Role based tool delegation

摘要

A method and apparatus for delegating root access to non-root users of a computer system while maintaining computer system security are disclosed. Such a method may include authorizing a role for a user, wherein the authorized role includes one or more tools and the tools enable root access for certain tasks that the tools perform when run, whereby the one or more tools are delegated to the user and authorizing a machine of the computer system for the authorized role, wherein the computer system comprises a plurality of machines and the user is enabled to utilize the authorized role only on authorized machines, whereby utilizing the authorized role comprises running the one or more tools of the authorized role. Embodiments of the invention may comprise authorization objects that comprise attributes identifying a user and the roles and machine for which the user is authorized.