UPDATING ACCESS CONTROL INFORMATION WITHIN A DISPERSED STORAGE UNIT
First Claim
1. A method for execution by a processing module of a storage unit, the method comprises:
- receiving, from a requesting entity, a write request for storing a data object, wherein the write request includes updated access control list (ACL) information regarding the data object and a name identifying the data object;
determining whether the data object is a new data object or a revised version of an existing data object;
determining write authority of the requesting entity based on information contained in a locally stored access control list, wherein the write authority includes, at least one of, authorization to issue a write request for the new data object, authorization to issue a write request for the revised version of the existing data object, and authorization to issue updated ACL information regarding the new data object or the revised version of the existing data object; and
when the write request is regarding the revised version of the existing data object and the write authority includes the authorization to issue the write request for the revised version of the existing data object and the authorization to issue the updated ACL information regarding the revised version of the existing data object;
storing the revised version of the existing data object; and
updating the locally stored access control list based on the updated ACL information.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module of a storage unit receiving a write request for storing a data object that includes updated access control list (ACL) information. The method continues with the DS processing module determining whether the data object is a new data object or a revised version of an existing data object and determining write authority of the requesting entity based on information contained in a locally stored access control list. When the write request is regarding the revised version of the existing data object and the write authority includes authorization to issue the write request for the revised version of the existing data object and authorization to issue the updated ACL information, the method continues with the DS processing module storing the revised version of the existing data object and updating the access control list based on the updated ACL information.
51 Citations
16 Claims
-
1. A method for execution by a processing module of a storage unit, the method comprises:
-
receiving, from a requesting entity, a write request for storing a data object, wherein the write request includes updated access control list (ACL) information regarding the data object and a name identifying the data object; determining whether the data object is a new data object or a revised version of an existing data object; determining write authority of the requesting entity based on information contained in a locally stored access control list, wherein the write authority includes, at least one of, authorization to issue a write request for the new data object, authorization to issue a write request for the revised version of the existing data object, and authorization to issue updated ACL information regarding the new data object or the revised version of the existing data object; and when the write request is regarding the revised version of the existing data object and the write authority includes the authorization to issue the write request for the revised version of the existing data object and the authorization to issue the updated ACL information regarding the revised version of the existing data object; storing the revised version of the existing data object; and updating the locally stored access control list based on the updated ACL information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to; receive, from a requesting entity, a write request for storing a data object, wherein the write request includes updated access control list (ACL) information regarding the data object and a name identifying the data object; a second module, when operable within the computing device, causes the computing device to; determine whether the data object is a new data object or a revised version of an existing data object; a third module, when operable within the computing device, causes the computing device to; determine write authority of the requesting entity based on information contained in a locally stored access control list, wherein the write authority includes, at least one of, authorization to issue a write request for the new data object, authorization to issue a write request for the revised version of the existing data object, and authorization to issue the updated ACL information regarding the new data object or the revised version of the existing data object; and a fourth module, when operable within the computing device, causes the computing device to; when the write request is regarding the revised version of the existing data object and the write authority includes the authorization to issue the write request for the revised version of the existing data object and authorization to issue the updated ACL information regarding the revised version of the existing data object; store the revised version of the existing data object; and update the locally stored access control list based on the updated ACL information. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification