Fine granularity access control for a storage area network
First Claim
1. A method of managing configuration access by a user to resources of a storage area network, the method comprising:
- defining multiple administration domains, each administration domain specifying a subset of the resources designated to provide one application with storage access;
associating the user with one or more of the administration domains;
associating the user with a user profile, wherein the user profile includes a list of resources the user has access to and a level of access for each resource in the list and wherein altering an administration domain associated with the user to change the specified subset of resources results in automatic changes to the list of resources in the user profile; and
allowing the user to access a selected resource, if the selected resource is specified in an administration domain associated with the user;
wherein the user'"'"'s level of access to the selected resource is determined by the level of access listed for the selected resource in the user'"'"'s profile.
9 Assignments
0 Petitions
Accused Products
Abstract
A SAN management software program controls access to resources in the SAN by associating individual users with one or more administration domains. A user that is associated with an administration domain that includes a port of a SAN switch can configure or otherwise access the port but is restricted from accessing ports outside of that administration domain. Likewise, access to other sub-fabric resources can be restricted and allowed to individual users and users in specific roles or groups. In this manner, the SAN administrative user has very specific control over which users can access which SAN resources and what level of access these users are granted.
17 Citations
20 Claims
-
1. A method of managing configuration access by a user to resources of a storage area network, the method comprising:
-
defining multiple administration domains, each administration domain specifying a subset of the resources designated to provide one application with storage access; associating the user with one or more of the administration domains; associating the user with a user profile, wherein the user profile includes a list of resources the user has access to and a level of access for each resource in the list and wherein altering an administration domain associated with the user to change the specified subset of resources results in automatic changes to the list of resources in the user profile; and allowing the user to access a selected resource, if the selected resource is specified in an administration domain associated with the user;
wherein the user'"'"'s level of access to the selected resource is determined by the level of access listed for the selected resource in the user'"'"'s profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program product encoding a computer program, on a non-transitory storage medium, for a computer process that executes on a computer system that manages configuration access by a user to resources of a storage area network, the computer process comprising:
-
defining a plurality of groups of devices, each group of devices servicing one application; defining multiple administration domains, each administration domain specifying a subset of the resources corresponding to one of the plurality of groups of devices and corresponding to one application; associating the user with one or more of the administration domains; associating the user with a user profile, wherein the user profile includes a list of the resources the user has access to and a level of access for each resource in the list and wherein altering an administration domain associated with the user to change the specified subset of resources results in automatic changes to the list of resources in the user profile; and allowing the user to access a selected resource, if the selected resource is specified in an administration domain associated with the user;
wherein the user'"'"'s level of access to the selected resource is determined by the level of access listed for the selected resource in the user'"'"'s profile. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification