Fine granularity access control for a storage area network
First Claim
1. A method of managing configuration access by a user to resources of a storage network, the method comprising:
- receiving discovery results identifying the resources of the of the storage network;
defining one or more administration domains, each administration domain specifying a proper subset of the resources identified in the discovery results, wherein the proper subset of resources includes at least one sub-fabric resource;
associating the user with one or more of the administration domains;
allowing the user to configure a selected resource, if the selected resource is specified in an administration domain associated with the user; and
preventing the user from configuring the selected resource, if the resource is not specified in an administration domain associated with the user.
9 Assignments
0 Petitions
Accused Products
Abstract
A SAN management software program controls access to resources in the SAN by associating individual users with one or more administration domains. A user that is associated with an administration domain that includes a port of a SAN switch can configure or otherwise access the port but is restricted from accessing ports outside of that administration domain. Likewise, access to other sub-fabric resources can be restricted and allowed to individual users and users in specific roles or groups. In this manner, the SAN administrative user has very specific control over which users can access which SAN resources and what level of access these users are granted.
-
Citations
18 Claims
-
1. A method of managing configuration access by a user to resources of a storage network, the method comprising:
-
receiving discovery results identifying the resources of the of the storage network;
defining one or more administration domains, each administration domain specifying a proper subset of the resources identified in the discovery results, wherein the proper subset of resources includes at least one sub-fabric resource;
associating the user with one or more of the administration domains;
allowing the user to configure a selected resource, if the selected resource is specified in an administration domain associated with the user; and
preventing the user from configuring the selected resource, if the resource is not specified in an administration domain associated with the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product encoding a computer program for a computer process that executes on a computer system that manages configuration access by a user to resources of a storage network, the computer process comprising:
-
receiving discovery results identifying the resources of the of the storage network;
defining one or more administration domains, each administration domain specifying a proper subset of the resources identified in the discovery results, wherein the proper subset of resources includes at least one of sub-fabric resource;
associating the user with one or more of the administration domains;
allowing the user to configure a selected resource, if the selected resource is specified in an administration domain associated with the user; and
preventing the user from configuring the selected resource, if the resource is not specified in an administration domain associated with the user. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification