Secure user access subsystem for use in a computer information database system
First Claim
1. A system for controlling access to computer profile data in a computer information database, the system including:
- A. a group manager that groups the computers based on computer grouping criteria;
B. a user access manager that i. associates respective users with login groups, ii. associates the respective users with user types that correspond to sets of system administrative features; and
iii. restricts the access of a given user to only the administrative features associated with the given user'"'"'s user type and the profile data of only computers that are included in the group or groups of computers that are associated with the user'"'"'s login group and any subgroups thereof.
1 Assignment
0 Petitions
Accused Products
Abstract
A user access security subsystem of a computer information database system utilizes computer grouping criteria and user type criteria to control user access to both computer profile data and system administrative features. The computer grouping criteria determine profile data access for the respective users. The user type criteria determine which administrative features are accessible to the respective users, and thus, what administrative authority is delegated to the users. The combination of the computer grouping and the user type criteria restricts a given user to exercising the delegated administrative authority only with respect to the particular grouping of computers to which the user has been granted access through the associated login group. To maintain access security, the subsystem allows a given user to grant to another only those access rights that are equal to or more restrictive than the given users rights. Thus, the given user cannot grant access to a login group that is a peer or a superior of his own login group and/or cannot assign a user type that is associated with greater access to system administrative features than his own user type. The user access security subsystem enforces the access restrictions by tailoring the user interface presented to the user based on the associated login group and user type.
122 Citations
31 Claims
-
1. A system for controlling access to computer profile data in a computer information database, the system including:
-
A. a group manager that groups the computers based on computer grouping criteria;
B. a user access manager that i. associates respective users with login groups, ii. associates the respective users with user types that correspond to sets of system administrative features; and
iii. restricts the access of a given user to only the administrative features associated with the given user'"'"'s user type and the profile data of only computers that are included in the group or groups of computers that are associated with the user'"'"'s login group and any subgroups thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
12. A method for controlling access to computer profile data in a computer information database, the method including:
-
A. grouping the computers based on computer grouping criteria;
B. associating respective users with login groups;
C. associating the respective users with user types that correspond to sets of system administrative features; and
D. allowing a given user to utilize only the sets of administrative features specified by the associated user type on the profile data of only computers that are included in the group or groups of computers that correspond to the associated login group and any subgroups thereof. - View Dependent Claims (13)
-
-
22. A user access manager for controlling access to computer profile data provided by computers that are grouped in accordance with computer grouping criteria, the manager including:
-
A. means for i. associating respective users with login groups, and ii. associating the respective users with user types that correspond to sets of system administrative features; and
B. means for allowing a given user to utilize only the sets of administrative features specified by the associated user type on the profile data of only computers that are included in the group or groups of computers that are associated with the login group and any subgroups thereof. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification