System and method for recording and applying access privileges in a virtualized environment

摘要

A technique for determining which permissions are required to perform certain administrative tasks efficiently records the required permissions between record and stop signals. An administrator presses a record button on a graphical user interface (GUI) and subsequently enters commands to perform the administrative tasks. After the last command is entered, the administrator presses a stop button on the GUI. Commands need not actually execute between the record and stop signals, but rather permissions for each command need to be recorded by an administration application, which is able to organize sets of permissions as roles. When a given user is associated with a particular role, the user is assigned all permissions for the role. Using this technique, the administrator may delegate administrative tasks to the user without the inefficiencies of conventional trial and error methods.

主权项

1. In a computing system having a plurality of managed objects where a user is required to have permission to perform an administrative task on an object, a method for setting permissions required to perform a specified administrative task, said method comprising:
receiving, at an administrative application of said computing system, a command corresponding to an administrative task to be operated on at least one managed object within the computing system; determining a set of permissions required to perform the command, by said administrative application, in response to receiving the command, wherein said determining comprises receiving said set of permissions from said at least one managed object in response to a query from said administrative application; saving the set of required permissions to a role that can be associated with any user to enable the user to perform the administrative task at a later time, by said administrative application; and associating the saved set of required permissions with the role.