Disabling tool execution via roles
First Claim
1. A method of managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, comprising:
- delegating one or more tools to a user based on a first role, wherein a tool provides root access and the first role enables the user to run the delegated tool(s);
identifying one of the plurality of roles to be disabled, wherein the role identified to be disabled is the first role;
accessing the role identified to be disabled so that the status of the role identified to be disabled may be changed; and
, disabling the role identified to be disabled, whereby the status of the role identified to be disabled is changed, so that the user cannot run the delegated tool(s).
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, are disclosed. Such a method and apparatus may include delegating tools to a user based on a role, wherein a tool provides root access for performing a specific task in the computer system and the role is an authorized role that enables the user to run the delegated tools, identifying one of the plurality of roles to be disabled, wherein the identified role is the authorized role, accessing the identified role, and, disabling the identified role so that the user cannot run the delegated tool(s). Disabled roles may likewise be enabled according to a disclosed method and apparatus. Embodiments of the invention may comprise authorization objects that comprise attributes identifying the roles and machine for which a user is authorized.
34 Citations
20 Claims
-
1. A method of managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, comprising:
-
delegating one or more tools to a user based on a first role, wherein a tool provides root access and the first role enables the user to run the delegated tool(s);
identifying one of the plurality of roles to be disabled, wherein the role identified to be disabled is the first role;
accessing the role identified to be disabled so that the status of the role identified to be disabled may be changed; and
,disabling the role identified to be disabled, whereby the status of the role identified to be disabled is changed, so that the user cannot run the delegated tool(s). - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable medium comprising instructions for managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, by:
-
delegating one or more tools to a user based on a first role, wherein a tool provides root access and the first role enables the user to run the delegated tool(s);
identifying one of the plurality of roles to be disabled, wherein the role identified to be disabled is the first role;
accessing the role identified to be disabled so that the status of the role identified to be disabled may be changed; and
,disabling the role identified to be disabled, whereby the status of the role identified to be disabled is changed, so that the user cannot run the delegated tool(s). - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, comprising:
-
identifying one of the plurality of roles to be enabled, wherein the role identified to be enabled is a first role of a user, wherein the first role enables the user to run one or more delegated tools, wherein a tool provides root access for performing a specific task in the computer system;
accessing the role identified to be enabled so that the status of the role identified to be enabled may be changed; and
,enabling the role identified to be enabled, whereby the status of the role identified to be enabled is changed, so that the user can run the delegated tool(s). - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification