Custom access controls
First Claim
Patent Images
1. A system, comprising:
- one or more computing devices configured to implement a workflow system that comprises a workflow service and a role management service, and computing resources, wherein the workflow system is configured to;
generate, by the workflow service, a first workflow associated with a client, wherein the first workflow specifies a first plurality of actions;
that are performable by the computing resources;
select, by the role management service, one or more permissions that permit the workflow system to use one or more of the computing resources on behalf of the client, wherein the one or more permissions;
are selected based on one or more techniques comprising inspection, instrumentation, or analysis of a program associated with the first plurality of actions, andare required to perform the first plurality of actions;
manage, by the role management service, access keys that correspond to the first plurality of actions;
generate, by the role management service, a first role that comprises first data indicative of the one or more permissions;
generate a second workflow associated with the client, wherein the second workflow specifies a second plurality of actions performable by the computing resources;
generate, by the role management service, a second role that comprises second data indicative of one or more permissions that permit the workflow system to use the computing resources on behalf of the client, wherein the one or more permissions in the second role are required to perform the second plurality of actions;
perform the first plurality of actions using the access keys that correspond to the one or more permissions to use the computing resources in accordance with the first role; and
perform the second plurality of actions using the computing resources in accordance with the second role.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for implementing custom access controls are disclosed. A first task is added to a first workflow. A first role is generated for the first workflow. The first role comprises a first set of one or more permissions for using one or more computing resources. The one or more permissions in the first role are selected based on the first task. The first task is performed using the one or more computing resources in accordance with the first role.
31 Citations
21 Claims
-
1. A system, comprising:
one or more computing devices configured to implement a workflow system that comprises a workflow service and a role management service, and computing resources, wherein the workflow system is configured to; generate, by the workflow service, a first workflow associated with a client, wherein the first workflow specifies a first plurality of actions;
that are performable by the computing resources;select, by the role management service, one or more permissions that permit the workflow system to use one or more of the computing resources on behalf of the client, wherein the one or more permissions; are selected based on one or more techniques comprising inspection, instrumentation, or analysis of a program associated with the first plurality of actions, and are required to perform the first plurality of actions; manage, by the role management service, access keys that correspond to the first plurality of actions; generate, by the role management service, a first role that comprises first data indicative of the one or more permissions; generate a second workflow associated with the client, wherein the second workflow specifies a second plurality of actions performable by the computing resources; generate, by the role management service, a second role that comprises second data indicative of one or more permissions that permit the workflow system to use the computing resources on behalf of the client, wherein the one or more permissions in the second role are required to perform the second plurality of actions; perform the first plurality of actions using the access keys that correspond to the one or more permissions to use the computing resources in accordance with the first role; and perform the second plurality of actions using the computing resources in accordance with the second role. - View Dependent Claims (2, 3, 4, 5)
-
6. A computer-implemented method, comprising:
performing, by one or more computers configured to implement a workflow system that includes a workflow service and a role management service; adding a first plurality of actions performable by a plurality of computing resources and requested by a client of the workflow service to a first workflow; selecting, by the role management service, a first set of one or more permissions that permit the workflow system to use one or more of the computing resources on behalf of the client, and wherein the one or more permissions are selected based on one or more techniques that comprise inspection, instrumentation, or analysis of a program code associated with the first plurality of actions, and are selected based at least in part on the first plurality of actions; managing, by the role management service, access keys that correspond to the first plurality of actions; generating a first custom role for the first workflow, wherein the first custom role comprises the first set of one or more permissions; and performing the first plurality of actions using the access keys that correspond to the one or more permissions to use the one or more computing resources in accordance with the first custom role. - View Dependent Claims (7, 8, 9, 10, 11)
-
12. A non-transitory, computer-readable storage medium storing program instructions computer-executable to implement a workflow system that includes a workflow service and a role management service, wherein the program instructions are configured to perform:
-
adding, by the workflow system, a first plurality of actions to a first workflow based on a request from a client; selecting, by the role management service, a first set of one or more permissions that permit the workflow system to use one or more computing resources on behalf of the client, wherein the one or more permissions; are selected based on one or more techniques that comprise inspecting, instrumentation, or analyzing a program code that is associated with the first plurality of actions, and are selected based on access requirements of the first plurality of actions; managing, by the role management service, access keys that correspond to the first plurality of actions; generating a first role for the first workflow, wherein the first role comprises the first set of one or more permissions that permit the workflow system to use the one or more computing resources on behalf of the client; adding a second plurality of actions to a second workflow based on another request from the client; generating a second role for the second workflow, wherein the second role comprises a second set of one or more permissions for using the one or more computing resources, wherein the one or more permissions in the second role are selected based on access requirements of the second plurality of actions, wherein the access requirements of the second plurality of actions differ from the access requirements of the first plurality of actions; performing the first plurality of actions using the access keys that correspond to the one or more permissions to use the one or more computing resources in accordance with the first role; and performing the second plurality of actions using the one or more computing resources in accordance with the second role. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system, comprising:
-
at least one processor; a memory coupled to the at least one processor, wherein the memory stores program instructions, wherein the program instructions are executable by the at least one processor to implement a workflow system that includes a workflow service and a role management service, the workflow system configured to; generate, by the workflow service, a first workflow comprising a first plurality of actions of the workflow service, wherein the first plurality of actions represents a first task requested by a client of the workflow service; select, by the role management service, a first set of one or more permissions that permit the workflow system to use one or more computing resources on behalf of the client, and wherein the one or more permissions; are selected based on one or more techniques that comprise inspection, instrumentation, or analysis of a program code associated with the first plurality of actions, and are selected based at least in part on access requirements of the first task; manage, by the role management service, access keys that correspond to the first plurality of actions; generate a first custom role for the first workflow, wherein the first custom role comprises the first set of one or more permissions; and perform the first task using the access keys that correspond to the one or more permissions, wherein the first task uses the one or more computing resources in accordance with the first custom role. - View Dependent Claims (18, 19, 20, 21)
-
Specification