Limit access to program function
First Claim
1. A method for limiting access to a program function in a computer system and an application program interface with an authorization query function and a registration function, comprising the steps of:
- registering said program function in a repository in said computer system by executing an application program interface function call to said registration function;
selecting user authorizations, said step of selecting user authorizations comprising the steps of;
providing a list of registered program functions to an administrator via a user interface; and
for each registered program function in said list, said administrator setting an authorization corresponding to each of a plurality of users via said user interface, said authorization indicating whether said user is authorized to access said registered program function;
executing, under control of a user, an application program having access to said program function and having an embedded application program interface function call to said authorization query function, said application program interface function call situated in application program code in association with said program function protected against unauthorized access, said authorization query function returning a response in response to execution of said function call;
determining whether said response indicates said user is authorized to access said program function; and
executing said program function only if said user is authorized to access said program function.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer program product for selectively restricting access to a program function in a computer system having an operating system security mechanism operates via an application programming interface (API) that includes a program function registration API function, an authorization selection API function, and an authorization query API function. In response to a call to the API registration function, the program function is registered in a repository in the computer system. After the program function has been registered, a system administrator can select user authorizations using a software tool that includes calls to the authorization selection API function. The system administrator may select whether a particular user or group of users is authorized to access each registered program function. A programmer can embed a call to the authorization query API function in an application program, which includes or calls the program function. When the application program reaches the call to the authorization query API function, the function is executed and returns an indicator or value indicating whether or not that user is allowed to access the program function.
-
Citations
15 Claims
-
1. A method for limiting access to a program function in a computer system and an application program interface with an authorization query function and a registration function, comprising the steps of:
-
registering said program function in a repository in said computer system by executing an application program interface function call to said registration function; selecting user authorizations, said step of selecting user authorizations comprising the steps of; providing a list of registered program functions to an administrator via a user interface; and for each registered program function in said list, said administrator setting an authorization corresponding to each of a plurality of users via said user interface, said authorization indicating whether said user is authorized to access said registered program function; executing, under control of a user, an application program having access to said program function and having an embedded application program interface function call to said authorization query function, said application program interface function call situated in application program code in association with said program function protected against unauthorized access, said authorization query function returning a response in response to execution of said function call; determining whether said response indicates said user is authorized to access said program function; and executing said program function only if said user is authorized to access said program function. - View Dependent Claims (2, 3, 4)
-
-
5. A computer program product for use in a computer system for limiting access to an application program function, said computer program product comprising at least one signal-bearing medium carrying thereon:
-
an application program interface comprising a registration function and an authorization query function, said registration function registering said program function in a repository in said computer system in response to execution of a function call to said registration function in said application program, said authorization query function returning a response in response to execution of a function call to said authorization query function, said response indicating whether a user under whose control said application program executes is authorized to access said program function; and an authorization selector tool comprising means for providing a list of registered program functions to an administrator via a user interface, means operable in response to input provided by said administrator via said user interface for setting an authorization corresponding to each user of a predetermined plurality of users for each registered program function in said list, said authorization indicating whether said user is authorized to access said registered program function. - View Dependent Claims (6, 7)
-
-
8. A system for limiting access to an application program function in a computer system, comprising:
-
application program registration means including a function call to a registration function and including a registration function for registering said program function in a repository in said computer system in response to execution of said function call to said registration function in an application program; application program query means including a function call to an authorization query function and including an authorization query function returning a response in response to execution of said function call to said authorization query function, said response indicating whether a user under whose control said application program executes is authorized to access said program function; and an authorization selector tool comprising means for providing a list of registered program functions to an administrator via a user interface, means operable in response to input provided by said administrator via said user interface for setting an authorization corresponding to each user of a predetermined plurality of users for each registered program function in said list, said authorization indicating whether said user is authorized to access said registered program function. - View Dependent Claims (9, 10, 11)
-
-
12. A method for limiting access to an application program function in a computer system having a repository representing an authorization corresponding to each user of a predetermined plurality of users for each said application program function, said authorization indicating whether said user is authorized to access said program function, said computer system further having an authorization selector tool for updating said repository in response to input from an administrator setting each said authorization, the method comprising the steps of:
-
embedding in an application program pre-run-time portion a function call to a registration function existing in said computer system outside said application program, said registration function registering said program function in a repository in said computer system in response to execution of said function call to said registration function; and embedding in an application program run-time portion a function call to an authorization query function existing in said computer system outside said application program, said authorization query function returning a response in response to execution of a function call to said authorization query function, said response indicating whether a user under whose control said application program executes is authorized to access said program function. - View Dependent Claims (13, 14, 15)
-
Specification