Disabling tool execution via roles

US 6,886,100 B2
Filed: 05/15/2001
Issued: 04/26/2005
Est. Priority Date: 05/15/2001
Status: Active Grant

First Claim

Patent Images

1. A method of managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, comprising:

delegating one or more tools to a user based on a first role, wherein a tool provides root access and the first role enables the user to run the delegated tool(s);

identifying one of the plurality of roles to be disabled, wherein the role identified to be disabled is the first role;

accessing the role identified to be disabled so that the status of the role identified to be disabled may be changed; and

, disabling the role identified to be disabled, whereby the status of the role identified to be disabled is changed, so that the user cannot run the delegated tool(s).

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, are disclosed. Such a method and apparatus may include delegating tools to a user based on a role, wherein a tool provides root access for performing a specific task in the computer system and the role is an authorized role that enables the user to run the delegated tools, identifying one of the plurality of roles to be disabled, wherein the identified role is the authorized role, accessing the identified role, and, disabling the identified role so that the user cannot run the delegated tool(s). Disabled roles may likewise be enabled according to a disclosed method and apparatus. Embodiments of the invention may comprise authorization objects that comprise attributes identifying the roles and machine for which a user is authorized.

34 Citations

View as Search Results

20 Claims

1. A method of managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, comprising:
- delegating one or more tools to a user based on a first role, wherein a tool provides root access and the first role enables the user to run the delegated tool(s);
  
  identifying one of the plurality of roles to be disabled, wherein the role identified to be disabled is the first role;
  
  accessing the role identified to be disabled so that the status of the role identified to be disabled may be changed; and
  
  , disabling the role identified to be disabled, whereby the status of the role identified to be disabled is changed, so that the user cannot run the delegated tool(s).
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first role is represented by a role object comprising an enablement attribute that has a value that determines whether the first role is enabled or disabled, wherein disabling the role identified to be disabled comprises:
    - setting the enablement attribute value so that the first role is disabled.
  - 3. The method of claim 2, wherein the user is represented by a user object, wherein delegating one or more tools to a user based on a role comprises linking the role object to the user object with an authorization object.
  - 4. The method of claim 2, wherein identifying one of the plurality of roles to be disabled comprises a root user entering, through a command line interface (“
    - CLI”
      
      ) or graphic user interface (“
      
      GUI”
      
      ), a command that identifies the role object.
  - 5. The method of claim 4, wherein the CLI or GUI operate in a process space and wherein accessing the role identified to be disabled comprises returning the role object to the CLI or GUI process space.
  - 6. The method of claim 1, wherein delegating one or more tools to a user based on a role comprises:
    - a) authorizing the first role for the user, the first role comprising the delegated tool(s); and
      
      b) authorizing a machine of the computer system for the first role, wherein the computer system comprises a plurality of machines and the user is enabled to utilize the first role only on authorized machines, whereby utilizing the first role comprises running the one or more tools of the first role.
  - 7. The method of claim 1, further comprising:
    - identifying one of the plurality of roles to be enabled, wherein the role identified to be enabled is the first role;
      
      accessing the role identified to be enabled; and
      
      enabling the role identified to be enabled, whereby the status of the role identified to be enabled is changed, so that the user can run the delegated tool(s).

8. A computer readable medium comprising instructions for managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, by:
- delegating one or more tools to a user based on a first role, wherein a tool provides root access and the first role enables the user to run the delegated tool(s);
  
  identifying one of the plurality of roles to be disabled, wherein the role identified to be disabled is the first role;
  
  accessing the role identified to be disabled so that the status of the role identified to be disabled may be changed; and
  
  , disabling the role identified to be disabled, whereby the status of the role identified to be disabled is changed, so that the user cannot run the delegated tool(s).
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable medium of claim 8, wherein the authorized role is represented by a role object comprising an enablement attribute that has a value that determines whether the first role is enabled or disabled, wherein disabling the role identified to be disabled comprises:
    - setting the enablement attribute value so that first role is disabled.
  - 10. The computer readable medium of claim 9, wherein the user is represented by a user object, wherein delegating one or more tools to a user based on a role comprises linking the role object to the user object with an authorization object.
  - 11. The computer readable medium of claim 9, wherein identifying one of the plurality of roles to be disabled comprises a root user entering, through a CLI or GUI, a command that identifies the role object.
  - 12. The computer readable medium of claim 11, wherein the CLI or GUI operate in a process space and wherein accessing the role identified to be disabled comprises returning the role object to the CLI or GUI process space.
  - 13. The computer readable medium of claim 8, wherein delegating one or more tools to a user based on a role comprises:
    - a) authorizing the first role for the user, the authorized role comprising the delegated tool(s); and
      
      b) authorizing a machine of the computer system for the first role, wherein the computer system comprises a plurality of machines and the user is enabled to utilize the first role only on authorized machines, whereby utilizing the first role comprises running the one or more tools of the first role.
  - 14. The computer readable medium of claim 8, further comprising instructions for managing tool execution via roles on the computer system, by:
    - identifying one of the plurality of roles to be enabled, wherein the role identified to be enabled is the first role;
      
      accessing the role identified to be enabled; and
      
      enabling the role identified to be enabled, whereby the status of the role identified to be enabled is changed, so that the user can run the delegated tool(s).

15. A method of managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, comprising:
- identifying one of the plurality of roles to be enabled, wherein the role identified to be enabled is a first role of a user, wherein the first role enables the user to run one or more delegated tools, wherein a tool provides root access for performing a specific task in the computer system;
  
  accessing the role identified to be enabled so that the status of the role identified to be enabled may be changed; and
  
  , enabling the role identified to be enabled, whereby the status of the role identified to be enabled is changed, so that the user can run the delegated tool(s).
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising:
    - identifying one of the plurality of roles to be disabled, wherein the role identified to be disabled is the first role;
      
      accessing the role identified to be disabled; and
      
      disabling the role identified to be disabled, whereby the status of the role identified to be disabled is changed, so that the user cannot run the delegated tool(s).
  - 17. The method of claim 16, wherein the user runs at least one of the delegated tool(s) after the enabling step is performed, wherein identifying one of the plurality of roles to be disabled comprises a root user determining that the user is finished running the delegated tool(s).
  - 18. The method of claim 15, wherein the user is a customer engineer, wherein identifying one of the plurality of roles to be enabled comprises a root user determining that the customer engineer needs to run at least one of the delegated tool(s).
  - 19. The method of claim 15, wherein the first role is represented by a role object comprising an enablement attribute that has a value that determines whether the first role is enabled or disabled, wherein enabling the role identified to be enabled comprises:
    - setting the enablement attribute value so that the first role is enabled.
  - 20. The method of claim 19, wherein the enablement attribute value is a Boolean value and setting the enablement attribute value comprises setting the enablement attribute value to true.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Curtis, Paula B., Lister, Terence E., Robb, Mary Thomas, Drees, Douglas P., Sanchez, Humberto A II, Finz, Jeffrey R., Harrah, Richard D.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/855,937
Publication Number

US 20020174333A1
Time in Patent Office

1,442 Days
Field of Search

713/200, 713/201
US Class Current

726/3
CPC Class Codes

G06F 21/62 Protecting access to data v...

Disabling tool execution via roles

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Disabling tool execution via roles

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links