Abstract: In one embodiment, a method includes obtaining datasets from one or more applications. The datasets comprise functional data and control data related to a plurality of events. The method also includes defining a functional table using the functional data and defining a control table using the control data. The method further includes joining the functional table and the control table to generate an entitlement table. In another embodiment, a method includes receiving a request from a user to access sensitive data related to an event. The method also includes identifying a role of the user and identifying a role-based entitlement of the user based on the role of the user. The method also includes determining, using the role-based entitlement of the user, a user entitlement. The method further includes generating a secured view associated with the user entitlement and communicating the secured view to the user.

Abstract: An aspect of the present invention facilitates users/administrators to control access to electronic resources. In one embodiment, a tag data indicating the corresponding tags associated with each of a set of electronics resources is maintained. In response to receiving from an administrator, a search query indicating a search tag, the tag data is examined and a result set of electronic resources having tags matching the received search tag is identified. The administrator is thereafter enabled to specify an access policy for each of the result set of electronic resources. Thus, administrators are enabled to search for specific resources from a large number of resources and then specify the desired access policies for controlling access to the specific resources.

Abstract: An aspect of the present invention simplifies signing-off from multiple domains. In an embodiment, upon receiving a sign-off request from a user signed-on to multiple domains, the user is signed-off from at least two, but not all, the signed-on domains in due course. According to another aspect, the domains of an enterprise are organized as groups of domains. In response to receiving a request for signing-off from a first domain, the user is signed-off from each of a group of domains corresponding to the first domain (in addition to the first domain). In an embodiment, an administrator of the enterprise specifies a master domain for each group, to facilitate identification of the group to be signed-off. According to another aspect, a user selects a set of domains to sign-off from. The user is signed-off from only the selected set of domains.

Abstract: An aspect of the present invention facilitates users/administrators to control access to electronic resources. In one embodiment, a tag data indicating the corresponding tags associated with each of a set of electronics resources is maintained. In response to receiving from an administrator, a search query indicating a search tag, the tag data is examined and a result set of electronic resources having tags matching the received search tag is identified. The administrator is thereafter enabled to specify an access policy for each of the result set of electronic resources. Thus, administrators are enabled to search for specific resources from a large number of resources and then specify the desired access policies for controlling access to the specific resources.

Abstract: An email server provided according to an aspect of the present invention protects authentication information of user applications when access user's email account is compromised. In an embodiment, when an email message directed to a user contains content which provides access to authentication information for accessing a user application implemented external to said email server, the email server requires authentication credentials from the user before providing access to the content. As a result, even if the user's email account is compromised, additional controls are provided to reduce the probability of compromise of access to user applications implemented external to the email server.

Abstract: An aspect of the present invention simplifies signing-off from multiple domains. In an embodiment, upon receiving a sign-off request from a user signed-on to multiple domains, the user is signed-off from at least two, but not all, the signed-on domains in due course. According to another aspect, the domains of an enterprise are organized as groups of domains. In response to receiving a request for signing-off from a first domain, the user is signed-off from each of a group of domains corresponding to the first domain (in addition to the first domain). In an embodiment, an administrator of the enterprise specifies a master domain for each group, to facilitate identification of the group to be signed-off. According to another aspect, a user selects a set of domains to sign-off from. The user is signed-off from only the selected set of domains.

Abstract: An email server provided according to an aspect of the present invention protects authentication information of user applications when access user's email account is compromised. In an embodiment, when an email message directed to a user contains content which provides access to authentication information for accessing a user application implemented external to said email server, the email server requires authentication credentials from the user before providing access to the content. As a result, even if the user's email account is compromised, additional controls are provided to reduce the probability of compromise of access to user applications implemented external to the email server.