Portions of this patent document contain material subject to copyright restriction. The copyright owner has no objection to facsimile reproduction of the patent document after grant, as it appears in the U.S. Patent and Trademark Office files or records, but otherwise reserves all rights relating thereto.
This invention relates to apparatus, methods and computer program products used in recording status in and granting access to a computer logging system.
At present, a computer network user has access to certain objects in a management information tree (MIT). Availability of these objects to a given user can be controlled through access control. However, notification of all object and object changes from the management information system (MIS) are recorded into any available log in the system. Thus, even a user that has access to only a limited number of objects in the MIT is made aware of the state of other objects to which the user has no access. Any given log will unrestrictedly record events from objects in the MIT, once an object appears in the MIS. In some situations, this approach is undesirable, or even unacceptable.
A network manager may need flexibility in configuring the system to restrict the access to, or knowledge of, a given object, for a user or a class of users. The manager may also need the flexibility to change the restrictions on access and knowledge applied to a given user from time to time, based on xe2x80x9cneed to knowxe2x80x9d, changing project requirements, and the assumption or relinquishment of new or old responsibilities.
These needs are met by the invention, which associates with each log a list of one or more xe2x80x9cownersxe2x80x9d, users who have access to that log. When an event notification is received, a set of access control rules determines whether a given user has access to the portion of the log where that event information would be placed. This information is recorded in the user""s log if and only if the user""s name is on a list associated with that information. Access control rules are extended to a log, based on the nature of the information recorded in that log. Restriction of user access to a log, as opposed to grant of unlimited access to the log, is controlled by one or more parameters entered at a secure central station.