Modifying permission trees in a virtualization environment
First Claim
Patent Images
1. A method comprising:
- receiving a permission request, the request indicating a user and an entity;
flattening, by a processing device, a permissions database to generate a flattened database view, wherein flattening the permissions database comprises;
identifying a first set of entities for which either the user or a role to which the user is assigned has explicit permissions defined in the permissions database;
identifying a second set of entities that inherit the explicit permissions; and
creating a separate entry in the flattened database view for each unique combination of the user and one of the entities in the first or second sets of entities, wherein the flattened database view comprises a stored query accessible as a virtual table in the permissions database computed from data stored in the permissions database;
determining, using the flattened database view, whether the user has permission to access the entity by querying the flattened database view for a single entry associated with a combination of the user and the entity; and
returning an indication of whether the user has permission to access the entity.
0 Assignments
0 Petitions
Accused Products
Abstract
A processing device receives a permission request indicating a user and an entity. The processing device modifies a permissions database to generate a modified database view. Using the modified database view, the processing device determines whether the user has permission to access the entity and returns an indication of whether the user has permission to access the entity.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving a permission request, the request indicating a user and an entity; flattening, by a processing device, a permissions database to generate a flattened database view, wherein flattening the permissions database comprises; identifying a first set of entities for which either the user or a role to which the user is assigned has explicit permissions defined in the permissions database; identifying a second set of entities that inherit the explicit permissions; and creating a separate entry in the flattened database view for each unique combination of the user and one of the entities in the first or second sets of entities, wherein the flattened database view comprises a stored query accessible as a virtual table in the permissions database computed from data stored in the permissions database; determining, using the flattened database view, whether the user has permission to access the entity by querying the flattened database view for a single entry associated with a combination of the user and the entity; and returning an indication of whether the user has permission to access the entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a memory; and a processing device operatively coupled to the memory, the processing device to; receive a permission request from a client, the request indicating a user and an entity; flatten a permissions database to generate a flattened database view, wherein to generate the flattened database view, the processing device to; identify a first set of entities for which either the user or a role to which the user is assigned has explicit permissions defined in the permissions database; identify a second set of entities that inherit the explicit permissions; and create a separate entry in the flattened database view for each unique combination of the user and one of the entities in the first or second sets of entities, wherein the flattened database view comprises a stored query accessible as a virtual table in the permissions database computed from data stored in the permissions database; determine, using the flattened database view, whether the user has permission to access the entity by querying the flattened database view for a single entry associated with a combination of the user and the entity; and return an indication of whether the user has permission to access the entity. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory machine-readable storage medium storing instructions which, when executed, cause a processing device to:
-
receive a permission request, the request indicating a user and an entity; flatten, by the processing device, a permissions database to generate a flattened database view, wherein to flatten the permissions database, the instructions to cause the processing device to; identify a first set of entities for which either the user or a role to which the user is assigned has explicit permissions defined in the permissions database; identify a second set of entities that inherit the explicit permissions; and create a separate entry in the flattened database view for each unique combination of the user and one of the entities in the first or second sets of entities, wherein the flattened database view comprises a stored query accessible as a virtual table in the permissions database computer from data stored in the permissions database; determine, using the flattened database view, whether the user has permission to access the entity by querying the flattened database view for a single entry associated with a combination of the user and the entity; and return an indication of whether the user has permission to access the entity. - View Dependent Claims (17, 18, 19, 20)
-
Specification