1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular to a computer implemented method and apparatus for managing protected data. Still more particularly, the present invention relates to a computer implemented method, apparatus, and computer usable program product for creating secured file views of a protected file in a partitioned computing device to control access to a protected file.
2. Description of the Related Art
Partitions are divisions of a computer system's resources into multiple sets of resources. The sets of resources may include, for example, processors, memory, input/output devices, and storage. In addition, each partition may run a separate instance of an operating system for independently controlling a set of the computer system's resources. Thus, a single computer system may be partitioned into a number of separate computing environments. Each of these environments may be dedicated for different uses. For example, partitions may be used for combining multiple test, development, quality assurance, and production work environments on the same computing system.
The use of partitions in a computer system yields a number of advantages. Some advantages include, for example, reduced cost, ease of maintenance, and ease of accessing certain computer files by the various partitions of the computer system. The ease at which certain computer files may be accessed is attributable to the fact that the computer files of a partitioned computer system are stored in central locations, such as the computer system's hard disk drive. Further, the computer files within the hard disk drive may be accessed by the various partitions by implementing simple mechanisms, such as name fs file mounting or sharing read-only memory segments.
However, certain types of protected data, such as the collection of files in an AIX® Object Data Manager (ODM), may not be easily accessible by the various managed partitions of a computer system. AIX, a UNIX-based operating system, is a registered trademark of International Business Machines, Inc. The AIX ODM is a data manager used for managing a computer system's device configuration information and other system resource information.
A user of a computer system's administrative partition may have the authorization to view and modify the content of a protected file. A protected file is a file containing restricted information. The restricted information is information designated as inaccessible to a user. Restricted information may include, for example, user account information, software/hardware configuration data, financial data, or any other type of data having personal or confidential nature. The protected file may also have unrestricted information that may be presented to one or more users.
A user of a managed software partition, however, may lack the necessary authorization to access the protected file. The user of the managed software partition may be denied access to a protected file for any number of reasons. For example, a managed partition may lack authorization to access a file particular to a different partition, or because system security settings prevent access by the managed partition.
One currently implemented method for giving a user of a managed partition access to a protected file involves providing the managed partition with a copy of the file. However, this method of sharing the protected file often results in the creation of multiple copies of the protected file. The necessity of creating multiple copies of computer files consumes system resources and may lead to the existence of file copies containing different information.
Another currently used method for sharing protected data between partitions of a computer system is providing all managed partitions of a computer system full access to the protected data of the computer system. However, this method of sharing protected data may enable an inexperienced or malicious user to modify a critical system file, thereby crashing the computer system. In addition, full access to the protected files of a computer system may result in the dissemination of sensitive and personal information of the various users.
In yet another currently used method for sharing protected data between partitions of a computer system, users of the various partitions are provided read-only access to the protected files. This solution, however, may allow users to reverse engineer access passwords and gain full access to the protected files.