Method for gradual deployment of user-access security within a data processing system
First Claim
1. A process for arbitrating an attempted access to a data processing system in which a new security system incorporating a normal validation process has been invoked, which new security system requires the submission by a requesting user of at least an identification of the requesting user, a token and an identification of the data processing system objects to which access is sought, the process comprising steps A), B), B)1), B)2), C), C)1), C)2), D), D)1), D)2), E), E)1), E)2), F), F)1), F)2), G), G)1), G)2), H), H)1), H)2), Y) and Z), which steps respectively perform the following operations when invoked:
- A) receives a user'"'"'s request in a user-supplied data format to access a requested object in the data processing system;
B) determines if the user-supplied data format is valid under the new security system;
1) if the user-supplied data format is valid under the new security system, directs process flow to step C);
2) if the user-supplied data format is not valid under the new security system, directs process flow to step D);
C) performs the normal validation process under the new security system;
1) if the normal validation process is successful, directs process flow to step Y);
2) if the normal validation process is unsuccessful, directs process flow to step Z);
D) determines if an object profile exists in the new security system for the requested object;
1) if an object profile does not exist for the requested object, directs process flow to step C);
2) if an object profile exists for the requested object, directs process flow to step E);
E) determines if the profile of the requested object is locked;
1) if the profile of the requested object is locked, directs process flow to step F);
2) if the profile of the requested object is not locked, directs process flow to step G);
F) determines if the object profile is application controlled;
1) if the object profile is application controlled;
directs process flow to step Z);
2) if the object profile is not application controlled;
directs process flow to step C);
G) determines if the object profile is application controlled;
1) if the object profile is application controlled;
directs process flow to step Y);
2) if the object profile is not application controlled;
directs process flow to step H);
H) determines if the object profile is limited;
1) if the object profile is limited;
directs process flow to step Z);
2) if the object profile is not limited, directs process flow to step Y);
Y) grants to the requesting user access to the requested object and exits the process;
Z) denies access to the requested object and exits the process.
1 Assignment
0 Petitions
Accused Products
Abstract
A method allowing the gradual deployment of a new security policy on a data processing system wherein users may access certain objects under the former authorization until complete security implementation is achieved. A user having a security profile satisfying the former security policy criteria, but not the new security criteria, would normally be denied access to objects that were formerly accessible. With the present invention, an intermediate security profile is created while the new policy is being implemented wherein such a user'"'"'s access is not granted, but not necessarily denied. This tertiary state is achieved by supplementing the security profile of the user to satisfy the new security criteria. When a user attempts object access providing an identity token valid under the former system, arbitration occurs which may result in the synthesis or substitution of a proxy identity which is compliant with the new policy. Alternatively, the tertiary state is achieved by supplementing the security profile of the object. In such a case, when a user attempts object access providing an identity token valid under the former system, arbitration occurs resulting in the amendment of the object'"'"'s access criteria to allow access under the former security criteria. The security administrator may be notified of the attempted use and subsequent security arbitration results.
97 Citations
7 Claims
-
1. A process for arbitrating an attempted access to a data processing system in which a new security system incorporating a normal validation process has been invoked, which new security system requires the submission by a requesting user of at least an identification of the requesting user, a token and an identification of the data processing system objects to which access is sought, the process comprising steps A), B), B)1), B)2), C), C)1), C)2), D), D)1), D)2), E), E)1), E)2), F), F)1), F)2), G), G)1), G)2), H), H)1), H)2), Y) and Z), which steps respectively perform the following operations when invoked:
-
A) receives a user'"'"'s request in a user-supplied data format to access a requested object in the data processing system; B) determines if the user-supplied data format is valid under the new security system; 1) if the user-supplied data format is valid under the new security system, directs process flow to step C); 2) if the user-supplied data format is not valid under the new security system, directs process flow to step D); C) performs the normal validation process under the new security system; 1) if the normal validation process is successful, directs process flow to step Y); 2) if the normal validation process is unsuccessful, directs process flow to step Z); D) determines if an object profile exists in the new security system for the requested object; 1) if an object profile does not exist for the requested object, directs process flow to step C); 2) if an object profile exists for the requested object, directs process flow to step E); E) determines if the profile of the requested object is locked; 1) if the profile of the requested object is locked, directs process flow to step F); 2) if the profile of the requested object is not locked, directs process flow to step G); F) determines if the object profile is application controlled; 1) if the object profile is application controlled;
directs process flow to step Z);2) if the object profile is not application controlled;
directs process flow to step C);G) determines if the object profile is application controlled; 1) if the object profile is application controlled;
directs process flow to step Y);2) if the object profile is not application controlled;
directs process flow to step H);H) determines if the object profile is limited; 1) if the object profile is limited;
directs process flow to step Z);2) if the object profile is not limited, directs process flow to step Y); Y) grants to the requesting user access to the requested object and exits the process; Z) denies access to the requested object and exits the process.
-
-
2. A process for arbitrating an attempted access to a data processing system in which a new security system incorporating a normal validation process has been invoked as a successor to a prior security system, which new security system requires the submission by a requesting user of at least an identification of the requesting user, a token and an identification of the data processing system objects to which access is sought, in which, a security administrator predetermines and has the authority to adjust the degree of access to objects in the data processing system under the new security system to users supplying identification of the requesting user, a token and an identification of the data processing system objects to which access is sought which were valid under the prior security system, the process comprising steps A), B), B)1), B)2), C), C)1), C)2), D), D)1), D)2), E), E)1), E)2), F), F)1)a), F)1)b), F)2), G), G)1), G)2), H), H)1)a), H)1)b), H)2)a), H)2)b), X), Y) and Z), which steps respectively perform the following operations when invoked:
-
A) receives a user'"'"'s request in a user-supplied data format to access a requested object in the data processing system; B) determines if the user-supplied data format is valid under the new security system; 1) if the user-supplied data format is valid under the new security system, directs process flow to step C); 2) if the user-supplied data format is not valid under the new security system, directs process flow to step D); C) performs the normal validation process under the new security system; 1) if the normal validation process is successful, directs process flow to step Y); 2) if the normal validation process is unsuccessful, directs process flow to step H); D) determines if an object profile exists in the new security system for the requested object; 1) if an object profile does not exist for the requested object, directs process flow to step C); 2) if an object profile exists for the requested object, directs process flow to step E); E) determines if the profile of the requested object is locked; 1) if the profile of the requested object is locked, directs process flow to step F); 2) if the profile of the requested object is not locked, directs process flow to step G); F) determines if the object profile is application controlled; 1) if the object profile is application controlled; a) sends a message to the security administrator identifying the requesting user-supplied token and the fact of denial of access; and b) directs process flow to step Z); 2) if the object profile is not application controlled;
directs process flow to step C);G) determines if the object profile is application controlled; 1) if the object profile is application controlled;
directs process flow to step X);2) if the object profile is not application controlled;
directs process flow to step H);H) determines if an object profile is limited; 1) if the object profile is limited; a) sends a message to the security administrator identifying the requesting user-supplied token and the fact of denial of access; and b) directs process flow to step Z); 2) if the object profile is not limited; a) collects administrator supplied data for the object profile; and b) directs process flow to step Y); X) sends a message to the security administrator identifying the requesting user-supplied token and the fact of grant of access to the requested object to the requesting user; Y) grants to the requesting user access to the requested object and exits the process; Z) denies access to the requested object, notifying the requesting user of that fact and exits the process. - View Dependent Claims (3, 6)
-
-
4. A process for arbitrating an attempted access to a data processing system in which a new security system incorporating a normal validation process has been invoked for the purpose of processing a batch, which new security system requires the submission by a requesting user of at least a user-supplied PID identifying the requesting user, a token and an identification of the batch process to which access is sought, the process comprising steps A), B), B)1), B)2), C), C)1), C)2), D), E), E)1), E)2), F), F)1), F)2), G), H), I), I)1), I)2), J), J)1), J)2), K), L), L)1), L)2), M), M)1), M)2), Y) and Z), which steps respectively perform the following operations when invoked:
-
A) collects the identifiers for all file system partitions which must be accessed to process the specified batch; B) determines if the user-supplied PID is valid under the new security system; 1) if the PID is valid under the new security system, directs process flow to step I); 2) if the PID is not valid under the new security system, directs process flow to step C); C) determines if assist is temporarily allowed for a user identification which may have been supplied by the requesting user; 1) if assist is allowed, directs process flow to step D); 2) if assist is not allowed, directs process flow to step Z); D) selects an identifier for one of the file system partitions for examination; E) determines if the user supplied token is valid for the selected partition; 1) if the user supplied token is valid for the selected partition, directs process flow to step F); 2) if the user supplied token is not valid for the selected partition, directs process flow to step Z); F) determines if all partitions required to execute the specified batch have been examined; 1) if all partitions required to execute the specified batch have been examined, directs process flow to step G); 2) if all partitions required to execute the specified batch have not been examined, selects a different identifier and directs process flow back to step E); G) sets the user supplied identification as registered to a PID assigned to the user for future runs of the same batch process; H) assigns assist attributes and privilege level to the user and directs process flow to step Y); I) determines if the user identification has been registered to the supplied PID; 1) if the user identification has been registered to the supplied PID, directs process flow to step Y); 2) if the user identification has not been registered to the supplied PID, directs process flow to step J); J) determines if assist is allowed for both the user identification and the PID; 1) if assist is allowed for both the user identification and the PID, directs process flow to step K); 2) if assist is not allowed for both the user identification and the PID, directs process flow to step Z); K) selects an identifier for one of the file system partitions for examination; L) determines if the user supplied token is valid for the selected partition; 1) if the user supplied token is valid for the selected partition, directs process flow to step M); 2) if the user supplied token is not valid for the selected partition, directs process flow to step Z); M) determines if all partitions required to execute the specified batch have been examined; 1) if all partitions required to execute the specified batch have been examined, directs process flow to step Y); 2) if all partitions required to execute the specified batch have not been examined, selects a different identifier and directs process flow back to step L); Y) grants to the requesting user access to the requested batch process and exits the process; Z) denies access to the requested batch process, notifying the requesting user of that fact and exits the process. - View Dependent Claims (5, 7)
-
Specification