FORM 2
THE PATENTS ACT, 1970
(39 OF 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“METHOD AND SYSTEM FOR PROVIDING ACCESS TO
USERS”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

METHOD AND SYSTEM FOR PROVIDING ACCESS TO USERS
FIELD OF DISCLOSURE
[0001] Embodiments of the present disclosure generally relate to network
access management systems. More particularly, embodiments of the present disclosure relate to methods and systems for providing access to users.
BACKGROUND
[0002] The following description of the related art is intended to provide
background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0003] Wireless communication technology has rapidly evolved over the past
few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. 3G technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication

technology has become more advanced, sophisticated, and capable of delivering more services to its users.
[0004] The 5G ecosystem is constantly expanding with an increasing user base.
Therefore, in such scenarios, traditional monitoring systems often generate excessive alerts, which may provide multiple difficulties to the administrators to focus on the most critical issues. In scenarios, where there are too many alerts, the administrators may feel difficulty to prioritize and respond effectively, leading to alert fatigue. Further, in order to solve this problem, multiple database monitoring tools that may use unique alerting methods are used, which may further cause confusion and also complicate the management of the alerts across the network.
[0005] Therefore, there is a requirement of a database management interface
that allows administrators to monitor the health of all databases and clusters in a network. Also, in a 5G infrastructure with multiple teams, there lies multiple challenges to assign responsibilities for database monitoring and alert management if roles are unclear or overlapping. This lack of clarity may lead to confusion, inefficiencies, and even conflicts among administrators.
[0006] Moreover, some other concerns are unauthorized access, such as if the
database management interface cannot enforce role-driven access control, unauthorized users might gain access to sensitive monitoring data, including database clusters, alerts, reports, and user traces. This may compromise the security and confidentiality of critical information within the 5G network. In addition, the complexity of governance increases when the systems cannot manage user access effectively, leading to overlooked permissions and poor governance. Moreover, unauthorized users may potentially manipulate or delete crucial monitoring data, such as alerts, notifications, reports, and user traces within the database clusters. This poses a significant risk, especially if important data is tampered with or erased.

[0007] Thus, there exists an imperative need in the art to manage access to
users, which the present disclosure aims to address.
OBJECTS OF THE DISCLOSURE
[0008] Some of the objects of the present disclosure, which at least one
embodiment disclosed herein satisfies are listed herein below.
[0009] It is an object of the present disclosure to provide a system and a method
for providing access to users, based on assigned responsibilities and denying unauthorized entry on a role-based database management interface.
[0010] It is another object of the present disclosure to provide a solution for
efficient storage and analysis of user activity, enabling the tracking of user behaviour and unauthorized actions on role-based database management interface.
SUMMARY
[0011] This section is provided to introduce certain aspects of the present
disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0012] An aspect of the present disclosure may relate to a method for providing
access to users. The method comprises assigning, by an assignment unit, a set of roles to a set of users, based on one or more responsibilities of each of the set of users. The method further comprises authenticating, by an authentication unit, a first user, in response to a login request from the first user. Next, the method comprises determining, by a determination unit, based on a profile of the first user, one or more roles assigned to the first user, based on one or more responsibilities

of the first user. Thereafter, the method comprises determining, by the determination unit, based on the one or more responsibilities of the first user, a set of allowable accesses for the first user. Additionally, the method comprises transmitting, by a transceiver unit, to a user interface associated with the first user, the set of allowable accesses for the first user.
[0013] In an exemplary aspect of the present disclosure, the method comprises
tracking, by a tracker, one or more activities of the first user.
[0014] In an exemplary aspect of the present disclosure, the method further
comprises storing, by a storage unit in a database, a log of operations of the first user.
[0015] In an exemplary aspect of the present disclosure, the method comprises
configuring, by a configuration unit, the set of roles with one or more predefined allowable accesses.
[0016] In an exemplary aspect of the present disclosure, the set of allowable
accesses is indicative of at least one of a set of modules accessible by the first user, and a set of operations that the user is allowed to perform.
[0017] In an exemplary aspect of the present disclosure, the set of modules is
selected from a group consisting of database cluster modules, alert modules, report management modules, notification modules, document modules, and combinations thereof.
[0018] Another aspect of the present disclosure may relate to a system for
providing access to users. The system comprises an assignment unit configured to assign a set of roles to a set of users, based on one or more responsibilities of each of the set of users. Next, the system comprises an authentication unit connected at

least to the assignment unit. Herein, the authentication unit is configured to authenticate a first user, in response to a login request from the first user. Further, the system comprises a determination unit connected at least to the authentication unit. Herein, the determination unit is configured to determine, based on a profile of the first user, one or more roles assigned to the first user, based on one or more responsibilities of the first user. Thereafter, the determination unit is configured to determine, based on the one or more responsibilities of the first user, a set of allowable accesses for the first user. Furthermore, the system comprises a transceiver unit connected at least with the determination unit. Herein, the transceiver unit is configured to transmit to a user interface associated with the first user, the set of allowable accesses for the first user.
[0019] Yet another aspect of the present disclosure may relate to a non-
transitory computer-readable storage medium, storing instructions for providing access to users, the storage medium comprising executable code which, when executed by one or more units of a system, causes: an assignment unit to assign a set of roles to a set of users, based on one or more responsibilities of each of the set of users; an authentication unit to authenticate a first user, in response to a login request from the first user; a determination unit to: determine, based on a profile of the first user, one or more roles assigned to the first user, based on one or more responsibilities of the first user; and determine, based on the one or more responsibilities of the first user, a set of allowable accesses for the first user; and a transceiver unit to transmit, to a user interface associated with the first user, the set of allowable accesses for the first user.
DESCRIPTION OF THE DRAWINGS
[0020] The accompanying drawings, which are incorporated herein, and
constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same

parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Also, the embodiments shown in the figures are not to be construed as limiting the disclosure, but the possible variants of the method and system according to the disclosure are illustrated herein to highlight the advantages of the disclosure. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components or circuitry commonly used to implement such components.
[0021] FIG.1 illustrates an exemplary block diagram representation of 5th
generation core (5GC) network architecture.
[0022] FIG. 2 illustrates an exemplary block diagram of a computing device
upon which the features of the present disclosure may be implemented, in accordance with exemplary implementations of the present disclosure.
[0023] FIG. 3 illustrates an exemplary block diagram of a system for providing
access to users, in accordance with exemplary implementations of the present disclosure.
[0024] FIG. 4 illustrates a method flow diagram for providing access to users,
in accordance with exemplary implementations of the present disclosure.
[0025] FIG. 5 illustrates an exemplary architecture diagram, for providing
access to users, in accordance with exemplary implementations of the present disclosure.
[0026] FIG. 6 illustrates an exemplary block diagram of an exemplary method
flow for providing access to a user, in accordance with the exemplary embodiments of the present invention.

[0027] The foregoing shall be more apparent from the following more detailed
description of the disclosure.
DETAILED DESCRIPTION
[0028] In the following description, for the purposes of explanation, various
specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter may each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the problems discussed above.
[0029] The ensuing description provides exemplary embodiments only, and is
not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0030] Specific details are given in the following description to provide a
thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail.

[0031] Also, it is noted that individual embodiments may be described as a
process which is depicted as a flowchart, a flow diagram, a data flow diagram, a
structure diagram, or a block diagram. Although a flowchart may describe the
operations as a sequential process, many of the operations may be performed in
5 parallel or concurrently. In addition, the order of the operations may be re-arranged.
A process is terminated when its operations are completed but could have additional steps not included in a figure.
[0032] The word “exemplary” and/or “demonstrative” is used herein to mean
10 serving as an example, instance, or illustration. For the avoidance of doubt, the
subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques
15 known to those of ordinary skill in the art. Furthermore, to the extent that the terms
“includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive—in a manner similar to the term “comprising” as an open transition word—without precluding any additional or other elements.
20
[0033] As used herein, a “processing unit” or “processor” or “operating
processor” includes one or more processors, wherein processor refers to any logic circuitry for processing instructions. A processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal
25 processor, a plurality of microprocessors, one or more microprocessors in
association with a Digital Signal Processing (DSP) core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may perform signal coding data processing, input/output processing, and/or any other
30 functionality that enables the working of the system according to the present
9

disclosure. More specifically, the processor or processing unit is a hardware processor.
[0034] As used herein, “a user equipment”, “a user device”, “a smart-user-
5 device”, “a smart-device”, “an electronic device”, “a mobile device”, “a handheld
device”, “a wireless communication device”, “a mobile communication device”, “a communication device” may be any electrical, electronic and/or computing device or equipment, capable of implementing the features of the present disclosure. The user equipment/device may include, but is not limited to, a mobile phone, smart
10 phone, laptop, a general-purpose computer, desktop, personal digital assistant,
tablet computer, wearable device or any other computing device which is capable of implementing the features of the present disclosure. Also, the user device may contain at least one input means configured to receive an input from unit(s) which are required to implement the features of the present disclosure.
15
[0035] As used herein, “storage unit” or “memory unit” refers to a machine or
computer-readable medium including any mechanism for storing information in a form readable by a computer or similar machine. For example, a computer-readable medium includes read-only memory (“ROM”), random access memory (“RAM”),
20 magnetic disk storage media, optical storage media, flash memory devices or other
types of machine-accessible storage media. The storage unit stores at least the data that may be required by one or more units of the system to perform their respective functions.
25 [0036] As used herein “interface” or “user interface” refers to a shared
boundary across which two or more separate components of a system exchange information or data. The interface may also refer to a set of rules or protocols that define communication or interaction of one or more modules or one or more units with each other, which also includes the methods, functions, or procedures that may
30 be called.
10

[0037] All modules, units, components used herein, unless explicitly excluded
herein, may be software modules or hardware processors, the processors being a
general-purpose processor, a special purpose processor, a conventional processor,
5 a digital signal processor (DSP), a plurality of microprocessors, one or more
microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASIC), Field Programmable Gate Array circuits (FPGA), any other type of integrated circuits, etc.
10 [0038] As used herein the transceiver unit includes at least one receiver and at
least one transmitter configured respectively for receiving and transmitting data, signals, information or a combination thereof between units/components within the system and/or connected with the system.
15 [0039] As discussed in the background section, the current known solutions
have several shortcomings. The present disclosure aims to overcome the above-mentioned and other existing problems in this field of technology by providing a method and a system that ensures authorized access to handle user authentication, access control, trace management, and activity monitoring. The present solution
20 may further ensure that only authorized users with specific roles can access and
manage critical elements like alerts and reports. In addition, the present solution includes the development of a mechanism that facilitates efficient storage, analysis, and tracking of user activities.
25 [0040] FIG. 1 illustrates an exemplary block diagram representation of 5th
generation core (5GC) network architecture, in accordance with exemplary implementation of the present disclosure. As shown in FIG. 1, the 5GC network architecture [100] includes a user equipment (UE) [102], a radio access network (RAN) [104], an access and mobility management function (AMF) [106], a Session
30 Management Function (SMF) [108], a Service Communication Proxy (SCP) [110],
11

an Authentication Server Function (AUSF) [112], a Network Slice Specific
Authentication and Authorization Function (NSSAAF) [114], a Network Slice
Selection Function (NSSF) [116], a Network Exposure Function (NEF) [118], a
Network Repository Function (NRF) [120], a Policy Control Function (PCF) [122],
5 a Unified Data Management (UDM) [124], an application function (AF) [126], a
User Plane Function (UPF) [128], a data network (DN) [130], wherein all the components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing features of the present disclosure.
10 [0041] The RAN [104] is the part of a mobile telecommunications system that
connects user equipment (UE) [102] to the core network (CN) and provides access to different types of networks (e.g., 5G network). It consists of radio base stations and the radio access technologies that enable wireless communication.
15 [0042] The AMF [106] is a 5G core network function responsible for managing
access and mobility aspects, such as UE registration, connection, and reachability. It also handles mobility management procedures like handovers and paging.
[0043] The SMF [108] is a 5G core network function responsible for managing
20 session-related aspects, such as establishing, modifying, and releasing sessions. It
coordinates with the User Plane Function (UPF) for data forwarding and handles IP address allocation and QoS enforcement.
[0044] The SCP [110] is a network function in the 5G core network that
25 facilitates communication between other network functions by providing a secure
and efficient messaging service. It acts as a mediator for service-based interfaces.
[0045] The AUSF [112] is a network function in the 5G core responsible for
authenticating UEs during registration and providing security services. It generates
30 and verifies authentication vectors and tokens.
12

[0046] The NSSAAF [114] is a network function that provides authentication
and authorization services specific to network slices. It ensures that UEs can access only the slices for which they are authorized. 5
[0047] The NSSF [116] is a network function responsible for selecting the
appropriate network slice for a UE based on factors such as subscription, requested services, and network policies.
10 [0048] The NEF [118] is a network function that exposes capabilities and
services of the 5G network to external applications, enabling integration with third-party services and applications.
[0049] The NRF [120] is a network function that acts as a central repository
15 for information about available network functions and services. It facilitates the
discovery and dynamic registration of network functions.
[0050] The PCF [122] is a network function responsible for policy control
decisions, such as QoS, charging, and access control, based on subscriber
20 information and network policies.
[0051] The UDM [124] is a network function that centralizes the management
of subscriber data, including authentication, authorization, and subscription information. 25
[0052] The AF [126] is a network function that represents external applications
interfacing with the 5G core network to access network capabilities and services.
13

[0053] The UPF [128] is a network function responsible for handling user data
traffic, including packet routing, forwarding, and QoS enforcement.
[0054] The DN [130] refers to a network that provides data services to user
5 equipment (UE) in a telecommunications system. The data services may include
but are not limited to Internet services, private data network related services.
[0055] The 5GC network architecture also comprises a plurality of interfaces
for connecting the network functions with a network entity for performing the
10 network functions. The NSSF [116] is connected with the network entity via the
interface denoted as (Nnssf) interface in the figure. The NEF [118] is connected with the network entity via the interface denoted as (Nnef) interface in the figure. The NRF [120] is connected with the network entity via the interface denoted as (Nnrf) interface in the figure. The PCF [122] is connected with the network entity via the
15 interface denoted as (Npcf) interface in the figure. The UDM [124] is connected with
the network entity via the interface denoted as (Nudm) interface in the figure. The AF [126] is connected with the network entity via the interface denoted as (Naf) interface in the figure. The NSSAAF [114] is connected with the network entity via the interface denoted as (Nnssaaf) interface in the figure. The AUSF [112] is
20 connected with the network entity via the interface denoted as (Nausf) interface in
the figure. The AMF [106] is connected with the network entity via the interface denoted as (Namf) interface in the figure. The SMF [108] is connected with the network entity via the interface denoted as (Nsmf) interface in the figure. The SMF [108] is connected with the UPF [128] via the interface denoted as (N4) interface
25 in the figure. The UPF [128] is connected with the RAN [104] via the interface
denoted as (N3) interface in the figure. The UPF [128] is connected with the DN [130] via the interface denoted as (N6) interface in the figure. The RAN [104] is connected with the AMF [106] via the interface denoted as (N2). The AMF [106] is connected with the RAN [104] via the interface denoted as (N1). The UPF [128]
30 is connected with other UPF [128] via the interface denoted as (N9). The interfaces
such as Nnssf, Nnef, Nnrf, Npcf, Nudm, Naf, Nnssaaf, Nausf, Namf, Nsmf, N9, N6, N4, N3, N2,
14

and N1 can be referred to as a communication channel between one or more functions or modules for enabling exchange of data or information between such functions or modules, and network entities.
5 [0056] FIG. 2 illustrates an exemplary block diagram of a computing device
[200] (herein, also referred to as a computer system [200]) upon which one or more features of the present disclosure may be implemented in accordance with an exemplary implementation of the present disclosure. In an implementation, the computing device [200] may also implement a method for providing access to users,
10 utilising a system, or one or more sub-systems, provided in the network. In another
implementation, the computing device [200] itself implements the method for providing access to users, using one or more units configured within the computing device [200], wherein said one or more units are capable of implementing the features as disclosed in the present disclosure.
15
[0057] The computing device [200] may include a bus [202] or other
communication mechanism(s) for communicating information, and a hardware processor [204] coupled with bus [202] for processing said information. The hardware processor [204] may be, for example, a general-purpose microprocessor.
20 The computing device [200] may also include a main memory [206], such as a
random-access memory (RAM), or other dynamic storage device, coupled to the bus [202], for storing information and instructions to be executed by the processor [204]. The main memory [206] also may be used for storing temporary variables or other intermediate information during execution of the instructions to be executed
25 by the processor [204]. Such instructions, when stored in a non-transitory storage
media accessible to the processor [204], render the computing device [200] into a special purpose device that is customized to perform operations according to the instructions. The computing device [200] further includes a read only memory (ROM) [208] or other static storage device coupled to the bus [202] for storing static
30 information and instructions for the processor [204].
15

[0058] A storage device [210], such as a magnetic disk, optical disk, or solid-
state drive is provided and coupled to the bus [202] for storing information and
instructions. The computing device [200] may be coupled via the bus [202] to a
5 display [212], such as a cathode ray tube (CRT), Liquid crystal Display (LCD),
Light Emitting Diode (LED) display, Organic LED (OLED) display, etc., for displaying information to a user of the computing device [200]. An input device [214], including alphanumeric and other keys, touch screen input means, etc. may be coupled to the bus [202] for communicating information and command
10 selections to the processor [204]. Another type of user input device may be a cursor
controller [216], such as a mouse, a trackball, or cursor direction keys, for communicating direction information and command selections to the processor [204], and for controlling cursor movement on the display [212]. The cursor controller [216] typically has two degrees of freedom in two axes, a first axis (e.g.,
15 x) and a second axis (e.g., y), that allows the cursor controller [216] to specify
positions in a plane.
[0059] The computing device [200] may implement the techniques described
herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware
20 and/or program logic which, in combination with the computing device [200],
causes or programs the computing device [200] to be a special-purpose device. According to one implementation, the techniques herein are performed by the computing device [200] in response to the processor [204] executing one or more sequences of one or more instructions contained in the main memory [206]. The
25 one or more instructions may be read into the main memory [206] from another
storage medium, such as the storage device [210]. Execution of the one or more sequences of the one or more instructions contained in the main memory [206] causes the processor [204] to perform the process steps described herein. In alternative implementations of the present disclosure, hard-wired circuitry may be
30 used in place of, or in combination with, software instructions.
16

[0060] The computing device [200] also may include a communication
interface [218] coupled to the bus [202]. The communication interface [218]
provides two-way data communication coupling to a network link [220] that is
connected to a local network [222]. For example, the communication interface
5 [218] may be an integrated services digital network (ISDN) card, cable modem,
satellite modem, or a modem to provide a data communication connection to a
corresponding type of telecommunication line. In another example, the
communication interface [218] may be a local area network (LAN) card to provide
a data communication connection to a compatible LAN. Wireless links may also be
10 implemented. In any such implementation, the communication interface [218]
sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing different types of information.
[0061] The computing device [200] can send and receive data, including
15 program code, messages, etc. through the network(s), the network link [220] and
the communication interface [218]. In an example, a server [230] might transmit a
requested code for an application program through the Internet [228], the ISP [226],
the local network [222], the host [224] and the communication interface [218]. The
received code may be executed by the processor [204] as it is received, and/or stored
20 in the storage device [210], or other non-volatile storage for later execution.
[0062] Referring to FIG. 3, an exemplary block diagram of a system [300] for
providing access to users, is shown, in accordance with the exemplary implementations of the present disclosure. The system [300] comprises at least one
25 assignment unit [302], at least one authentication unit [304], at least one
determination unit [306], at least one transceiver unit [308], at least one tracker [310], at least one storage unit [312], and at least one configuration unit [314]. Also, all of the components/ units of the system [300] are assumed to be connected to each other unless otherwise indicated below. As shown in the figures all units
30 shown within the system [300] should also be assumed to be connected to each
other. Also, in FIG. 3 only a few units are shown, however; the system [300] may
17

comprise multiple such units or the system [300] may comprise any such numbers
of said units, as required to implement the features of the present disclosure.
Further, in an implementation, the system [300] may be present in a user device/
user equipment [102] to implement the features of the present disclosure. The
5 system [300] may be a part of the user equipment (UE) [102] or may be independent
of but in communication with the UE [102]. In another implementation, the system [300] may reside in a server or a network entity. In yet another implementation, the system [300] may reside partly in the server/ network entity and partly in the UE [102]. 10
[0063] The system [300] is configured for providing access to users, with the
help of the interconnection between the components/units of the system [300].
[0064] Further, in accordance with the present disclosure, it is to be
15 acknowledged that the functionality described for the various components/units can
be implemented interchangeably. While specific embodiments may disclose a
particular functionality of these units for clarity, it is recognized that various
configurations and combinations thereof are within the scope of the disclosure. The
functionality of specific units as disclosed in the disclosure should not be construed
20 as limiting the scope of the present disclosure. Consequently, alternative
arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.
25 [0065] The system [300] comprises the assignment unit [302] configured to
assign a set of roles to a set of users, based on one or more responsibilities of each of the set of users. The set of users mentioned herein may be an individual or an entity comprising a group of individuals that may hold the one or more responsibilities. Further, based on the one or more responsibilities, the assignment
30 unit [302] assigns the set of roles to the set of users. For example, in an event, the
18

set of users that are responsible for network security management may have a separate set of roles, however, in another event, the set of users that are responsible for network maintenance may have a separate set of roles from the set of roles assigned to the users in network security management. 5
[0066] Further, the system [300] further comprises a configuration unit [314]
connected at least with the assignment unit [302]. Herein, the configuration unit [314] is configured to configure the set of roles with one or more predefined allowable accesses. The one or more predefined allowable accesses may refer to
10 specific permissions or restrictions imposed on each role from the set of roles. The
specific permissions (or restrictions) may be predefined for each role, and may refer to one or more modules that a user having a certain role may have access to. Such a demarcation allows for improved security, as a user may not be able to access modules for which the user is not assigned to. For example, for the role of a network
15 security management, the specific permissions may relate to one or more modules
that relate or operate within the directives of network security management. A user who works, for example, in network maintenance, may not have permissions to access the modules related to network security management.
20 [0067] The configuration unit [314], based on the assigned roles allocated by
the assignment unit [302], may retrieve a list of permissions or restrictions associated with each role. Thereafter, the configuration unit [314] may apply the predefined rules to each role, allowing a user assigned with a specific role to access the list of permissions or restrictions associated with said specific role.
25
[0068] The system [300] further comprises an authentication unit [304]
connected at least to the assignment unit [302], wherein the authentication unit [304] is configured to authenticate a first user, in response to a login request from the first user. In an implementation, in case the first user from the set of users may
30 require accessing one or more resources within the system [300], therefore, for
19

accessing the one or more resources, the first user may require sending a login
request to the system [300]. Further, the login request may include one or more
credentials such as username, password, or similar that is being processed by the
authentication unit [304]. The authentication unit [304] may further verify the one
5 or more credentials with a plurality of credentials stored in the storage unit [312].
Further, in case, the one or more credentials are successfully verified, the
authentication unit [304] may allow the first user to access the one or more
resources. Further, in case, the one or more credentials do not match with the
plurality of credentials stored in the storage unit [312], then in such case, the first
10 user may require to re-send the login request or may require following one or more
rules suggested by the authentication unit [304].
[0069] The system [300] further comprises the determination unit [306]
connected at least to the authentication unit [304]. Herein, the determination unit
15 [306] is configured to determine, based on a profile of the first user, one or more
roles assigned to the first user, based on one or more responsibilities of the first user. Post successful authentication of the first user, the determination unit [306] may retrieve one or more essential information such as user profile, and responsibilities handled by said first user. Further, based on the one or more
20 essential information, the determination unit [306] may further determine an
appropriate role for the first user.
[0070] The determination unit [306] is further configured to determine, based
on the one or more responsibilities of the first user, a set of allowable accesses for
25 the first user. Herein, the set of allowable accesses is indicative of at least one of a
set of modules accessible by the first user, and a set of operations that the first user is allowed to perform.
[0071] Further, the set of modules mentioned herein is selected from a group
30 consisting of database cluster modules, alert modules, report management modules,
20

notification modules, document modules, and combinations thereof. The database
cluster modules mentioned herein may allow an access of a pre-stored data to the
first user. Further, the alert modules may enable the first user to receive and manage
alerts within the system [300]. Further, the report management modules mentioned
5 herein may allow the first user to generate, view or manage reports associated with
the system [300]. Further, the notification modules may allow the first user to manage notifications associated with the system [300]. Further, the document module may further allow the first user to access to the documents, manuals and similar associated with the system [300].
10
[0072] The system [300] further comprise the transceiver unit [308] connected
at least with the determination unit [306], wherein the transceiver unit [308] is configured to transmit, to a user interface associated with the first user, the set of allowable accesses for the first user. The transceiver unit [308] may receive the set
15 of allowable accesses from the determination unit [306] which may include
database cluster modules, alert modules, etc. Thereafter, the transceiver unit [308] may establish a connection with the user interface of the first user and thereafter, the transceiver unit [308] may send the set of allowable access to the user interface. The user interface may further display the set of modules and the set of operations.
20
[0073] The system [300] further comprises a tracker [310] connected at least
with the transceiver unit [308], the tracker [310] is configured to track one or more activities of the first user. The one or more activities of the first user mentioned herein may include a number of login attempts used by the first user, the total
25 number of modules accessed by the first user, along with the set of operations
performed by the user.
[0074] The system [300] further comprises a storage unit [312] connected at
least to the tracker [310], the storage unit [312] is configured to store, in a database,
30 a log of operations of the first user. The log of operations mentioned herein may
21

refer to the one or more activities performed by the first user. The tracker [310] may
send the log of operations of the first user to the storage unit [312] for future
analysis. The storage unit [312] stores the mentioned log of information in a
database associated with the storage unit [312]. The storage unit [312] stores the
5 log of information in a structured manner, enabling the storage unit [312] to easily
retrieve and analyse a particular log of information as per requirement.
[0075] For ease of understanding, the above mentioned context is explained
with the help of an example: consider a set of three users (suppose user A, user B,
10 and user C) are deployed to operate within the network for one or more
responsibilities. Further, based on the one or more responsibilities the assignment unit [302] may assign one or more set of roles to each user (suppose role X assigned to user A, role Y assigned to user B, and role C assigned to user C).
15 [0076] Further, based on the set of roles assigned to each user, and the list of
permissions or restrictions associated with said role, the configuration unit [314] further provides access to the user based on the predefined rules associated with said rule. Such as the role X allows the assigned user (user A) to have access to security protocols or firewalls settings of the network.
20
[0077] Further, for user A to login within the system [300], user A may require
sending the login request to the authentication unit [304]. Further, based on the authentication of the login request, user A may be provided or be denied an entry within the system [300].
25
[0078] Further, the determining unit may further determine an appropriate role
(suppose role Y) for user A based on the profile associated with user A and the one or more responsibilities that are handled by user A. The determination unit [306] may further identify the set of modules or the set of operations that are to be
30 accessed by user A. The determination unit [306] based on identification of the set
22

of modules and the set of operations for user A, may further allow user A to interact
with the pre-defined set of modules. The transceiver unit [308] may now further
send the set of modules and the set of operations that are accessible to user A to the
user interface utilized by user A to interact with the system [300]. Further, the
5 activities including the set of modules accessed by user A and the set of
performance performed by user A is tracked and is further stored in the storage unit [312] for future analysis and reference.
[0079] Referring to FIG. 4, an exemplary method flow diagram [400] for
10 providing access to users, in accordance with exemplary implementations of the
present disclosure is shown. In an implementation the method [400] is performed by the system [300]. Further, in an implementation, the system [300] may be present in a server device to implement the features of the present disclosure.
15 [0080] Also, as shown in Figure 4, the method [400] initially starts at step
[402].
[0081] At step [404], the method [400] comprises assigning, by an assignment
unit [302], a set of roles to a set of users, based on one or more responsibilities of
20 each of the set of users.
[0082] The method [400] comprises configuring, by a configuration unit [314],
the set of roles with one or more predefined allowable accesses.
25 [0083] At step [406], the method [400] comprises authenticating, by an
authentication unit [304], a first user, in response to a login request from the first user.
23

[0084] At step [408], the method [400] comprises determining, by a
determination unit [306], based on a profile of the first user, one or more roles assigned to the first user, based on one or more responsibilities of the first user.
5 [0085] At step [410], the method [400] comprises determining, by the
determination unit [306], based on the one or more responsibilities of the first user,
a set of allowable accesses for the first user. Further, the set of allowable accesses
is indicative of at least one of a set of modules accessible by the first user, and a set
of operations that the user is allowed to perform. Furthermore, the set of modules
10 is selected from a group consisting of database cluster modules, alert modules,
report management modules, notification modules, document modules, and combinations thereof.
[0086] At step [412], the method [400] comprises transmitting, by a transceiver
15 unit [308], to a user interface associated with the first user, the set of allowable
accesses for the first user.
[0087] The method [400] further comprises tracking, by a tracker [310], one or
more activities of the first user. 20
[0088] The method [400] further comprises storing, by a storage unit [312] in
a database, a log of operations of the first user.
[0089] The method [400] herein terminates at the step [414].
25
[0090] Referring to FIG. 5, an exemplary system architecture diagram [500],
for providing access to users, in accordance with exemplary implementations of the present disclosure is shown. The system architecture [500] comprises a user interface [502], an access control service [504], a management unit [506], a
30 centralized data repository [508], and one or more database clusters [510].
24

[0091] The user interface [502] mentioned herein may include but not limited
to a web-based portal, an application, or alike medium that provide a platform for one or more users to interact with the system [500]. 5
[0092] The access control service [504] may assist in creating and assigning a
set of roles to the one or more users, respectively. The access control service [504]
may authenticate the one or more users and may further provide the access to one
or more resources associated with the system [500] that are to be utilized by each
10 user based on assigned roles of said user.
[0093] Further, the management unit [506] may manage user requests and may
accordingly communicate with the one or more database clusters to retrieve or store one or more information as per the requirement of the user.
15
[0094] Further, the one or more database services represented in the FIG. 5
may refer to one or more services that are responsible for interacting with the one or more database clusters [510]. The one or more database services manages data operations that are related to a specific database cluster. Further, the one or more
20 database services may further ensure that the data stored in the one or more database
clusters [510] is accurate and up to date.
[0095] Further, the one or more database clusters (such as database A cluster,
database B cluster, and database C cluster) are utilized to store one or more data
25 associated with the one or more database services. Each database cluster may
include one or more nodes or services that are configured for storage of data. An example of such a node or service includes a unified data repository (UDR). The UDR is a distributed, scalable, high-performance subscriber database, and provides an HTTP2-based interface to retrieve, create, update, and delete data therein.
30
25

[0096] Further, the centralized data repository [508] may refer to a central
storage, where the one or more data from the one or more database clusters [510] are collected and stored. The centralized data repository [508] may ensure that the one or more data is structurally stored and is accessible in further references. 5
[0097] In an exemplary embodiment, each user of the one or more users may
be required to login into the system [500] via the user interface [502]. Thereafter, in order to enter within the system [500], the user must require entering their associated credentials that are further verified by the access control service [504].
10 The access control service [504] post successful authentication of the credentials
may further allow the user to enter within the system [500]. Thereafter, the management unit [506] may process a request from the user regarding access of the one or more resources required to perform a required operation. Thereafter, the management unit [506] may further interact with an associated database service
15 (suppose database A service). Further, the associated database service may
communicate with the associated database cluster to execute the required operations. The one or more data associated with the required operations is then further stored in the central data repository for future analysis.
20 [0098] Referring to FIG. 6 an exemplary method flow [600] for providing
access to users, in accordance with the exemplary embodiments of the present invention is shown.
[0099] At step 602, the method [600] encompasses ‘create role linked to
25 predetermined access permissions’, implying that the specific roles are created by
the system [500] and each role is linked to a set of predetermined access permissions. The set of predetermined access permissions may further define a number of resources that is to be accessed by a user, based on the role assigned to said user. 30
26

[0100] At step 604, the method [600] encompasses ‘assign specific role to user
based on responsibility’ implies that the system [500] may assign a specific role to the user based on one or more responsibilities of each user. The allocation of roles further prevents any unauthorized access to the one or more resources. 5
[0101] At step 606, the method [600] encompasses ‘users logs into the tool’
implying that the user may login into the system [500] via the tool. The tool
mentioned herein is preferably an interface that may allow the user to log into the
system [500]. The user may require sending a login request to the system [500] in
10 order to access the system [500].
[0102] At step 608, the method [600] encompasses ‘check user login
credentials and access level’ implying that the login request may include one or
more credentials that are further to be verified by one or more authentication
15 process, implied by the system [500] to verify the identity of the user.
[0103] At step 610, the method [600] encompasses ‘deny access to the user if
verification is failed’ implying that in case the user credentials do not match with a
set of pre-stored credentials stored within the system [500], the system [500] may
20 deny an access to the user.
[0104] At step 612, the method [600] encompasses ‘check assigned roles to
determine access permissions’ post successful verification of the user, the system [500] may further determine a number of resources is to be accessed by the user.
25
[0105] At step 614, the method [600] encompasses ‘user is displayed
permissioned modules like dashboards, alerts, notifications etc.’ implies that the system [500] may display the accessible modules such as the dashboards, alerts, notifications etc. on the user interface [502]. The display of accessible modules is
30 entirely based on the roles and responsibilities of the user.
27

[0106] At step 616, the method [600] encompasses ‘unauthorized modules/
operations are hidden for the user in the user interface [502]’ implying that the
system [500] may hide any unauthorized modules or operations from the user
5 interface [502].
[0107] At step 618, the method [600] encompasses ‘user is allowed to perform
only allowed operations on the modules’ implying that the user is only allowed to
interact with the accessible modules and is able to perform one or more operations
10 that is assigned to the user.
[0108] At step 620, the method [600] encompasses ‘user performs any
authorized activity based on role’ implying that the user may carry out any
authorized activities based on the assigned role of the user. It is to be noted that
15 each activity performed by the user is monitored by the system [500].
[0109] At step 622, the method [600] encompasses ‘apply techniques to
analyse user activity and log the trace data’ implying that the system [500] may
utilize one or more techniques to analyse user activity and log the trace data. The
20 one or more techniques may further assist in detecting any unusual or unauthorized
behaviour from the user.
[0110] At step 624, the method [600] encompasses ‘user access the trace data
to get insights and ensure informed decision’ implying that an authorized user or
25 administrator may access the trace data to verify the user activities. The authorized
user or administrator may utilize the trace data for making important decisions which may include an adjustment in the roles, an improvement in the security policy or similar.
28

[0111] The present disclosure further provides a non-transitory computer-
readable storage medium, storing instructions for providing access to users, the storage medium comprising executable code which, when executed by one or more units of a system, causes: an assignment unit [302] to assign a set of roles to a set of users, based on one or more responsibilities of each of the set of users; an authentication unit [304] to authenticate a first user, in response to a login request from the first user; a determination unit [306] to: determine, based on a profile of the first user, one or more roles assigned to the first user, based on one or more responsibilities of the first user; and determine, based on the one or more responsibilities of the first user, a set of allowable accesses for the first user; and a transceiver unit [308] to transmit, to a user interface associated with the first user, the set of allowable accesses for the first user.
[0112] As is evident from the above, the present disclosure provides a
technically advanced solution for providing access to users. The present solution may ensure that only authorized individuals are able to access and manage user data, database dashboards, trace dynamics, and alert information. The present solution also allows administrators within the network to assign responsibilities for managing alerts and notifications, user traces, and controlling role-based access to databases and clusters. This organized approach reduces confusion and enhances monitoring efficiency. Moreover, the present solution minimizes the risk of unauthorized manipulation or deletion of critical monitoring data within 5G network elements, which may prevent any data loss and alterations, particularly in cases where crucial alerts and reports are at risk. In addition, the present solution may ensure efficient storage and analysis of user activity, enabling the tracking of user behaviour and unauthorized actions, which helps maintain data integrity.
[0113] While considerable emphasis has been placed herein on the
disclosed implementations, it will be appreciated that many implementations can be made and that many changes can be made to the implementations without departing from the principles of the present disclosure. These and other changes in

the implementations of the present disclosure will be apparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.

We Claim:
1. A method [400] for providing access to users, the method [400] comprising:
- assigning, by an assignment unit [302], a set of roles to a set of users, based on one or more responsibilities of each of the set of users;
- authenticating, by an authentication unit [304], a first user, in response to a login request from the first user;
- determining, by a determination unit [306], based on a profile of the first user, one or more roles assigned to the first user, based on one or more responsibilities of the first user;
- determining, by the determination unit [306], based on the one or more responsibilities of the first user, a set of allowable accesses for the first user; and
- transmitting, by a transceiver unit [308], to a user interface associated with the first user, the set of allowable accesses for the first user.

2. The method [400] as claimed in claim 1, wherein the method [400] comprises tracking, by a tracker [310], one or more activities of the first user.
3. The method [400] as claimed in claim 2, wherein the method [400] comprises storing, by a storage unit [312] in a database, a log of operations of the first user.
4. The method [400] as claimed in claim 1, wherein the method [400] comprises configuring, by a configuration unit [314], the set of roles with one or more predefined allowable accesses.

5. The method [400] as claimed in claim 1, wherein the set of allowable accesses is indicative of at least one of a set of modules accessible by the first user, and a set of operations that the user is allowed to perform.
6. The method [400] as claimed in claim 5, wherein the set of modules is selected from a group consisting of database cluster modules, alert modules, report management modules, notification modules, document modules, and combinations thereof.
7. A system [300] for providing access to users, the system [300] comprising:

- an assignment unit [302] configured to assign a set of roles to a set of users, based on one or more responsibilities of each of the set of users;
- an authentication unit [304] connected at least to the assignment unit [302], wherein the authentication unit [304] is configured to authenticate a first user, in response to a login request from the first user;
- a determination unit [306] connected at least to the authentication unit [304], wherein the determination unit [306] is configured to:

- determine, based on a profile of the first user, one or more roles assigned to the first user, based on one or more responsibilities of the first user; and
- determine, based on the one or more responsibilities of the first user, a set of allowable accesses for the first user; and
- a transceiver unit [308] connected at least with the determination unit [306], wherein the transceiver unit [308] is configured to transmit, to a user interface associated with the first user, the set of allowable accesses for the first user.
8. The system [300] as claimed in claim 7, wherein the system [300] further
comprises a tracker [310] connected at least with the transceiver unit [308], the
tracker [310] is configured to track one or more activities of the first user.

9. The system [300] as claimed in claim 8, wherein the system [300] further comprises a storage unit [312] connected at least to the tracker [310], the storage unit [312] is configured to store, in a database, a log of operations of the first user.
10. The system [300] as claimed in claim 7, wherein the system [300] further comprises a configuration unit [314] connected at least with the assignment unit [302], the configuration unit [314] is configured to configure the set of roles with one or more predefined allowable accesses.
11. The system [300] as claimed in claim 7, wherein the set of allowable accesses is indicative of at least one of a set of modules accessible by the first user, and a set of operations that the user is allowed to perform.
12. The system [300] as claimed in claim 11, wherein the set of modules is selected from a group consisting of database cluster modules, alert modules, report management modules, notification modules, document modules, and combinations thereof.