METHOD AND APPARATUS FOR CREATING SWITCHABLE DESKTOPS WITH SEPARATE AUTHORIZATIONS

摘要

A system and method for creating switchable desktops each with its own authorization. The system provides a custom authentication and authorization data store that defines permission sets called roles, and lists which roles each user may assume. The system also provides a custom virtual desktop manager that creates new virtual desktops using the permissions defined by roles allowed for each user. When a user requests a new virtual desktop and role from the desktop manager, the manager requests new virtual desktop components from the operating system. The desktop manager intercepts a request by the operating system to the Local Security Authority module for permissions to grant the new virtual desktop. The manager substitutes the user's requested role permissions (if the user may assume the rule) for the permissions granted by the LSA module. The LSA module and operating system grant those role permissions to the user's activities in a newly created virtual desktop.

主权项

1. A system for creating switchable desktops each having a separate user authorization comprising:
a) a custom authentication and authorization (A&A) data store configured to stores roles assigned to each user; b) a custom virtual desktop manager configured to enable creating, switching, and destroying virtual desktops and to specify custom process tokens for each virtual desktop, said process tokens defining different permissions within a single session, and are obtained from a Local Security Authority (LSA) module that requests and assigns process tokens to an executing process; wherein said A&A data store and virtual desktop manager operate cooperatively to generate a plurality of data structures, each representing a virtual desktop with an associated custom process token.