Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information
Temporary object handling system and method in an object based computer operating system
Access control subsystem and method for distributed computer system using compound principals
Server impersonation of client processes in an object based computer operating system
Access restriction facility method and apparatus
Security mechanism for a computer system
Object transferring system and method in an object based computer operating system
Compound principals in access control lists
System for determining the rights of object access for a server process by combining them with the rights of the client process
Access control policies for an object oriented database, including access control lists which span across object boundaries
ApplicationNo. 582270 filed on 01/03/1996
US Classes:707/9, Privileged access707/10, Distributed or remote access709/225, Computer network access regulating709/229, Network resources access controlling713/167Object protection
ExaminersPrimary: Black, Thomas G.
Assistant: Homere, Jean R.
Attorney, Agent or Firm
International ClassG06F 012/14
AbstractA system, method and article of manufacture, for improving object security in an object oriented system, includes one or more processors, a memory system, one or more I/O controllers, each controlling one or more I/O devices, a bus connecting the processors, the memory system and the I/O controllers, an operating system controlling operation of the processors, the memory system and the I/O controllers, and an object oriented control means which includes means for grouping objects which share common access control policies, where an access control list becomes associated with each object group and the policy applicable to the members of the group. An object may be part of multiple groups, and based upon an environment's policy, granting access to the object may be based on a single default object group or on the access granted by the union of all of its object groups.