Security monitor for controlling functional access to a computer system
First Claim
1. In a computer system including an input device, a method for authorizing the activities of a user comprising the steps of:
- accepting from the user user-specific information entered into said computer system using the input device;
comparing said user-specific information against previously stored authorization information and permitting the user to access the computer system if and only if said user-specific information matches said previously stored authorization information;
selecting a role which the user will assume;
determining the privileges to which the user is authorized, based upon said user-specific information and said selected role;
passing data corresponding to said privileges to a security monitor, said security monitor being queryable from application programs so that upon such query an application program may obtain information defining privileges to which the user is authorized.
20 Assignments
0 Petitions
Accused Products
Abstract
Security functions for a computer system are controlled by a security monitor. A user desiring access to the system inputs a user identification and password combination, and a role the user to assume is selected from among one or more roles defined in the system. Upon being validated as an authorized user performing a particular role, the user is then authorized to perform certain functions and tasks specifically and to see information associated with that role (and optimally the work group the user is assigned). For some users, no role or a "null" roll is chosen, and authorization for certain functions and tasks is accomplished due to that particular user having been predefined by an administrator as being allowed to perform those functions and tasks, usually due to the predefined privileges associated with the work group(s) to which the user belongs.
-
Citations
12 Claims
-
1. In a computer system including an input device, a method for authorizing the activities of a user comprising the steps of:
-
accepting from the user user-specific information entered into said computer system using the input device; comparing said user-specific information against previously stored authorization information and permitting the user to access the computer system if and only if said user-specific information matches said previously stored authorization information; selecting a role which the user will assume; determining the privileges to which the user is authorized, based upon said user-specific information and said selected role; passing data corresponding to said privileges to a security monitor, said security monitor being queryable from application programs so that upon such query an application program may obtain information defining privileges to which the user is authorized. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a computer system including an input device, a method for authorizing the activities of a user comprising the steps of:
-
accepting from the user user-specific information entered into said computer system using the input device; comparing said user-specific information against previously stored authorization information and permitting the user to access the computer system if and only if said user-specific information matches said previously stored authorization information; determining privileges to which the user is authorized, based upon said user-specific information and previously stored group information defining with which the user is associated; passing data corresponding to said authorized privileges to a security monitor, said security monitor being queryable from application programs so that upon such query an application program may obtain information defining said authorized privileges.
-
-
7. In a computer system including an input device, a method for authorizing the activities of a user comprising the steps of:
-
accepting from the user user-specific information entered into said computer system using the input device; comparing said user-specific information against previously stored authorization information and permitting the user to access the computer system if and only if said user specific information matches said previously stored authorization information; receiving a user specified role; determining privileges assigned to the user by said user- specific information and said user specified role; receiving a requested function query when the user seeks to perform a function, said requested function query generated by an application program providing said function; responding to said requested function query by determining whether the user is authorized to perform said function through said application program; authorizing said application program to provide said function if said function is found authorized in said step of responding; and denying authorization to said application program if said function is found not authorized in said step of responding. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification