1. Field of the Invention
The present invention relates to file access control systems and, more particularly to an improved front end system for a file access control system.
2. Description of the Prior Art
In computer systems, control of access to data and program files is often of critical importance in order to maintain file integrity and to provide security for the information in the files. Control of access to files is particularly important in multi-user systems where a plurality of user terminals are connected to shared or distributed resources, such as memory, and where each terminal is capable of performing as a virtual machine with the entirety of the shared resource resident therein.
Any system for file access control will typically have the capability of regulating access when there is the possibility that a file may be altered so that alterations by one user will not be written over by another user when the file is again stored and to provide each user with only the most recent form of the file. File access systems also will typically have the facility to limit access on a "need to know" basis to limit the files to which a given user may have access, or to limit the type of access which can be granted to a user. For example, a user may be denied access to files for which that user has no particular need or, although a particular user may have need for access to information in the file, that user might not have a need to be able to alter the data in that file. As can be readily understood, the reduction of the number of users having the capability of writing to a file can greatly reduce the likelihood that the file may be inadvertently corrupted or that erroneous information will be introduced into the system.
Efficient satisfaction of the above basic requirements of a file access control system necessarily implies some sort of hierarchical division of the shared resource. Such division of the shared resource might be by subject matter, level of sensitivity and degree of confidentiality, or both, at a plurality of levels. Alternatively, the division could be on the basis of individual files. Whatever the hierarchical division might be, it is necessary that each accessible portion of the shared resource include a list of authorized users and the type of access that each may be granted.
For example, in the Resource Access Control Facility (RACF) system, an IBM corporate product program, the shared resource, although possibly physically distributed, can be conceptualized as a master disk and will be so denominated hereinafter. Groups of files therein are divided by subject matter such as individual products, planning, processes, etc. These groups of files form virtual disks, sometimes referred to as mini-disks, which, for purposes of this description are identified by a number. A list of authorized users must exist for each mini-disk.
It should be understood that while the present invention will be described in terms of the RACF system, it is applicable to any system for controlling file access since the basic requirement for any such system is the maintenance of lists of authorized users corresponding to files in the shared resource.
Division of the shared resource in some manner provides a substantial simplification of the access system requirements. For example, it can be readily understood that each list of authorized users of a portion of the resource may potentially contain an entry for each possible user of the system and which can number in the thousands. Therefore, it is not practical to maintain such a list for each file in the system since the size of the list of authorized users might greatly exceed the size of a substantial number of the files. By the same token, each time there is a change in the data concerning any authorized user, each list of authorized users might potentially require updating. On the other hand, the number of lists cannot necessarily be kept small since the division must be made in such a way as to provide the desired degree of selectivity of access since all files in any division corresponding to a single list of authorized users will be accessible to all users contained in that list. Therefore, the number of divisions, for example mini-disks, of the shared resource might well number in the hundreds, presenting a major burden when the user lists must be altered.
This burden is compounded by the fact that, for security, passwords or user ID's and other information for validating access must be changed from time to time. Also, the statistical likelihood of a change being required will increase with the number of users. Moreover, the requirement for alteration of multiple lists increases the likelihood of erroneous or obsolete information remaining in a list of authorized users of the mini-disk. In the known art, all of these operations must be performed by personnel responsible for management of the database or shared resource, requiring substantial amounts of time and numbers of personnel as well as detailed specialized knowledge of the file access control system. Further, updating the lists of authorized users requires access to the system which may limit use by other users of the system. In addition to the time and personnel required to manage changes to lists of authorized users, the lists must be periodically audited or inspected to assure that erroneous or obsolete information is updated or removed and that security and other operating criteria are satisfied, further increasing the burden.
It should be noted that granting access to a mini-disk typically requires either logging on to the owning user ID or another user ID that has an "alter capability" to the mini-disk. "Alter capability" can only exist for an administrator user ID if the user ID is located on the same node as the owning user ID or if the administrator's user ID node has a "single system image" with the owning user ID. "Single system image" can be thought of as a network of nodes, each having access to all of the disk space in the network. This arrangement can only be put in place for nodes having a close proximity to one another. After logging onto the appropriate user ID, the administrator is required to input specific (e.g. RACF) commands to grant or remove access for each user whose access must be changed.
The RACF commands can be issued either against a single user for a mini-disk or against a group of users for a mini-disk. In the event a RACF command is issued against a list of users, the administrator must keep track of the user ID's to be added or deleted. RACF will take the entire list and either add all the user ID's on the list or delete all the user ID's on the list. If an administrator wants to obtain access or delete access for a user ID for several mini-disks, the administrator must issue the appropriate RACF command for each user ID per mini-disk or group of user ID's per mini-disk.
Thus, for the reasons stated, there is a need for an improved file access controller front end for a data processing system which automates or simplifies the tasks of managing, inspecting, controlling, maintaining, and auditing the data processing system and particularly the file access control system thereof.
U.S. Pat. No. 4,588,991 to Atalla discloses an improved file access security method, and a system embodying the method. The reference does not disclose the automation and simplification of the auditing features or system maintenance features of the present invention.
U.S. Pat. No. 4,672,572 to Alsberg discloses an improved file access security device which monitors communication between one or more terminals and a host computer. The reference does not disclose the automation and simplification of the auditing features or system maintenance features of the present invention.
U.S. Pat. No. 5,032,979 to Hecht, et al., discloses an improved file access security system which monitors access to data files, and records access information in an audit trail. The reference does not disclose the automation and simplification of the auditing features or system maintenance features of the present invention.
U.S. patent application, Ser. No. 07/754,923, entitled "Front End for File Access Control System" (IBM docket number FI9-91-044), filed Sep. 4, 1991 by the inventors herein and assigned to the assignee of the present invention, the disclosure of which is herein incorporated by reference, discloses a file access controller comprising a means for detecting invalid and duplicate access authorizations, a means for denying access to the system which is responsive to detection of any of invalid or duplicate access authorizations, and a means for retrieving data describing authorized users, which data is stored within the file access controller. The reference does not disclose the automation and simplification of the auditing features or system maintenance features of the present invention.