US Patent 11539707 Dynamic security policy consolidation

Various embodiments provide for the consolidation of policies across multiple identities that are respectively associated with multiple active directory (AD) groups to which a user belongs. Present embodiments provide for dynamically generating a new identity in the resource provider environment that includes permissions to all of the resources that may otherwise be distributed across multiple identities. Specifically, in accordance with various embodiments, when a user login is detected, the active directory is queried to determine the AD groups to which the user belongs. As mentioned, the user's AD groups are mapped to respective identities in the resource provider environment, in which each identity includes policy defining access to one or more resources. The policies of all the respective identities are consolidated and assigned to a new identity. The user may assume the new identity and access all the resources in tandem.