Method and system for batch task creation and execution
First Claim
1. A method of executing a task in batch mode, the task comprising a plurality of job steps, the method comprising:
- creating at least one proxy account, wherein each proxy account encapsulates a credential, wherein each credential comprises an authorized user name and a password corresponding to an authorized user, wherein the credential identifies the authorized user as having authority to exercise at least one respective computer software subsystem;
creating a mapping between each of the at least one proxy account and a corresponding computer subsystem, each computer subsystem comprising at least one member of a group comprising programs and services, and each computer subsystem being associated with a step of the task;
creating an association between a submitting user that submits the task and the at least one proxy account;
receiving the task from the submitting user;
scheduling the task;
causing an SQL agent to execute the task whereby the SQL agent for each step of the task;
determines a current proxy account associated with a current computer subsystem associated with the step; and
accesses the current computer subsystem by impersonating an authorized user corresponding to a credential encapsulated in the current proxy account using the encapsulated credential in the current proxy account.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of granting permission to use computer software resources when the user may be offline is accomplished through the use of proxy accounts. Each proxy account encapsulates a single set of user credentials. A set of user credentials contains at least a user name and a secret identifier, such as a password. These credentials are used by a scheduler function as an agent for the user to utilize computer resources to run jobs or tasks on behalf of the user. An embodiment of the invention allows for many different proxy account objects each having one set of credentials. The credentials are used at runtime to impersonate the user and allow a job to run. The job may involve multiple software subsystems. The architecture allows multiple proxy accounts to be created which allows system administrators flexibility in assigning different permissions to different users across multiple software environments.
-
Citations
26 Claims
-
1. A method of executing a task in batch mode, the task comprising a plurality of job steps, the method comprising:
-
creating at least one proxy account, wherein each proxy account encapsulates a credential, wherein each credential comprises an authorized user name and a password corresponding to an authorized user, wherein the credential identifies the authorized user as having authority to exercise at least one respective computer software subsystem; creating a mapping between each of the at least one proxy account and a corresponding computer subsystem, each computer subsystem comprising at least one member of a group comprising programs and services, and each computer subsystem being associated with a step of the task; creating an association between a submitting user that submits the task and the at least one proxy account; receiving the task from the submitting user; scheduling the task; causing an SQL agent to execute the task whereby the SQL agent for each step of the task; determines a current proxy account associated with a current computer subsystem associated with the step; and accesses the current computer subsystem by impersonating an authorized user corresponding to a credential encapsulated in the current proxy account using the encapsulated credential in the current proxy account. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of executing a batch task in a computer system, the method comprising:
-
scheduling the batch task requested by a first user, wherein the batch task comprises a plurality of steps; verifying that the batch task is authorized by checking an association between the first user and at least one proxy account, each of the at least one proxy account having access to a respective credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that a second user has permissions to use; and executing the batch task at a scheduled time by accessing each of the at least one proxy account and impersonating the respective authorized second user using the credential regardless of whether the first user and second user are logged onto the computer software system that the second user has permissions to use, wherein multiple users are associated with multiple proxy accounts, multiple proxy accounts are associated with multiple computer software subsystems and wherein any one proxy account has access to one respective credential. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A system for using a proxy account to execute job steps, the system comprising:
a processor, wherein the processor is adapted to; provide a user interface to allow a first user to enter the job steps; schedule the job steps to be performed with one or more computer software subsystems; verify that a job step execution is authorized by checking an association between the first user and a proxy account;
the proxy account referencing a credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; andperform the job step at a scheduled time by accessing the proxy account and using the credential to impersonate the authorized second user regardless of whether the first user and second user are logged onto the computer software system that the second user has permissions to use. - View Dependent Claims (14)
-
15. A computer-readable medium having computer-executable instructions for performing a method of authorizing access to computer resources, the method comprising:
-
creating at least one credential referenced in each of at least one respective proxy accounts, wherein the at least one credential comprises an authorized user name and a password; creating a mapping between each of the at least one proxy accounts and at least one respective computer subsystem, the at least one computer subsystem comprising at least one member of a group comprising programs and services provided by the computer resources; creating an association between a user submitting a task and the proxy account; and authorizing access to the at least one computer subsystem under the condition that the user submitting the task is associated with the proxy account having the credential authorizing use of the at least one computer subsystem for the submitted task. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A computer-readable medium having computer-executable instructions for performing a batch task in a computer system, the method comprising:
-
scheduling the batch task requested by a first user, wherein the batch task comprises a plurality of steps; verifying that the batch task is authorized by checking an association between the first user and at least one proxy account, each of the at least one proxy account having access to a respective credential comprising an authorized second user name and associated password, the credential mapping to at least one computer software subsystem that the second user has permissions to use; and executing the batch task at a scheduled time by accessing each of the at least one proxy account and impersonating the authorized second user using the respective credential regardless of whether the first user and second user are logged onto the computer software system that the second user has permissions to use, wherein multiple users are associated with multiple proxy accounts, multiple proxy accounts are associated with multiple computer software subsystems and wherein any one proxy account access to one respective credential. - View Dependent Claims (23, 24, 25, 26)
-
Specification