Method and apparatus for automating security functions in a computer system
First Claim
1. A method for providing security in a computing system, the computing system having a plurality of accounts, each account having a level of access privilege associated therewith, the plurality of accounts being respectively assigned to a plurality of users, the method comprising:
- for one of the plurality of accounts, obtaining a department identifier from a human resources database, the department identifier corresponding to a department to which the user assigned to the account is assigned; and
automatically assigning a level of access privilege to the account, the level of access privilege corresponding to a default level of access privilege associated with the department to which the department identifier corresponds.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer security system automatically updates an access status and a level of access privilege for each user based on outside feeds related to current status of the user with respect to an organization, such as a business or school and the membership of the user in a group or department within the organization. A unique user identifier is assigned to each user across all computing systems. The computing system retains the relationship between the user and the user identifier even after the user'"'"'s access to the computing system is terminated. The user may be reassigned the same user identifier should the user again be granted access to the system resources. The computing security system may be implemented as an overlay to an existing resource allocation system, such as the RACF system commonly found on many mainframe computers and may allow decentralization of certain security functions.
-
Citations
44 Claims
-
1. A method for providing security in a computing system, the computing system having a plurality of accounts, each account having a level of access privilege associated therewith, the plurality of accounts being respectively assigned to a plurality of users, the method comprising:
-
for one of the plurality of accounts, obtaining a department identifier from a human resources database, the department identifier corresponding to a department to which the user assigned to the account is assigned; and automatically assigning a level of access privilege to the account, the level of access privilege corresponding to a default level of access privilege associated with the department to which the department identifier corresponds. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for automatically providing security in a computing system, the computing system having a plurality of accounts, the method comprising:
-
assigning a key to one of the plurality of accounts in the computing system; obtaining a group identifier from a database based on the key; and automatically assigning a level of access privilege to the one of the plurality of accounts that corresponds to a default level of access privilege that is associated with the group identifier. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of providing security in a computing system accessed by a plurality of users, the computing system having a plurality of accounts, the method comprising:
-
assigning each user a unique user identifier; maintaining a database associating each of the plurality of users with a respective one of the assigned user identifiers; associating the user identifier with a one of the plurality of accounts; automatically terminating the association between the user identifier and the one of the plurality of accounts when an access variable corresponding to the user to whom the user identifier is assigned is equal to a first condition; continually maintaining a relationship between the user identifier and the terminated user identifier in the database after the association between the one and user identifier has been automatically terminated; and automatically reestablishing the association between the account and the user identifier if the access variable corresponding to the user that the user identifier has been assigned to is equal to a second condition. - View Dependent Claims (27, 28)
-
-
29. A method of providing security in a first computing system and a second computing system, the first computing system being accessed by a first plurality of users and the second computing system accessed by a second plurality of users, each of the users in the first and the second plurality of users being respectively identified by a user key, each of the first and the second computing systems having a plurality of accounts, the method comprising:
-
assigning each of the first plurality of users a unique user identifier; automatically maintaining a database associating each of the user keys with the corresponding assigned user identifier; for each user of the first plurality of users, associating the user identifier assigned with one of the plurality of accounts on the first computing system to provide access to the first computing system; and for each user of the second plurality of users, automatically searching the database for the user key identifying the user and associating a previously assigned user identifier with an account on the second computing system if the user key exists in the database, and associating a new user identifier with the account on the second computing system if the user key does not exist in the database, to provide access to the second computing system. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A computer-readable medium having stored therein a computer readable program used by a computing system in providing a number of different levels of access to an account on the computing system, the computer readable program comprising the steps of:
-
assigning a user identifier to an account; associating the user identifier with a user; associating the user with a predefined group; and associating the predefined group with a default level of access privilege. - View Dependent Claims (39, 40, 41)
-
-
42. In a computer system having at least one data center, an apparatus comprising:
-
a first data structure interrelating a user identifier and a user account; a second data structure interrelating a user and the user identifier; a third data structure interrelating the user and an assigned department; a fourth data structure interrelating department and a default level of security privilege; and a computer coupled to the first, the second, the third and the fourth data structures and being programmed for assigning a default level of access privilege corresponding to the department to which the user associated with the user identifier has been assigned.
-
-
43. A method for automatically providing security in a computing system comprising a RACF database, the method comprising:
-
receiving a set of account data from the RACF database into a security database, the account data comprising a user identifier and a group identifier for each of a plurality of accounts on the computing system; receiving a set of user data into the security database, the set of user data comprising a user identifier and a group identifier for each of a plurality of users on the computing system; and for at least one of the user identifiers, comparing the group identifier of the account data with the group identifier of the user data and issuing a command against the RACF database to update a group identifier in the RACF database with the group identifier of the user data when the group identifier of the account data is different from the group identifier of the user data. - View Dependent Claims (44)
-
Specification