1. Field of the Invention
The present invention relates to a method for authorizing the execution of processes in a computer system. More particularly, the present invention relates to a method for determining whether a user is authorized to execute a particular process or access particular data in a computer system by determining whether that user is a member of an authorized group or has assumed an authorized role.
2. The Background Art
As computer systems have become more complex and more sophisticated, the need to control access to these systems and to control the execution of processes within these systems has significantly increased.
In order to gain access to a computer system, a user typically enters a user identification and a password. This information is compared against previously stored authorization information, and if the user-entered data matches the stored data, the user is granted access to the system.
Following a user being granted access to the system, system security is often focused on granting or denying the user access to directories and files. One example of such a system is the UNIX.RTM. operating system.
At the time a user is defined by a system administrator of the UNIX.RTM.-based system, the user is assigned a unique user ID and a group ID. Group ID's are often assigned based on common characteristics associated with users. For instance, members of a research group might all be assigned a common group identifier. The user ID and group ID are used when verifying whether a user is authorized to view the contents of a directory, edit a file within a directory, or execute a program.
Under UNIX.RTM., after having passed through the initial access checkpoint using an authorized user ID and password, the user's access to files and programs is based upon the results of a comparison performed by the operating system between the settings contained in a "privilege word" and the user and group ID's associated with the requesting user. Every file and directory in the system has a distinct privilege word associated with it, attributes of which are set by the owner of the file either at the time the file is created, or at any other convenient time.
FIG. 1 is a diagram depicting a typical file access privilege word in a UNIX-based operating system.
Referring to FIG. 1, a file access privilege word 10 shows three 3-bit segments, one each associated with owner 12, group 14, and public 16 access to a file or directory. Read bit 18, if set, grants read access to the owner 12, group 14, or public 16, depending on which segment the read bit 18 is contained within. Correspondingly, write bit 20 and execute bit 22 controls write and execute authority to owner 12, group 14, or the public 16, depending on whether that particular bit is set, and which segment contains the write bit 20 or execute bit 22 in question.
For instance, the bit pattern "110100000" shown in FIG. 1 allows the owner to read or write to the file because read bit 18 and write bit 20 are both set to a "1" in the segment associated with owner 12. Further, because read bit 18 is set to a "1 " in the segment associated with group 14, any member of the group owning the file may read the file. Since no bits are set in the segment associated with public 16, no public access if allowed.
The protection system depicted herein is also used to protect the file system when accessed remotely. Users logging into the system from remote locations are treated in the same manner as those operating from local locations. Thus, the read-write-execute privilege word is utilized network-wide.
While this type of protection which uses a privilege word is suitable for its intended use, it suffers from a lack of flexibility. As organizations become more dependent upon computers for their operations, many different types of users are using these computer systems, each with differing access requirements. It would therefore be beneficial to provide a method for determining a user's authority to execute certain processes in a computer system wherein each user is given a level of access to the system commensurate with the position that user holds within the organization.
A second deficiency in the prior art system described above is that a user may only assume one role, that of a computer user. Access rights for this user is constant. That is, the user receives the same access rights every time the user accesses the system, regardless of the function that user is performing at any given time. For instance, a secretary editing a document would have the same privileges as when that secretary is accessing sensitive information stored in a database. This may result in unintended access and modification of data. It would therefore be beneficial to provide a system wherein a user may assume any one several possible roles, where the role the user chooses upon any given login corresponds to the particular function that user is performing during that particular login session.
A third deficiency in the prior art system described above is that no provision is made for temporary access to files and programs. A user of the prior art system is typically given access by a system administrator, and that access continues until the system administrator manually removes the user from the user list. It would therefore be beneficial to provide a system wherein access by a user to files or program operations may be time limited, thus terminating those access rights automatically at a time previously determined and set by a security administrator.