Method and system for batch task creation and execution

US 20060075253A1
Filed: 09/29/2004
Published: 04/06/2006
Est. Priority Date: 09/29/2004
Status: Active Grant

First Claim

Patent Images

1. A method of authorizing access to computer resources, the method comprising:

creating a credential referenced in a proxy account, wherein the credential comprises an authorized user name and a password;

creating a mapping between the proxy account and at least one computer subsystem, the at least one computer subsystem comprising at least one of programs and services provided by the computer resources;

creating an association between a user submitting a task and the proxy account; and

authorizing access to the at least one computer subsystem under the condition that the user submitting the task is associated with the proxy account having the credential authorizing use of the at least one computer subsystem for the submitted task.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of granting permission to use computer software resources when the user may be offline is accomplished through the use of proxy accounts. Each proxy account encapsulates a single set of user credentials. A set of user credentials contains at least a user name and a secret identifier, such as a password. These credentials are used by a scheduler function as an agent for the user to utilize computer resources to run jobs or tasks on behalf of the user. An embodiment of the invention allows for many different proxy account objects each having one set of credentials. The credentials are used at runtime to impersonate the user and allow a job to run. The job may involve multiple software subsystems. The architecture allows multiple proxy accounts to be created which allows system administrators flexibility in assigning different permissions to different users across multiple software environments.

Citations

28 Claims

1. A method of authorizing access to computer resources, the method comprising:
- creating a credential referenced in a proxy account, wherein the credential comprises an authorized user name and a password;
  
  creating a mapping between the proxy account and at least one computer subsystem, the at least one computer subsystem comprising at least one of programs and services provided by the computer resources;
  
  creating an association between a user submitting a task and the proxy account; and
  
  authorizing access to the at least one computer subsystem under the condition that the user submitting the task is associated with the proxy account having the credential authorizing use of the at least one computer subsystem for the submitted task.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the steps of creating a credential, creating a mapping between the proxy account and a computer subsystem, and creating an association between a user submitting a task and the proxy account are performed at the request of a system administrator.
  - 3. The method of claim 1, wherein the steps of creating a mapping and creating an association are performed with the use of a connector table.
  - 4. The method of claim 1, wherein authorizing access further comprises accessing credential information prior to running a scheduled batch task.
  - 5. The method of claim 1, further comprising executing the submitted task as a scheduled event by using the credential to impersonate the authorized user.
  - 6. The method of claim 5, wherein the authorized user is different from the user submitting the task.
  - 7. The method of claim 5, wherein the credential is replaced by a token and the token is used to impersonate the authorized user.

8. A method of using a proxy account to execute a batch task in a computer system, the method comprising:
- scheduling a batch task to be performed against the computer subsystem by a first user;
  
  verifying that the batch task is authorized by checking an association between the first user and the proxy account;
  
  the proxy account having access to a credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and
  
  executing the batch task at a scheduled time by accessing the proxy account and impersonating the authorized second user using the credential regardless of whether the first user and second user are logged onto the computer system, wherein multiple users are associated with multiple proxy accounts, multiple proxy accounts are associated with multiple software subsystems and wherein any one proxy account has one credential.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein checking the association between the first user and the proxy account comprises accessing a connector table.
  - 10. The method of claim 8, wherein executing the batch task further comprises accessing a table that associates the proxy with at least one subsystem of the computer.
  - 11. The method of claim 10, wherein the at least one subsystem comprises at least one of commands and programs of the computer system.
  - 12. The method of claim 8, wherein executing the batch task at a scheduled time further comprises accessing the proxy account and impersonating the authorized second user using a token that represents the credential.

13. A system for using a proxy account to execute job steps, the system comprising:
- a user interface to allow a first user to enter the job steps;
  
  a means for executing instructions, the instructions performing a method to execute job steps, the method comprising;
  
  scheduling the job steps to be performed with one or more computer software subsystems;
  
  verifying that a job step execution is authorized by checking the association between the first user and a proxy account;
  
  the proxy account referencing a credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and
  
  performing the job step at a scheduled time by accessing the proxy account and using the credential to impersonate the authorized second user regardless of whether the first user and second user are logged onto the computer system.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the step of performing the job step further comprises using a token to represent the credential to impersonate the authorized second user.
  - 15. The system of claim 13, further comprising:
    - a software module which enables setup for performance of the method to execute job steps, the software module having instructions allowing a system administrator to perform a method comprising;
      
      creating the credential referenced in the proxy account;
      
      creating a mapping between the proxy account and the at least one computer software subsystem, the at least one computer software subsystem comprising at least one of programs and services provided by at least one computer software environment; and
      
      creating an association between the first user and the proxy account.
  - 16. The system of claim 15, wherein at least one connection table provides the mapping between a proxy account and the at least one computer subsystem and the association between the first user and the proxy account.

17. A computer-readable medium having computer-executable instructions for performing a method of authorizing access to computer resources, the method comprising:
- creating a credential referenced in a proxy account, wherein the credential comprises an authorized user name and a password;
  
  creating a mapping between the proxy account and at least one computer subsystem, the at least one computer subsystem comprising at least one of programs and services provided by the computer resources;
  
  creating an association between a user submitting a task and the proxy account; and
  
  authorizing access to the at least one computer subsystem under the condition that the user submitting the task is associated with the proxy account having the credential authorizing use of the at least one computer subsystem for the submitted task.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer-readable medium of claim 17, wherein the steps of creating a credential, creating a mapping between the proxy account and at least one computer subsystem, and creating an association between a user submitting a task and the proxy account are performed at the request of a system administrator.
  - 19. The computer-readable medium of claim 17, wherein the steps of creating a mapping and creating an association are performed with the use of a connector table.
  - 20. The computer-readable medium of claim 17, wherein the step of authorizing access further comprises accessing credential information prior to running a scheduled batch task.
  - 21. The computer-readable medium of claim 17, wherein the method further comprises executing the submitted task as a scheduled event by using the credential to impersonate the authorized user.
  - 22. The computer-readable medium of claim 21, wherein the authorized user is different from the user submitting the task.
  - 23. The computer-readable medium of claim 21, wherein the credential is replaced by a token and the token is used to impersonate the authorized user.

24. A computer-readable medium having computer-executable instructions for performing a method of using a proxy account to execute a batch task in a computer system, the method comprising:
- scheduling a batch task to be performed against the computer subsystem by a first user;
  
  verifying that the batch task is authorized by checking an association between the first user and the proxy account;
  
  the proxy account having access to a credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and
  
  executing the batch task at a scheduled time by accessing the proxy account and impersonating the authorized second user using the credential regardless of whether the first user and second user are logged onto the computer system, wherein multiple users are associated with multiple proxy accounts, multiple proxy accounts are associated with multiple software subsystems and wherein any one proxy account has one credential.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The computer-readable medium of claim 24, wherein the step of checking the association between the first user and the proxy account comprises accessing a connector table.
  - 26. The computer-readable medium of claim 24, wherein the step of executing the batch task further comprises accessing a table that associates the proxy with at least one subsystem of the computer.
  - 27. The computer-readable medium of claim 26, wherein the at least one subsystem comprises at least one of commands and programs of the computer system.
  - 28. The computer-readable medium of claim 24, wherein the step of executing the batch task at a scheduled time further comprises accessing the proxy account and impersonating the authorized second user using a token that represents the credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Walters, Robert, Sonkin, Dmitry, Prang, Bruce A., Dines, Daniel

Granted Patent

US 7,496,761 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

G06Q 10/0631   Resource planning, allocati...

H04L 63/04   for providing a confidentia...

H04L 63/083   using passwords cryptograph...

Method and system for batch task creation and execution

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for batch task creation and execution

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links