Method and system for batch task creation and execution
First Claim
1. A method of authorizing access to computer resources, the method comprising:
- creating a credential referenced in a proxy account, wherein the credential comprises an authorized user name and a password;
creating a mapping between the proxy account and at least one computer subsystem, the at least one computer subsystem comprising at least one of programs and services provided by the computer resources;
creating an association between a user submitting a task and the proxy account; and
authorizing access to the at least one computer subsystem under the condition that the user submitting the task is associated with the proxy account having the credential authorizing use of the at least one computer subsystem for the submitted task.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of granting permission to use computer software resources when the user may be offline is accomplished through the use of proxy accounts. Each proxy account encapsulates a single set of user credentials. A set of user credentials contains at least a user name and a secret identifier, such as a password. These credentials are used by a scheduler function as an agent for the user to utilize computer resources to run jobs or tasks on behalf of the user. An embodiment of the invention allows for many different proxy account objects each having one set of credentials. The credentials are used at runtime to impersonate the user and allow a job to run. The job may involve multiple software subsystems. The architecture allows multiple proxy accounts to be created which allows system administrators flexibility in assigning different permissions to different users across multiple software environments.
-
Citations
28 Claims
-
1. A method of authorizing access to computer resources, the method comprising:
-
creating a credential referenced in a proxy account, wherein the credential comprises an authorized user name and a password;
creating a mapping between the proxy account and at least one computer subsystem, the at least one computer subsystem comprising at least one of programs and services provided by the computer resources;
creating an association between a user submitting a task and the proxy account; and
authorizing access to the at least one computer subsystem under the condition that the user submitting the task is associated with the proxy account having the credential authorizing use of the at least one computer subsystem for the submitted task. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of using a proxy account to execute a batch task in a computer system, the method comprising:
-
scheduling a batch task to be performed against the computer subsystem by a first user;
verifying that the batch task is authorized by checking an association between the first user and the proxy account;
the proxy account having access to a credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and
executing the batch task at a scheduled time by accessing the proxy account and impersonating the authorized second user using the credential regardless of whether the first user and second user are logged onto the computer system, wherein multiple users are associated with multiple proxy accounts, multiple proxy accounts are associated with multiple software subsystems and wherein any one proxy account has one credential. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A system for using a proxy account to execute job steps, the system comprising:
-
a user interface to allow a first user to enter the job steps;
a means for executing instructions, the instructions performing a method to execute job steps, the method comprising;
scheduling the job steps to be performed with one or more computer software subsystems;
verifying that a job step execution is authorized by checking the association between the first user and a proxy account;
the proxy account referencing a credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and
performing the job step at a scheduled time by accessing the proxy account and using the credential to impersonate the authorized second user regardless of whether the first user and second user are logged onto the computer system. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-readable medium having computer-executable instructions for performing a method of authorizing access to computer resources, the method comprising:
-
creating a credential referenced in a proxy account, wherein the credential comprises an authorized user name and a password;
creating a mapping between the proxy account and at least one computer subsystem, the at least one computer subsystem comprising at least one of programs and services provided by the computer resources;
creating an association between a user submitting a task and the proxy account; and
authorizing access to the at least one computer subsystem under the condition that the user submitting the task is associated with the proxy account having the credential authorizing use of the at least one computer subsystem for the submitted task. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A computer-readable medium having computer-executable instructions for performing a method of using a proxy account to execute a batch task in a computer system, the method comprising:
-
scheduling a batch task to be performed against the computer subsystem by a first user;
verifying that the batch task is authorized by checking an association between the first user and the proxy account;
the proxy account having access to a credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and
executing the batch task at a scheduled time by accessing the proxy account and impersonating the authorized second user using the credential regardless of whether the first user and second user are logged onto the computer system, wherein multiple users are associated with multiple proxy accounts, multiple proxy accounts are associated with multiple software subsystems and wherein any one proxy account has one credential. - View Dependent Claims (25, 26, 27, 28)
-
Specification