System and method for implementing a hierarchical policy for computer system administration
First Claim
1. A method for implementing a hierarchical policy for administration of a computer system having at least one computer, an associated database and a user interface for inputting data to said database, said method comprising the steps of:
- providing for storing of a number of policies in said database, said policies each having an associated policy class name and policy attribute;
providing for organizing of said policies into policy groups;
providing for inputting of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value;
providing for searching of certain of said policy groups pertinent to said input managed object to determine policies within said policy groups having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
providing for returning of a matching subset of policies from said policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute;
providing for analyzing of said proposed value of said input object attribute of said input managed object with respect to said matching subset of policies; and
providing for allowing of entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said matching subset of policies.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for implementing a hierarchical policy for computer system administration which is extremely flexible in assigning policies to managed objects. Policies are defined to be rules for the values of the attributes of managed objects. Policy groups comprise the basic building blocks and they associate a set of policies with a set of managed objects. Policy groups can also be members of other policy groups and a policy group inherits the policies of its parent policy groups supporting the hierarchical specification of policy. A given policy group may have multiple parents which allows the "mix-in" of policies from the parents. Cloning and templates in conjunction with validation policies and policy groups provide standardization and a concomitant reduction in system administration complexity.
-
Citations
51 Claims
-
1. A method for implementing a hierarchical policy for administration of a computer system having at least one computer, an associated database and a user interface for inputting data to said database, said method comprising the steps of:
-
providing for storing of a number of policies in said database, said policies each having an associated policy class name and policy attribute; providing for organizing of said policies into policy groups; providing for inputting of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value; providing for searching of certain of said policy groups pertinent to said input managed object to determine policies within said policy groups having a policy class name and policy attribute corresponding to said input object class name and input object attribute; providing for returning of a matching subset of policies from said policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute; providing for analyzing of said proposed value of said input object attribute of said input managed object with respect to said matching subset of policies; and providing for allowing of entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said matching subset of policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer program product comprising:
-
a computer usable medium having computer readable code embodied therein for implementing a hierarchical policy for administration of a computer system having at least one computer, an associated database and a user interface for inputting data to said database, the computer program product comprising; computer readable program code devices configured to cause a computer to effect storing a number of policies in said database, said policies each having an associated policy class name and an associated policy attribute; computer readable program code devices configured to cause a computer to effect organizing said policies into policy groups; computer readable program code devices configured to cause a computer to effect inputting characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value; computer readable program code devices configured to cause a computer to effect searching certain of said policy groups pertinent to said input managed object to determine policies thereof having a policy class name and policy attribute corresponding to said input object class name and input object attribute; computer readable program code devices configured to cause a computer to effect returning a matching subset of said policies from said policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute; computer readable program code devices configured to cause a computer to effect analyzing said proposed value of said input object attribute with respect to said matching subset of said policies; and computer readable program code devices configured to cause a computer to effect allowing entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said matching subset of said policies. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer system capable of implementing a hierarchical policy administration, said computer system comprising:
-
at least one computer; at least one database retained within a computer mass storage device operatively coupled to said computer, said database being capable of storing a number of policies having an associated policy class name and an associated policy attribute; a user interface operatively coupled to said at least one computer, said user interface capable of allowing input of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value; an associator operable in conjunction with said at least one computer and said database for organizing said policies into policy groups; an iterator operable in conjunction with said at least one computer and said database for searching certain of said policy groups pertinent to said input managed object to determine policies thereof having a policy class name and policy attribute corresponding to said input object class name and input object attribute; a matching subset of said policies from said policy groups returned by said iterator to said at least one computer which have a policy class name and policy attribute corresponding to said input object class name and input object attribute; an analyzer operable in conjunction with said at least one computer for testing said proposed value of said input object attribute with respect to said matching subset of said policies; and an input validator operable in conjunction with said at least one computer and said user interface and responsive to said analyzer, said input validator allowing entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said matching subset of said policies. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
-
29. A method for implementing a hierarchical policy for a computer system having at least one computer, an associated database and a user interface for inputting data to said computer system, said method comprising the steps of:
-
providing for organizing of a number of policies in said database into policy groups, each of said policies having an associated policy class name and an associated policy attribute; providing for inputting of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value; providing for analyzing of said proposed value of said input object attribute with respect to policies in pertinent ones of said policy groups having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and providing for allowing of entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said pertinent ones of said policy groups. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A computer program product comprising:
a computer usable medium having computer readable code embodied thereon for implementing a hierarchical policy for a computer system having at least one computer, an associated database and a user interface for inputting data to said computer system, the computer program product comprising; computer readable program code devices configured to cause a computer to effect organizing of a number of policies in said database into policy groups, each of said policies having an associated policy class name and an associated policy attribute; computer readable program code devices configured to cause a computer to effect inputting of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value; computer readable program code devices configured to cause a computer to effect analyzing of said proposed value of said input object attribute with respect to policies in pertinent ones of said policy groups having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and computer readable program code devices configured to cause a computer to effect allowing of entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said pertinent ones of said policy groups. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
Specification