Role-based access in a multi-customer computing environment
First Claim
1. A method for managing role-based access in a multi-customer computing environment, the method comprising:
- associating an actor with a role;
associating a policy type with the role;
associating a role scope with the role;
receiving one or more values for one or more corresponding context parameters associated with the actor;
receiving a request for access to a resource from the actor;
determining a policy instance based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor;
determining one or more actor-role scope values based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor; and
determining a response to the request based on the policy instance and the actor-role scope values.
2 Assignments
0 Petitions
Accused Products
Abstract
An actor is associated with a role, a policy type is associated with the role, and a role scope is associated with the role. One or more values are received for one or more corresponding context parameters associated with the actor. A request for access to a resource is received from the actor. A policy instance is determined based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor. One or more actor-role scope values are determined based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor. A response to the request is determined based on the policy instance and the actor-role scope values.
-
Citations
20 Claims
-
1. A method for managing role-based access in a multi-customer computing environment, the method comprising:
-
associating an actor with a role; associating a policy type with the role; associating a role scope with the role; receiving one or more values for one or more corresponding context parameters associated with the actor; receiving a request for access to a resource from the actor; determining a policy instance based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor; determining one or more actor-role scope values based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor; and determining a response to the request based on the policy instance and the actor-role scope values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for managing role-based access in a multi-customer computing environment, the system comprising:
one or more servers configured to; associate an actor with a role; associate a policy type with the role; associate a role scope with the role; receive one or more values for one or more corresponding context parameters associated with the actor; receive a request for access to a resource from the actor; determine a policy instance based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor; determine one or more actor-role scope values based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor; and determine a response to the request based on the policy instance and the actor-role scope values. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
20. A computer program product, tangibly embodied in an information carrier, for managing role-based access in a multi-customer computing environment, the computer program product including instructions being operable to cause data processing apparatus to:
associate an actor with a role; associate a policy type with the role; associate a role scope with the role; receive one or more values for one or more corresponding context parameters associated with the actor; receive a request for access to a resource from the actor; determine a policy instance based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor; determine one or more actor-role scope values based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor; and determine a response to the request based on the policy instance and the actor-role scope values.
Specification