System, method and program product for managing privilege levels in a computer system
First Claim
1. A computer program product for determining if any of a plurality of groups may have an improper actual level of privilege, said computer program product comprising:
- a computer readable medium;
first program instructions to compare members within each of said groups to a list of trusted individuals;
second program instructions to determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying said at least one member not on the list of trusted individuals and the group in which said at least one member is a member; and
third program instructions to determine if any group with an actual privilege level higher than user level privilege has a group name on a list of group names generally used for a group with user level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name generally used for a group with user level privilege, such that the members of said groups with the higher actual privilege having a group name generally used for a group with user level privilege are revealed as trusted or not trusted; and
wherein said first, second and third program instructions are recorded on said medium.
1 Assignment
0 Petitions
Accused Products
Abstract
System and computer program product for determining if any of a plurality of groups may have an improper actual level of privilege. First program instructions compare members within each of the groups to a list of trusted individuals. Second program instructions determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying the member not on the list of trusted individuals and the group in which the member is a member. Third program instructions determine if any group with an actual privilege level higher than user level privilege has a group name generally used or specified for a group with user level privilege, and if so, generate a report that the group with the higher actual privilege level has a group name generally used or specified for a group with user level privilege. Fourth program instructions determine if any groups with an actual privilege level higher than user level privilege have a group name not generally used or specified for a group with the higher level privilege, and if so, generate a report that the group with the higher actual privilege level has a group name not generally used or specified for a group with the higher level privilege. Consequently, the members of the groups with the higher actual privilege having a group name generally used for a group with user level privilege or a group name not generally used or specified for a group with the higher level privilege are revealed as trusted or not trusted.
31 Citations
17 Claims
-
1. A computer program product for determining if any of a plurality of groups may have an improper actual level of privilege, said computer program product comprising:
-
a computer readable medium;
first program instructions to compare members within each of said groups to a list of trusted individuals;
second program instructions to determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying said at least one member not on the list of trusted individuals and the group in which said at least one member is a member; and
third program instructions to determine if any group with an actual privilege level higher than user level privilege has a group name on a list of group names generally used for a group with user level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name generally used for a group with user level privilege, such that the members of said groups with the higher actual privilege having a group name generally used for a group with user level privilege are revealed as trusted or not trusted; and
whereinsaid first, second and third program instructions are recorded on said medium. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer system for determining if any of a plurality of groups may have an improper actual level of privilege, said computer system comprising:
-
means for comparing members within each of said groups to a list of trusted individuals;
means for determining if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying said at least one member not on the list of trusted individuals and the group in which said at least one member is a member; and
means for determining if any group with an actual privilege level higher than user level privilege has a group name on a list of group names generally used for a group with user level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name generally used for a group with user level privilege, such that the members of said groups with the higher actual privilege having a group name generally used for a group with user level privilege are revealed as trusted or not trusted. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product for determining if any of a plurality of groups may have an improper actual level of privilege, said computer program product comprising:
-
a computer readable medium;
first program instructions to compare members within each of said groups to a list of trusted individuals;
second program instructions to determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, generate a report identifying said at least one member not on the list of trusted individuals and the group in which said at least one member is a member; and
third program instructions to determine if any groups with an actual privilege level higher than user level privilege have a group name not on a list of group names generally used for a group with the higher level privilege, and if so, generate a report that said group with the higher actual privilege level has a group name not generally used for a group with the higher level privilege, such that the members of said groups with the higher actual privilege having a group name not generally used for a group with the higher level privilege are revealed as trusted or not trusted; and
whereinsaid first, second and third program instructions are recorded on said medium. - View Dependent Claims (12, 13, 14)
-
-
15. A computer program product for managing privileges of groups, said computer program product comprising:
-
a computer readable medium;
first program instructions to compare members within each of said groups to a list of trusted individuals;
second program instructions to determine if any groups with an actual privilege level higher than user level privilege have a member not on the list of trusted individuals, and if so, remove said member not on the list of trusted individuals from said group; and
whereinsaid first and second program instructions are recorded on said medium.
-
-
16. A computer program product for managing privileges of groups, said computer program product comprising:
-
a computer readable medium;
first program instructions to determine if any group with an actual privilege level higher than user level privilege has a group name on a list of group names generally used for a group with user level privilege or no privilege; and
second program instructions, responsive to a determination of a group with an actual privilege level higher than user level privilege with a group name generally used for a group with user level privilege or no privilege, to compare members of such group to a list of trusted individuals, and if any member(s) of such group do not appear on said list of trusted individuals, remove said member(s) from such group that do not appear on the said list of trusted individuals; and
whereinsaid first and second program instructions are recorded on said medium.
-
-
17. A computer program product for managing privileges of groups, said computer program product comprising:
-
a computer readable medium;
first program instructions to determine if any group with an actual privilege level higher than user level privilege has a group name not on a list of group names generally used for a group with privilege level higher than user level privilege; and
second program instructions, responsive to a determination of a group with an actual privilege level higher than user level privilege with a group name not generally used for a group with privilege level higher than user level privilege, to compare members of such group to a list of trusted individuals, and if any member(s) of such group do not appear on said list of trusted individuals, lower the actual privilege level of said group; and
whereinsaid first and second program instructions are recorded on said medium.
-
Specification