Features of Operating Systems: User Management

Some Operating Systems allow more than one user to access a computer, these Operating Systems are referred to as Multi-user Operating Systems.

Multi-user operating systems manage seperate user areas and settings for each user, this improves security and allows each user to better customise the computer to their needs.

Authentication

In order to manage who is who Operating Systems can provide authentication. Authentication is the process of checking who each user is and if they should have access to the resources and data on the computer.

Authentication can be carried out in numerous ways:

  • Usernames and passwords - The user enters a username and password. The password should be something only they know.
  • Biometrics - A part of the users body is measured in order to verify who they are. This could be a fingerprint, palmprint, retina scan, or even a scan of the users face. These measurements are unique enough to identifiy unique users within millions of people.
  • Physical security devices - A physical security device with a unique digital key. These devices are plugged into a computer and used to prove someones identity using the unique digital key.  

User Access Levels

If a computer is using a Multi-user Operating System, it is possible to apply User Access Levels. User Access Levels are often set-up within computer systems used by businesses. Users are categoriesed into different groups and people within each group are given certain levels of access. For example: within a school students will be given the lowest level of access to the computer network, teachers will be given a higher level of access, and network administrators will be given the highest level.  

 

  Own folders and files All student folders and files All teacher folders and files
Student Read and Write None None
Teacher Read and Write Read and Write None
Network Administrator Read and Write Read and Write Read and Write

 

In order to complete their job and manage the network sucessfully the network administrator will need access to all user areas, while a teacher will only need access to their own area and on occasion access to student files.

This example is over simplified to demonstrate the concept, and within a school there may be some aspects of computers and software that even network administrators will not have access to.

When assigning levels of access to the users and groups this can be managed by setting specific levels of access to files and folders

 

  Description
Read The user can open and read the file or folder. They cannot edit, or delete the file
Write The user can open the file or folder and make changes or even delete the file
Execute The user can run executable files and software (this only applies to specific files and scirpts which are executable) 
None No access to file or folder

 

A user may be given read access to a file, but not write access to protect the file from accidental deletion, or a user may not be given the execute permission to prevent them from running specific software packages. 


Included in the following specifications:
Edexcel GCSE Computer Science