System and method for storage operation access security
First Claim
Patent Images
1. A computer-implemented method of securing storage operations in a data management system, comprising:
- receiving a request to perform a storage operation that includes creating a secondary copy of data from a source location,wherein the created secondary copy of the data is stored at an external remote storage location that is remote from the source location, andwherein the secondary copy stored at the external remote storage location is not actively being used by a live data server; and
executing a storage access control system to provide a security infrastructure to selectively limit access to the secondary copy of data, wherein executing the storage access control system includes;
querying a file system at the source location for preexisting access control information,wherein the access control information is associated with the source location, andwherein the preexisting access control information is used by at least a portion of the file system at the source location to perform file system operations,wherein the preexisting access control information defines access rights of individual users and groups of users to the data from the source location; and
applying the access control information to the secondary copy at the external remote storage location,wherein applying the access control information only includes referencing the access control information by the storage access control system or only incorporating the access control information into the storage access control system,wherein the applying of the access control information to the secondary copy at the external remote storage location comprises permitting, prohibiting, or modifying at least part of the requested storage operation, andwherein the applying of the access control information to the secondary copy at the external remote storage location further comprises storing metadata describing the access control information in a content index that controls access for the individual users and groups of users to secondary copies of data stored at the remote storage location that are not actively being used by a live data server.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.
-
Citations
27 Claims
-
1. A computer-implemented method of securing storage operations in a data management system, comprising:
-
receiving a request to perform a storage operation that includes creating a secondary copy of data from a source location, wherein the created secondary copy of the data is stored at an external remote storage location that is remote from the source location, and wherein the secondary copy stored at the external remote storage location is not actively being used by a live data server; and executing a storage access control system to provide a security infrastructure to selectively limit access to the secondary copy of data, wherein executing the storage access control system includes; querying a file system at the source location for preexisting access control information, wherein the access control information is associated with the source location, and wherein the preexisting access control information is used by at least a portion of the file system at the source location to perform file system operations, wherein the preexisting access control information defines access rights of individual users and groups of users to the data from the source location; and applying the access control information to the secondary copy at the external remote storage location, wherein applying the access control information only includes referencing the access control information by the storage access control system or only incorporating the access control information into the storage access control system, wherein the applying of the access control information to the secondary copy at the external remote storage location comprises permitting, prohibiting, or modifying at least part of the requested storage operation, and wherein the applying of the access control information to the secondary copy at the external remote storage location further comprises storing metadata describing the access control information in a content index that controls access for the individual users and groups of users to secondary copies of data stored at the remote storage location that are not actively being used by a live data server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable medium storing instruction that, when executed by at least one data processing device, performs a method of securing storage operations in a data management system, comprising:
-
receiving a request to perform a storage operation that includes creating a secondary copy of data from a source location, wherein the created secondary copy of the data is stored at an external remote storage location that is remote from the source location, and wherein the secondary copy stored at the external remote storage location is not actively being used by a live data server; querying a file system, by a storage access control system, at the source location for preexisting access control information, wherein the access control information is associated with the source location, and wherein the preexisting access control information is used by at least a portion of the file system at the source location to perform file system operations, wherein the preexisting access control information defines access rights of individual users and groups of users to the data from the source location; and applying settings of the storage access control system to the secondary copy by applying the access control information to the secondary copy at the external remote storage location, wherein applying the access control information only includes referencing the access control information by the storage access control system or only incorporating the access control information into the storage access control system, wherein the applying of the access control information to the secondary copy at the external remote storage location comprises permitting, prohibiting, or modifying at least part of the requested storage operation, and wherein the applying of the access control information to the secondary copy at the external remote storage location further comprises storing metadata describing the access control information in a content index that controls access to secondary copies of data stored at the remote storage location that are not actively being used by a live data server. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for securing storage operations in a data management system, the system comprising:
-
means for receiving a request to perform a storage operation that includes creating a secondary copy of data from a source location, wherein the created secondary copy of the data is stored at an external remote storage location that is remote from the source location, and wherein the secondary copy stored at the external remote storage location is not actively being used by a live data server; means for querying, by a storage access control system, a file system at the source location for preexisting access control information, wherein the access control information is associated with the source location, and wherein the preexisting access control information is used by at least a portion of the file system at the source location to perform file system operations, wherein the preexisting access control information defines access rights of individual users and groups of users to the data from the source location; and means for applying settings of the storage access control system to the secondary copy by applying the access control information to the secondary copy at the external remote storage location, wherein applying the access control information only includes referencing the access control information by the storage access control system or only incorporating the access control information into the storage access control system, wherein the applying of the access control information to the secondary copy at the external remote storage location comprises permitting, prohibiting, or modifying at least part of the requested storage operation, and wherein the applying of the access control information to the secondary copy at the external remote storage location further comprises storing metadata describing the access control information in a content index that controls access to secondary copies of data stored at the remote storage location that are not actively being used by a live data server. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification