Today software system developers are providing more efficient automated systems for managing the processing of information from multiple, inter-related applications, wherein the applications may be housed on disparate computer hardware platforms, in diverse locations, and have multiple domains. One concern in processing information from multiple, inter-related applications is security and data integrity.
Many computer hardware systems, including enhanced security versions of UNIX, permit access to files, etc to be controlled by associating with each file a list of the users (and/or groups of users) who are allowed to access the file, with the types of access permitted to each. This list is an example of a security list. For example, a file might have associated with it a security list indicating whether a user is permitted to read, write, or execute the file.
Similarly, computer systems running object-oriented software utilize a security list having an access control list that grants one or more privileges to one or more users on one or more objects. The security list also has a means for confirming that the particular active user has access rights to a particular object before permitting the user to access the object. However, the privilege granted by the security list only pertains to an object located in a particular domain. In order for a user to have the same privilege granted in a different domain, the user must be added to the security list within that domain. Thus prior art security systems require redundant inputs rendering them inefficient and difficult to mange by a global administrator.
Accordingly, there is a need in the art for an improved computer security management system for managing the applications housed on disparate hardware platforms in diverse locations. More specifically, there is a need for a computer security management system having a decentralized approach for managing security that allows a global administrator to define complex privileges containing a set of (privilege, object) pairs that are domain independent. The current invention provides these facilities in various new and novel ways as more fully described below.