Granular permission assignment
First Claim
1. A method comprising:
- creating, by a processing device, a plurality of reusable role definitions for a cloud provider system, wherein each of the plurality of reusable role definitions comprises a resource type and an action set permitted to be performed on a plurality of resources of the resource type;
receiving, by the processing device, a first request to assign a user to a first role, the first request specifying a first cloud computing resource of a plurality of cloud computing resources of a respective resource type in the cloud provider system;
identifying, by the processing device, a role definition corresponding to the respective resource type, the identified role definition comprising the respective resource type and an action set permitted to be performed in the cloud provider system on the plurality of cloud computing resources of the respective resource type;
creating, by the processing device, the first role for the user on the first cloud computing resource, wherein creating the first role comprises associating the identified role definition with the first cloud computing resource and the user;
receiving, by the processing device, a second request to assign the user to a second role, the second request specifying a second cloud computing resource of the plurality of cloud computing resources of the respective resource type; and
creating, by the processing device, the second role for the user on the second cloud computing resource in view of the identified role definition corresponding to the resource type, wherein the identified role definition that was used for the first role of the user is being reused for the second role of the user, and wherein creating the second role comprises associating the identified role definition with the second cloud computing resource and the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for storing role definitions for cloud provider systems, receiving a first request to assign a user to a first role specifying a first cloud computing resource of a respective resource type, identifying a role definition corresponding to the first role that includes an action set permitted, and creating the first role for the user on the first cloud computing resource by associating the identified role definition with the first cloud computing resource and the user. A second request to assign the user to a second role is received specifying a second cloud computing of the respective resource type, and the second role is created for the user on the second cloud computing resource, where the identified role definition corresponds to the first and second roles, and wherein creating the second role includes associating the identified role definition with the first cloud computing resource and the user.
15 Citations
20 Claims
-
1. A method comprising:
-
creating, by a processing device, a plurality of reusable role definitions for a cloud provider system, wherein each of the plurality of reusable role definitions comprises a resource type and an action set permitted to be performed on a plurality of resources of the resource type; receiving, by the processing device, a first request to assign a user to a first role, the first request specifying a first cloud computing resource of a plurality of cloud computing resources of a respective resource type in the cloud provider system; identifying, by the processing device, a role definition corresponding to the respective resource type, the identified role definition comprising the respective resource type and an action set permitted to be performed in the cloud provider system on the plurality of cloud computing resources of the respective resource type; creating, by the processing device, the first role for the user on the first cloud computing resource, wherein creating the first role comprises associating the identified role definition with the first cloud computing resource and the user; receiving, by the processing device, a second request to assign the user to a second role, the second request specifying a second cloud computing resource of the plurality of cloud computing resources of the respective resource type; and creating, by the processing device, the second role for the user on the second cloud computing resource in view of the identified role definition corresponding to the resource type, wherein the identified role definition that was used for the first role of the user is being reused for the second role of the user, and wherein creating the second role comprises associating the identified role definition with the second cloud computing resource and the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a memory to store instructions; and a processing device, executing the instructions and coupled to the memory, to; create a plurality of reusable role definitions for a cloud provider system, wherein each of the plurality of reusable role definitions comprises a resource type and an action set permitted to be performed on a plurality of resources of the resource type; receive a first request to assign a user to a first role, the first request specifying a first cloud computing resource of a plurality of cloud computing resources of a respective resource type in the cloud provider system; identify a role definition corresponding to the respective resource type, the identified role definition comprising the respective resource type and an action set permitted to be performed in the cloud provider system on the plurality of cloud computing resources of the respective resource type; create the first role for the user on the first cloud computing resource, wherein creating the first role comprises associating the identified role definition with the first cloud computing resource and the user; receive a second request to assign the user to a second role, the second request specifying a second cloud computing resource of the plurality of cloud computing resources of the respective resource type; and create the second role for the user on the second cloud computing resource in view of the identified role definition corresponding to the resource type, wherein the identified role definition that was used for the first role of the user is being reused for the second role of the user, and wherein creating the second role comprises associating the identified role definition with the second cloud computing resource and the user. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium including instructions that, when executed by a computer server, cause the computer server to perform a set of operations comprising:
-
creating a plurality of reusable role definitions for a cloud provider system, wherein each of the plurality of reusable role definitions comprises a resource type and an action set permitted to be performed on a plurality of resources of the resource type; receiving a first request to assign a user to a first role, the first request specifying a first cloud computing resource of a plurality of cloud computing resources of a respective resource type in the cloud provider system; identifying a role definition corresponding to the respective resource type, the identified role definition comprising the respective resource type and an action set permitted to be performed in the cloud provider system on the plurality of cloud computing resources of the respective resource type; creating the first role for the user on the first cloud computing resource, wherein creating the first role comprises associating the identified role definition with the first cloud computing resource and the user; receiving a second request to assign the user to a second role, the second request specifying a second cloud computing resource of the plurality of cloud computing resources of the respective resource type; and creating the second role for the user on the second cloud computing resource in view of the identified role definition corresponding to the resource type, wherein the identified role definition that was used for the first role of the user is being reused for the second role of the user, and wherein creating the second role comprises associating the identified role definition with the second cloud computing resource and the user. - View Dependent Claims (19, 20)
-
Specification