MAPPING TENAT GROUPS TO IDENTITY MANAGEMENT CLASSES
First Claim
1. A method comprising:
- mapping, by a system including a processor, groups of a plurality of tenants to identity management classes corresponding to respective roles that grant respective permissions for performing tasks with respect to at least one application, the at least one application accessible by the plurality of tenants, wherein the identity management classes are associated with hierarchical delegation information that specify delegation rights among the identity management classes, the delegation rights specifying rights of members of the respective identity management classes to perform delegation with respect to further members of the identity management classes; and
in response to a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of one of the identity management classes, determining, by the system based on the hierarchical delegation information, whether the first member is allowed to perform the delegation with respect to the second member.
1 Assignment
0 Petitions
Accused Products
Abstract
Groups of a plurality of tenants are mapped to identity management classes corresponding to respective roles that grant respective permissions. The identity management classes are associated with hierarchical delegation information that specify delegation rights among the identity management classes, the delegation rights specifying rights of members of the respective identity management classes to perform delegation with respect to further members of the identity management classes. In response to a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of one of the identity management classes, it is determined, based on the hierarchical delegation information, whether the first member is allowed to perform the delegation with respect to the second member.
26 Citations
15 Claims
-
1. A method comprising:
-
mapping, by a system including a processor, groups of a plurality of tenants to identity management classes corresponding to respective roles that grant respective permissions for performing tasks with respect to at least one application, the at least one application accessible by the plurality of tenants, wherein the identity management classes are associated with hierarchical delegation information that specify delegation rights among the identity management classes, the delegation rights specifying rights of members of the respective identity management classes to perform delegation with respect to further members of the identity management classes; and in response to a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of one of the identity management classes, determining, by the system based on the hierarchical delegation information, whether the first member is allowed to perform the delegation with respect to the second member. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A cloud system comprising:
-
at least one of a cloud resource and a cloud service accessible by a plurality of tenants of the cloud system; and at least one storage medium to store a mapping between groups of the plurality of tenants and identity management classes corresponding to respective roles that grant respective permissions to access the cloud resource or cloud service, wherein the identity management classes are associated with hierarchical delegation information that specify delegation rights among the identity management classes, the delegation rights specifying rights of members of the respective identity management classes to perform delegation with respect to further members of the identity management classes; and at least one processor to; receive a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of a particular one of the identity management classes, and in response to the request, determine, based on the hierarchical delegation information, whether the first member is allowed to perform the delegation with respect to the second member of the particular identity management class. - View Dependent Claims (11, 12, 13)
-
-
14. An article comprising at least one non-transitory machine-readable storage medium storing instructions that upon execution by a cloud system cause the cloud system to:
-
store a mapping between groups of a plurality of tenants and identity management classes corresponding to respective roles that grant respective permissions for performing tasks with respect to at least one application, the at least one application accessible by the plurality of tenants and managing access of one or a combination of a cloud resource and a cloud service, wherein the identity management classes are associated with hierarchical delegation information that specify delegation rights among the identity management classes, the delegation rights specifying rights of members of the respective identity management classes to perform delegation with respect to further members of the identity management classes, and in response to a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of one of the identity management classes, determine, based on the hierarchical delegation information, whether the first member is allowed to perform the delegation with respect to the second member - View Dependent Claims (15)
-
Specification