Storage array access control from cloud-based user authorization and authentication
First Claim
1. A method of providing authorization and authentication in a cloud for a user of a storage array, the method comprising:
- receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user,wherein the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user,wherein access privileges are defined in the cloud-based security module for a plurality of users with an association of each user with one of a plurality of profiles, each profile specifying access privileges for users associated with the profile, andwherein the plurality of profiles comprise at least one storage-array specific profile specifying access privileges for a single storage array and multi-array profiles specifying access privileges for a plurality of storage arrays;
receiving, by the storage array access module from the user, a user access request to one or more storage array services; and
determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token.
1 Assignment
0 Petitions
Accused Products
Abstract
Providing authorization and authentication in a cloud for a user of a storage array includes: receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, where the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token.
-
Citations
16 Claims
-
1. A method of providing authorization and authentication in a cloud for a user of a storage array, the method comprising:
-
receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, wherein the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user, wherein access privileges are defined in the cloud-based security module for a plurality of users with an association of each user with one of a plurality of profiles, each profile specifying access privileges for users associated with the profile, and wherein the plurality of profiles comprise at least one storage-array specific profile specifying access privileges for a single storage array and multi-array profiles specifying access privileges for a plurality of storage arrays; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for providing authorization and authentication in a cloud for a user of a storage array, the apparatus comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:
-
receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, wherein the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user, wherein access privileges are defined in the cloud-based security module for a plurality of users with an association of each user with one of a plurality of profiles, each profile specifying access privileges for users associated with the profile, and wherein the plurality of profiles comprise at least one storage-array specific profile specifying access privileges for a single storage array and multi-array profiles specifying access privileges for a plurality of storage arrays; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer program product for providing authorization and authentication in a cloud for a user of a storage array, the computer program product disposed upon a non-transitory computer readable medium, the computer program product comprising computer program instructions that, when executed, cause a computer to carry out the steps of:
-
receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, wherein the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user, wherein access privileges are defined in the cloud-based security module for a plurality of users with an association of each user with one of a plurality of profiles, each profile specifying access privileges for users associated with the profile, and wherein the plurality of profiles comprise at least one storage-array specific profile specifying access privileges for a single storage array and multi-array profiles specifying access privileges for a plurality of storage arrays; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token. - View Dependent Claims (14, 15, 16)
-
Specification