Distributed computing environments are ubiquitous, and databases running within such distributed computing environments are also ubiquitous. While computing models have trended over time (e.g., from centralized computing to multi-processor computing, to networked computing, to clusters and to clouds, etc.), and while security and authorization concerns are trending to be ever more heightened day-by-day, the credentialing process has failed to keep up with these trends. Significant manual work is needed to create each credential, and at the same time, more and more credentials are needed to deal with the trending computing models and granularity of authorizations.
As an example, an enterprise system might be organized as one cluster running many applications as different users. The cluster might require user credentials (e.g., credentials for a user on the operating systems of the cluster) and also applications might require login identification (e.g., screen names and passwords). In another setting, an enterprise installation might be organized as having one client system (e.g., a cluster) serving hundreds of users that run many applications (e.g., accounts payable applications, human resources applications, etc.), and having another system (e.g., a database cluster) to serve hundreds of users (or more) and possibly thousands (or more) different types of separately authorized types of operations (e.g., database operations).
Unfortunately, the credentialing processes needed to authorize these thousands (or more) different types of separately authorized types of operations remains a time-consuming, high-latency, cumbersome and often almost entirely manual set of steps that need to be executed for each user in order to create and manage credentials (e.g., operating system credentials) before the user can fulfill his or her job functions.
Techniques are needed to reduce or eliminate the time-consuming, high-latency, cumbersome and often almost entirely manual set of steps needed to establish operating system credentials. Yet, the aforementioned trends only exacerbate the problems that now exist, namely, that deployment of systems atop current computing models such as in a distributed computing environment supporting many nodes and many operating system users results in a high demand for credential creation.
Some legacy approaches have attempted to partially address the high demand by implementing a mapping between operating system credentials and credentials of a corresponding user such that an application can look up credentials held by the operating system user that is logged into (and running) the application. However, this only partially addresses the high demand since the operating system credentials for a given user still have to be created manually. Worse, a given user might need access to certain operating system rights when running (for example) an accounts payable application, but might not need similar operating system rights when running (for example) a human resources application. In legacy models, each needed operating system credential demands manual intervention to initially create the operating system credential. None of the aforementioned legacy approaches achieve the capabilities of the herein-disclosed techniques for automatically creating secure operating system credentials spanning multiple secure computing environments. Therefore, there is a need for an improved approach.