Permissions decisions in a service provider environment
First Claim
Patent Images
1. A computer system, comprising:
- at least one processor; and
memory including instructions that, when executed by the at least one processor, cause the computer system to;
receive a request from a first party with a first account with a service provider to make a change in virtual infrastructure of a second account corresponding to a second party and hosted by the service provider, the request to configure, for an appliance, the virtual infrastructure of the second account, the appliance provided by the first party, wherein a delegation profile for the appliance specifies one or more permissions needed to make the change to the virtual infrastructure of the second account;
receive a request by the second party for the appliance;
validate that the appliance has been provided to the second account; and
grant access to the first party for the virtual infrastructure of the second account, the access being subject to the one or more permissions specified by the delegation profile.
0 Assignments
0 Petitions
Accused Products
Abstract
Permissions can be delegated to enable access to resources associated with one or more different accounts, which might be associated with one or more different entities. Accordingly, approaches for delegating security rights and privileges for services and resources in an electronic and/or multi-tenant environment are provided. In particular, various embodiments provide approaches for dynamically determining and authorizing delegation of permissions to perform actions in, on, or against one or more secured accounts, where those accounts may be associated with a number of different entities and/or resource providers.
32 Citations
20 Claims
-
1. A computer system, comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computer system to; receive a request from a first party with a first account with a service provider to make a change in virtual infrastructure of a second account corresponding to a second party and hosted by the service provider, the request to configure, for an appliance, the virtual infrastructure of the second account, the appliance provided by the first party, wherein a delegation profile for the appliance specifies one or more permissions needed to make the change to the virtual infrastructure of the second account; receive a request by the second party for the appliance; validate that the appliance has been provided to the second account; and grant access to the first party for the virtual infrastructure of the second account, the access being subject to the one or more permissions specified by the delegation profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing system, cause the computing system to:
-
receive a request from a first party with a first account with a service provider to make a change in virtual infrastructure of a second account corresponding to a second party and hosted by the service provider, the request to configure, for an appliance, the virtual infrastructure of the second account, the appliance provided by the first party, wherein a delegation profile for the appliance specifies the one or more permissions needed to make the change to the virtual infrastructure of the second account; receive a request by the second party for the appliance; validate that the appliance has been provided to the second account; and grant access to the first party for the virtual infrastructure of the second account, the access being subject to the one or more permissions specified by the delegation profile. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-implemented method, comprising:
-
receiving a first request from a first party with a first account with a service provider to make a change in virtual infrastructure of a second account corresponding to a second party and hosted by the service provider, the request to configure, for an appliance, the virtual infrastructure of the second account, the appliance provided by the first party wherein a delegation profile specifies one or more permissions to make the change to the virtual infrastructure of the second account; receiving a request by the second party for the appliance; validating that the appliance has been provided to the second account; and granting access to the first party for the virtual infrastructure of the second account, the access being subject to the one or more permissions specified by the delegation profile. - View Dependent Claims (18, 19, 20)
-
Specification