System and method for storage operation access security
DCFirst Claim
Patent Images
1. A method for execution by at least one processor to manage users in a data management system, wherein the data management system manages secondary copies of data files, the method comprising:
- adding a user of the data management system to a previously created group within the data management system,wherein the group associates one or more users with at least one access right for performing storage operations;
receiving a request from the user to perform a storage operation,wherein the storage operation is to create a secondary copy of a production data file;
causing a security system to be queried to determine access rights of the user,wherein the access rights relate to the user'"'"'s rights to access the production data file, and,causing the requested storage operation to be performed when the access rights permit the user to request the requested storage operation,wherein the secondary copy is used to restore production data from the production file from which the secondary copy is created;
wherein causing the security system to be queried to determine the access rights includes determining one or more computers through which the user has access,wherein the access rights permit the data management system to perform the requested storage operation if the production data file is associated with one of the determined one or more computers;
wherein adding the user to the created group within the data management system includes associating the created group with the user in the security system; and
wherein the at least one access right for performing storage operations determines which data a user within the group can access.
4 Assignments
Litigations
1 Petition
Accused Products
Abstract
A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.
-
Citations
18 Claims
-
1. A method for execution by at least one processor to manage users in a data management system, wherein the data management system manages secondary copies of data files, the method comprising:
-
adding a user of the data management system to a previously created group within the data management system, wherein the group associates one or more users with at least one access right for performing storage operations; receiving a request from the user to perform a storage operation, wherein the storage operation is to create a secondary copy of a production data file; causing a security system to be queried to determine access rights of the user, wherein the access rights relate to the user'"'"'s rights to access the production data file, and, causing the requested storage operation to be performed when the access rights permit the user to request the requested storage operation, wherein the secondary copy is used to restore production data from the production file from which the secondary copy is created; wherein causing the security system to be queried to determine the access rights includes determining one or more computers through which the user has access, wherein the access rights permit the data management system to perform the requested storage operation if the production data file is associated with one of the determined one or more computers; wherein adding the user to the created group within the data management system includes associating the created group with the user in the security system; and wherein the at least one access right for performing storage operations determines which data a user within the group can access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium having instructions for a method of managing users in a data management system that is configured to manage secondary copies of data files, if the instructions are executed by a processor in the data management system, the instructions cause the processor to perform the method, comprising:
-
adding a user of the data management system to a previously created group within the data management system, wherein the group associates one or more users with at least one access right for performing storage operations; receiving a request from the user to perform a storage operation, wherein the storage operation is to create a secondary copy of a production data file; causing a security system to be queried to determine access rights of the user, wherein the access rights relate to the user'"'"'s rights to access the production data file, and, causing the requested storage operation to be performed when the access rights permit the user to request the requested storage operation, wherein the secondary copy is used to restore production data from the production file from which the secondary copy is created; wherein causing the security system to be queried to determine the access rights includes determining one or more computers through which the user has access, wherein the access rights permit the data management system to perform the requested storage operation if the production data file is associated with one of the determined one or more computers; wherein adding the user to the created group within the data management system includes associating the created group with the user in the security system; and wherein the at least one access right for performing storage operations determines which data a user within the group can access. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system for managing users in a data management system that is configured to manage secondary copies of data files, the system comprising:
-
means for adding a user of the data management system to a previously created group within the data management system, wherein the group associates one or more users with at least one access right for performing storage operations; means for receiving a request from the user to perform a storage operation, wherein the storage operation is to create a secondary copy of a production data file; means for causing a security system to be queried to determine access rights of the user, wherein the access rights relate to the user'"'"'s rights to access the production data file, and, means for causing the requested storage operation to be performed when the access rights permit the user to request the requested storage operation, wherein the secondary copy is used to restore production data from the production file from which the secondary copy is created; wherein the means for causing the security system to be queried to determine the access rights includes means for determining one or more computers through which the user has access, wherein the access rights permit the data management system to perform the requested storage operation if the production data file is associated with one of the determined one or more computers; wherein means for adding the user to the created group within the data management system includes means for associating the created group with the user in the security system; and wherein the at least one access right for performing storage operations determines which data a user within the group can access. - View Dependent Claims (16, 17, 18)
-
Specification