METHOD AND SYSTEM FOR EXTENDING ROLE BASED ACCESS CONTROL ACROSS NETWORK FILE SYSTEMS

US 20090265353A1
Filed: 04/16/2008
Published: 10/22/2009
Est. Priority Date: 04/16/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method of managing access to files in a data processing network including a server computer, a client computer, and a network file system for managing access to files, and wherein a process runs on the client computer, and a defined group of privileges to the files are available to the process, the method comprising the steps of:

using the network file system to mount a group of files on the server computer;

the process generating a request for a file operation;

determining whether the process has a specified privilege for the file operation; and

when the process has said specified privilege, modifying said request to include a signal to the server to honor the request of the process s.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are disclosed for managing access to files in a data processing network including a server computer, a client computer, and a network file system. The network file system is used to mount the files on the server computers, and a defined group of privileges are available to those files. In the operation of the network, a process runs on the client computer, and the process generates a request for a file operation. The method comprises the steps of determining whether the process has a specified privilege for the file operation; and when the process has this privilege, modifying the request to include a signal to the server to honor the request of the process. In the preferred embodiment of the invention, the client determines whether the process has the specified privilege and makes an appropriate modification to the request.

Citations

20 Claims

1. A method of managing access to files in a data processing network including a server computer, a client computer, and a network file system for managing access to files, and wherein a process runs on the client computer, and a defined group of privileges to the files are available to the process, the method comprising the steps of:
- using the network file system to mount a group of files on the server computer;
  
  the process generating a request for a file operation;
  
  determining whether the process has a specified privilege for the file operation; and
  
  when the process has said specified privilege, modifying said request to include a signal to the server to honor the request of the process s.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein the step of determining whether the process has the specified privilege includes the step of the client computer determining whether the process has said specified privilege.
  - 3. A method according to claim 2, wherein the client, computer has an operating system, and the step of the client computer determining whether the process has said specified privilege includes the step of said operating system determining whether the process has said specified privilege.
  - 4. A method according to claim 1, wherein the step of modifying said request includes the step of the client computer modifying said request.
  - 5. A method according to claim 1, wherein the process has a process identification, and the step of modifying said request includes the step of modifying said process identification.
  - 6. A method according to claim 1, wherein the request identifies a target object, and the determining step includes the step of determining if said target object is on the server computer.
  - 7. A method according to claim 6, wherein the step of determining if said target object is on the server computer includes the step of said client computer determining if said target object, is on the server computer.
  - 8. A method according to claim 1, wherein the request identifies a target object, and the method comprises the further steps of:
    - determining if the target object is on the client computer; and
      
      when the target object is on the client computer, processing the request on the client computer based on said specified privilege.
  - 9. A method according to claim 8, wherein the step of determining whether the process has the specified privilege includes the step of, when the target object is not on the client computer, determining whether the process has the specified privilege.
  - 10. A method according to claim 9, comprising the further step of:
    - when the target object is not on the client computer, and the process does not have the specified privilege, sending the request from the client computer to the server computer without modifying the request.

11. A system for managing access to files in a data processing network including a server computer, a client computer, and a network file system for mounting files on the server computer, and wherein a process runs on the client computer and generates a request for a file operation, and a defined group of privileges to the files are available to the process, the system comprising:
- one or more processing units on the client computer and configured for determining whether the process has a specified privilege to a defined file; and
  
  when the process has said specified privilege, for modifying said request to include a signal to the server to honor said request generated by the process.
- View Dependent Claims (12, 13, 14, 15, 20)
- - 12. A system according to claim 11, wherein the client computer has an operating system, and said operating, system is used to determine whether the process has said specified privilege.
  - 13. A system according to claim 11, wherein the process has a process identification, and said one or more processing units are configured to modify said process identification when the process has said specified privilege.
  - 14. A system according to claim 11, wherein the request identifies a target object, and the one or more processor units are configured to determine if said target object is on the server computer.
  - 15. A system according to claim 11, wherein the request identifies a target object, and the one or more processor units are configured for:
    - determining if the target object is on the client computer;
      
      when the target object is on the client computer, processing the request on the client computer based on said specified privilege;
      
      when the target object is not on the client computer, determining whether the process has the specified privilege; and
      
      when the target object is not on the client computer, and the process does not have the specified privilege, sending the request from the client computer to the server computer without modifying the request.
  - 20. A computer readable program storage device according to claim 11, wherein the request identifies a target object, and the method steps comprise the further steps of:
    - determining if the target object is on the client computer;
      
      when the target object is on the client computer, processing the request on the client computer based on said specified privilege; and
      
      when the target object is not on the client computer, and the process does not have the specified privilege, sending the request from the client computer to the server computer without modifying the request.

16. A computer readable storage media, tangibly embodying a program of instructions executable by the computer to perform method steps for managing access to files in a data processing network including a server computer, a client computer, and a network file system for mounting files on the server computer, and wherein a process runs on the client computer and generates a request for a file operation, and a defined group of privileges to the files are available to the process, said method steps comprising:
- determining whether the process has a specified privilege to a defined file; and
  
  when the process has said specified privilege, modifying said request to include a signal to the server to honor the request generated by the process.
- View Dependent Claims (17, 18, 19)
- - 17. A computer readable program storage media according to claim 16, wherein the client computer has an operating system, and said operating system is used to determine whether the process has said specified privilege.
  - 18. A computer readable program storage media according, to claim 16, wherein the process has a process identification, and the modifying step includes the step of modifying said process identification when the process has said specified privilege.
  - 19. A computer readable program storage media according to claim 16, wherein the request identifies a target object, and the method steps comprise the further step of determining if said target object is on the server computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Vaddagiri, Murali

Application Number

US12/104,098
Publication Number

US 20090265353A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

METHOD AND SYSTEM FOR EXTENDING ROLE BASED ACCESS CONTROL ACROSS NETWORK FILE SYSTEMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR EXTENDING ROLE BASED ACCESS CONTROL ACROSS NETWORK FILE SYSTEMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links