ROLE BASED ACCESS CONTROL UTILIZING SCOPED PERMISSIONS
First Claim
1. A method comprising:
- associating a scoped permission assignment with an operation related to a type of at least one resource;
assigning the scoped permission assignment to a role; and
associating the role with a user.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods authorizing access to storage system resources are presented herein. A scoped permission assignment can be associated with an operation related to a type of at least one resource. The scoped permission assignment can be assigned to a role; and the role can be associated with user(s). A resource, or one or more resources of a resource group, can be associated with user(s) or user group(s). Further, a user can be authorized to perform the operation on the resource and/or one or more resources based on, at least in part, permission assignments directly granted to the user or granted in a role of the user. In addition, one or more resource flags can be assigned to the one or more resources. Accordingly, the user can be authorized to perform the operation based on, at least in part, the one or more resource flags and the scoped permission assignment.
-
Citations
25 Claims
-
1. A method comprising:
-
associating a scoped permission assignment with an operation related to a type of at least one resource; assigning the scoped permission assignment to a role; and associating the role with a user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a scope component configured to; associate one or more types of resources with at least one operation; and assign at least one scoped permission assignment to the at least one operation; and a resource component configured to; assign the at least one scoped permission assignment to at least one role; associate the at least one role with one or more users; and permit the one or more users to perform the at least one operation on the one or more types of resources based on, at least in part, the at least one scoped permission assignment.
-
-
19. A system comprising:
-
a storage component configured to; create a storage grid including at least two storage systems, wherein a storage system of the at least two storage systems includes one or more storage pools, and wherein a storage pool of the one or more storage pools includes one or more storage mediums; and a group component configured to; combine storage pools of the one or more storage pools into one or more storage tiers; and assign a storage tier of the one or more storage tiers as a resource of a resource group; wherein a user associated with the resource group is authorized to perform one or more operations on the resource based on, at least in part, one or more resource flags associated with the resource. - View Dependent Claims (18, 20, 21)
-
-
22. A method comprising:
-
assigning a scoped permission assignment to an operation related to a type of one or more resources of a storage grid; associating a role with the scoped permission assignment; assigning the role to one or more system administrators of the storage grid; and partitioning management of the storage grid by the one or more system administrators based on the scoped permission assignment; wherein the storage grid includes at least one storage system, wherein the at least one storage system includes at least one storage pool, and wherein the at least one storage pool includes at least one storage medium. - View Dependent Claims (23)
-
-
24. A method comprising:
-
relating an operation to a type of one or more resources; assigning a scoped permission assignment to the operation; correlating the scoped permission assignment with a role; associating the role with a user; and authorizing the user to perform the operation on a resource of the one or more resources based on the scoped permission assignment. - View Dependent Claims (25)
-
Specification