Provide access to data storage services in a network environment
First Claim
1. A computer program product for providing access to data storage services in a network environment, wherein the computer program product comprises a computer readable storage medium having program instructions embodied therewith that when executed cause operations, the operations comprising:
- providing multi-tenancy information for a plurality of clients, wherein for each client of the clients, the multi-tenancy information indicates at least one tenant assigned to the client, and for each of the at least one tenant assigned to a client, at least one data source assigned to the tenant assigned to the client, and for each of the at least one data source, information on at least one user assigned to the data source and permitted access to the data source;
providing to a user an isolate tag to use when accessing data in a data source, wherein the isolate tag includes a client tag identifying one client, a tenant tag identifying one tenant, and a data source tag identifying one data source to which the user is permitted to access data;
receiving from the user the isolate tag with a user access request to data in a data source, wherein the isolate tag indicates the client tag, tenant tag, and data source tag;
validating the user access request by determining whether the multi-tenancy information indicates that the client, tenant, and data source identified by the client tag, the tenant tag, and the data source tag, respectively, in the isolate tag, are related;
in response to the validating the user access request, determining a processing pipeline associated with the tenant identified by the tenant tag in the isolate tag, wherein the processing pipeline specifies a series of data processing services to apply to data for the tenant; and
applying the data processing services specified in the determined processing pipeline to the data subject to the user access request.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a computer program product, system, and method for providing access to data storage services in a network environment. Multi-tenancy information for each of a plurality of clients has at least one tenant assigned to the client, at least one data source assigned to the tenant assigned to the client, and for each of the at least one data source, information on at least one user assigned to the data source and permitted access to the data source. A user is provided an isolate tag comprising a client tag identifying one client, a tenant tag identifying one tenant, and a data source tag identifying one data source to which the user is permitted to access data. A user access request with an isolate tag is processed in response to determining that the multi-tenancy information indicates that the client, tenant, and data source identified by the isolate tag are related.
-
Citations
19 Claims
-
1. A computer program product for providing access to data storage services in a network environment, wherein the computer program product comprises a computer readable storage medium having program instructions embodied therewith that when executed cause operations, the operations comprising:
-
providing multi-tenancy information for a plurality of clients, wherein for each client of the clients, the multi-tenancy information indicates at least one tenant assigned to the client, and for each of the at least one tenant assigned to a client, at least one data source assigned to the tenant assigned to the client, and for each of the at least one data source, information on at least one user assigned to the data source and permitted access to the data source; providing to a user an isolate tag to use when accessing data in a data source, wherein the isolate tag includes a client tag identifying one client, a tenant tag identifying one tenant, and a data source tag identifying one data source to which the user is permitted to access data; receiving from the user the isolate tag with a user access request to data in a data source, wherein the isolate tag indicates the client tag, tenant tag, and data source tag; validating the user access request by determining whether the multi-tenancy information indicates that the client, tenant, and data source identified by the client tag, the tenant tag, and the data source tag, respectively, in the isolate tag, are related; in response to the validating the user access request, determining a processing pipeline associated with the tenant identified by the tenant tag in the isolate tag, wherein the processing pipeline specifies a series of data processing services to apply to data for the tenant; and applying the data processing services specified in the determined processing pipeline to the data subject to the user access request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for providing access to data storage services in a network environment, comprising:
-
a processor; a multi-tenancy information for a plurality of clients, wherein for each client of the clients, the multi-tenancy information indicates at least one tenant assigned to the client, and for each of the at least one tenant assigned to a client, at least one data source assigned to the tenant assigned to the client, and for each of the at least one data source, information on at least one user assigned to the data source and permitted access to the data source; and a computer readable storage medium having program instructions embodied therewith that when executed cause operations, the operations comprising; providing to a user an isolate tag to use when accessing data in a data source, wherein the isolate tag includes a client tag identifying one client, a tenant tag identifying one tenant, and a data source tag identifying one data source to which the user is permitted to access data; receiving from the user the isolate tag with a user access request to data in a data source, wherein the isolate tag indicates the client tag, tenant tag, and data source tag; validating the user access request by determining whether the multi-tenancy information indicates that the client, tenant, and data source identified by the client tag, the tenant tag, and the data source tag, respectively, in the isolate tag, are related; in response to the validating the user access request, determining a processing pipeline associated with the tenant identified by the tenant tag in the isolate tag, wherein the processing pipeline specifies a series of data processing services to apply to data for the tenant; and applying the data processing services specified in the determined processing pipeline to the data subject to the user access request. - View Dependent Claims (13, 14, 15)
-
-
16. A method for providing access to data storage services in a network environment, comprising:
-
providing multi-tenancy information for a plurality of clients, wherein for each client of the clients, the multi-tenancy information indicates at least one tenant assigned to the client, and for each of the at least one tenant assigned to a client, at least one data source assigned to the tenant assigned to the client, and for each of the at least one data source, information on at least one user assigned to the data source and permitted access to the data source; providing to a user an isolate tag to use when accessing data in a data source, wherein the isolate tag includes a client tag identifying one client, a tenant tag identifying one tenant, and a data source tag identifying one data source to which the user is permitted to access data; receiving from the user the isolate tag with a user access request to data in a data source, wherein the isolate tag indicates the client tag, tenant tag, and data source tag; validating the user access request by determining whether the multi-tenancy information indicates that the client, tenant, and data source identified by the client tag, the tenant tag, and the data source tag, respectively, in the isolate tag, are related; in response to the validating the user access request, determining a processing pipeline associated with the tenant identified by the tenant tag in the isolate tag, wherein the processing pipeline specifies a series of data processing services to apply to data for the tenant; and applying the data processing services specified in the determined processing pipeline to the data subject to the user access request. - View Dependent Claims (17, 18, 19)
-
Specification