Method and system for management of access information
First Claim
Patent Images
1. A computer-implemented method for managing user access information for access to one or more database network nodes by a user, the method comprising:
- storing database user authorization in a central directory that is associated with one or more network nodes, the database user authorization comprising a user role associated with a collection of locally defined roles and associated users, wherein the user role in the central directory assigns user privileges to the user as defined by the locally defined roles contained within the user role, wherein the database user authorization is stored as one or more data objects in the central directory;
storing database user authentication information;
receiving the user role at a local database network node from the central directory;
locally defining, by using a processor, a locally defined role for assigning the user privileges specific to a local database network node for a local scope of access at the local database network node, wherein the locally defined role is locally defined by processing at the local database network node the user role that is received from the central directory, and the user privileges granted by the locally defined role are given to the user based at least in part upon the user'"'"'s association with the user role such that the locally defined role has a different scope of access than another locally defined role defined by processing the same user role at another local database network node;
receiving an access request from the user for the local database network node;
authenticating the user using a shared schema based at least in part upon the database user authentication information, wherein the shared schema comprises a schema that is accessible by a plurality of users and the plurality of users are mapped to the shared schema on the local database network node such that the plurality of users do not need their own accounts on the local database network node;
granting the user privileges on the local database network node based at least in part upon the shared schema and the locally defined role; and
storing the user privileges in a volatile or non-volatile computer-usable medium or displaying the user privileges on a display device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for managing access information for users and other entities in a distributed computing system is disclosed. In one approach, information relating to user access is stored in a centralized directory while user roles are locally defined at a networked node. When the user connects to the system, the system looks up the necessary information about the user in the central directory to authorize the user. Thereafter, the user'"'"'s privileges are determined by the user'"'"'s assigned roles.
99 Citations
53 Claims
-
1. A computer-implemented method for managing user access information for access to one or more database network nodes by a user, the method comprising:
-
storing database user authorization in a central directory that is associated with one or more network nodes, the database user authorization comprising a user role associated with a collection of locally defined roles and associated users, wherein the user role in the central directory assigns user privileges to the user as defined by the locally defined roles contained within the user role, wherein the database user authorization is stored as one or more data objects in the central directory; storing database user authentication information; receiving the user role at a local database network node from the central directory; locally defining, by using a processor, a locally defined role for assigning the user privileges specific to a local database network node for a local scope of access at the local database network node, wherein the locally defined role is locally defined by processing at the local database network node the user role that is received from the central directory, and the user privileges granted by the locally defined role are given to the user based at least in part upon the user'"'"'s association with the user role such that the locally defined role has a different scope of access than another locally defined role defined by processing the same user role at another local database network node; receiving an access request from the user for the local database network node; authenticating the user using a shared schema based at least in part upon the database user authentication information, wherein the shared schema comprises a schema that is accessible by a plurality of users and the plurality of users are mapped to the shared schema on the local database network node such that the plurality of users do not need their own accounts on the local database network node; granting the user privileges on the local database network node based at least in part upon the shared schema and the locally defined role; and storing the user privileges in a volatile or non-volatile computer-usable medium or displaying the user privileges on a display device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer system including a processor for managing user access information for access to one or more database network nodes by an enterprise user, comprising:
-
a LDAP directory; one or more local database network nodes for which user access is sought, wherein the one or more local database network nodes are associated with the LDAP directory; a volatile or non-volatile computer-usable medium for storing user access information data objects in the LDAP directory, the user access information data objects comprising authentication and authorization information, wherein the authorization information comprises an enterprise role associated with a collection of locally defined roles and associated users, wherein the enterprise role in the LDAP directory assigns user privileges to the enterprise user as defined by the locally defined roles contained within the enterprise role; and the processor for locally defining a locally defined role for assigning the user privileges specific to a local database network node for a local scope of access at the local database network node, wherein the locally defined role is locally defined by processing at the local database network node the enterprise role that is received from the LDAP directory, and the user privileges granted by the locally defined role are given to the enterprise user based at least in part upon the enterprise user'"'"'s association with the enterprise role such that the locally defined role has a different scope of access than another locally defined role defined by processing the same enterprise role at another local database network node. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. The system of clam 38 in which the mapping object is associated with a partial distinguished name.
-
42. A computer program product that includes a volatile or non-volatile non-transitory computer-usable medium usable by a processor, the medium having stored thereon a sequence of instructions which, when executed by said processor, causes said processor to execute a process for managing user access information for access to one or more database network nodes by a user, the process comprising:
-
storing database user authorization in a central directory that is associated with one or more network nodes, the database user authorization comprising a user role associated with a collection of locally defined roles and associated users, wherein the user role in the central directory assigns user privileges to the user as defined by the locally defined roles contained within the user role, wherein the database user authorization is stored as one or more data objects in the central directory; storing database user authentication information; receiving the user role at a local database network node from the central directory; locally defining a locally defined role for assigning the user privileges specific to a local database network node for a local scope of access at the local database network node, wherein the locally defined role is locally defined by processing at the local database network node the user role that is received from the central directory, and the user privileges granted by the locally defined role are given to the user based at least in part upon the user'"'"'s association with the user role such that the locally defined role has a different scope of access than another locally defined role defined by processing the same user role at another local database network node; receiving an access request from the user for the local database network node; authenticating the user using a shared schema based at least in part upon the database user authentication information, wherein the shared schema comprises a schema that is accessible by a plurality of users and the plurality of users are mapped to the shared schema on the local database network node such that the plurality of users do not need their own accounts on the local database network node; granting the user privileges on the local database network node based at least in part upon the shared schema and the locally defined role; and storing the user privileges or displaying the user privileges on a display device. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
Specification