公开(公告)号：US20110113474A1

公开(公告)日：2011-05-12

申请号：US12616266

申请日：2009-11-11

申请人： Uma M. Chandolu ,  Yantian T. Lu ,  Puneet Mahajan ,  Ashish Nainwal

发明人： Uma M. Chandolu ,  Yantian T. Lu ,  Puneet Mahajan ,  Ashish Nainwal

IPC分类号： G06F21/20

CPC分类号： G06F21/6218

摘要： A network system loads operating system (OS) software that includes a switch role tool (SRT). The SRT provides the network system with security management capability that employs a hostname attribute within a user role definition. The user role definition provides for user restrictions to database information and other user actions within the network system. During a user login or switch role command, the security management method interrogates the login location or hostname of the login along with the user request. If that login meets the criteria that the network system stores as a user role attribute for that particular user, the network system allows the login request and action. If that login does not meet the criteria that the network system stores as a user role attribute for that user, the network system denies the login request. The network system grants the user an access privilege level that varies with the determined location or hostname from which the user attempts to login.

摘要翻译： 网络系统加载包含交换机角色工具（SRT）的操作系统（OS）软件。 SRT为网络系统提供了在用户角色定义中采用主机名属性的安全管理功能。 用户角色定义提供用户对网络系统内的数据库信息和其他用户操作的限制。 在用户登录或切换角色命令期间，安全管理方法会询问登录名的登录位置或主机名以及用户请求。 如果该登录符合网络系统作为该特定用户的用户角色属性存储的标准，则网络系统允许登录请求和操作。 如果该登录不符合网络系统作为该用户的用户角色属性存储的条件，则网络系统将拒绝登录请求。 网络系统授予用户随着用户尝试登录的确定的位置或主机名而变化的访问权限级别。

公开(公告)号：US08473965B2

公开(公告)日：2013-06-25

申请号：US12764312

申请日：2010-04-21

申请人： Sivarami R. Chaganti ,  Uma M. Chandolu ,  Nikhil Hegde ,  Puneet Mahajan

发明人： Sivarami R. Chaganti ,  Uma M. Chandolu ,  Nikhil Hegde ,  Puneet Mahajan

IPC分类号： G06F13/00

CPC分类号： G06F9/5011 ,  G06F9/4825

摘要： User space applications can utilize custom network protocol timers. A registration request is received from an application to register a custom timer. Responsive to receiving the registration request, a handle is created. The handle is a pointer to be used by the application to reference the custom timer. The handle is forwarded to the application. When a custom timer is required, a request to use a custom timer is received from an application. The kernel is then requested to start the custom timer. A determination is then made as to whether a receipt confirmation is received from the kernel before expiration of the custom timer.

摘要翻译： 用户空间应用程序可以利用定制的网络协议定时器。 从应用程序接收到注册自定义计时器的注册请求。 响应于接收注册请求，创建一个句柄。 该句柄是应用程序用于引用自定义计时器的指针。 把手转发给应用程序。 当需要定制定时器时，从应用程序接收到使用自定义定时器的请求。 然后请求内核启动自定义定时器。 然后确定在定制定时器到期之前是否从内核接收到确认。

公开(公告)号：US08819231B2

公开(公告)日：2014-08-26

申请号：US13324376

申请日：2011-12-13

申请人： Uma M. Chandolu ,  Vidya Ranganathan ,  Lakshmanan Velusamy

发明人： Uma M. Chandolu ,  Vidya Ranganathan ,  Lakshmanan Velusamy

IPC分类号： G06F15/173

CPC分类号： G06F9/468 ,  G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2145

摘要： According to one aspect of the present disclosure, a method and technique for domain based partition and resource group management is disclosed. The method includes: responsive to determining that an operation is being attempted on an object, determining a partition identifier associated with the object; determining a domain identifier associated with a user attempting the operation; determining whether the operation can proceed on the partition based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on the partition based on partition identifiers and domain identifiers; and responsive to determining that the operation on the partition can proceed based on the domain isolation rules, permitting the operation.

摘要翻译： 根据本公开的一个方面，公开了一种用于基于域的分区和资源组管理的方法和技术。 该方法包括：响应于确定正在尝试对对象的操作，确定与该对象相关联的分区标识符; 确定与尝试所述操作的用户相关联的域标识符; 确定操作是否可以基于域隔离规则在分区上继续进行，域隔离规则指示允许或不允许基于分区标识符和域标识符在分区上执行操作的规则; 并且响应于基于域隔离规则确定对分区的操作可以进行，从而允许操作。

公开(公告)号：US20130151704A1

公开(公告)日：2013-06-13

申请号：US13324376

申请日：2011-12-13

申请人： Uma M. Chandolu ,  Vidya Ranganathan ,  Lakshmanan Velusamy

发明人： Uma M. Chandolu ,  Vidya Ranganathan ,  Lakshmanan Velusamy

IPC分类号： G06F15/173

CPC分类号： G06F9/468 ,  G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2145

摘要： According to one aspect of the present disclosure, a method and technique for domain based partition and resource group management is disclosed. The method includes: responsive to determining that an operation is being attempted on an object, determining a partition identifier associated with the object; determining a domain identifier associated with a user attempting the operation; determining whether the operation can proceed on the partition based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on the partition based on partition identifiers and domain identifiers; and responsive to determining that the operation on the partition can proceed based on the domain isolation rules, permitting the operation.

摘要翻译： 根据本公开的一个方面，公开了一种用于基于域的分区和资源组管理的方法和技术。 该方法包括：响应于确定正在尝试对对象的操作，确定与该对象相关联的分区标识符; 确定与尝试所述操作的用户相关联的域标识符; 确定操作是否可以基于域隔离规则在分区上继续进行，域隔离规则指示允许或不允许基于分区标识符和域标识符在分区上执行操作的规则; 并且响应于基于域隔离规则确定对分区的操作可以进行，从而允许操作。

公开(公告)号：US20120131646A1

公开(公告)日：2012-05-24

申请号：US12951134

申请日：2010-11-22

申请人： Uma M. Chandolu ,  Jyoti B. Tenginakai ,  Ranganathan Vidya

发明人： Uma M. Chandolu ,  Jyoti B. Tenginakai ,  Ranganathan Vidya

IPC分类号： G06F21/00

CPC分类号： G06F21/6218 ,  G06F2221/2141

摘要： In a Role Based Access Control (RBAC) system, an additional layer of access control is provided on a per-client basis on a centralized directory or database server. Access to privileged commands that are otherwise accessible by a user under a given role may be restricted by the additional layer of access control, depending on the client under which access is attempted. Thus, a user otherwise authorized to access a privileged command under an assigned role using one client may be restricted from accessing that command from a particular client system, even if another user having the same role is allowed to access that command using another client.

摘要翻译： 在基于角色的访问控制（RBAC）系统中，在集中式目录或数据库服务器上的每个客户端上提供了一个附加的访问控制层。 根据给定角色下的用户可访问的特权命令，可能受到附加访问控制层的限制，具体取决于尝试访问的客户端。 因此，即使允许具有相同角色的另一个用户使用另一个客户端来访问该命令，也可以限制用户使用一个客户端授权访问特定命令的用户使用一个客户机访问该命令。

公开(公告)号：US20110265101A1

公开(公告)日：2011-10-27

申请号：US12764312

申请日：2010-04-21

申请人： Sivarami R. Chaganti ,  Uma M. Chandolu ,  Nikhil Hegde ,  Puneet Mahajan

发明人： Sivarami R. Chaganti ,  Uma M. Chandolu ,  Nikhil Hegde ,  Puneet Mahajan

IPC分类号： G06F9/44 ,  G06F15/16

CPC分类号： G06F9/5011 ,  G06F9/4825

摘要： User space applications can utilize custom network protocol timers. A registration request is received from an application to register a custom timer. Responsive to receiving the registration request, a handle is created. The handle is a pointer to be used by the application to reference the custom timer. The handle is forwarded to the application. When a custom timer is required, a request to use a custom timer is received from an application. The kernel is then requested to start the custom timer. A determination is then made as to whether a receipt confirmation is received from the kernel before expiration of the custom timer.

摘要翻译： 用户空间应用程序可以利用定制的网络协议定时器。 从应用程序接收到注册自定义计时器的注册请求。 响应于接收注册请求，创建一个句柄。 该句柄是应用程序用于引用自定义计时器的指针。 把手转发给应用程序。 当需要定制定时器时，从应用程序接收到使用自定义定时器的请求。 然后请求内核启动自定义定时器。 然后确定在定制定时器到期之前是否从内核接收到确认。