Role-based access control using dynamically shared cloud accounts
First Claim
Patent Images
1. A method comprising:
- receiving, at a server computer system within a network of an organization, a request from a user to access a cloud account, wherein the request comprises a user identifier of the user;
authenticating, at the server computer system, the user for access to the cloud account based on the user identifier;
identifying one or more predetermined roles associated with the cloud account for the user;
identifying one or more pseudo accounts associated with the cloud account, the pseudo accounts to define one or more slots associated with the one or more predetermined roles for the cloud account, wherein access privileges to the cloud account correspond to the one or more pseudo accounts;
mapping the user to the one or more pseudo accounts, wherein the mapping comprises matching the one or more predetermined roles for the user with the one or more pseudo accounts; and
providing the user access to the cloud account based on the mapping and with the access privileges corresponding to the one or more pseudo accounts.
2 Assignments
0 Petitions
Accused Products
Abstract
A server computer system within a network of an organization receives a request from a user to access a cloud account. The request includes a user identifier. The server computer system authenticates the user for access to the cloud account based on the user identifier, identifies one or more predetermined roles associated with the cloud account for the user, and identifies one or more pseudo accounts associated with the cloud account. The server computer system further maps the user to the one or more pseudo accounts, and provides user access to the cloud account based on the mapping and with access privileges corresponding to the one or more pseudo accounts.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, at a server computer system within a network of an organization, a request from a user to access a cloud account, wherein the request comprises a user identifier of the user; authenticating, at the server computer system, the user for access to the cloud account based on the user identifier; identifying one or more predetermined roles associated with the cloud account for the user; identifying one or more pseudo accounts associated with the cloud account, the pseudo accounts to define one or more slots associated with the one or more predetermined roles for the cloud account, wherein access privileges to the cloud account correspond to the one or more pseudo accounts; mapping the user to the one or more pseudo accounts, wherein the mapping comprises matching the one or more predetermined roles for the user with the one or more pseudo accounts; and providing the user access to the cloud account based on the mapping and with the access privileges corresponding to the one or more pseudo accounts. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a memory; and a processor coupled to the memory to; receive a request from a user to access a cloud account, wherein the request comprises a user identifier of the user; authenticate the user for access to the cloud account based on the identifier; identify one or more predetermined roles associated with the cloud account for the user; identify one or more pseudo accounts associated with the cloud account, the pseudo accounts to define one or more slots associated with the one or more predetermined roles for the cloud account, wherein access privileges to the cloud account correspond to the one or more pseudo accounts; map the user to the one or more pseudo accounts, wherein the mapping comprises matching the one or more predetermined roles for the user with the one or more pseudo accounts; and provide the user access to the cloud account based on the mapping and with the access privileges corresponding to the one or more pseudo accounts. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium including instructions that, when executed by a processor, cause the processor to perform a method comprising:
-
receiving, at a server computer system within a network of an organization, a request from a user to access a cloud account, wherein the request comprises a user identifier of the user; authenticating, at the server computer system, the user for access to the cloud account based on the identifier; identifying one or more predetermined roles associated with the cloud account for the user; identifying one or more pseudo accounts associated with the cloud account, the pseudo accounts to define one or more slots associated with the one or more predetermined roles for the cloud account, wherein access privileges to the cloud account correspond to the one or more pseudo accounts; mapping the user to the one or more pseudo accounts, wherein the mapping comprises matching the one or more predetermined roles for the user with the one or more pseudo accounts; and providing the user access to the cloud account based on the mapping and with the access privileges corresponding to the one or more pseudo accounts. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification