Hierarchical multi-tenancy management of system resources in resource groups

US 9,471,577 B2
Filed: 01/18/2016
Issued: 10/18/2016
Est. Priority Date: 12/09/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method of establishing hierarchical user management authority for a plurality storage resources organized into a plurality of resource groups in a computing storage environment by a processor device, comprising:

associating the plurality of storage resources with a resource group object, the resource group object and a storage resource object by having a resource group attribute associating the storage resource object with one of the plurality of resource groups;

assigning a resource group label attribute to the resource group object;

defining at least one additional attribute of the resource group object that specify a plurality of management policies for the resource group object and the plurality of storage resources associated with the resource group object;

associating at least one of a plurality of available users of the plurality of storage resources with a user resource scope attribute;

defining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute, wherein the at least one of the plurality of available users has authority to perform one of creating, modifying, delete, and managing the plurality of storage resources associated with the at least one of the plurality of resource groups and also authority to perform one of creating and modifying at least one of the plurality of resource groups;

assigning a parent resource group attribute to at least one of the resource group object that identifies another one of the plurality of resource groups as a parent of the plurality of resource groups such that a specified one of the plurality of resource groups may be hierarchically related to at least one child resource group;

constraining the resource group label attribute of the parent of the plurality of resource groups and the at least one child resource group such that a resource scope may be defined to match a subset of a set of the plurality of resource groups consisting of at least one of the plurality of resource groups and at least one of the descendants of the plurality of resource groups; and

requiring the plurality of management policies specified in at least one policy attribute of the at least one child resource group be as restrictive as the plurality of management policies specified in the at least one policy attribute of the parent of the plurality of resource groups.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Establishing hierarchical user management authority for storage resources organized into resource groups in a computing storage environment are provided. Each storage resource is associated with a resource group and storage resource object having a resource group attribute associating the storage resource object with one of the resource groups. The resource group label attribute is assigned to the resource group object. An additional attribute of the resource group object, that specifies management policies for the resource group object and the storage resources associated with the resource group object, is defined. One of the available users of the storage resources is associated with a user resource scope attribute. A schema is defined for comparing of values of the user resource scope attribute with the resource group label attribute.

25 Citations

View as Search Results

24 Claims

1. A method of establishing hierarchical user management authority for a plurality storage resources organized into a plurality of resource groups in a computing storage environment by a processor device, comprising:
- associating the plurality of storage resources with a resource group object, the resource group object and a storage resource object by having a resource group attribute associating the storage resource object with one of the plurality of resource groups;
  
  assigning a resource group label attribute to the resource group object;
  
  defining at least one additional attribute of the resource group object that specify a plurality of management policies for the resource group object and the plurality of storage resources associated with the resource group object;
  
  associating at least one of a plurality of available users of the plurality of storage resources with a user resource scope attribute;
  
  defining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute, wherein the at least one of the plurality of available users has authority to perform one of creating, modifying, delete, and managing the plurality of storage resources associated with the at least one of the plurality of resource groups and also authority to perform one of creating and modifying at least one of the plurality of resource groups;
  
  assigning a parent resource group attribute to at least one of the resource group object that identifies another one of the plurality of resource groups as a parent of the plurality of resource groups such that a specified one of the plurality of resource groups may be hierarchically related to at least one child resource group;
  
  constraining the resource group label attribute of the parent of the plurality of resource groups and the at least one child resource group such that a resource scope may be defined to match a subset of a set of the plurality of resource groups consisting of at least one of the plurality of resource groups and at least one of the descendants of the plurality of resource groups; and
  
  requiring the plurality of management policies specified in at least one policy attribute of the at least one child resource group be as restrictive as the plurality of management policies specified in the at least one policy attribute of the parent of the plurality of resource groups.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further including designating the resource group label attribute as a delimited text string for assigning the resource group label attribute to the resource group object.
  - 3. The method of claim 1, further including performing at least one of:
    - associating at least one of the plurality of available users with the user resource scope attribute further includes designating the user resource scope attribute as the delimited text string, wherein at least one symbol is designated with at least one wildcard characteristic, anddefining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute further includes considering a user to have authority to manage the plurality of storage resources associated with at least one of the plurality of resource groups if a text pattern specified by the user resource scope attribute matches the delimited text string specified in the resource group label of the resource group.
  - 4. The method of claim 3, wherein:
    - designating the resource group label attribute as a delimited text string further includes designating the resource group label attribute with at least one resource group qualifier sections, separated by a delimiter symbol,designating the user resource scope attribute as a delimited text string further includes designating the user resource scope attribute with the at least one resource group qualifier sections, separated by at least one delimiter symbol, wherein the a least one delimiter symbol may include a wild card symbol, anddefining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute further includes comparing the at least one resource group qualifier sections to match with a corresponding one of the at least one resource group qualifier sections, wherein a last one of a at least one resource scope qualify sections is considered to match any subsequent one of the at least one resource group qualifier sections if a wildcard symbol is specified as a last character.
  - 5. The method of claim 4, further including performing at least one of:
    - associating with the at least one resource group qualifier sections with an independent hierarchical domain for a specific management purpose, andassociating with the at least one resource group qualifier sections with a user management hierarchy, wherein at least one value of the at least one resource group qualifier sections specifies a different node in the user management hierarchy.
  - 6. The method of claim 1, further including performing at least one of:
    - restricting the authority to one of creating and modifying the plurality of resource groups without a parent of the plurality of resource groups to a user ID having a user resource scope attribute that provides access to all of the plurality of resources groups,limiting the authority of performing one of creating and modifying the at least one child resource group with a parent resource group containing the resource group label attribute matching a scope of the users resource scope attribute to the user ID having one of a plurality of resource scopes that does not provide access to all resource groups, andlimiting the user ID having one of the plurality of resource scopes without authority to provide access to all of the plurality of resource groups to one of;
      
      changing a plurality of resource group attribute of the plurality of storage resources that are associated with the plurality of resource groups having the resource group label attribute matching the user resource scope attribute and is being assigned to one of the plurality of resource groups having the resource group label attribute that matches the user resource scope attribute.
  - 7. The method of claim 1, further including performing one of:
    - defining at least one policy attribute of the plurality of resource groups that prevents at least one of creating and associating a specified storage resource class in the plurality of resource groups, anddefining a policy attribute of the plurality of resource groups that prevents a creation of a child resource groups.
  - 8. The method of claim 1, further including assigning an authority to an administrative user ID to create at least one user ID with a definition that provides an authority to create another one of the at least one user ID with the user resource scope attribute that is limited by the user resource scope attribute of creating one of the at least one user ID with a user role that is limited to at least one of a set of the user roles assigned to the creating one of the at least one user ID.

9. A system of establishing hierarchical user management authority for storage resources organized into a plurality of resource groups in a computing storage environment, comprising:
- at least one processor device;
  
  a resource group manager, controlled by the at least one processor device, operational in the computing storage environment, wherein the resource group manager is adapted for;
  
  associating the plurality of storage resources with a resource group object, the resource group object and a storage resource object by having a resource group attribute associating the storage resource object with one of the plurality of resource groups,assigning a resource group label attribute to the resource group object,defining at least one additional attribute of the resource group object that specify a plurality of management policies for the resource group object and the plurality of storage resources associated with the resource group object,associating at least one of a plurality of available users of the plurality of storage resources with a user resource scope attribute,defining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute, wherein the at least one of the plurality of available users having authority to perform one of creating, modifying, delete, and managing the plurality of storage resources associated with the at least one of the plurality of resource groups and also authority to perform one of creating and modifying at least one of the plurality of resource groups,assigning a parent resource group attribute to at least one of the resource group object that identifies another one of the plurality of resource groups as a parent of the plurality of resource groups such that a specified one of the plurality of resource groups may be hierarchically related to at least one child resource group,constraining the resource group label attribute of the parent of the plurality of resource groups and the at least one child resource group such that a resource scope may be defined to match a subset of a set of the plurality of resource groups consisting of at least one of the plurality of resource groups and at least one of the descendants of the plurality of resource groups, andrequiring the plurality of management policies specified in at least one policy attribute of the at least one child resource group be as restrictive as the plurality of management policies specified in the at least one policy attribute of the parent of the plurality of resource groups.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the resource group manager is further adapted for performing designating the resource group label attribute as a delimited text string for assigning the resource group label attribute to the resource group object.
  - 11. The system of claim 9, wherein the resource group manager is further adapted for performing at least one of:
    - associating at least one of the plurality of available users with the user resource scope attribute further includes designating the user resource scope attribute as the delimited text string, wherein at least one symbol is designated with at least one wildcard characteristic, anddefining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute further includes considering a user to have authority to manage the plurality of storage resources associated with at least one of the plurality of resource groups if a text pattern specified by the user resource scope attribute matches the delimited text string specified in the resource group label of the resource group.
  - 12. The system of claim 9, wherein the resource group manager is further adapted for performing at least one of:
    - designating the resource group label attribute as a delimited text string further includes designating the resource group label attribute with at least one resource group qualifier sections, separated by a delimiter symbol,designating the user resource scope attribute as a delimited text string further includes designating the user resource scope attribute with the at least one resource group qualifier sections, separated by at least one delimiter symbol, wherein the a least one delimiter symbol may include a wild card symbol, anddefining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute further includes comparing the at least one resource group qualifier sections to match with a corresponding one of the at least one resource group qualifier sections, wherein a last one of the at least one resource group qualify sections is considered to match any subsequent one of the at least one resource group qualifier sections if a wildcard symbol is specified as a last character.
  - 13. The system of claim 12, wherein the resource group manager is further adapted for performing at least one of:
    - associating with the at least one resource group qualifier sections with an independent hierarchical domain for a specific management purpose, andassociating with the at least one resource group qualifier sections with a user management hierarchy, wherein at least one value of the at least one resource group qualifier sections specifies a different node in the user management hierarchy.
  - 14. The system of claim 13, wherein the group manager module is further adapted for performing at least one of:
    - restricting the authority to create the plurality of resource groups without a parent of the plurality of resource groups to a user ID having a user resource scope attribute that provides access to at least one of the plurality of resources groups,limiting the authoring of performing one of creating and modifying the at least one child resource group containing the resource group label attribute matching a scope of the users resource scope attribute to the user ID having one of the plurality of resource groups that does not provide access to all resource groups, andlimiting the user ID having one of the plurality of resource groups without authority to provide access to the at least one of the plurality of resource groups to one of;
      
      changing the plurality of resource groups of the plurality of storage resources that is associated with the plurality of resource groups having the resource group label attribute matching the user resource scope attribute and is being assigned to one of the plurality of resource groups having the resource group label attribute that matches the user resource scope attribute.
  - 15. The system of claim 9, wherein the group manager module is further adapted for performing at least one of:
    - defining at least one policy attribute of the plurality of resource groups that prevents at least one of creating and associating a specified storage resource class in the plurality of resource groups, anddefining a policy attribute of the plurality of resource groups that prevents a creation of a child resource group.
  - 16. The system of claim 9, wherein the group manager module is further adapted for assigning an authority to an administrative user ID to create at least one user ID with a definition that provides an authority to create another one of the at least one user ID with the user resource scope attribute that is limited by the user resource scope attribute of creating one of the at least one user ID with a user role that is limited to at least one of a set of the user roles assigned to the creating one of the at least one user ID.

17. A computer program product for establishing hierarchical user management authority for storage resources organized into a plurality of resource groups in a computing storage environment by a processor device, the computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
- an executable portion for associating the plurality of storage resources with a resource group object, the resource group object and a storage resource object by having a resource group attribute associating the storage resource object with one of the plurality of resource groups;
  
  an executable portion for assigning a resource group label attribute to the resource group object;
  
  an executable portion for defining at least one additional attribute of the resource group object that specify a plurality of management policies for the resource group object and the plurality of storage resources associated with the resource group object;
  
  an executable portion for associating at least one of a plurality of available users of the plurality of storage resources with a user resource scope attribute;
  
  an executable portion for defining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute, wherein the at least one of the plurality of available users having authority to perform one of creating, modifying, delete, and managing the plurality of storage resources associated with the at least one of the plurality of resource groups and also authority to perform one of creating and modifying at least one of the plurality of resource groups;
  
  an executable portion for assigning a parent resource group attribute to at least one of the resource group object that identifies another one of the plurality of resource groups as a parent of the plurality of resource groups such that a specified one of the plurality of resource groups may be hierarchically related to at least one child resource group;
  
  an executable portion for constraining the resource group label attribute of the parent of the plurality of resource groups and the at least one child resource group such that a resource scope may be defined to match a subset of a set of the plurality of resource groups consisting of at least one of the plurality of resource groups and at least one of the descendants of the plurality of resource groups; and
  
  an executable portion for requiring the plurality of management policies specified in at least one policy attribute of the at least one child resource group be as restrictive as the plurality of management policies specified in the at least one policy attribute of the parent of the plurality of resource groups.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17, further including an executable portion for designating the resource group label attribute as a delimited text string for assigning the resource group label attribute to the resource group object.
  - 19. The computer program product of claim 18, further including an executable portion for performing at least one of:
    - associating at least one of the plurality of available users with the user resource scope attribute further includes designating the user resource scope attribute as the delimited text string, wherein at least one symbol is designated with at least one wildcard characteristic, anddefining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute further includes considering a user to have authority to manage the plurality of storage resources associated with at least one of the plurality of resource groups if a text pattern specified by the user resource scope attribute matches the delimited text string specified in the resource group label of the resource group.
  - 20. The computer program product of claim 19, further including an executable portion for performing at least one of:
    - designating the resource group label attribute as a delimited text string further includes designating the resource group label attribute with at least one resource group qualifier sections, separated by a delimiter symbol,designating the user resource scope attribute as a delimited text string further includes designating the user resource scope attribute with the at least one resource group qualifier sections, separated by at least one delimiter symbol, wherein the at least one delimiter symbol may include a wild card symbol, anddefining a schema for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute further includes comparing the at least one resource group qualifier sections to match with a corresponding one of the at least one resource group qualifier sections, wherein a last one of the at least one resource group qualify sections is considered to match any subsequent one of the at least one resource group qualifier sections if a wildcard symbol is specified as a last character.
  - 21. The computer program product of claim 20, further including an executable portion for performing at least one of:
    - associating with the at least one resource group qualifier sections with an independent hierarchical domain for a specific management purpose, andassociating with the at least one resource group qualifier sections with a user management hierarchy, wherein at least one value of the at least one resource group qualifier sections specifies a different node in the user management hierarchy.
  - 22. The computer program product of claim 21, further including an executable portion for performing at least one of:
    - restricting the authority to create the plurality of resource groups without a parent of the plurality of resource groups to a user ID having a user resource scope attribute that provides access to at least one of the plurality of resources groups,limiting the authoring of performing one of creating and modifying the at least one child resource group containing the resource group label attribute matching a scope of the users resource scope attribute to the user ID having one of the plurality of resource groups that does not provide access to all resource groups, andlimiting the user ID having one of the plurality of resource groups without authority to provide access to the at least one of the plurality of resource groups to one of;
      
      changing the plurality of resource groups of the plurality of storage resources that is associated with the plurality of resource groups having the resource group label attribute matching the user resource scope attribute and is being assigned to one of the plurality of resource groups having the resource group label attribute that matches the user resource scope attribute.
  - 23. The computer program product of claim 17, further including an executable portion for performing at least one of:
    - defining at least one policy attribute of the plurality of resource groups that prevents at least one of creating and associating a specified storage resource class in the plurality of resource groups, anddefining a policy attribute of the plurality of resource groups that prevents a creation of a child resource group.
  - 24. The computer program product of claim 17, further including an executable portion for performing at least one of:
    - assigning a plurality of user IDs to the plurality of available users, andexpanding the plurality of user IDs to create at least one child resource group, wherein the plurality of user IDs may be lower or higher in the hierarchy of the plurality of available users in order to expand a resource group hierarchy within a plurality of parent policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ripberger, Richard A.
Primary Examiner(s)
Rostami, Mohammad S

Application Number

US14/997,705
Publication Number

US 20160132512A1
Time in Patent Office

274 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/185   Hierarchical storage manage...

G06F 16/211   Schema design and management

G06F 16/24573   using data annotations, e.g...

G06F 16/285   Clustering or classification

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

Hierarchical multi-tenancy management of system resources in resource groups

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical multi-tenancy management of system resources in resource groups

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links