A programmable electronic device that processes data may be put to a variety of different uses by a variety of different users who have a variety of different concerns about the data processed by the device. Such a programmable electronic device may be a computerized device on which a variety of different software programs can be executed to do a variety of data processing tasks. Data may take the form of, but is not limited to, voice, audio, or video electronic signals or information. Such devices include personal computers, workstations, servers, laptops, palmtops, cellular phones, telephones, audio equipment, video equipment, and a wide variety of other devices in which different computer programs are stored and launched to perform a variety of data processing jobs. Manufacturers need to control the software usable on such devices. Users sometimes need to tightly control who has access to the processed data, or at least some of the data, and other times wish to exert little or no control.
The complicated task of controlling the software involves making sure the right device gets loaded with the right software, supporting that software, and upgrading that software. When different devices get different software packages, this software becomes difficult and expensive to manage due to the vast number of combinations of software programs and versions of software programs that may be loaded throughout a population of similar devices. Mistakes in knowing which device has or should have which software lead to tremendously increased costs through the distribution of unlicensed software, providing support to unlicensed users, misdirected problem-solving efforts, and the like.
Another aspect of controlling the software involves taking steps to minimize unauthorized uses of software. For example, manufacturers wish to insure that software licensed for use on one device cannot be easily used on a different device.
Controlling access to the device becomes more complex as more users are capable of utilizing the device. If no more than a few users use the device and no communication link or network is available to afford greater access, then users often wish to avoid the burdens of imposing user restrictions on the device. Security may be adequately maintained merely by controlling physical access to the device. However, as more users have access or potential access, then the benefits of imposing user restrictions tend to outweigh the burdens.
In one example, a stand-alone workstation may require no password before access is permitted to the workstation's computer software and data. However, a server available to a number of workstations may require passwords to control access to the server's software and data. In a conventional situation, the server will provide an access-control system that gives an administrator certain permissions that other users or user groups do not have. Such permissions may include the ability to define new users and user groups and the ability to indicate which users and user groups have access to which data and software. Unfortunately, no single access-control system adequately serves this range of needs. Either very little security is provided but greater user flexibility is realized, or more security is provided with significantly reduced user flexibility. It would be advantageous if a single access-control system implemented on a device could serve a wide range of needs.