OPERATING SYSTEM ROLES

US 20070156693A1
Filed: 11/03/2006
Published: 07/05/2007
Est. Priority Date: 11/04/2005
Status: Abandoned Application

First Claim

Patent Images

1. One or more computer readable media storing computer-executable instructions which, when executed on a computer system, perform a method comprising steps of:

(a) identifying a first role on the computer system, the first role associated with one or more resources on the computer system and one or more users of the computer system;

(b) receiving a request from a first user to access a first resource on the computer system;

(c) determining that the first user is a member of the first role;

(d) determining that the first resource is associated with the first role;

(e) based on (c) and (d), permitting the first user to access the first resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Operating system roles may be defined to provide users access to computer resources, such as files, computer setup and configuration tasks, application programs and specific features within applications, separately from the permissions associated with the user'"'"'s login. Permission levels may be designated directly to roles, providing a level of abstraction beyond user login access permissions. Thus, role members may gain access to a resource through the permissions of a role, and similarly, other authorized users will not be denied access to a resource based on a change to the role.

115 Citations

20 Claims

1. One or more computer readable media storing computer-executable instructions which, when executed on a computer system, perform a method comprising steps of:
- (a) identifying a first role on the computer system, the first role associated with one or more resources on the computer system and one or more users of the computer system;
  
  (b) receiving a request from a first user to access a first resource on the computer system;
  
  (c) determining that the first user is a member of the first role;
  
  (d) determining that the first resource is associated with the first role;
  
  (e) based on (c) and (d), permitting the first user to access the first resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer readable media according to claim 1, wherein the first resource is a set of privileges corresponding to a subset of features of a first application installed on the computer system.
  - 3. The computer readable media according to claim 2, wherein a second role associated with one or more different users is defined on the computer system, the second role providing a set of privileges corresponding to a different subset of features of the first application.
  - 4. The computer readable media according to claim 1, wherein at the time step (e) is performed, the first user is not permitted to access the first resource through an assigned user login corresponding to the first user.
  - 5. The computer readable media according to claim 4, wherein an access control database is stored on the computer system, said database defining access permissions to the first resource, and wherein at the time step (e) is performed the user login assigned to the first user is not represented in the access control database.
  - 6. The computer readable media according to claim 1, wherein the first resource is a set of privileges corresponding to the instantiation of an application program on the computer system.
  - 7. The computer readable media according to claim 1, wherein the first resource is a set of privileges corresponding to control over the number of application programs that are allowed to be run concurrently by a user on the computer system.
  - 8. The computer readable media according to claim 1, wherein the first resource is one of a file stored on a file system in the computer system.
  - 9. The computer readable media according to claim 1, wherein the first resource is a set of privileges corresponding to control over the setup of the computer.

10. One or more computer readable media storing computer-executable instructions which, when executed on a computer system, perform a method of providing access to a resource on a computer system, the method comprising:
- identifying a first role on the computer system, the first role associated with one or more resources on the computer system;
  
  identifying a first user of the computer system;
  
  granting the first user access to a first resource on the computer system through use of a user login;
  
  configuring the first role to permit the first user to access the first resource through use of the first role; and
  
  reconfiguring the first role to prevent the first user from accessing the first resource through the first role, wherein the reconfiguring of the first role does not prevent the first user from accessing the first resource through use of the user login.
- View Dependent Claims (11, 12, 13)
- - 11. The computer readable media according to claim 10, wherein the reconfiguring of the first role comprises removing the first user from a list of members associated with the first role.
  - 12. The computer readable media according to claim 10, wherein the reconfiguring of the first role comprises disassociating the first resource from the first role, and wherein after said reconfiguring the first user remains a member of the first role.
  - 13. The computer readable media according to claim 10, the method further comprising:
    - identifying a second role on the computer system, the second role associated with a different set of one or more resources on the computer system, wherein the first resource is associated with both the first and second role;
      
      configuring the first role to permit the first user to access the first resource through use of the first role;
      
      configuring the second role to permit the first user to access the first resource through use of the second role; and
      
      reconfiguring the second role to prevent the first user from accessing the first resource through the second role, wherein the reconfiguring of the second role does not prevent the first user from accessing the first resource through use of the first role.

14. A system for providing access to a computer resource, comprising:
- a storage for storing access permissions associated with a plurality of computer resources;
  
  one or more input devices configured to receive user input;
  
  a processor controlling at least some operations of the system; and
  
  a memory storing computer executable instructions that, when executed by the processor, cause the system to perform a method comprising;
  
  storing in the storage a first set of access permissions corresponding to a first role, the first role associated with a first user and a computer resource;
  
  receiving user input from an input device, said user input corresponding to a request by the first user to access the computer resource;
  
  determining that the first user is associated with the first role;
  
  retrieving from the storage the first set of access permissions; and
  
  granting the first user access to the computer resource based on the first set of access permissions.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, the method further comprising the steps of:
    - storing in the storage a second set of access permissions corresponding to a second role, the second role associated with a second user;
      
      receiving user input from an input device, said user input corresponding to a request by the second user to access the computer resource; and
      
      denying the second user access to the computer resource based on a determination that the second user is not associated with the first role.
  - 16. The system of claim 15, wherein the step of denying the second user access to the computer resource is further based on a determination that the second user is not permitted to access the computer resource through an assigned user login for the second user.
  - 17. The system of claim 14, wherein at the time that the first user is granted access to the computer resource, the first user is not permitted to access the first resource through an assigned user login for the first user.
  - 18. The system of claim 14, wherein the computer resource corresponds to a subset of features of an application installed on the computer system.
  - 19. The system of claim 18, wherein the first role provides a set of access permissions corresponding to a subset of features of the application, and wherein the second role provides a set of access permissions corresponding to a different subset of features of the application.
  - 20. The system of claim 18, wherein computer resource comprises one of a privilege to instantiate an application on the system, a privilege to control the number of applications that are allowed to run concurrently by a user on the system, and a privilege to control a setup function of the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Krishnaswamy, Vinay, Soin, Ravipal

Application Number

US11/556,221
Publication Number

US 20070156693A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

OPERATING SYSTEM ROLES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

OPERATING SYSTEM ROLES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links