The present invention generally relates to command file processing systems and methods and command file authorizing systems, and more particularly to command file processing system and method which reject registration of a command which is unauthorized to an operator into a command file when creating the command file and a command file authorizing system which authorizes access to the command file.
Recently, maintenance services for information processing systems are rapidly becoming more advanced and complex. Hence, more advanced skills are required of the maintenance person. On the other hand, the security of the system is also becoming an extremely important factor due to the effects on society.
Accordingly, it is necessary to efficiently carry out the maintenance and also ensure security by using passwords and the like so as to permit access to the system only to authorized person.
Conventionally, in order to ensure security of the system, the authorization to execute a command is restricted by use of the password so that the system is protected from a human fault such as an erroneous operation. In other words, in order to ensure security of the system, each maintenance person has a password known only to him, and the password is first input when inputting the command. The system then judges whether or not a command may be input by use of the password and the command is executed only when the password is authorized to execute the command.
As an effective means for efficiently carrying out a routine maintenance service, there is the command file function which collects a series of commands into one file and executes the commands in a batch. In the case of the command file in which a plurality of commands are collected into one file, it is inconvenient from the point of view of operation to input the password every time each registered command within the command file is to be executed. For this reason, the password is input only once when executing the command file, and the password is successively collated with authorizations of the commands within the command file when executing the commands. Consequently, when a command which is unauthorized by the password is registered within the command file, the execution of this command is rejected even during the execution of the command file.
In addition, some systems have an access level assigned to each command. In other words, commands having certain access levels are only accessible by the password of a skilled person and not by the password of a non-skilled person. In such systems, the command file itself needs to keep, in addition to the authority to execute the commands, the correspondence with the authorized passwords, that is, the authority to execute the command file. In this case, only the password which is registered at the time of creating the command file is authorized to execute the command file, and this command file cannot be executed when the person who created the command file is not present.
According to the prior art, an access level is assigned to each command depending on the importance of the command. For example, an access level which is assigned to a command such as "display" is a non-skilled level which can be executed by anyone, that is, even a non-skilled person is authorized to execute the command having the non-skilled level. On the other hand, an access level which is assigned to a command which corrects or modifies the command of the command file, a command which requires a high-level knowledge, a command which is important from the point of view of security of the system or the like is a skilled level which can only be executed by a skilled person, that is, an authorized person who is authorized to execute the command having the skilled level. The provision of such access levels is essential to maintain the system security, however, various problems are introduced by the provision of such access levels.
For example, when creating a command file of typical daily work, there are cases where a command which can only be executed by a password corresponding to the skilled level is included in the series of work of the command file. In such cases, when this command file is executed by a password corresponding to the non-skilled level, the command which can only be executed by the password corresponding to the skilled level is encountered during the execution of the command file and the execution of this command is unauthorized. As a result, there is a problem in that the work of the command file may be incomplete.
On the other hand, when there is a need to register in the command file a command which can only be executed by the password corresponding to the skilled level, this command file can only be created and be executed by the skilled person. However, the number of skilled persons especially in the case of large scale systems is limited, and there is a problem in that the important but typical daily work may be hindered if the skilled person is not present.