Browse Prior Art Database

A Dynamic Access Control Management Subsystem on pSeries Hardware Management Console

IP.com Disclosure Number: IPCOM000103277D
Original Publication Date: 2005-Mar-17
Included in the Prior Art Database: 2005-Mar-17
Document File: 2 page(s) / 39K

Publishing Venue

IBM

Abstract

A pluggable and flexible access control management on the pSeries Hardware Management Console.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

A Dynamic Access Control Management Subsystem on pSeries Hardware Management Console

The previous releases of the pSeries Hardware Management Console (HMC) supports multiple access control based on individual subsystems. A user with a fix authority might be allowed to perform certain tasks on one subsystem but not on the others. It has following limitations:

Users can not modify an existing subsystem's policy or create their own customized access roles.

No access control support for resources instances.

More importantly, vendor with their subsystem installed on HMC, can not have their own access control management recognized by the HMC.

The new implementation of the pSeries Access Control Management (ACM) system is implemented as a daemon (the Daemon), coupled with a library (the API) which serves as a common interface for applications (the Client). When an existing subsystem's access control is updated or a new subsystem's access control is installed on HMC, the Client, through the application programming interface (API), will notify the Daemon so that it can load/refresh the new access control.

Advantage:

The design brings these advantages to the system:

(1) Provides an ACM framework used by different subsystems on the HMC.

(2) Modification to the current access control policy will take effect instantaneously. No HMC reboot is required that could disrupt other operations on the system at the moment.

(3) New subsystems' ACM are pluggable.

New Subsystem's Access Control Pluggin

From applications' perspective, ACM is based on three key attributes:User, Resource, a...