SYSTEM AND METHOD FOR STORAGE OPERATION ACCESS SECURITY
First Claim
Patent Images
1. A method of searching for data objects in a data management system, the method comprising:
- receiving one or more criteria describing at least one data object to be located within the data management system;
identifying one or more data objects stored within the data management system that satisfy the received one or more criteria;
determining one or more access rights associated with the identified one or more data objects stored within the data management system; and
providing a filtered list of results that contains the identified one or more data objects, wherein the list is filtered based on the determined one or more access rights.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.
-
Citations
20 Claims
-
1. A method of searching for data objects in a data management system, the method comprising:
-
receiving one or more criteria describing at least one data object to be located within the data management system; identifying one or more data objects stored within the data management system that satisfy the received one or more criteria; determining one or more access rights associated with the identified one or more data objects stored within the data management system; and providing a filtered list of results that contains the identified one or more data objects, wherein the list is filtered based on the determined one or more access rights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable medium containing instructions for controlling a computer system to restrict access to data objects stored within a storage management system, by a method comprising:
-
receiving a request identifying a particular copy of a data object for which access rights are to be determined, wherein the data object has multiple copies; identifying the entity requesting access to the particular copy of the data object; querying access control information for the particular copy of the data object from the storage management system, wherein the storage management system determines access control information with each data object when a first instance of the data object is encountered and associates the access control information with each subsequent copy of the data object that is created; and
,indicating whether the identified entity requesting access to the data object is granted access to the data object based on the access control information associated with the data object by the storage management system, wherein the indication is the same regardless of which of the multiple copies of the data object the request identifies. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system for filtering data objects provided in response to a search in a data management system based on access rights associated with the data objects, the system comprising:
-
a network security component that provides access control information for data objects stored by one or more computers within the data management system, wherein the access control information is based on access control information associated with source data used to create each data object; an entity identification component that identifies an entity requesting access to a data object stored within the data management system; a storage search component that receives criteria and performs searches for data objects within the data management system that satisfy at least one or the criteria; and a data object access component that determines whether the entity identified by the entity identification component has access to the data objects discovered by the storage search component based on the access control information. - View Dependent Claims (19, 20)
-
Specification