Role-based access control
First Claim
1. In a computer cluster having a plurality of nodes configured for executing a plurality of software packages, a computer-implemented method of authorizing a user request from a user to perform an action with respect to one of at least one of said plurality of nodes and at least one of said plurality of packages, said user request being received from a host coupled to communicate with said cluster, the computer-implemented method comprising:
- consulting an authorization map to ascertain a role associated with said user, said authorization map being kept in a memory space in one of said plurality of nodes; and
if said role associated with said user includes a granted privilege, which is not a root user privilege and is not a normal user privilege, that is higher than a privilege required to perform said user request, authorizing said user to perform said action.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for authorizing a user request from a user to perform an action with respect to one of at least one of the plurality of nodes and at least one of the plurality of packages of a cluster is disclosed. The user request is received from a host coupled to communicate with the cluster. The method includes consulting an authorization map to ascertain a role associated with the user. The authorization map is kept in a memory space in one of the plurality of nodes. The method further includes authorizing the user to perform the action if the role associated with the user includes a granted privilege that is higher than a privilege required to perform the user request.
16 Citations
43 Claims
-
1. In a computer cluster having a plurality of nodes configured for executing a plurality of software packages, a computer-implemented method of authorizing a user request from a user to perform an action with respect to one of at least one of said plurality of nodes and at least one of said plurality of packages, said user request being received from a host coupled to communicate with said cluster, the computer-implemented method comprising:
-
consulting an authorization map to ascertain a role associated with said user, said authorization map being kept in a memory space in one of said plurality of nodes; and if said role associated with said user includes a granted privilege, which is not a root user privilege and is not a normal user privilege, that is higher than a privilege required to perform said user request, authorizing said user to perform said action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An article of manufacture comprising a program storage medium having computer readable code embodied therein, said computer readable code being configured to authorize a user request from a user of a computer cluster having a plurality of nodes configured for executing a plurality of software packages, said user request involves a request to perform an action with respect to one of at least one of said plurality of nodes and at least one of said plurality of packages, the computer readable code comprising:
-
computer readable code which consults an authorization map to ascertain a role associated with said user, said authorization map being kept in a memory space in one of said plurality of nodes; and computer readable code which authorizes said user to perform said action if said role associated with said user includes a granted privilege, which is not a root user privilege and is not a normal user privilege, that is higher than a privilege required to perform said user request. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer cluster having a plurality of nodes configured for executing a plurality of software packages, said computer cluster having an arrangement for authorizing a user request from a user to perform an action with respect to one of at least one of said plurality of nodes and at least one of said plurality of packages, said user request being received from a host coupled to communicate with said cluster, the computer cluster comprising:
a computer having an arrangement which includes an authorization map having data pertaining to roles associated with users, at least one role of said roles in said authorization map is associated with privileges different from privileges associated with a Unix root user, said privileges associated with said at least one role being also different from privileges associated with a Unix normal user, said authorization map being kept in a memory space in one of said plurality of nodes. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
Specification