SECURE USER ACCESS SUBSYSTEM FOR USE IN A COMPUTER INFORMATION DATABASE SYSTEM

摘要

A user access security subsystem of a computer information database system utilizes computer grouping criteria and user type criteria to control user access to both computer profile data and system administrative features. The computer grouping criteria determine profile data access for the respective users. The user type criteria determine which administrative features are accessible to the respective users, and thus, what administrative authority is delegated to the users. The combination of the computer grouping and the user type criteria restricts a given user to exercising the delegated administrative authority only with respect to the particular grouping of computers to which the user has been granted access through the associated login group. To maintain access security, the subsystem allows a given user to grant to another only those access rights that are equal to or more restrictive than the given users rights. Thus, the given user cannot grant access to a login group that is a peer or a superior of his own login group and/or cannot assign a user type that is associated with greater access to system administrative features than his own user type. The user access security subsystem enforces the access restrictions by tailoring the user interface presented to the user based on the associated login group and user type.