Paula Bell Curtis
Massage Therapy at Parkwood Dr, Fort Collins, CO

6886100, Apr 26, 2005

May 15, 2001

09/855937

Richard D. Harrah - Seattle WA, US
Jeffrey R. Finz - Portland OR, US
Mary Thomas Robb - Fort Collins CO, US
Terence E. Lister - Fort Collins CO, US
Paula B. Curtis - Windsor CO, US
Douglas P. Drees - Fort Collins CO, US

Hewlett-Packard Development Company, L.P. - Houston TX

H04L009/00

713200, 713201

A method and apparatus for managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, are disclosed. Such a method and apparatus may include delegating tools to a user based on a role, wherein a tool provides root access for performing a specific task in the computer system and the role is an authorized role that enables the user to run the delegated tools, identifying one of the plurality of roles to be disabled, wherein the identified role is the authorized role, accessing the identified role, and, disabling the identified role so that the user cannot run the delegated tool(s). Disabled roles may likewise be enabled according to a disclosed method and apparatus. Embodiments of the invention may comprise authorization objects that comprise attributes identifying the roles and machine for which a user is authorized.

2002017, Nov 21, 2002

Apr 5, 2001

09/827150

Carlos Bonilla - Fort Collins CO, US
Douglas Drees - Fort Collins CO, US
Mary Robb - Fort Collins CO, US
Jeffrey Finz - Portland OR, US
Terence Lister - Fort Collins CO, US
Humberto Sanchez - Ft Collins CO, US
Paula Curtis - Windsor CO, US
Richard Harrah - Seattle WA, US

G06F015/163, G06F009/54, G06F009/00, G06F015/16

709/310000, 709/205000

A service control manager (SCM) module may, through a light weight centraized authorization process, assign certain tools to a role so that a non-root user with such role may run the authorized commands specified in the tools as a root user. The usage of these commands is tracked and logged, typically by a log manager who observes each of the commands that are run within the role. If the non-root user tries to run a command that is not assigned to the role, the log manager may block that attempt. Therefore the lightweight authorization may be achieved without compromising security. The user may also be given a finer granularity of running specific commands and options. In addition, the non-root user with the role may only need to be authorized on one node (machine) to be able to perform the commands on multiple nodes.

7093125, Aug 15, 2006

May 8, 2001

09/850793

Mary Thomas Robb - Fort Collins CO, US
Richard D. Harrah - Seattle WA, US
Jeffrey R. Finz - Portland OR, US
Douglas P. Drees - Fort Collins CO, US
Terence E. Lister - Fort Collins CO, US
Paula Curtis - Windsor CO, US

Hewlett-Packard Development Company, L.P. - Houston TX

H04L 9/00, H04L 9/32, H04K 1/00, G06F 7/04, G06F 17/30, G06K 9/00

713166, 713164, 713165, 726 26, 726 27, 726 28

A method and apparatus for delegating root access to non-root users of a computer system while maintaining computer system security are disclosed. Such a method may include authorizing a role for a user, wherein the authorized role includes one or more tools and the tools enable root access for certain tasks that the tools perform when run, whereby the one or more tools are delegated to the user and authorizing a machine of the computer system for the authorized role, wherein the computer system comprises a plurality of machines and the user is enabled to utilize the authorized role only on authorized machines, whereby utilizing the authorized role comprises running the one or more tools of the authorized role. Embodiments of the invention may comprise authorization objects that comprise attributes identifying a user and the roles and machine for which the user is authorized.