A method and apparatus for managing tool execution via roles on a computer system
while maintaining computer system security, wherein the computer system comprises
a plurality of roles, are disclosed. Such a method and apparatus may include delegating
tools to a user based on a role, wherein a tool provides root access for performing
a specific task in the computer system and the role is an authorized role that
enables the user to run the delegated tools, identifying one of the plurality of
roles to be disabled, wherein the identified role is the authorized role, accessing
the identified role, and, disabling the identified role so that the user cannot
run the delegated tool(s). Disabled roles may likewise be enabled according to
a disclosed method and apparatus. Embodiments of the invention may comprise authorization
objects that comprise attributes identifying the roles and machine for which a
user is authorized.
