1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular, to a computer implemented method and apparatus for role based access control. Still more particularly, the present invention is related to a computer implemented method and apparatus for automatic activation of roles in a role based access control system.
2. Description of the Related Art
Several kinds of security measures are implemented in data processing systems for preventing unauthorized access to data, applications, or other information. One of the security measures pertains to allowing only users with proper authority to run certain applications or execute certain commands.
In a data processing system, the abilities of users are determined by the roles assigned to the users. A user can be assigned multiple roles. The data processing system evaluates a user's roles in order to determine the authority of the user for performing certain functions. For example, one user may be assigned the role of system administrator, and another user may be assigned a guest role. The data processing system will allow the user with a system administrator role to open operating system files and manipulate roles of other users. In this sense, the data processing system will allow broader access to the user with the system administrator role. On the other hand, the data processing system may only allow the user with the guest role to access public information and access to the Internet, but no access to operating system files or any applications that manipulate roles of other users.
Other roles can be created as needed in a particular data processing system. For example, all users have at least a role of “user”, which implies that the user is an authorized user of the data processing system and has some access to the applications and commands available in the data processing system.
A user may be assigned multiple roles. The user may assume one of the assigned roles when needed, such as to perform a task, run an application, or execute a certain command. Role activation is the assumption of an assigned role and is required before the user can perform the task, run the application, or execute the command.