Personas in application lifecycle management
First Claim
1. A method for managing administrative access to a computing platform having a plurality of tiered computing components, including a plurality of compute devices, a plurality of network devices, and a virtualization environment, the method comprising:
- determining a group of platform administrators comprised of users authorized to configure a plurality of personas;
determining a group of platform users comprised of users authorized to perform administrative tasks on the tiered computing components without knowledge of any administrative credentials for the tiered computing components;
generating, at a server, the plurality of personas, wherein each persona defines a set of administrative tasks that a user associated with the persona is permitted to execute on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment, and wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment; and
registering, at the server, administrative credentials used to authorize executing administrative commands on each of the plurality of compute devices, the plurality of network devices, and the virtualization environment by;
generating, at the server, a mapping between a first user of the users and a first personas of the plurality of personas to authorize the first user to perform the administrative commands, the mapping including a time constraint indicating how long effects of executing the administrative commands are permitted to persist; and
based on the mapping, allow the first user to execute the set of administrative tasks defined by the first persona without knowledge of the registered administrative credentials, wherein the set of administrative tasks are executed on one or more of the plurality of computing devices, the plurality of network devices, and the virtualization environment.
4 Assignments
0 Petitions
Accused Products
Abstract
A user management construct, referred to as a persona, is provided to enable a flexible mechanism that grants elevated or administrative privileges to users, such as application developers. Developers may utilize the privileges bestowed by a persona to execute tasks that normally requires access by traditional information (IT) roles, such as IT administrators, to deploy applications in a cloud computing environment. The tasks may include the provisioning of virtual or physical computing resources and/or the configuration of compute, storage, and networking resources.
-
Citations
13 Claims
-
1. A method for managing administrative access to a computing platform having a plurality of tiered computing components, including a plurality of compute devices, a plurality of network devices, and a virtualization environment, the method comprising:
-
determining a group of platform administrators comprised of users authorized to configure a plurality of personas; determining a group of platform users comprised of users authorized to perform administrative tasks on the tiered computing components without knowledge of any administrative credentials for the tiered computing components; generating, at a server, the plurality of personas, wherein each persona defines a set of administrative tasks that a user associated with the persona is permitted to execute on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment, and wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment; and registering, at the server, administrative credentials used to authorize executing administrative commands on each of the plurality of compute devices, the plurality of network devices, and the virtualization environment by; generating, at the server, a mapping between a first user of the users and a first personas of the plurality of personas to authorize the first user to perform the administrative commands, the mapping including a time constraint indicating how long effects of executing the administrative commands are permitted to persist; and based on the mapping, allow the first user to execute the set of administrative tasks defined by the first persona without knowledge of the registered administrative credentials, wherein the set of administrative tasks are executed on one or more of the plurality of computing devices, the plurality of network devices, and the virtualization environment. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable storage medium storing instructions that, when executed by a processor, performs an operation for managing a computing infrastructure having a plurality of tiered computing components, including a plurality of compute devices, a plurality of network devices, and a virtualization environment, the operation comprising:
-
determining a group of platform administrators comprised of users authorized to configure a plurality of personas; determining a group of platform users comprised of users authorized to perform administrative tasks on the tiered computing components without knowledge of any administrative credentials for the tiered computing components; generating the plurality of personas, wherein each persona defines a set of administrative tasks that a user associated with the persona is permitted to execute on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment and wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment; and registering administrative credentials used to authorize executing administrative commands on each of the plurality of compute devices, the plurality of network devices, and the virtualization environment by; generating a mapping between a first user of the users and a first personas of the plurality of personas to authorize the first user to perform the administrative commands, the mapping including a time constraint indicating how long effects of executing the administrative commands are permitted to persist; and based on the mapping, allow the first user to execute the set of administrative tasks defined by the first persona without knowledge of the registered administrative credentials, wherein the set of administrative tasks are executed on one or more of the plurality of computing devices, the plurality of network devices, and the virtualization environment. - View Dependent Claims (7, 8)
-
-
9. A system for managing administrative access to a computing platform having a plurality of tiered computing components including a plurality of compute devices, a plurality of network devices, and a virtualization environment, the system comprising:
at least one server computing device to; determine a group of platform administrators comprised of users authorized to configure a plurality of personas; determine a group of platform users comprised of users authorized to perform administrative tasks on the tiered computing components without knowledge of any administrative credentials for the tiered computing components; generate the plurality of personas, wherein each persona defines a set of administrative tasks that a user associated with the persona is permitted to execute on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment, and wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment; and register administrative credentials used to authorize executing administrative commands on each of the plurality of compute devices, the plurality of network devices, and the virtualization environment by; generating a mapping between a first user of the users and a first personas of the plurality of personas to authorize the first user to perform the administrative commands, the mapping including a time constraint indicating how long effects of executing the administrative commands are permitted to persist; and based on the mapping, allow the first user to execute the set of administrative tasks defined by the first persona without knowledge of the registered administrative credentials, wherein the set of administrative tasks are executed on one or more of the plurality of computing devices, the plurality of network devices, and the virtualization environment. - View Dependent Claims (10, 11, 12, 13)
Specification