Methods and systems for using derived user accounts
First Claim
Patent Images
1. A computer-implemented method for accessing a resource in a computer system, comprising an operating system, the method comprising:
- receiving a request to access the resource;
initializing at least one derived user account based on at least one original user account and a set of rules at least in part by;
generating the at least one derived user account using user account creation mechanisms of the operating system; and
populating the at least one derived user account based on the original user account and the set of rules at least in part by;
setting a value for at least one state in the at least one derived user account as the closer of two end values of a range if the value of a corresponding state of the at least one original user account is outside the range; and
setting the value for the at least one state in the at least one derived user account as the value of the corresponding state of the at least one original user account if the value of the corresponding state of the original user account is within the range; and
accessing the resource based on the at least one derived user account.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.
39 Citations
4 Claims
-
1. A computer-implemented method for accessing a resource in a computer system, comprising an operating system, the method comprising:
-
receiving a request to access the resource; initializing at least one derived user account based on at least one original user account and a set of rules at least in part by; generating the at least one derived user account using user account creation mechanisms of the operating system; and populating the at least one derived user account based on the original user account and the set of rules at least in part by; setting a value for at least one state in the at least one derived user account as the closer of two end values of a range if the value of a corresponding state of the at least one original user account is outside the range; and setting the value for the at least one state in the at least one derived user account as the value of the corresponding state of the at least one original user account if the value of the corresponding state of the original user account is within the range; and accessing the resource based on the at least one derived user account.
-
-
2. A computer-implemented method for accessing a resource in a computer system, the method comprising:
-
receiving a request to access the resource on behalf of an activity associated with a user; determining if at least one derived user account corresponding to the user activity exists; initializing the at least one derived user account based on an original user account and a set of rules, if no derived user account corresponding to the user exists, or updating the at least one derived user account based on the original user account and the set of rules, if at least one derived user account exists, wherein; the set of rules specify to initialize or update the at least one derived user account by setting at least one aspect of the derived user account to a first value, if the corresponding aspect of the original user account is below a certain range, or to a second value, if the corresponding aspect of the original user account is above a certain range, or to the same value as the corresponding aspect of the original user account if the corresponding aspect of the original user account is within the range; and accessing the resource based on the at least one derived user account.
-
-
3. An apparatus comprising:
-
at least one memory having program instructions to execute an operating system; and at least one processor configured to execute the program instructions to perform the operations of; receiving a request to access a resource; initializing at least one derived user account based on at least one original user account and a set of rules at least in part by; generating the at least one derived user account using user account creation mechanisms of the operating system; and populating the at least one derived user account based on the original user account and the set of rules at least in part by; setting a value for at least one state in the at least one derived user account as the closer of two end values of a range if the value of a corresponding state of the at least one original user account is outside the range; and setting the value for the at least one state in the at least one derived user account as the value of the corresponding state of the at least one original user account if the value of the corresponding state of the original user account is within the range determining at least one state in the at least one derived user account by copying the corresponding state in the original user account; and accessing the resource based on the at least one derived user account.
-
-
4. An apparatus comprising:
-
at least one memory having program instructions; and at least one processor configured to execute the program instructions to perform the operations of; receiving a request to access a resource on behalf of an activity associated with a user; determining if at least one derived user account corresponding to the user exists; initializing the at least one derived user account based on an original user account and a set of rules, if no derived user account corresponding to the user exists, or updating the at least one derived user account based on the original user account and the set of rules, if at least one derived user account exists, wherein the set of rules specify to initialize or update the at least one derived user account by setting at least one aspect of the derived user account to a first value, if the corresponding aspect of the original user account is below a certain range, or to a second value, if the corresponding aspect of the original user account is above a certain range, or to the same value as the corresponding aspect of the original user account if the corresponding aspect of the original user account is within the range; accessing the resource based on the at least one derived user account; and selectively modifying the original user account based on the set of rules and the at least one derived user account.
-
Specification