| 摘要 |
Role based authorization in a service control manager (SCM) module may allow a system administrator to delegate responsibility to other users by assigning tool based roles to these users on some system so they have full access to such system. To ensure system security, after receiving a request from a user to run a tool on a set of target nodes, an SCM security manager may need to check whether the user is authorized to run the tool on the target nodes. For every target node requested, the security manager may need to check whether the user is authorized on the node, and whether the user is authorized for one of the tool's enabled roles on the node. If the user is not authorized on each of the nodes requested, or is not authorized for any of the tool's enabled roles, the tool is not runnable by the user.
|
