Method and system for limiting rights of services
First Claim
1. A method in a computer system for identifying access rights of services, the method comprising:
- for services that are to execute within a service host, creating a security identifier that is unique to the service and independent of the computer system; and
adding the security identifier to a security context for the service host; and
when a service accesses an object, providing the security context with the added security identifiers to establish a right of the service to access the object.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for controlling access rights and privileges of services is provided. A service control system creates a security identifier that is unique for each service that executes within a service host and adds the security identifiers to the security context of the service host. The service control system may create a unique security identifier for each service that is independent of the computer system and the account on which the service executes. The service control system may also adjust the privileges of the security context of a service host to be an aggregate of the privileges needed by the services that are to execute within the service host. The service control system may also create a restricted security context for the service host that includes the security identifiers of the services as restricted service identifiers.
40 Citations
20 Claims
-
1. A method in a computer system for identifying access rights of services, the method comprising:
-
for services that are to execute within a service host, creating a security identifier that is unique to the service and independent of the computer system; and
adding the security identifier to a security context for the service host; and
when a service accesses an object, providing the security context with the added security identifiers to establish a right of the service to access the object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method in a computer system for establishing privileges of services of a service host, the method comprising:
-
receiving a security context for the service host that includes privileges of the service host;
determining the privileges of the services of the service host; and
adjusting the privileges of the security context to an aggregation of the determined privileges. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method in a computer system for controlling access of services to objects, the method comprising:
-
under control of a service control manager, creating a restricted access token that includes the security identifiers of the services as restricted security identifiers; and
under control of a service, providing the restricted access token to establish access rights of the service to an object that has an access control list that includes the security identifier of the service. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification