Method and system for implementing shared schemas for users in a distributed computing system

US 7,171,411 B1
Filed: 02/27/2002
Issued: 01/30/2007
Est. Priority Date: 02/28/2001
Status: Active Grant

First Claim

Patent Images

1. A method for managing user schemas in a distributed computing system, the method comprising:

creating a first global user identification for a first user;

creating a second global user identification for a second user;

creating a local user schema at a network node, the local user schema accessible by the first and the second users;

mapping the first global user identification to the local user schema;

mapping the second global user identification to the local user schema, wherein the steps of mapping are performed without using a user name;

when the first user logs into the network node, assigning the local user schema to the first user with a first user role;

when the second user logs into the network node, assigning the local user schema to the second user with a second user role; and

wherein the first user and the second user have different privileges on the network node, a scope of the privilege for the first user is based at least partially on the first user role, and a scope of the privilege for the second user is based at least partially on the second user role.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for managing access information for users and other entities in a distributed computing system is disclosed. An aspect is directed to sharing schemas across multiple users. This can be accomplished by mapping multiple global users to the same local schema. Any users mapped to that local schema would, upon logging in, receive the set of privileges associated with the global user and the local schema. In this manner, separate schemas would not need to be defined for each global user.

Citations

57 Claims

1. A method for managing user schemas in a distributed computing system, the method comprising:
- creating a first global user identification for a first user;
  
  creating a second global user identification for a second user;
  
  creating a local user schema at a network node, the local user schema accessible by the first and the second users;
  
  mapping the first global user identification to the local user schema;
  
  mapping the second global user identification to the local user schema, wherein the steps of mapping are performed without using a user name;
  
  when the first user logs into the network node, assigning the local user schema to the first user with a first user role;
  
  when the second user logs into the network node, assigning the local user schema to the second user with a second user role; and
  
  wherein the first user and the second user have different privileges on the network node, a scope of the privilege for the first user is based at least partially on the first user role, and a scope of the privilege for the second user is based at least partially on the second user role.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1 in which the first and second global user identifications are stored in a directory.
  - 3. The method of claim 2 in which the directory comprises a LDAP directory.
  - 4. The method of claim 1 in which the network node is a database server.
  - 5. The method of claim 1 in which a data object maps the first global user identification to the local user schema.
  - 6. The method of claim 5 in which the data object specifically maps only the first global user identification to the local user schema.
  - 7. The method of claim 6 in which the data object maps based upon the full distinguished name for the first user.
  - 8. The method of claim 5 in which the data object potentially maps multiple users to the local user schema.
  - 9. The method of claim 8 in which the data object maps based upon a partial identification of the users.
  - 10. The method of claim 5 in which the data object maps based upon a specific computer node.
  - 11. The method of claim 10 in which the data object resides in a directory beneath an associated server object.
  - 12. The method of claim 5 in which the data object maps based upon a domain.
  - 13. The method of claim 12 in which the data object resides beneath a domain object.
  - 14. The method of claim 1 in which the first user role and the second user role are different.
  - 15. The method of claim 1 in which privileges associated with the local schema are assigned to the first and second users.
  - 16. The method of claim 1 in which an entry-level mapping object maps a specific user and in which a subtree-level mapping object potentially maps multiple users based upon a partial match of user identifications, wherein the entry-level mapping object takes precedence over the subtree-level mapping object.
  - 17. The method of claim 1 in which a server mapping object and a domain mapping object both map a user, wherein the server mapping object takes precedence over the domain mapping object.
  - 18. The method of claim 1 in which a record is maintained to track mappings to the local user schema that provides an audit trail corresponding to the first and second users.
  - 19. The method of claim 18 in which the record distinguished between mappings for the first and second users.
  - 20. The method of claim 1 further comprising the act of creating a local mapping at the network node, in which the first user is mapped to the local schema only if the local mapping does not contain a mapping for the first user.
  - 21. The method of claim 1 further comprising the act of creating a non-shared schema at the network node, the local user schema being a shared schema at the network node, in which the first user is mapped to the shared schema only if the first user is not mapped to the non-shared schema.
  - 22. The method of claim 1, wherein the scope of privilege for the first user and the scope of privilege for the second user are based also on the local user schema.
  - 23. The method of claim 1, wherein the steps of mapping are performed using a partial distinguished name.
  - 24. The method of claim 1, wherein the user name comprises a common name that is a component of a distinguished name.

25. A computer program product that includes a medium usable by a processor, the medium having stored thereon a sequence of instructions which, when executed by said processor, causes said processor to execute a process for user schemas in a distributed computing system, the process comprising:
- creating a first global user identification for a first user;
  
  creating a second global user identification for a second user;
  
  creating a local user schema at a network node, the local user schema comprising an account accessible by the first and the second users;
  
  mapping the first global user identification to the local user schema;
  
  mapping the second global user identification to the local user schema, wherein the steps of mapping are performed without using a user name;
  
  when the first user logs into the network node, assigning the local user schema to the first user with a first user role;
  
  when the second user logs into the network node, assigning the local user schema to the second user with a second user role; and
  
  wherein the first user and the second user have different privileges on the network node, a scope of the privilege for the first user is based at least partially on the first user role, and a scope of the privilege for the second user is based at least partially on the second user role.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 26. The computer program product of claim 25 in which the first and second global user identifications are stored in a directory.
  - 27. The computer program product of claim 26 in which the directory comprises a LDAP directory.
  - 28. The computer program product of claim 25 in which the network node is a database server.
  - 29. The computer program product of claim 25 in which a data object maps the first global user identification to the local user schema.
  - 30. The computer program product of claim 29 in which the data object specifically maps only the first global user identification to the local user schema.
  - 31. The computer program product of claim 30 in which the data object maps based upon the full distinguished name for the first user.
  - 32. The computer program product of claim 29 in which the data object potentially maps multiple users to the local user schema.
  - 33. The computer program product of claim 32 in which the partial identification comprises a partial distinguished name mapping.
  - 34. The computer program product of claim 29 in which the data object maps based upon a specific computer node.
  - 35. The computer program product of claim 34 in which the data object resides in a directory beneath an associated server object.
  - 36. The computer program product of claim 29 in which the data object maps based upon a domain.
  - 37. The computer program product of claim 36 in which the data object resides beneath a domain object.
  - 38. The computer program product of claim 25 in which the first user role and the second user role are different.
  - 39. The computer program product of claim 25 in which privileges associated with the local schema are assigned to the first and second users.
  - 40. The computer program product of claim 25 in which an entry-level mapping object maps a specific user and in which a subtree-level mapping object potentially maps multiple users based upon a partial match of user identifications, wherein the entry-level mapping object takes precedence over the subtree-level mapping object.
  - 41. The computer program product of claim 25 in which a server mapping object and a domain mapping object both map a user, wherein the server mapping object takes precedence over the domain mapping object.
  - 42. The computer program product of claim 25 in which a record is maintained to track mappings to the local user schema that provides an audit trail corresponding to the first and second users.
  - 43. The computer program product of claim 42 in which the record distinguished between mappings for the first and second users.
  - 44. The computer program product of claim 25 further comprising the act of creating a local mapping at the network node, in which the first user is mapped to the local schema only if the local mapping does not contain a mapping for the first user.
  - 45. The computer program product of claim 25 further comprising the act of creating a non-shared schema at the network node, the local user schema being a shared schema at the network node, in which the first user is mapped to the shared schema only if the first user is not mapped to the non-shared schema.
  - 46. The computer program product of claim 25, wherein the scope of privilege for the first user and the scope of privilege for the second user are based also on the local user schema.
  - 47. The computer program product of claim 25, wherein the steps of mapping are performed using a partial distinguished name.
  - 48. The computer program product of claim 25, wherein the user name comprises a common name that is a component of a distinguished name.

49. A system for managing user schemas in a distributed computing system, the method comprising:
- means for creating a first global user identification for a first user;
  
  means for creating a second global user identification for a second user;
  
  means for creating a local user schema at a network node, the local user schema comprising an account accessible by the first and the second users;
  
  means for mapping the first global user identification to the local user schema;
  
  means for mapping the second global user identification to the local user schema, wherein the steps of mapping are performed without using a user name;
  
  means for assigning the local user schema to the first user with a first user role when the first user logs into the network node;
  
  means for assigning the local user schema to the second user with a second user role when the second user logs into the network node; and
  
  wherein the first user and the second user have different privileges on the network node, a scope of the privilege for the first user is based at least partially on the first user role, and a scope of the privilege for the second user is based at least partially on the second user role.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57)
- - 50. The system of claim 49, further comprising a directory for storing the first and the second global user identifications.
  - 51. The system of claim 49, wherein the network node is a database server.
  - 52. The system of claim 49, wherein the first user role and the second user role are different.
  - 53. The system of claim 49, further comprising means for creating a local mapping at the network node.
  - 54. The system of claim 49, further comprising means for creating a non-shared schema at the network node.
  - 55. The system of claim 49, wherein the scope of privilege for the first user and the scope of privilege for the second user are based also on the local user schema.
  - 56. The system of claim 49, wherein the steps of mapping are performed using a partial distinguished name.
  - 57. The system of claim 49, the user name comprises a common name that is a component of a distinguished name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Lewis, Nina, Surpur, Ashwini, Bellemore, John
Primary Examiner(s)
Gaffin; Jeffrey
Assistant Examiner(s)
NGUYEN, CAM LINH T

Application Number

US10/086,103
Time in Patent Office

1,798 Days
Field of Search

707/9, 707/6, 707/10, 726/2, 726/4, 726/6
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

Y10S 707/99939   Privileged access

Method and system for implementing shared schemas for users in a distributed computing system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for implementing shared schemas for users in a distributed computing system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links