determine access to a particular resource for a requested application. The resource server can assign a first allocation of resource tokens to an application. The resource tokens can correspond to access privileges to plurality of resources. The resource server can dynamically modify the resource allocation for applications responsive to changes to a risk score or value score of a respective application.

Abstract: Entitlements to resources can be determined by using access rules that are organized as respective ranges in an entitlement space. An access rule can represent a range between two rational numbers in the entitlement space; the range can be represented by a single rational number. Due to the way the rational numbers are chosen, a child rule is completely covered by its parent, and a parent has remaining room in the entitlement space for unlimited additional children. Entitlement checking for a large batch of resources can be performed quickly based on reusing calculated permitted ranges in the entitlement space. Implied permissions can be supported. Content can easily be added, and the access rules can be modified without unduly impacting the underlying tree structure, if at all.

Abstract: Entitlements to resources can be determined by using access rules that are organized as respective ranges in an entitlement space. An access rule can represent a range between two rational numbers in the entitlement space; the range can be represented by a single rational number. Due to the way the rational numbers are chosen, a child rule is completely covered by its parent, and a parent has remaining room in the entitlement space for unlimited additional children. Entitlement checking for a large batch of resources can be performed quickly based on reusing calculated permitted ranges in the entitlement space. Implied permissions can be supported. Content can easily be added, and the access rules can be modified without unduly impacting the underlying tree structure, if at all.

Abstract: Disclosed herein are methods, systems, and articles for promoting changes that result from remediation performed within a computer network, for compliance review. Policy tests may be provided within the computer network, which comprises a number of nodes. The policy tests may relate to configuration parameters and compliance requirements for various nodes within the computer network. At least one pattern relating to nodes within the computer network that may be affected by execution of a remediation script is determined. Nodes within the computer network may be identified, based at least in part on the at least one pattern. Subsequent to execution of the remediation script, a list of nodes whose state has changed may be promoted for compliance review.