System, method and program product for managing privilege levels in a computer system

US 20050198512A1
Filed: 03/02/2004
Published: 09/08/2005
Est. Priority Date: 03/02/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer program product for determining if any of a plurality of groups may have an improper actual level of privilege, said computer program product comprising:

a computer readable medium;

first program instructions to compare members within each of said groups to a list of trusted individuals;

second program instructions to determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying said at least one member not on the list of trusted individuals and the group in which said at least one member is a member; and

third program instructions to determine if any group with an actual privilege level higher than user level privilege has a group name on a list of group names generally used for a group with user level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name generally used for a group with user level privilege, such that the members of said groups with the higher actual privilege having a group name generally used for a group with user level privilege are revealed as trusted or not trusted; and

wherein said first, second and third program instructions are recorded on said medium.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and computer program product for determining if any of a plurality of groups may have an improper actual level of privilege. First program instructions compare members within each of the groups to a list of trusted individuals. Second program instructions determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying the member not on the list of trusted individuals and the group in which the member is a member. Third program instructions determine if any group with an actual privilege level higher than user level privilege has a group name generally used or specified for a group with user level privilege, and if so, generate a report that the group with the higher actual privilege level has a group name generally used or specified for a group with user level privilege. Fourth program instructions determine if any groups with an actual privilege level higher than user level privilege have a group name not generally used or specified for a group with the higher level privilege, and if so, generate a report that the group with the higher actual privilege level has a group name not generally used or specified for a group with the higher level privilege. Consequently, the members of the groups with the higher actual privilege having a group name generally used for a group with user level privilege or a group name not generally used or specified for a group with the higher level privilege are revealed as trusted or not trusted.

31 Citations

View as Search Results

17 Claims

1. A computer program product for determining if any of a plurality of groups may have an improper actual level of privilege, said computer program product comprising:
- a computer readable medium;
  
  first program instructions to compare members within each of said groups to a list of trusted individuals;
  
  second program instructions to determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying said at least one member not on the list of trusted individuals and the group in which said at least one member is a member; and
  
  third program instructions to determine if any group with an actual privilege level higher than user level privilege has a group name on a list of group names generally used for a group with user level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name generally used for a group with user level privilege, such that the members of said groups with the higher actual privilege having a group name generally used for a group with user level privilege are revealed as trusted or not trusted; and
  
  wherein said first, second and third program instructions are recorded on said medium.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A computer program product as set forth in claim 1 wherein there are a plurality of applications or application instances, and a same group can be assigned different privilege levels for involvement with different applications or application instances;
    - and said third program instructions makes its determination separately for each application or application instance.
  - 3. A computer program product as set forth in claim 1 further comprising:
    - fourth program instructions to determine if any groups with an actual privilege level higher than user level privilege have a group name not on a list of group names generally used for a group with the higher level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name not on a list of group names generally used for a group with the higher level privilege, such that the members of said groups with the higher actual privilege having a group name not generally used for a group with the higher level privilege are revealed as trusted or not trusted; and
      
      wherein said fourth program instructions are recorded on said medium.
  - 4. A computer program product as set forth in claim 1 wherein said second program instructions determine if any group with an actual privilege level higher than user level privilege have all of its members on the list of trusted individuals, and if so, generate a report that said group with the higher actual privilege level has all its members on the list of trusted individuals.
  - 5. A computer program product as set forth in claim 1 further comprising fourth program instructions to determine if all the members of said groups with the higher actual privilege having a group name generally used for a group with user level privilege are on the list of trusted individuals;
    - and wherein said fourth program instructions are recorded on said medium.

6. A computer system for determining if any of a plurality of groups may have an improper actual level of privilege, said computer system comprising:
- means for comparing members within each of said groups to a list of trusted individuals;
  
  means for determining if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying said at least one member not on the list of trusted individuals and the group in which said at least one member is a member; and
  
  means for determining if any group with an actual privilege level higher than user level privilege has a group name on a list of group names generally used for a group with user level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name generally used for a group with user level privilege, such that the members of said groups with the higher actual privilege having a group name generally used for a group with user level privilege are revealed as trusted or not trusted.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A computer system as set forth in claim 6 wherein there are a plurality of applications or application instances, and a same group can be assigned different privilege levels for involvement with different applications or application instances;
    - and said means for determining if any group with an actual privilege level higher than user level privilege has a group name generally used for a group with user level privilege makes its determination separately for each application or application instance.
  - 8. A computer system as set forth in claim 6 further comprising:
    - means for determining if any groups with an actual privilege level higher than user level privilege have a group name not on a list of group names generally used for a group with the higher level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name not generally used for a group with the higher level privilege, such that the members of said groups with the higher actual privilege having a group name not generally used for a group with the higher level privilege are revealed as trusted or not trusted.
  - 9. A computer system as set forth in claim 6 wherein said means for determining if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals determines if any group with an actual privilege level higher than user level privilege have all of its members on the list of trusted individuals, and if so, generates a report that said group with the higher actual privilege level has all its members on the list of trusted individuals.
  - 10. A computer system as set forth in claim 6 further comprising means for determining if all the members of said groups with the higher actual privilege having a group name generally used for a group with user level privilege are on the list of trusted individuals.

11. A computer program product for determining if any of a plurality of groups may have an improper actual level of privilege, said computer program product comprising:
- a computer readable medium;
  
  first program instructions to compare members within each of said groups to a list of trusted individuals;
  
  second program instructions to determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying said at least one member not on the list of trusted individuals and the group in which said at least one member is a member; and
  
  third program instructions to determine if any groups with an actual privilege level higher than user level privilege have a group name not on a list of group names generally used for a group with the higher level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name not generally used for a group with the higher level privilege, such that the members of said groups with the higher actual privilege having a group name not generally used for a group with the higher level privilege are revealed as trusted or not trusted; and
  
  wherein said first, second and third program instructions are recorded on said medium.
- View Dependent Claims (12, 13, 14)
- - 12. A computer program product as set forth in claim 11 wherein there are a plurality of applications or application instances, and a same group can be assigned different privilege levels for involvement with different applications or application instances;
    - and said third program instructions makes its determination separately for each application or application instance.
  - 13. A computer program product as set forth in claim 11 wherein said second program instructions determine if any group with an actual privilege level higher than user level privilege have all of its members on the list of trusted individuals, and if so, generate a report that said group with the higher privilege level has all its members on the list of trusted individuals
  - 14. A computer program product as set forth in claim 11 further comprising fourth program instructions to determine if all the members of said group with the higher actual privilege having a group name not generally used for a group with higher level privilege are on the list of trusted individuals;
    - and wherein said fourth program instructions are recorded on said medium.

15. A computer program product for managing privileges of groups, said computer program product comprising:
- a computer readable medium;
  
  first program instructions to compare members within each of said groups to a list of trusted individuals;
  
  second program instructions to determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, remove said member not on the list of trusted individuals from said group; and
  
  wherein said first and second program instructions are recorded on said medium.

16. A computer program product for managing privileges of groups, said computer program product comprising:
- a computer readable medium;
  
  first program instructions to determine if any group with an actual privilege level higher than user level privilege has a group name on a list of group names generally used for a group with user level privilege or no privilege; and
  
  second program instructions, responsive to a determination of a group with an actual privilege level higher than user level privilege with a group name generally used for a group with user level privilege or no privilege, to compare members of such group to a list of trusted individuals, and if any member(s) of such group do not appear on said list of trusted individuals, remove said member(s) from such group that do not appear on the said list of trusted individuals; and
  
  wherein said first and second program instructions are recorded on said medium.

17. A computer program product for managing privileges of groups, said computer program product comprising:
- a computer readable medium;
  
  first program instructions to determine if any group with an actual privilege level higher than user level privilege has a group name not on a list of group names generally used for a group with privilege level higher than user level privilege; and
  
  second program instructions, responsive to a determination of a group with an actual privilege level higher than user level privilege with a group name not generally used for a group with privilege level higher than user level privilege, to compare members of such group to a list of trusted individuals, and if any member(s) of such group do not appear on said list of trusted individuals, lower the actual privilege level of said group; and
  
  wherein said first and second program instructions are recorded on said medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kline, Christopher N.

Application Number

US10/791,321
Publication Number

US 20050198512A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/604 Tools and structures for ma...

System, method and program product for managing privilege levels in a computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

System, method and program product for managing privilege levels in a computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others