System and method for ensuring security with multiple authentication schemes
First Claim
Patent Images
1. A method for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
- maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user kind, user identifier, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;
said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;
connecting said user to a said database manager; and
logging on said user to said content manager running on top of said database manager to enable access by said user to said user data items selectively responsive to said user connecting to said database manager;
said user being authenticated by a third party; and
said user being authenticated with reference to said access control list table by said content manager; and
said user being logged on to said content manager responsive to said user connecting to said database manager when database (DB) user indicia and content manager (CM) user indicia are the same.
1 Assignment
0 Petitions
Accused Products
Abstract
System for authenticating a user for logon to a content manager running on top of a database manager. A connect procedure connects the user to a database manager; and then a logon procedure logs on the user to the content manager selectively responsive to the user connecting to the database manager; the user being authenticated by a third party by way of a user exit or a trusted logon environment and privilege; or the user being authenticated by the content manager.
116 Citations
16 Claims
-
1. A method for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
-
maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user kind, user identifier, access control list code, and privilege set code, each privilege set code corresponding to a privilege set; said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set; connecting said user to a said database manager; and
logging on said user to said content manager running on top of said database manager to enable access by said user to said user data items selectively responsive to said user connecting to said database manager;said user being authenticated by a third party; and said user being authenticated with reference to said access control list table by said content manager; and said user being logged on to said content manager responsive to said user connecting to said database manager when database (DB) user indicia and content manager (CM) user indicia are the same. - View Dependent Claims (2, 3, 4)
-
-
5. A method for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising
maintaining controlled entities within said content manager, said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group content manager user indicia, access control list code, and privilege set code, each privilege set code corresponding to a privilege set; -
said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set; executing a database connect procedure with respect to database (DB) user indicia and DB user password; executing a content manager logon procedure with respect to content manager (CM) user indicia; said logon procedure including passing to a user exit said CM user indicia; and authenticating said user for logon and access to said user data items selectively responsive to one of (1) said user exit authenticating said CM user, and (2) said user exit not authenticating said CM and at least one of (A) and (B), where A) represents said user exit authenticating said CM user; and
(B) represents said user exit not authenticating said CM user and selectively one of (B1) (B2), and (B3), where (B1) represents said DB user indicia and said CM user indicia being the same;
(B2) represents said DB user having connect privilege and said DB user password being correct; and
(B3) represents said DB user having connect privilege and said DB user password being null and said DB user having trusted logon privilege within a trusted logon system environment.
-
-
6. A system for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
-
a maintenance procedure for maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user kind, user identifier, access control list code, and privilege set code, each privilege set code corresponding to a privilege set; said maintenance procedure, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set; a connect procedure for connecting said user to a said database manager; and a logon procedure for connecting said user to said content manager running on top of said database manager to enable access by said user to said user data items selectively responsive to said user connecting to said database manager; said user being authenticated by a third party; and said user being authenticated with reference to said access control list table by said content manager; and said user being logged on to said content manager responsive to said user connecting to said database manager when database (DB) user indicia and content manager (CM) user indicia are the same. - View Dependent Claims (7, 8, 9)
-
-
10. System for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
-
a user exit; a maintenance procedure for maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user indicia, access control list code, and privilege set code, each privilege set code corresponding to a privilege set; said maintenance procedure, responsive to modification of a given privilege set, for incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set; a database connect procedure for connecting said user to said database manager responsive to said user indicia and DB user password; a content manager logon procedure for logging on said user with respect to content manager (CM) user indicia; and said logon procedure passing to said user exit said CM user indicia and authenticating said user for logon selectively responsive to one of (1) said user exit authenticating said CM user, and (2) said user exit not authenticating said CM user and at least one of A, B, and C, where A represents said DB user indicia and said CM user indicia being the same; B represents said DB user having connect privilege and said DB user password being correct; and C represents said DB user having connect privilege and said DB user password being null and said DB user having trusted logon privilege within a trusted logon system environment.
-
-
11. A program storage device readable by machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access by a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
-
maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user kind, user identifier, access control list code, and privilege set code, each privilege set code corresponding to a privilege set; said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set; connecting said user to a said database manager; and logging on said user to said content manager running on top of said database manager to enable access by said user to said user data items selectively responsive to said user connecting to said database manager; said user being authenticated by a third party; and said user being authenticated with reference to said access control list table by said content manager; and said user being logged on to said content manager responsive to said user connecting to said database manager when database (DB) user indicia and content manager (CM) user indicia are the same. - View Dependent Claims (12, 13, 14)
-
-
15. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access by a user for access to controlled entities maintained at a server, said server including a content manager (CM), a database manager, an user application, and user exits, comprising:
-
maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group content manager user indicia, access control list code, and privilege set code, each privilege set code corresponding to a privilege set; said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set; executing a database connect procedure with respect to database (DB) user indicia and DB user password; executing a content manager logon procedure with respect to said content manager (CM) user indicia; said logon procedure including passing to a user exit said CM user indicia; and authenticating said user for logon and access to said user data items selectively responsive to one of A and B; where A represents said user exit authenticating said CM user, and where B represents said user exit not authenticating said CM user and at least one of B1, B2, and B3, where B1 represents said DB user indicia and said CM user indicia being the same; where B2 represents said DB user having connect privilege and said DB user password being correct; and where B3 represents said DB user having connect privilege and said DB user password being null and said DB user having trusted logon privilege within a trusted logon system environment.
-
-
16. A computer program product stored on storage device configured to be operable to connect a user to a content manager running on top of a database manager according to a procedure comprising:
-
maintaining controlled entities within said content manager, said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group content manager user indicia, access control list code, and privilege set code, each privilege set code corresponding to a privilege set; said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set; executing a database connect procedure with respect to database (DB) user indicia and DB user password; executing a content manager logon procedure with respect to content manager (CM) user indicia; said logon procedure including passing to a user exit said CM user indicia; and authenticating said user for logon and access to said user data items selectively responsive to one of (1) said user exit authenticating said CM user, and (2) said user exit not authenticating said CM and at least one of A, B, and C, where A represents said DB user indicia and said CM user indicia being the same; B represents said DB user having connect privilege and said DB user password being correct; and C represents said DB user having connect privilege and said DB user having connect privilege and said DB user password being null and said DB user having trusted logon privilege within a trusted logon system environment.
-
Specification