Method and system for batch task creation and execution

US 7,496,761 B2
Filed: 09/29/2004
Issued: 02/24/2009
Est. Priority Date: 09/29/2004
Status: Active Grant

First Claim

Patent Images

1. A method of executing a task in batch mode, the task comprising a plurality of job steps, the method comprising:

creating at least one proxy account, wherein each proxy account encapsulates a credential, wherein each credential comprises an authorized user name and a password corresponding to an authorized user, wherein the credential identifies the authorized user as having authority to exercise at least one respective computer software subsystem;

creating a mapping between each of the at least one proxy account and a corresponding computer subsystem, each computer subsystem comprising at least one member of a group comprising programs and services, and each computer subsystem being associated with a step of the task;

creating an association between a submitting user that submits the task and the at least one proxy account;

receiving the task from the submitting user;

scheduling the task;

causing an SQL agent to execute the task whereby the SQL agent for each step of the task;

determines a current proxy account associated with a current computer subsystem associated with the step; and

accesses the current computer subsystem by impersonating an authorized user corresponding to a credential encapsulated in the current proxy account using the encapsulated credential in the current proxy account.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of granting permission to use computer software resources when the user may be offline is accomplished through the use of proxy accounts. Each proxy account encapsulates a single set of user credentials. A set of user credentials contains at least a user name and a secret identifier, such as a password. These credentials are used by a scheduler function as an agent for the user to utilize computer resources to run jobs or tasks on behalf of the user. An embodiment of the invention allows for many different proxy account objects each having one set of credentials. The credentials are used at runtime to impersonate the user and allow a job to run. The job may involve multiple software subsystems. The architecture allows multiple proxy accounts to be created which allows system administrators flexibility in assigning different permissions to different users across multiple software environments.

Citations

26 Claims

1. A method of executing a task in batch mode, the task comprising a plurality of job steps, the method comprising:
- creating at least one proxy account, wherein each proxy account encapsulates a credential, wherein each credential comprises an authorized user name and a password corresponding to an authorized user, wherein the credential identifies the authorized user as having authority to exercise at least one respective computer software subsystem;
  
  creating a mapping between each of the at least one proxy account and a corresponding computer subsystem, each computer subsystem comprising at least one member of a group comprising programs and services, and each computer subsystem being associated with a step of the task;
  
  creating an association between a submitting user that submits the task and the at least one proxy account;
  
  receiving the task from the submitting user;
  
  scheduling the task;
  
  causing an SQL agent to execute the task whereby the SQL agent for each step of the task;
  
  determines a current proxy account associated with a current computer subsystem associated with the step; and
  
  accesses the current computer subsystem by impersonating an authorized user corresponding to a credential encapsulated in the current proxy account using the encapsulated credential in the current proxy account.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the steps of creating a mapping between each of the at least one proxy account and a corresponding computer subsystem, and creating an association between a submitting user that submits the task and the at least one proxy account are performed at the request of a system administrator.
  - 3. The method of claim 1, wherein the steps of creating a mapping and creating an association are performed with the use of a connector table.
  - 4. The method of claim 1, wherein the task is executed by a scheduler.
  - 5. The method of claim 4, further comprising executing the submitted task as a scheduled event.
  - 6. The method of claim 5, wherein the authorized user is different from the submitting user.
  - 7. The method of claim 6, wherein a token is generated, which is provided to each current computer subsystem during execution of the task.

8. A method of executing a batch task in a computer system, the method comprising:
- scheduling the batch task requested by a first user, wherein the batch task comprises a plurality of steps;
  
  verifying that the batch task is authorized by checking an association between the first user and at least one proxy account, each of the at least one proxy account having access to a respective credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that a second user has permissions to use; and
  
  executing the batch task at a scheduled time by accessing each of the at least one proxy account and impersonating the respective authorized second user using the credential regardless of whether the first user and second user are logged onto the computer software system that the second user has permissions to use, wherein multiple users are associated with multiple proxy accounts, multiple proxy accounts are associated with multiple computer software subsystems and wherein any one proxy account has access to one respective credential.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein checking the association between the first user and the proxy account comprises accessing a connector table.
  - 10. The method of claim 8, wherein executing the batch task further comprises accessing a table that associates the proxy account with at least one subsystem of the computer.
  - 11. The method of claim 10, wherein the at least one computer software subsystem comprises at least one member of a group comprising commands and programs of the computer system.
  - 12. The method of claim 8, wherein executing the batch task at a scheduled time further comprises accessing the at least one proxy account and impersonating the respective authorized second user using a token that represents the credential.

13. A system for using a proxy account to execute job steps, the system comprising:
- a processor, wherein the processor is adapted to;
  
  provide a user interface to allow a first user to enter the job steps;
  
  schedule the job steps to be performed with one or more computer software subsystems;
  
  verify that a job step execution is authorized by checking an association between the first user and a proxy account;
  
  the proxy account referencing a credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and
  
  perform the job step at a scheduled time by accessing the proxy account and using the credential to impersonate the authorized second user regardless of whether the first user and second user are logged onto the computer software system that the second user has permissions to use.
- View Dependent Claims (14)
- - 14. The system of claim 13, wherein the step of performing the job step further comprises using a token to represent the credential to impersonate the authorized second user.

15. A computer-readable medium having computer-executable instructions for performing a method of authorizing access to computer resources, the method comprising:
- creating at least one credential referenced in each of at least one respective proxy accounts, wherein the at least one credential comprises an authorized user name and a password;
  
  creating a mapping between each of the at least one proxy accounts and at least one respective computer subsystem, the at least one computer subsystem comprising at least one member of a group comprising programs and services provided by the computer resources;
  
  creating an association between a user submitting a task and the proxy account; and
  
  authorizing access to the at least one computer subsystem under the condition that the user submitting the task is associated with the proxy account having the credential authorizing use of the at least one computer subsystem for the submitted task.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer-readable medium of claim 15, wherein the steps of creating at least one credential, creating a mapping between each of the at least one proxy account and at least one respective computer subsystem, and creating an association between a user submitting a task and the proxy account are performed at the request of a system administrator.
  - 17. The computer-readable medium of claim 15, wherein the steps of creating a mapping and creating an association are performed with the use of a connector table.
  - 18. The computer-readable medium of claim 15, wherein the step of authorizing access further comprises accessing credential information prior to running the task.
  - 19. The computer-readable medium of claim 15, wherein the method further comprises executing the submitted task as a scheduled event by using the credential to impersonate the authorized user.
  - 20. The computer-readable medium of claim 19, wherein the authorized user is different from the user submitting the task.
  - 21. The computer-readable medium of claim 19, wherein the credential is replaced by a token and the token is used to impersonate the authorized user.

22. A computer-readable medium having computer-executable instructions for performing a batch task in a computer system, the method comprising:
- scheduling the batch task requested by a first user, wherein the batch task comprises a plurality of steps;
  
  verifying that the batch task is authorized by checking an association between the first user and at least one proxy account, each of the at least one proxy account having access to a respective credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and
  
  executing the batch task at a scheduled time by accessing each of the at least one proxy account and impersonating the authorized second user using the respective credential regardless of whether the first user and second user are logged onto the computer software system that the second user has permissions to use, wherein multiple users are associated with multiple proxy accounts, multiple proxy accounts are associated with multiple computer software subsystems and wherein any one proxy account access to one respective credential.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The computer-readable medium of claim 22, wherein the step of checking the association between the first user and the proxy account comprises accessing a connector table.
  - 24. The computer-readable medium of claim 22, wherein the step of executing the batch task further comprises accessing a table that associates the at least one proxy account with at least one respective subsystem of the computer.
  - 25. The computer-readable medium of claim 24, wherein the at least one computer software subsystem comprises at least one member of a group comprising commands and programs of the computer system.
  - 26. The computer-readable medium of claim 22, wherein the step of executing the batch task at a scheduled time further comprises accessing the at least one proxy account and impersonating the authorized second user using a token that represents the respective credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dines, Daniel, Walters, Robert, Sonkin, Dmitry, Prang, Bruce A.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Shaifer Harriman; Dant B

Application Number

US10/953,734
Publication Number

US 20060075253A1
Time in Patent Office

1,609 Days
Field of Search

713/202
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

G06Q 10/0631   Resource planning, allocati...

H04L 63/04   for providing a confidentia...

H04L 63/083   using passwords cryptograph...

Method and system for batch task creation and execution

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for batch task creation and execution

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links