Browse Prior Art Database

Process-Driven Logon And Logoff As Opposed to User-Driven

IP.com Disclosure Number: IPCOM000119279D
Original Publication Date: 1991-Jan-01
Included in the Prior Art Database: 2005-Apr-01
Document File: 3 page(s) / 118K

Publishing Venue

IBM

Related People

Bracht, CJ: AUTHOR [+4]

Abstract

Disclosed is a method that allows OS/2* Database Manager users to delegate database authority to users only within the scope and for the duration of the applications that causes the delegation to occur.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 51% of the total text.

Process-Driven Logon And Logoff As Opposed to User-Driven

      Disclosed is a method that allows OS/2* Database Manager
users to delegate database authority to users only within the scope
and for the duration of the applications that causes the delegation
to occur.

      In OS/2 Database manager there are different resources that can
be protected against unauthorized access.  For a user to be
authorized to access a resource, the user must identify himself to
the system by logging on using an Authorization ID and optionally a
password.  A user has the capability to access resources only if his
Authorization ID has been given the proper privilege to do so.  There
are two administrative authorities in OS/2 Database Manager, SYSADM
and DBADM.  These authorities have a set of privileges covering a set
of resources.  A SYSADM has the highest level of authority followed
by DBADMs.  With these authorities comes the responsibility of
designing, implementing, controlling, monitoring, maintaining, and
securing databases.  In addition to authorities, there exist
individual database privileges which can be granted to various
Authorization IDs.

      In order for a user to perform database function, a minimal
level of authority must be granted to the user's Authorization ID.
There exist database customers with users who need to perform
database functions, but to grant the level of authority needed to
perform the task would compromise the customer's security system
because the users would continue to have authorities they should not
have after the function has been completed. These customers need the
ability to delegate the minimal required authority to users only for
the duration of the database function. For example, the backing up of
databases is a routine event which requires the minimum authority of
DBADM.  For these customers, the ideal solution is to have someone
with less than DBADM authority able to perform the utility.  To do
this, a program is created which performs the following steps:
      1.   LOGON with id having the proper level of authority
           to perform the task.
      2.   Perform the task (for example, BACKUP)
      3.   LOGOFF

      By using the application programming interface to logon, the
logon is active only for the process under which the program executes
and only for the duration of the program.  Thus, the person executing
the program cannot, for example, switch to another process and
perform database operations under the authority of the userid being
used for the program. The following is an example of just such a
program.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "sql.h"
#include "sqlca.h"
#include "sqlcodes.h"
#include "sqlutil.h"
#include "upm.h"
/******************************************************************/

                            (Image Omitted)

 /* */ /* This is a sample program
showing the...