Dynamic permission modes

US 10,460,122 B1
Filed: 12/27/2018
Issued: 10/29/2019
Est. Priority Date: 12/27/2018
Status: Active Grant

First Claim

Patent Images

1. A method for managing data in a file system over a network using one or more processors that execute instructions to perform actions, comprising:

instantiating a file system engine to perform actions including;

providing a file system that includes one or more file system objects, wherein the one or more file system objects are accessible by two or more clients that use different native permission schemes;

receiving, from a client, an access request that is associated with the one or more file system objects, wherein the access request includes one or more native permission values that are supported by the client;

providing one or more other requested permission values included in another access request from another client, wherein the other access request is associated with the one or more file system objects, and wherein the one or more other requested permission values are unsupported by the native permission scheme used by the client; and

associating the one or more requested permission values and the one or more other permission values with the one or more file system objects; and

instantiating a permissions engine to perform actions including;

determining one or more map rules based on one or more characteristics of the access request, wherein the one or more map rules include computer readable instructions that map native permission values to platform permission values from a platform permission scheme;

executing the one or more map rules to provide one or more platform permission values based on the one or more native permission values, wherein the one or more platform permission values are associated with the one or more file system objects, and wherein the platform permission scheme reduces latency and improves efficiency of computing resources employed to access the one or more file system objects by replacing use of the two or more different native permission schemes to define access rights to the one or more file system objects;

comparing one or more requested platform permission values to the platform permission values associated with the one or more file system objects; and

providing the access rights to the one or more file system objects based on an affirmative result of the comparison.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to managing data in a file system. A file system engine provides a file system that includes file system objects that may be accessible by two or more clients that use different native permission schemes. And, a permissions engine may determine map rules based on characteristics of a request to access request a file. The permission engine may execute the one or more map rules to provide platform permission values based on the native permission values. The permission engine may compare requested platform permission values to the platform permission values associated with the file. The permission engine may provide the access rights to the file based on an affirmative result of the comparison.

Citations

26 Claims

1. A method for managing data in a file system over a network using one or more processors that execute instructions to perform actions, comprising:
- instantiating a file system engine to perform actions including;
  
  providing a file system that includes one or more file system objects, wherein the one or more file system objects are accessible by two or more clients that use different native permission schemes;
  
  receiving, from a client, an access request that is associated with the one or more file system objects, wherein the access request includes one or more native permission values that are supported by the client;
  
  providing one or more other requested permission values included in another access request from another client, wherein the other access request is associated with the one or more file system objects, and wherein the one or more other requested permission values are unsupported by the native permission scheme used by the client; and
  
  associating the one or more requested permission values and the one or more other permission values with the one or more file system objects; and
  
  instantiating a permissions engine to perform actions including;
  
  determining one or more map rules based on one or more characteristics of the access request, wherein the one or more map rules include computer readable instructions that map native permission values to platform permission values from a platform permission scheme;
  
  executing the one or more map rules to provide one or more platform permission values based on the one or more native permission values, wherein the one or more platform permission values are associated with the one or more file system objects, and wherein the platform permission scheme reduces latency and improves efficiency of computing resources employed to access the one or more file system objects by replacing use of the two or more different native permission schemes to define access rights to the one or more file system objects;
  
  comparing one or more requested platform permission values to the platform permission values associated with the one or more file system objects; and
  
  providing the access rights to the one or more file system objects based on an affirmative result of the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the comparison, further comprises:
    - iterating over the one or more platform permission values; and
      
      determining the access rights to the one or more file system objects based on a first platform permission value that matches the access request.
  - 3. The method of claim 1, wherein the file system engine performs further actions, including:
    - receiving a request from the client to store a file system object in the file system, wherein the file system object is associated with one or more native permission values; and
      
      employing the permissions engine to associate one or more inheritable platform permission values to the file system object based on the platform permission values that are associated with a parent file system object or a container file system object associated with the file system object.
  - 4. The method of claim 1, wherein providing the one or more requested platform permission values further comprises, executing one or more mapping rules to convert between the platform permission values and the native permission values, wherein the platform permission values that are unsupported by a client'"'"'s native permission scheme are omitted from the one or more requested platform permission values.
  - 5. The method of claim 1, wherein providing the one or more platform permission values, further comprises:
    - providing one or more joint platform permission values that are supported by each of the two or more clients; and
      
      providing one or more disjoint platform permission values that are supported by a portion of the two or more clients.
  - 6. The method of claim 1, wherein the one or more requested platform permission values are based on the platform permission scheme and the native permission values included in the access request.
  - 7. The method of claim 1, wherein the comparison, further comprises:
    - communicating with a separate service to confirm one or more characteristics of the client or the access request; and
      
      modifying the provided access rights based on a response to the communication.

8. A system for managing data in a file system over a network comprising:
- a network computer, comprising;
  
  a memory that stores at least instructions; and
  
  one or more processors that execute instructions that perform actions, including;
  
  instantiating a file system engine to perform actions including;
  
  providing a file system that includes one or more file system objects, wherein the one or more file system objects are accessible by two or more clients that use different native permission schemes;
  
  receiving, from a client, an access request that is associated with the one or more file system objects, wherein the access request includes one or more native permission values that are supported by the client;
  
  providing one or more other requested permission values included in another access request from another client, wherein the other access request is associated with the one or more file system objects, and wherein the one or more other requested permission values are unsupported by the native permission scheme used by the client; and
  
  associating the one or more requested permission values and the one or more other permission values with the one or more file system objects; and
  
  instantiating a permissions engine to perform actions including;
  
  determining one or more map rules based on one or more characteristics of the access request, wherein the one or more map rules include computer readable instructions that map native permission values to platform permission values from a platform permission scheme;
  
  executing the one or more map rules to provide one or more platform permission values based on the one or more native permission values, wherein the one or more platform permission values are associated with the one or more file system objects, and wherein the platform permission scheme reduces latency and improves efficiency of computing resources employed to access the one or more file system objects by replacing use of the two or more different native permission schemes to define access rights to the one or more file system objects;
  
  comparing one or more requested platform permission values to the platform permission values associated with the one or more file system objects; and
  
  providing the access rights to the one or more file system objects based on an affirmative result of the comparison; and
  
  a client computer, comprising;
  
  a memory that stores at least instructions; and
  
  one or more processors that execute instructions that perform actions, including;
  
  providing the access request and the other access request.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the comparison, further comprises:
    - iterating over the one or more platform permission values; and
      
      determining the access rights to the one or more file system objects based on a first platform permission value that matches the access request.
  - 10. The system of claim 8, wherein the file system engine performs further actions, including:
    - receiving a request from the client to store a file system object in the file system, wherein the file system object is associated with one or more native permission values; and
      
      employing the permissions engine to associate one or more inheritable platform permission values to the file system object based on the platform permission values that are associated with a parent file system object or a container file system object associated with the file system object.
  - 11. The system of claim 8, wherein providing the one or more requested platform permission values further comprises, executing one or more mapping rules to convert between the platform permission values and the native permission values, wherein the platform permission values that are unsupported by a client'"'"'s native permission scheme are omitted from the one or more requested platform permission values.
  - 12. The system of claim 8, wherein providing the one or more platform permission values, further comprises:
    - providing one or more joint platform permission values that are supported by each of the two or more clients; and
      
      providing one or more disjoint platform permission values that are supported by a portion of the two or more clients.
  - 13. The system of claim 8, wherein the one or more requested platform permission values are based on the platform permission scheme and the native permission values included in the access request.
  - 14. The system of claim 8, wherein the comparison, further comprises:
    - communicating with a separate service to confirm one or more characteristics of the client or the access request; and
      
      modifying the provided access rights based on a response to the communication.

15. A processor readable non-transitory storage media that includes instructions for managing data in a file system over a network, wherein execution of the instructions by one or more processors on one or more network computers performs actions, comprising:
- instantiating a file system engine to perform actions including;
  
  providing a file system that includes one or more file system objects, wherein the one or more file system objects are accessible by two or more clients that use different native permission schemes;
  
  receiving, from a client, an access request that is associated with the one or more file system objects, wherein the access request includes one or more native permission values that are supported by the client;
  
  providing one or more other requested permission values included in another access request from another client, wherein the other access request is associated with the one or more file system objects, and wherein the one or more other requested permission values are unsupported by the native permission scheme used by the client; and
  
  associating the one or more requested permission values and the one or more other permission values with the one or more file system objects; and
  
  instantiating a permissions engine to perform actions including;
  
  determining one or more map rules based on one or more characteristics of the access request, wherein the one or more map rules include computer readable instructions that map native permission values to platform permission values from a platform permission scheme;
  
  executing the one or more map rules to provide one or more platform permission values based on the one or more native permission values, wherein the one or more platform permission values are associated with the one or more file system objects, and wherein the platform permission scheme reduces latency and improves efficiency of computing resources employed to access the one or more file system objects by replacing use of the two or more different native permission schemes to define access rights to the one or more file system objects;
  
  comparing one or more requested platform permission values to the platform permission values associated with the one or more file system objects; and
  
  providing the access rights to the one or more file system objects based on an affirmative result of the comparison.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The media of claim 15, wherein the comparison, further comprises:
    - iterating over the one or more platform permission values; and
      
      determining the access rights to the one or more file system objects based on a first platform permission value that matches the access request.
  - 17. The media of claim 15, wherein the file system engine performs further actions, including:
    - receiving a request from the client to store a file system object in the file system, wherein the file system object is associated with one or more native permission values; and
      
      employing the permissions engine to associate one or more inheritable platform permission values to the file system object based on the platform permission values that are associated with a parent file system object or a container file system object associated with the file system object.
  - 18. The media of claim 15, wherein providing the one or more requested platform permission values further comprises, executing one or more mapping rules to convert between the platform permission values and the native permission values, wherein the platform permission values that are unsupported by a client'"'"'s native permission scheme are omitted from the one or more requested platform permission values.
  - 19. The media of claim 15, wherein providing the one or more platform permission values, further comprises:
    - providing one or more joint platform permission values that are supported by each of the two or more clients; and
      
      providing one or more disjoint platform permission values that are supported by a portion of the two or more clients.
  - 20. The media of claim 15, wherein the one or more requested platform permission values are based on the platform permission scheme and the native permission values included in the access request.

21. A network computer for managing data in a file system, comprising:
- a transceiver that communicates over the network;
  
  a memory that stores at least instructions; and
  
  one or more processors that execute instructions that perform actions, including;
  
  instantiating a file system engine to perform actions including;
  
  providing a file system that includes one or more file system objects, wherein the one or more file system objects are accessible by two or more clients that use different native permission schemes;
  
  receiving, from a client, an access request that is associated with the one or more file system objects, wherein the access request includes one or more native permission values that are supported by the client;
  
  providing one or more other requested permission values included in another access request from another client, wherein the other access request is associated with the one or more file system objects, and wherein the one or more other requested permission values are unsupported by the native permission scheme used by the client; and
  
  associating the one or more requested permission values and the one or more other permission values with the one or more file system objects; and
  
  instantiating a permissions engine to perform actions including;
  
  determining one or more map rules based on one or more characteristics of the access request, wherein the one or more map rules include computer readable instructions that map native permission values to platform permission values from a platform permission scheme;
  
  executing the one or more map rules to provide one or more platform permission values based on the one or more native permission values, wherein the one or more platform permission values are associated with the one or more file system objects, and wherein the platform permission scheme reduces latency and improves efficiency of computing resources employed to access the one or more file system objects by replacing use of the two or more different native permission schemes to define access rights to the one or more file system objects;
  
  comparing one or more requested platform permission values to the platform permission values associated with the one or more file system objects; and
  
  providing the access rights to the one or more file system objects based on an affirmative result of the comparison.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The network computer of claim 21, wherein the comparison, further comprises:
    - iterating over the one or more platform permission values; and
      
      determining the access rights to the one or more file system objects based on a first platform permission value that matches the access request.
  - 23. The network computer of claim 21, wherein the file system engine performs further actions, including:
    - receiving a request from the client to store a file system object in the file system, wherein the file system object is associated with one or more native permission values; and
      
      employing the permissions engine to associate one or more inheritable platform permission values to the file system object based on the platform permission values that are associated with a parent file system object or a container file system object associated with the file system object.
  - 24. The network computer of claim 21, wherein providing the one or more requested platform permission values further comprises, executing one or more mapping rules to convert between the platform permission values and the native permission values, wherein the platform permission values that are unsupported by a client'"'"'s native permission scheme are omitted from the one or more requested platform permission values.
  - 25. The network computer of claim 21, wherein providing the one or more platform permission values, further comprises:
    - providing one or more joint platform permission values that are supported by each of the two or more clients; and
      
      providing one or more disjoint platform permission values that are supported by a portion of the two or more clients.
  - 26. The network computer of claim 21, wherein the one or more requested platform permission values are based on the platform permission scheme and the native permission values included in the access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qumulo, Incorporated
Original Assignee
Qumulo, Incorporated
Inventors
Kirby, Michael Patrick, Peet, Iain Michael Christopher, Nickel, Garrett Mathew, Fachan, Neal Thomas
Primary Examiner(s)
Leung, Robert B

Application Number

US16/234,395
Time in Patent Office

306 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

Dynamic permission modes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic permission modes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links