Managing Security Groups for Data Instances
First Claim
1. A computer-implemented method of recovering managing security permissions for a data environment using a separate control environment, comprising:
- under control of one or more computer systems configured with executable instructions,receiving, to the control environment, a request from a customer to update a control security group for a data instance in the data environment;
if the control security group does not exist, creating at least one control security group in the control environment and associating each control security group with a native security group in the data environment corresponding to the data instance;
updating at least one permission for the control security group in response to the request, the permission determining an access level of each member of the control security group to the data instance; and
storing each updated permission for use in determining subsequent access to the data instance by a member of the control security group,wherein access to the data instance through the data environment is controlled by the permissions of the control security group and requests updating the control security group are restricted to being processed by the control environment, andwherein each permission of the control security group is capable of being updated using the control environment without affecting an availability of the data instance in the data environment.
1 Assignment
0 Petitions
Accused Products
Abstract
Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment.
221 Citations
25 Claims
-
1. A computer-implemented method of recovering managing security permissions for a data environment using a separate control environment, comprising:
-
under control of one or more computer systems configured with executable instructions, receiving, to the control environment, a request from a customer to update a control security group for a data instance in the data environment; if the control security group does not exist, creating at least one control security group in the control environment and associating each control security group with a native security group in the data environment corresponding to the data instance; updating at least one permission for the control security group in response to the request, the permission determining an access level of each member of the control security group to the data instance; and storing each updated permission for use in determining subsequent access to the data instance by a member of the control security group, wherein access to the data instance through the data environment is controlled by the permissions of the control security group and requests updating the control security group are restricted to being processed by the control environment, and wherein each permission of the control security group is capable of being updated using the control environment without affecting an availability of the data instance in the data environment. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented method of cloning a data instance in a data environment using a separate control environment, comprising:
-
under control of one or more computer systems configured with executable instructions, receiving, to the control environment, a request from a customer to update a control security group for a data instance in the data environment, the control security group being associated with a native security group for the data instance in the data environment; updating the control security group in response to the request, the control security group determining an access level of each member of the control security group to the data instance; and storing the updated control security group for use in determining subsequent access to the data instance by a member of the control security group, wherein the updating of the control security group does not change the association of the control security group to the native security group, such that the updating does not impact an availability of the data instance in the data environment. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for controlling a data environment using a separate control environment, comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to; receive, to the control environment, a request from a customer to update a control security group for a data instance in the data environment, the control security group being associated with a native security group for the data instance in the data environment; update the control security group in response to the request, the control security group determining an access level of each member of the control security group to the data instance; and storing the updated control security group for use in determining subsequent access to the data instance by a member of the control security group, wherein the updating of the control security group does not change the association of the control security group to the native security group, such that the updating does not impact an availability of the data instance in the data environment. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer program product embedded in a computer-readable medium and including instructions that, when executed by at least one computing device, cause the at least one computing device to:
-
receive, to the control environment, a request from a customer to update a control security group for a data instance in the data environment, the control security group being associated with a native security group for the data instance in the data environment; update the control security group in response to the request, the control security group determining an access level of each member of the control security group to the data instance; and storing the updated control security group for use in determining subsequent access to the data instance by a member of the control security group, wherein the updating of the control security group does not change the association of the control security group to the native security group, such that the updating does not impact an availability of the data instance in the data environment. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification