Subclass 104.1	Subclass 200	Subclass 201
FILE OR DATABASE MAINTENANCE

Mapping database users to operating system users in a computer schema

6816869

Abstract

Described above is a schema extension of the Common Information Model (CIM), designed to model manageable aspects of a database server such as a Structure Query Language (SQL) server. The database schema contains a view of user-related classes of the operating system schema. These classes are in a different namespace than the database schema. The database schema includes associations between its user-related classes and the user-related classes of the operating system. These associations map database users to operating system users.

Claims

What is claimed is:

1. One or more computer-readable media comprising a data structure stored on the computer-readable memory in accordance with a schema, the schema comprising:

an operating system schema that models elements of a computer and its operating system;

a database schema that models elements of a database;

at least one user-related class within the operating system schema that models user-related operating system information;

at least one user-related class within the database schema that models user-related database information; and

one or more associations between the user-related class of the operating system schema and the user-related class of the database schema.

2. One or more computer-readable media as recited in claim 1, wherein the operating system schema and database schema are in different namespaces.

3. One or more computer-readable media as recited in claim 1, wherein the operating system schema is represented as a view within a database schema namespace.

4. One or more computer-readable media as recited in claim 1, wherein the operating system schema is a CIM schema.

5. One or more computer-readable media as recited in claim 1, wherein the database schema is a CIM extension.

6. One or more computer-readable media as recited in claim 1, wherein:

the database schema user-related class comprises a database login class that represents database login properties;

the operating system schema user-related class comprises an operating system account class; and

the one or more associations comprise an association between the database login class and the operating system account class.

7. One or more computer-readable media as recited in claim 1, wherein:

the at least one user-related class of the database schema comprises a database login class that represents database login properties;

the at least one user-related class of the operating schema comprises an operating system user account class and an operating system group account class; and

the one or more associations comprise an association between the database login class and the operating system account class, and between the database login class and the operating system group account class.

8. One or more computer-readable media comprising a data structure stored on the computer-readable memory in accordance with one or more schemas for use in conjunction with an operating system schema, the operating system schema defining a user-related class that represents operating system users, the one or more schemas comprising:

a database schema that models elements of a database;

the database schema defining a user-related class that represents database users;

wherein the users represented by the database schema's user-related class are also represented by the user-related class of the operating system schema; and

an association between the operating system schema user-related class and the database schema user-related class, said association allowing queries that navigate between the operating system schema and the database schema.

9. One or more computer-readable media as recited in claim 8, wherein the operating system schema and database schema are in different namespaces.

10. One or more computer-readable media as recited in claim 8, wherein the operating system schema is represented as a view within a database schema namespace.

11. One or more computer-readable media as recited in claim 8, wherein the operating system schema is a CIM schema.

12. One or more computer-readable media as recited in claim 8, wherein the database schema is a CIM extension.

13. One or more computer-readable media as recited in claim 8, wherein:

the database schema user-related class comprises a database login class; the operating system schema user-related class comprises an operating system account class; and

the one or more associations comprise an association between the database login class and the operating system account class.

14. One or more computer-readable media as recited in claim 8, wherein:

the database schema user-related class comprises a database login class that models database login properties;

the operating system schema has an operating system user account class;

the operating system schema has an operating system group account class; and

the one or more associations comprise an association between the database login class and the operating system account class, and between the database login class and the operating system group account class.

15. A computer programmed to implement a schema, the schema modeling at least portions of the computer, the schema comprising: an operating system schema that models elements of the computer and its operating system;

a database schema that models elements of a database;

wherein the operating schema defines a user-related class that models user-related operating system information;

wherein the database schema defines a user-related class that models user-related database information;

wherein the users represented by the database schema's user-related class are also represented by the user-related class of the operating system schema; and

an association between the operating system schema user-related class and the database schema user-related class, said association allowing queries that navigate between the operating system schema and the database schema.

16. A computer as recited in claim 15, wherein the operating system schema and database schema are in different namespaces.

17. A computer as recited in claim 15, wherein the operating system schema is represented as a view within a database schema namespace.

18. A computer as recited in claim 15, wherein the operating system schema is a CIM schema.

19. A computer as recited in claim 15, wherein the database schema is a CIM extension.

20. A computer as recited in claim 15, wherein the operating system schema is a CIM schema and the database schema is a CIM extension.

21. A computer as recited in claim 15, wherein:

the database schema user-related class comprises a database login class;

the operating system schema user-related class comprises an operating system account class; and

the one or more associations comprise an association between the database login class and the operating system account class.

22. A computer as recited in claim 15, wherein:

the database schema user-related class comprises a database login class that models database login properties;

the operating system schema has an operating system user account class; the operating system schema has an operating system group account class; and

the one or more associations comprise an association between the database login class and the operating system account class, and between the database login class and the operating system group account class.

23. A method of computer and database management, comprising:

modeling an operating system with an operating system schema in a first namespace;

modeling a database with a database schema in a second namespace;

representing user-related operating system information by an user-related operating system class in the operating system schema;

representing user-related database information by a user-related database class in the database schema;

creating a view of the operating system schema within the second namespace; and

creating an association in the second namespace between the operating system user-related class and the database user-related class, said association allowing queries that navigate between the operating system file class and the database file class.

24. A method as recited in claim 23, wherein the operating system schema is a CIM schema.

25. A method as recited in claim 23, wherein the database schema is a CIM extension.

26. A method as recited in claim 23, wherein the operating system schema is a CIM schema and the database schema is a CIM extension.

Description

TECHNICAL FIELD

This invention relates to databases, database management systems, and database management schemas.

BACKGROUND

Database management systems (DBMS) are core components of virtually every enterprise (e-business) application. The ability to effectively configure, monitor, and manage a DBMS is critical to the success of enterprise applications.

Most DBMSs are designed for compatibility with relational databases. A relational database comprises a plurality of tables. Each table has a plurality of data records (rows) and each table includes a definition of the fields (columns) that the records will contain. A relational database includes the specification of relationships between fields of different tables. A DBMS performs common management tasks such as creating databases, adding tables, replication management, data backup, etc.

The Desktop Management Task Force (DMTF) Common Information Model (CIM) is an approach to the management of systems, software, users, and networks that applies the basic structuring and conceptualization techniques of the object-oriented paradigm. More specifically, the purpose of CIM is to model various computer-related systems--both hardware and software. It is important to recognize that object-oriented modeling is different from object-oriented programming.

This type of modeling uses schemas to represent systems. A schema is an abstraction of something that exists in the real world. Generally, a schema comprises a collection of classes and associations.

A class models a set of objects that have similar properties and fulfill similar purposes. In a database management schema, for example, individual classes might define such things as files, users, tables, etc.

Classes follow a hierarchical structure. Classes can have subclasses, also referred to as specialization classes. The parent class of a subclass is referred to as a superclass or a generalization class. A class that does not have a superclass is referred to as a base class.

A typical schema might comprise a collection of different schemas, which in this case can also be referred to as subschemas. Such subschemas are often located in various different namespaces. A namespace is simply a way to logically group related data. Within a given namespace, all names are unique. Within the following disclosure, the terms "schema" and subschema are used interchangeably.

A subclass inherits properties of its superclass. All properties and methods of a superclass apply to the subclass.

It is conventional to represent a class by a rectangle containing the name of the class. FIG. 1 shows an example. A class with properties is represented by a rectangle divided into two regions as in FIG. 2, one containing the name of the class and the other a list of properties. Inheritance, or a subclass/superclass relationship, is represented by a line drawn between the subclass and the superclass, with an arrow adjacent to the superclass indicating the superclass. Lines representing inheritance are shown in FIG. 3, indicated by reference numeral 10.

Classes contain instances that are collections of values that conform to the type established by the class. Instances are identified by keys that are unique within the class. In other words, no two instances in the same class in the same namespace may have the same values for all of their key values. The term "object" may be used to refer to either an instance or a class.

An association represents a relationship between two or more objects. More specifically, an association is a mechanism for providing an explicit mapping between classes. Associations can be within a namespace or across namespaces. Associations are conventionally shown as a line between two classes, as indicated by reference number 12 in FIG. 3.

CIM schemas describe the gamut of managed elements: servers and desktops (operating systems, components, peripherals, and applications, all layers of the network (from Ethernet switches to IP and HTTP connections), and even end-users. Schema properties model the attributes that apply to objects, such as the type of printer or storage medium, RAM and CPU capacity, storage capacity, etc.

The discussion above gives a general overview of object-oriented modeling and CIM. Please refer to Winston Vumpus, John W. Sweitzer, Patrick Thompson, Andrea R. Westerinin, and Raymond C. Williams; Common Information Model, John Wiley & Sons, Inc., New York (2000) for further information regarding CIM. Also refer to Common Information Model (CIM) Specification, V2.0, Mar. 3, 1998, available from the Distributed Management Taskforce. DMTF has a number of other resources on its Internet web site.

SUMMARY

Described below is a system management schema that incorporates an operating system schema or subschema and a database schema or subschema. Within the system management schema, the database schema is in its own namespace and includes several classes, the most pertinent classes comprising an account superclass, a user class, and a login class. The operating system schema resides in another namespace within the system management schema. The a operating system schema includes an account superclass, a user account subclass, and a group account subclass.

Associations are made between the database login class and the operating system account subclasses. This allows database users to be mapped to operating system users.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1-3 illustrate CIM drawing conventions.

FIG. 4 is a block diagram showing components of a typical computer.

FIG. 5 illustrates an operating system and its computer management component, along with a schema that models the computer and operating system.

FIG. 6 shows portions of a database management schema, which contains a view of operating system classes.

DETAILED DESCRIPTION

The following description sets forth a specific embodiment of a portion of a computer system management schema. This embodiment incorporates elements recited in the appended claims. The embodiment is described with specificity in order to meet statutory requirements. However, the description itself is not intended to limit the scope of this patent. Rather, the inventors have contemplated that the claimed invention might also be embodied in other ways, to include different elements or combinations of elements similar to the ones described in this document, in conjunction with other present or future technologies.

FIG. 4 illustrates an example of a suitable operating environment 18 in which the invention may be implemented. The operating environment 18 is a computer, which is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality of the invention. Other well known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to, personal computers, server computers, hand-held or laptop devices, multiprocessor systems, micro-processor system, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.

The functionality of the computer is embodied in many cases by computer-executable instructions, such as program modules, that are executed by the computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Tasks might also be performed by instructions from remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media 28.

Computer 18 typically includes a variety of computer-readable media. Computer-readable media can be any available media that can be accessed by computer 18 and includes both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computer 18. Communication media typically embodies computer-readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term "modulated data signal" means a signal that has one or more if its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.

The instructions and/or program modules reside at different times in the various computer-readable media available to the computer. Programs are typically distributed on some type of removable and/or remote media, or by a server on some form of communication media. From there, they are installed or loaded into the secondary disk memory of a computer. At execution, they are loaded at least partially into the computer's primary electronic memory. The invention described herein includes these and other various types of computer-readable media when such media contain instructions programs, and/or modules for implementing the operations described below in conjunction with a microprocessor or other data processors. The invention also includes the computer itself when programmed according to the operations described below.

For purposes of illustration, programs and other executable program components in are illustrated in FIG. 4 as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of the computer, and are executed by the data processor(s) of the computer.

As shown in FIG. 4, computer 18 typically includes a processing unit 22 and internal computer-storage media 24. The computer may also have other non-removable storage 26 and removable storage 28. Device 20 may have input/output devices 30 and 32 such as a keyboard, mouse, stylus, display device, sound card, etc. In addition, the device might include network connections 34 to other devices, computers, networks, servers, etc. using either wired or wireless media. All these components are well known in the art and need not be discussed at length here. Many other components might also be present.

FIG. 5 is a logical representation of pertinent executable components and data structures relating to an operating system's management infrastructure. The elements shown in FIG. 5 might be maintained in a single computer, or might be maintained in a plurality of computers. They reside in various types of computer-readable memory. It should be noted that parts or all of the system might be implemented by something other than a conventional computer.

The example shown by FIG. 5 includes an operating system 35. The "Windows" brand of operating systems, available from Microsoft Corporation of Redmond, Wash., is one example of a suitable operating system.

The "Windows 2000" operating system includes a service known as "Windows Management Instrumentation" (WMI) 36. WMI is a management infrastructure for managing the operating system, applications, and computer hardware. It includes Microsoft's implementation of the Web-Based Enterprise Management (WBEM) initiative, an industry standard administered by the Distributed Management Task Force (DMTF). WMI provides an object-oriented way of monitoring, configuring and controlling systems, services, and applications on the Windows platform. WMI objects consist of classes and instances of classes. The WMI classes may be derived from standard classes defined in the Common Information Model (CIM). WMI provides services such as SQL query language support and programmable event notification.

To support CIM, WMI maintains a system management schema definition 37. In many cases, schema definition 37 is stored in the WMI repository. The schema contains a definition of the classes, along with the properties and methods of these classes. The classes in a schema may be declared in one or more namespaces.

System management schema 37 includes an operating system schema or subschema 38 that represents manageable components of a computer's operating system. The system management schema and its operating system subschema conform to the CIM definition, and possibly include CIM extensions or extension schemas. The namespace containing the operating schema 38 will be referred to herein as the operating system namespace.

In addition to the operating system schema 38, the inventors have developed a database schema or subschema 40 for use in conjunction with or as part of the system management schema 37 of WMI (or other management systems) to represent manageable components of an SQL (Structured Query Language) server. In particular, the database schema 40 represents components of the "Microsoft SQL Server," although a schema such as this can also support other databases.

The database schema 40 represents managed database objects such as tables, files, configuration data, and other logical components. The database schema is located in its own namespace, which will be referred to herein as the database namespace.

FIG. 6 shows portions of database schema 40. The classes shown in FIG. 6 relate to files that are maintained by the operating system and by the managed database.

FIG. 6 shows only the pertinent classes and associations within the database namespace. The database namespace also includes other classes and associations (not shown) that are not pertinent to the invention. In addition, pertinent CIM or operating system classes from operating system schema 38 are represented in database management schema 40 by creating a "view," in the database namespace, of the appropriate operating system or CIM classes. A view is a mechanism by which one can "mirror" a class and its instances from another namespace. Creating views allows one to define associations and dependencies between CIM classes, without requiring cross-namespace association capabilities. Database management schema 40 includes classes related to the database itself. These classes are prefixed in FIG. 6 with "DB" and are part of a CIM extension. In addition, a view of certain parts of operating system schema 38 is created within namespace 42. Of these, FIG. 6 shows those operating system schema classes related to computer and/or operating system users. These classes are prefixed with "OS" (equivalent classes in the Windows operating system are prefixed by "Win32").

The illustrated database-related classes include (a) a database class 46 (DB_Database), (b) a database user class 48 (DB_User), and (c) a database login class 50 (DB_Login). These are user-related classes that model information used for authentication of database users.

Database class 46, referred to as the DB_Database class in FIG. 6, represents instances of databases. Each database defines its owner and which users are allowed to access the database. An example of a database class defines properties, methods, and associations as follows:

Properties

string Caption

Access Type: Read-only

Description: The Caption property is a short textual description (one-line string) of the object.

Maximum Length: 64

string Collation

Access Type: Read/Write

Description: The Collation property specifies the column-level collation of a string datatype in the database. A Collation setting for a Database object overrides the default collation specified in the model database. All tables in the database then inherit the Collation setting.

SQL Server 2000 only

uint32 CompatibilityLevel

Access Type: Read/Write

Description: The CompatibilityLevel property controlsMicrosoft.RTM. SQL Server.TM. behavior, setting behavior to match either the current or earlier version (default is 70).

                Value              Description
                  0                Unknown
                  60               SQL Server 6.0
                  65               SQL Server 6.5
                  70               SQL Server 7.0
                  80               SQL Server 2000

datetime CreateDate

Access Type: Read-only

Description: The CreateDate property indicates the time and date on which the database was created. Note that creation date may be different from the install date in cases where the object is created in one place and then installed elsewhere.

boolean CreateForAttach

Access Type: Read-only

Description: The CreateForAttach property controls database file creation and specifies whether a database is attached from an existing set of operating system files.

uint32 DatabaseStatus

Access Type: Read-only

Description: The DatabaseStatus property reflects the current operational status on the database. The database is inaccessible when the status is Loading, Offline, Recovering or Suspect.

                 Value               Description
                   0                 Normal
                   32                Loading
                  192                Recovering
                  256                Suspect
                  512                Offline
                  1024               Standby
                 32768               Emergency Mode

string Description

Access Type: Read-only

Description: The Description property provides a textual description of the object.

boolean FullTextEnabled

Access Type: Read-only

Description: The FullTextEnabled property is TRUE when the referenced database has been selected for participation in Microsoft.RTM. Search full-text queries.

datetime InstallDate

Access Type: Read-only

Description: The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

[key] string Name

Access Type: Read-only Description: The Name property defines the label by which the object is known.

string PrimaryFilePath

Access Type: Read-only

Description: ThePrimaryFilePath property returns the path and nameof the operating system directory containing the primary file for the database.

sint32 Size

Access Type: Read-only

Description: The Size property exposes the total size, in megabytes, of the database.

Units: MegaBytes

sint32 SpaceAvailable

Access Type: Read-only

Description: The SpaceAvailable property returns the amount of disk resource allocated in kilobytes and unused in operating systemfiles implementingMicrosoft.RTM. SQL Server.TM. database storage.

[key] string SQLServerName

Access Type: Read-only

Description: The SQLServerName property indicates the name of the SQL Server.TM. installation that the database is a part of.

Maximum Length: 128

string Status

Access Type: Read-only

Description: The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are "OK", "Degraded" and "Pred Fail". "Pred Fail" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are "Error", "Starting", "Stopping" and "Service". The latter, "Service", could apply during mirror re-silvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.

Values are: "OK", "Error", "Degraded", "Unknown", "Pred Fail", "Starting", "Stopping", "Service"

Maximum Length: 10

boolean SystemObject

Access Type: Read-only

Description: The SystemObject property indicates whether the object is owned by Microsoft.RTM.. A value of TRUE indicates that the object implementation is owned by Microsoft.RTM..

sint32 Version

Access Type: Read-only

Description: The Version property returns a system-specified integer identifying the version of Microsoft.RTM. SQL Server.TM. used to create the referenced database.

Methods

    Method Name              Description
    CheckAllocations         The CheckAllocations method scans
                             all pages of the referenced
                             Microsoft .RTM. SQL Server .TM.
                             database, testing pages to
                             ensure integrity.
    CheckCatalog             The CheckCatalog method tests
                             the integrity of the catalog
                             of the referenced database.
    CheckIdentityValues      The CheckIdentityValues method
                             verifies the integrity of all
                             identity columns in tables of
                             the referenced database.
    Checkpoint               The Checkpoint method forces a
                             write of dirty database pages.
    CheckTables              The CheckTables method tests
                             the integrity of database pages
                             implementing storage for all
                             tables and indexes defined on
                             the tables of the database.
    CheckTablesDataOnly      The CheckTablesDataOnly method
                             tests the integrity of database
                             pages implementing storage for
                             all tables in the referenced database.
    Create                   The Create method is used to
                             create a new database.
    DisableFullTextCatalogs  The DisableFullTextCatalogs
                             method suspends Microsoft .RTM.
                             Search full-text catalog
                             maintenance on the database.
    EnableFullTextCatalogs   The EnableFullTextCatalogs method
                             enables Microsoft .RTM. Search
                             full-text indexing on the referenced
                             Microsoft .RTM. SQL Server .TM.
                             database.
    EnumerateStoredProcedures The EnumerateStoredProcedures
                             method searches stored procedures
                             and returns those that contain
                             a specified string.
    ExecuteImmediate         The ExecuteImmediate method allows
                             any SQL Server .TM. command to be
                             executed, as long as the command
                             doesn't return result sets.
    FullTextIndexScript      The FullTextIndexScript method
                             returns a Transact-SQL command
                             batch enabling Microsoft .RTM.
                             Search full-text indexing on
                             a database or table.
    IsValidKeyDatatype       The IsValidKeyDatatype method
                             returns TRUE when the data
                             type specified can participate
                             in a PRIMARY KEY or FOREIGN
                             KEY constraint.
    RecalcSpaceUsage         The RecalcSpaceUsage method
                             forces the update of data
                             reporting the disk resource
                             usage of the referenced
                             Microsoft .RTM. SQL Server .TM.
                             database.
    RemoveFullTextCatalogs   The RemoveFullTextCatalogs method
                             drops all Microsoft .RTM. Search
                             full-text catalogs supporting
                             full-text query on a Microsoft .RTM.
                             SQL Server .TM. database.
    Rename                   The Rename method is used to
                             rename the database instance.
    Shrink                   The Shrink method attempts to
                             reduce the size of all operating
                             system files maintaining the
                             database.
    Transfer                 The Transfer method copies database
                             schema and/or data from one
                             Microsoft .RTM. SQL Server .TM.
                             database to another.
    UpdateIndexStatistics    The UpdateIndexStatistics method
                             forces data distribution statistics
                             update for all indexes on user-
                             defined tables in the referenced
                             Microsoft .RTM. SQL Server .TM. database.

Associations (only associations shown in FIG. 6 are listed)

DB_Database is associated to DB_Login as the Container property of a DB_DatabaseLogin association 53.

User class 48 represents database users. This class exposes the attributes of a single database user. The properties, associations, and methods of this class, referred to as the "DB_User" class, are listed below.

Properties

string Caption

Access Type: Read-only

Description: The Caption property is a short textual description (one-line string) of the object.

Maximum Length: 64

[key] string DatabaseName

Access Type: Read-only

Description: The DatabaseName property indicates the name of the database that the user is a part of.

Maximum Length: 128

string Description

Access Type: Read-only

Description: The Description property provides a textual description of the object.

datetime InstallDate

Access Type: Read-only

Description: The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

[key] string Name

Access Type: Read-only

Description: The Name property defines the label by which the user is known.

[key] string SQLServerName

Access Type: Read-only

Description: The SQLServerName property indicates the name of the SQL Server.TM. installation that the object is a part of.

Maximum Length: 128

string Status

Access Type: Read-only

Description: The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are "OK", "Degraded" and "Pred Fail". "Pred Fail" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are "Error", "Starting", "Stopping" and "Service". The latter, "Service", could apply during mirror re-silvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.

Values are: "OK", "Error", "Degraded", "Unknown", "Pred Fail", "Starting", "Stopping", "Service"

Maximum Length: 10

boolean SystemObject

Access Type: Read-only

Description: The SystemObject property indicates whether the object is owned by Microsoft.RTM.. A value of True indicates that the object implementation is owned by Microsoft.RTM..

Methods

        Method Name     Description
        Create          The Create method is used to create a new user.

Associations (only associations shown in FIG. 6 are listed)

DB_User is associated to DB_Login as the Dependent property of a

DB_UserLogin association 55.

Login class 50 represents the login authentication records present in a database server installation. The properties, associations, and methods of this class, referred to as the "DB_login" class, are listed below.

Properties

string Caption

Access Type: Read-only

Description: The Caption property is a short textual description (one-line string) of the object.

Maximum Length: 64

string Description

Access Type: Read-only

Description: The Description property provides a textual description of the object.

datetime InstallDate

Access Type: Read-only

Description: The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

string Language

Access Type: Read/Write

Description: The Language property indicates the language used for a client connection using the login.

[key] string Name

Access Type: Read-only

Description: The Name property defines the label by which the object is known. In order to use Windows NT authentication, the name of the login must be a valid NT account name in the form .backslash..backslash.ServerName.backslash.UserName.

[key] string SQLServerName

Access Type: Read-only

Description: The SQLServerName property indicates the name of the SQL Server.TM. installation that the object is a part of.

Maximum Length: 128

string Status

Access Type: Read-only

Description: The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are "OK", "Degraded" and "Pred Fail". "Pred Fail" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are "Error", "Starting", "Stopping" and "Service". The latter, "Service", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.

Values are: "OK", "Error", "Degraded", "Unknown", "Pred Fail", "Starting", "Stopping", "Service"

Maximum Length: 10

boolean SystemObject

Access Type: Read-only

Description: The SystemObject property indicates whether the object is owned by Microsoft.RTM.. A value of True indicates that the object implementation is owned by Microsoft.RTM..

Methods

          Method Name       Description
          GetUserName       The GetUserName method returns the
                            database user used by the referenced
                            login, when a connection using that
                            login accesses the specified database.
          SetPassword       The SetPassword method is used to
                            set the password for a login that
                            uses SQL Server .TM. authentication.

Associations (only associations shown in FIG. 6 are listed)

DB_Login is associated to DB_User as the Antecedent property of a DB_UserLogin association 55.

DB_Login is associated to DB_Database as the contained property of a DB_DatabaseLogin association 53.

Database/login association 53, between database class 46 and login class 50, associates a database instance with the login record that owns the database. Login/user association 55, between user class 48 and login class 50, associates individual users with different login records.

The operating system portion of the schema, a view of which is contained within the database management schema 40, comprises one or more classes: an operating system account superclass 52, an operating system group account class 54, and an operating system user account class 56. These are user-related account classes that model information used by the operating system to authenticate computer users. The "Windows 2000" operating system is an example of an operating system that authenticates users. Each authorized user has a specific operating system account, and optionally belongs to a specific operating system group of users. Operating system privileges are granted either to individual user accounts or to groups of users.

The operating system account class 52 contains information about user accounts and group accounts known to the operating system. User or group names recognized by an operating system are descendents (or members) of this class. The Windows implementation of this class is called "OS_Account." Its properties and associations are listed below:

Properties

string Caption

Access Type: Read-only

Description: The Caption property is a short textual description (one-line string) of the object.

Maximum Length: 64

string Description

Access Type: Read-only

Description: The Description property provides a textual description of the object.

[key] string Domain

Access Type: Read-only

Description: The Domain property indicates the name of the Windows domain to which a group or user belongs. Example: NA-SALES

datetime InstallDate

Access Type: Read-only

Description: The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

[key] string Name

Access Type: Read-only

Description: The Name property indicates the name of the OS system account on the domain specified by the Domain member of this class.

string SID

Access Type: Read-only

Description: The SID property contains the security identifier (SID) for this account a SID is a string value of variable length used to identify a trustee. Each account has a unique SID issued by an authority (such as a Windows domain), stored in a security database. When a user logs on, the system retrieves the user's SID from the database and places it in the user's access token. The system uses the SID in the user's access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot be used again to identify another user or group.

uint8 SIDType

Access Type: Read-only

Description: The SIDType property contains enumerated values that specify the type of security identifier (SID).

    Value Description            Explanation
      1   SidTypeUser            Indicates a user SID.
      2   SidTypeGroup           Indicates a group SID.
      3   SidTypeDomain          Indicates a domain SID.
      4   SidTypeAlias           Indicates an alias SID.
      5   SidTypeWellKnownGroup  Indicates a SID for a well-known
                                 group.
      6   SidTypeDeletedAccount  Indicates a SID for a deleted account.
      7   SidTypeInvalid         Indicates an invalid SID.
      8   SidTypeUnknown         Indicates an unknown SID type.
      9   SidTypeComputer        Indicates a SID for a computer.

string Status

Access Type: Read-only

Description: The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are "OK", "Degraded" and "Pred Fail". "Pred Fail" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are "Error", "Starting", "Stopping" and "Service". The latter, "Service", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.

Values are: "OK", "Error", "Degraded", "Unknown", "Pred Fail", "Starting", "Stopping", "Service"

Maximum Length: 10

Associations (only associations shown in FIG. 6 are listed)

OS_Account is associated to OS_Group as the PartComponent property of an OS_GroupUser association 61.

The operating system group account class 54 represents data about a group account in the operating system. A group account allows access privileges to be changed for a list of users. Shown below are the properties and associations of a Windows implementation of account class 52, named "OS_Group":

Properties

string Caption

Access Type: Read-only

Description: The Caption property is a short textual description (one-line string) of the object.

Maximum Length: 64

string Description

Access Type: Read-only

Description: The Description property provides a textual description of the object.

[key] string Domain

Access Type: Read-only

Description: The Domain property indicates the name of the Windows domain to which the group account belongs. Example: NA-SALES

datetime InstallDate

Access Type: Read-only

Description: The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

[key] string Name

Access Type: Read-only

Description: The Name property indicates the name of the OS group account on the domain specified by the Domain member of this class.

string SID

Access Type: Read-only

Description: The SID property contains the security identifier (SID) for this account. a SID is a string value of variable length used to identify a trustee. Each account has a unique SID issued by an authority (such as a Windows domain), stored in a security database. When a user logs on, the system retrieves the user's SID from the database and places it in the user's access token. The system uses the SID in the user's access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot be used again to identify another user or group.

uint8 SIDType

Access Type: Read-only

Description: The SIDType property contains enumerated values that specify the type of security identifier (SID).

    Value Description            Explanation
      1   SidTypeUser            Indicates a user SID.
      2   SidTypeGroup           Indicates a group SID.
      3   SidTypeDomain          Indicates a domain SID.
      4   SidTypeAlias           Indicates an alias SID.
      5   SidTypeWellKnownGroup  Indicates a SID for a well-known
                                 group.
      6   SidTypeDeletedAccount  Indicates a SID for a deleted account.
      7   SidTypeInvalid         Indicates an invalid SID.
      8   SidTypeUnknown         Indicates an unknown SID type.
      9   SidTypeComputer        Indicates a SID for a computer.

       Bit
    Position  Description       Explanation
        8     Temporary duplicate Local user account for users whose
              account           primary account is in another
                                domain. This account provides user
                                access to this domain, but not to any
                                domain that trusts this domain.
        9     Normal account    Default account type that
                                representing a typical user.
       11     Interdomain       Account is for a system domain that
              trust account     trusts other domains.
       12     Workstation       This is a computer account for a
              trust account     Windows NT/Windows 2000
                                machine that is a member of this
                                domain.
       13     Server trust      Account is for a system backup
              account           domain controller that is a member
                                of this domain.

string Caption

Access Type: Read-only

Description: The Caption property is a short textual description (one-line string) of the object.

Maximum Length: 64

string Description

Access Type: Read-only

Description: The Description property provides a textual description of the object.

boolean Disabled

Access Type: Read-only

Description: The Disabled property determines whether the OS user account is disabled. Values: TRUE or FALSE. If TRUE, the user account is disabled.

[key] string Domain

Access Type: Read-only

Description: The Domain property indicates the name of the Windows domain to which the user account belongs. Example: NA-SALES

string FullName

Access Type: Read-only

Description: The FullName property indicates the full name of the local user. Example: Thomas Williams

datetime InstallDate

Access Type: Read-only

Description: The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

boolean Lockout

Access Type: Read-only

Description: The Lockout property determines whether the user account is locked out of the OS system. Values: TRUE or FALSE. If TRUE, the user account is locked out.

[key] string Name

Access Type: Read-only

Description: The Name property indicates the name of the OS user account on the domain specified by the Domain member of this class. Example: thomasw

boolean PasswordChangeable

Access Type: Read-only

Description: The PasswordChangeable property determines whether the password on the OS user account can be changed. Values: TRUE or FALSE. If TRUE, the password can be changed.

boolean PasswordExpires

Access Type: Read-only

Description: The PasswordExpires property determines whether the password on the OS user account will expire. Values: TRUE or FALSE. If TRUE, the password will expire.

boolean PasswordRequired

Access Type: Read-only

Description: The PasswordRequired property determines whether a password is required on the OS user account. Values: TRUE or FALSE. If TRUE, a password is required.

string SID

Access Type: Read-only

Description: The SID property contains the security identifier (SID) for this account. a SID is a string value of variable length used to identify a trustee. Each account has a unique SID issued by an authority (such as a Windows domain), stored in a security database. When a user logs on, the system retrieves the user's SID from the database and places it in the user's access token. The system uses the SID in the user's access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot be used again to identify another user or group.

uint8 SIDType

Access Type: Read-only

The SIDType property contains enumerated values that specify the type of security identifier (SID).

    Value Description            Explanation
      1   SidTypeUser            Indicates a user SID.
      2   SidTypeGroup           Indicates a group SID.
      3   SidTypeDomain          Indicates a domain SID.
      4   SidTypeAlias           Indicates an alias SID.
      5   SidTypeWellKnownGroup  Indicates a SID for a well-known
                                 group.
      6   SidTypeDeletedAccount  Indicates a SID for a deleted account.
      7   SidTypeInvalid         Indicates an invalid SID.
      8   SidTypeUnknown         Indicates an unknown SID type.
      9   SidTypeComputer        Indicates a SID for a computer.

string Status

Access Type: Read-only

The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are "OK", "Degraded" and "Pred Fail". "Pred Fail" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are "Error", "Starting", "Stopping" and "Service". The latter, "Service", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.

Values are: "OK", "Error", "Degraded", "Unknown", "Pred Fail", "Starting", "Stopping", "Service"

Maximum Length: 10

User account class 56 and group account class 54 are subclasses of operating system account superclass 52.

In addition to the associations listed above, the inventors have discovered that it would be advantageous to associate database user logins with operating system users or groups. To that end, they have created associations between the two schemas: an association 60 that maps operating system user accounts 56 to their database logins 50, and an association 62 that maps operating system groups 54 to their database logins 50. More specifically, DB_Login is associated to OS_UserAccount as the Dependent property of a DB_LoginOSUserAccount association 60. DB_Login is associated to OS_Group as the Dependent property of a DB_LoginOSGroup association 62.

Furthermore, the system management schema 37 appropriately models a database in which users can login using two different types of authentication: OS authentication or database server authentication. This is controlled by a property of DB_Database class 46 called "Type":

uint32 Type

Access Type: Read/Write

Description: The Type property indicates the type of authentication used. The authentication can be NT authentication, or SQL Server.TM. authentication. For NT authentication, the login can use the name of a user or a group.

             Value           Description
               0             Other NT User Authentication
               1             NT Group Authentication
               2             SQL Server .TM. Authentication

DB_Database class 46 includes a further property, called "DenyNTLogin", that indicates the ability to access to a SQL Server.TM. installation for login records identifying Windows NT users or groups:

boolean DenyNTLogin

Access Type: Read/Write

Description: The DenyNTLogin property indicates the ability to access to a SQL Server.TM. installation for login records identifying Windows NT users or groups. When True, any Windows NT authenticated connection attempt specifying the user or group name fails authentication. When False, the Windows NT user or group is allowed access to the SQL Server.TM. installation on which the login is defined. Use DenyNTLogin to specifically deny access to Windows NT users and groups.

Because of association 60 and 62, the WMI management system is able to addresses the potential difficulties of using disparate mechanisms to manage different applications. For example, in order to manage an enterprise, one needs to manage not only the database server, but also the operating system running on the machines, the e-mail servers, the web servers, etc. In order to deploy a reliable system that includes all such components, one needs the ability to manage and troubleshoot across these applications. Having a common interface for each of these components and allowing system administrators (as well as third party management applications) to seamlessly navigate from one subsystem to another, is a huge leap in making an enterprise more manageable.

Specifically, the schemas described above allow a system administrator to submit queries that map between users defined in databases, and users defined in the operating system. This type of information greatly improves the efficiency with which a system can be managed.

Although details of specific implementations and embodiments are described above, such details are intended to satisfy statutory disclosure obligations rather than to limit the scope of the following claims. Thus, the invention as defined by the claims is not limited to the specific features described above. Rather, the invention is claimed in any of its forms or modifications that fall within the proper scope of the appended claims.

Inventors
Kagalwala, Raxit A.; Wohlferd, David P.;
Assignee
Microsoft Corporation (Redmond, WA)
Published
Nov-9-2004
Current US Classes:
707/103R
707/104.1
707/200
Application #
789328
International Classes
G06F 017/30
Field of Search
707/103 707/200 707/104.1 707/100 707/104 707/10 709/217
Examiner
Rones; Charles
Agent
Lee & Hayes, PLLC
US Patent References:
5596745
5692129
5794030
5937409
5956725
5956730
6081808
6085198
6125363
6134559
6157928
6163776
6170005
6243709
6289339
6317748
6330555
6374252
6374256
6405202
6493719
6496833
6569207

Same subclass

Object oriented method management system and software for managing class method names in a computer system	5361350
Reserving file system blocks	6640233
Database backup/restore and bulk data transfer	5873101
Apparatus and method for creating and documenting procedures	6601232
System for halloween protection in a database system	6122644
System and method for rapid completion of data processing tasks distributed on a network	6775831
Quality control system employing bi-directional messaging using empty files	5857192
System with data repetition between logically sucessive clusters	5890168
Method of merging information on storage media	4321670
Synchronizing a store with write generations	6970889
Naming service database updating technique	5408619

Same class

Transactional file system	6856993
On-line reorganization in object-oriented databases	6343296
Information distributing system and storage medium recorded with a program for distributing information	6178424
Garbage collection method for time-constrained distributed applications	6611858
Integrated guardianship information system	6973462
System and method for non-uniform scaled mapping	6424933
Optimized database appliance	7010521
Learning data prototypes for information extraction	6714941
Visual composition tool for constructing application programs using distributed objects on a distributed object network	6189138
Electronic mail interface for a network server	6230156
Method and apparatus for query refinement	6415282
Program category selection with filtered data and displayed cascaded cards	5812124

Consider this

System for automatically generating efficient application - customized client/server operating environment for heterogeneous network computers and operating systems	5381534
Automated software installation and operating environment configuration for a computer system based on classification rules	5555416
System for dynamically replacing operating software which provides distributed directory service after verifying that versions of new software and the operating software are compatible	5832275
Method and system for identifying and obtaining computer software from a remote computer	6073214
Computer operating system installation	6351850
System, method, and program for performing program specific operations during the uninstallation of a computer program from a computer system	6631521
Method, system, program, and data structures for using a database to apply patches to a computer system	6859923
Installation of application software through a network from a source computer system on to a target computer system	6944858
System and method for schema method	7010539
Data processing recovery system and method spanning multiple operating system	7024581