Role-based access to shared resources
First Claim
1. A method comprising:
- receiving, at an intermediate network connected device from an edge network device, information identifying a user as having accessed a first network device from an external network connected device via the edge network device, wherein the intermediate network connected device is arranged within a network between the first network device and a second network device, wherein the intermediate network connected device, the first network device and the second network device are within the network, wherein the external network connected device is outside the network, wherein the edge network device applies one or more policies defining access rights to the first network device at a network edge, and wherein the information identifying the user as having accessed the first network device includes a mapping of the user to the first network device and a policy of the one or more policies defining a level of access to the second network device for the user;
receiving at the intermediate network connected device a request from the first network device to access the second network device, wherein the request is received from the first network device in response to access by the user of the first network device via the external network device;
determining, from the information at the intermediate network connected device, the user is a source of the request via the first network device from the mapping of the user to the first network device; and
applying, at the intermediate network connected device, one or more policies defining access rights to the second network device to the request from the first network device based upon determining the user to be the source of the request, wherein applying the one or more policies comprises determining a level of access to the second network device for the user from the policy, and providing the level of access to the first network device.
1 Assignment
0 Petitions
Accused Products
Abstract
Information identifying a user as having accessed a first network device from an external network connected device is received at an intermediate network connected device from an edge network device. The intermediate network connected device is arranged between the first network device and a second network device. The intermediate network connected device, the first network device and the second network device are within the network and the external network connected device is outside the network. A request to access the second network device is received at the intermediate network connected device from the first network device. It is determined that the user is a source of the request via the first network device based upon the received information. The request from the first network device is evaluated based upon determining the user is the source of the request.
18 Citations
20 Claims
-
1. A method comprising:
-
receiving, at an intermediate network connected device from an edge network device, information identifying a user as having accessed a first network device from an external network connected device via the edge network device, wherein the intermediate network connected device is arranged within a network between the first network device and a second network device, wherein the intermediate network connected device, the first network device and the second network device are within the network, wherein the external network connected device is outside the network, wherein the edge network device applies one or more policies defining access rights to the first network device at a network edge, and wherein the information identifying the user as having accessed the first network device includes a mapping of the user to the first network device and a policy of the one or more policies defining a level of access to the second network device for the user; receiving at the intermediate network connected device a request from the first network device to access the second network device, wherein the request is received from the first network device in response to access by the user of the first network device via the external network device; determining, from the information at the intermediate network connected device, the user is a source of the request via the first network device from the mapping of the user to the first network device; and applying, at the intermediate network connected device, one or more policies defining access rights to the second network device to the request from the first network device based upon determining the user to be the source of the request, wherein applying the one or more policies comprises determining a level of access to the second network device for the user from the policy, and providing the level of access to the first network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a network interface unit configured to enable communication over a network; a memory; and a processor coupled to the network interface unit, wherein the processor is configured to; receive, via the network interface unit from a n edge network device, information identifying a user as having accessed a first network device from an external network connected device via the edge network device, wherein the apparatus is arranged within the network between the first network device and a second network device, wherein the apparatus, the first network device and the second network device are within the network, wherein the external network connected device is outside the network, wherein the edge network device applies one or more policies defining access rights to the first network device at a network edge, and wherein the information identifying the user as having accessed the first network device includes a mapping of the user to the first network device and a policy of the one or more policies defining a level of access to the second network device for the user; receive, via the network interface unit, a request from the first network device to access the second network device, wherein the request is received from the first network device in response to access by the user of the first network device via the external network device; determine the user is a source of the request via the first network device from the mapping of the user to the first network device; and apply one or more policies defining access rights to the second network device to the request from the first network device based upon determining the user is the source of the request, wherein the processor is configured to apply the one or more policies by determining a level of access to the second network device for the user from the policy and providing the level of access to the first network device. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage media encoded with instructions, wherein the instructions, when executed by a processor, cause the processor to:
-
receive information, from an edge network device, identifying a user as having accessed a first network device from an external network connected device, wherein the processor is included in an apparatus that is arranged within a network between the first network device and a second network device, wherein the apparatus, the first network device and the second network device are within the network, wherein the external network connected device is outside the network and accesses the first network device via the edge network device, wherein the edge network device applies one or more policies defining access rights to the first network device at a network edge, and wherein the information identifying the user as having accessed the first network device includes a mapping of the user to the first network device and a policy of the one or more policies defining a level of access to the second network device for the user; receive a request from the first network device to access the second network device, wherein the request is received from the first network device in response to access by the user of the first network device via the external network device; determine the user is a source of the request via the first network device from the mapping of the user to the first network device; and apply one or more policies defining access rights to the second network device to the request from the first network device based upon determining the user is the source of the request, wherein the instructions that cause the processor to apply the one or more policies cause the processor to apply the one or more policies by determining a level of access to the second network device for the user from the policy and providing the level of access to the first network device. - View Dependent Claims (17, 18, 19, 20)
-
Specification