claim 3. In a distributed system, a method for defining access for a user to a system resource, the user having specified access privileges and running a specified computer program on a specified workstation, the specified workstation having certain access privileges, the method comprising the steps of: (a) generating a role code representing the execution of the specific computer program on that workstation; (b) generating an access code representing the user acting in conjunction with the assigned role code; and (c) permitting the user to have access to the system resource when the access code indicates that the workstation is executing the specified computer program and the user is acting in conjunction with the execution of the specified computer program. claim 6. In a distributed system, a method for defining access for a group member to a system resource, the group member having certain access privileges and running a specified computer program on a specified workstation, the workstation having certain access privileges, the method comprising the steps of: (a) generating a role code representing the execution of the specific piece of software on that workstation; (b) generating an access code representing the group acting in conjunction with the assigned role represented by the role code; and (c) allowing the workstation access to the system resource when the access code indicates that it is executing the specified computer program and a member of the group is acting in conjunction with the execution of the specified computer program. ... In theory, each system resource could include a listing of all of the principals and their access rights and user names. However, such a situation is often impractical as it would require additional memory and maintenance for each resource. Further, if numerous system resources exist, the addition (or deletion) or one principal's would require the modification of numerous lists. ... (c) Protected Subsystems. Several security systems utilize the notion of a "protected subsystem." A protected subsystem is a particular piece of software, sometimes in combination with a particular user. ... Generally speaking, an "access control list" (ACL) is a data structure that associates access rights with sets of named principals. ... (b) Principal Names: Two Basic Types. The named principals contained in the global naming system may be of at least two types: users and systems. A "user" is defined as the person who uses systems and resources, and instigates access to "objects." A "system" is basically defined as a state machine (i.e., a device that when given a current state, a translation function, and some inputs yields a new state and a set of outputs). In simple terms, a system is a computer running a piece of specific software. A system may be a computer running a certain piece of software, or a process running underneath another system (e.g., a process running within a particular operating system). Systems having other systems running underneath them are sometimes referred to as "engines."