Web Management Authorization and Delegation Framework
First Claim
1. In a computing environment, a method comprising, receiving a request to authorize a non-administrative user to perform an administrative action, accessing an authorization store, which is configured with information that corresponds to users and specified actions associated with those users, for determining whether the non-administrative user is allowed to perform the administrative action, and if so, providing credentials that allow the non-administrative user to perform the administrative action.
2 Assignments
0 Petitions
Accused Products
Abstract
Described is a technology in which a non-administrator computer/web user is allowed to perform an administrative-level task within a certain context and/or scope. An authorization store is queried based on information (e.g., a provider, a username, and a path) provided with an authorization request, e.g., from an application via an API. The information in the authorization store, set up by an administrator, determines the administrative action is allowed. If so, a credential store provides credentials that allow the action to be runs before reverting the user to the prior set of credentials. Also described is a pluggable provider model through which the authorization store and/or delegation store are accessed, whereby the data maintained therein can be any format and/or at any location known to the associated provider.
-
Citations
20 Claims
- 1. In a computing environment, a method comprising, receiving a request to authorize a non-administrative user to perform an administrative action, accessing an authorization store, which is configured with information that corresponds to users and specified actions associated with those users, for determining whether the non-administrative user is allowed to perform the administrative action, and if so, providing credentials that allow the non-administrative user to perform the administrative action.
- 10. In a computing environment, a system comprising, a rule engine that receives a request to authorize a non-administrative user to perform an administrative action, an authorization store coupled to the rules engine that provides information that corresponds to users and specified actions associated with those users, the rules engine configured to determine whether the non-administrative user is allowed to perform the administrative action, and if so, the rules engine configured to obtain providing credentials from a credential store to enable the non-administrative user to perform the administrative action.
- 17. One or more computer-readable media having computer-executable instructions, which when executed perform steps, comprising, receiving a request to authorize a non-administrative user to perform an administrative action, the request including a provider, a username, and a path, using the provider to access an authorization store, determining from information in the authorization store and from the request whether the non-administrative user is allowed to perform the administrative action, and if so, obtaining credentials that allow the non-administrative user to perform the administrative action, running the administrative action, and returning the user to a set of credentials that were associated with that user prior to running the administrative action.
Specification