Handling permissions for virtualized file servers
First Claim
1. A system comprising:
- a cluster of host machines, including a particular host machine, the particular host machine including a memory having a cache;
a file server virtual machine hosted on the particular host machine;
a storage pool distributed across the cluster of host machines, the storage pool including local storage coupled to the particular host machine, the storage pool configured to store a plurality of storage items managed by the file server virtual machine, and the storage pool configured to store respective access control lists (ACLS) corresponding to permissions granted to users for the storage items;
wherein the system is configured to receive an access request associated with a user and directed to a particular storage item of the storage items,wherein the system is further configured to retrieve an access control list of the ACLs and corresponding permissions including one or more an access rights granted to the user for the particular storage item,wherein the system is further configured to extract a relevant permission pertaining to the user for the particular storage item and store a permission profile for the user in the cache of the memory, the permission profile including the relevant permission pertaining to the user for the particular storage item, andwherein the system is further configured to, based on receiving another access request directed to the particular storage item associated with the user, check the permission profile stored in the cache to determine whether the another access request is permissible.
1 Assignment
0 Petitions
Accused Products
Abstract
Examples of systems described herein include a file server virtual machine of a virtualized file server configured to manage storage of a plurality of storage items. The file server virtual machine including a file system configured to receive an access request directed to a storage item of the plurality of storage items and associated with a user. The file system is further configured to retrieve an access control list having permissions information associated with the storage item, and to cache a permissions profile for the user including all permissions pertaining to the user for the storage item. The file system is further configured to determine whether the access request is permissible based on the cached permissions profile.
480 Citations
41 Claims
-
1. A system comprising:
-
a cluster of host machines, including a particular host machine, the particular host machine including a memory having a cache; a file server virtual machine hosted on the particular host machine; a storage pool distributed across the cluster of host machines, the storage pool including local storage coupled to the particular host machine, the storage pool configured to store a plurality of storage items managed by the file server virtual machine, and the storage pool configured to store respective access control lists (ACLS) corresponding to permissions granted to users for the storage items; wherein the system is configured to receive an access request associated with a user and directed to a particular storage item of the storage items, wherein the system is further configured to retrieve an access control list of the ACLs and corresponding permissions including one or more an access rights granted to the user for the particular storage item, wherein the system is further configured to extract a relevant permission pertaining to the user for the particular storage item and store a permission profile for the user in the cache of the memory, the permission profile including the relevant permission pertaining to the user for the particular storage item, and wherein the system is further configured to, based on receiving another access request directed to the particular storage item associated with the user, check the permission profile stored in the cache to determine whether the another access request is permissible. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
hosting a file server virtual machine (FSVM) on a host machine of a cluster of host machines, the host machine including a memory having a cache, the FSVM configured to manage storage items stored in a storage pool distributed across the cluster, the storage pool including local storage coupled to at least the host machine, wherein the storage pool is configured to store respective access control lists (ACLs) corresponding to permissions granted to users for the storage items; receiving an access request associated with a user and directed to a storage item stored in the storage pool; retrieving an access control list of the ACLs and corresponding permissions, including one or more access rights granted to the user for the storage item; extracting a relevant permission pertaining to the user for the storage item and storing a permission profile for the user in the cache of the memory, the permission profile including the relevant permission pertaining to the user for the storage item; and based on receiving another access request directed to the storage item associated with the user, checking the permission profile stored in the cache to determine whether the another access request is permissible. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method comprising:
-
hosting a file server virtual machine (FSVM) on a host machine of a cluster of host machines, the host machine including a memory having a cache, the FSVM configured to manage storage items stored in a storage pool distributed across the cluster, the storage pool including local storage coupled to at least the host machine, wherein the storage pool is configured to store respective access control lists (ACLs) corresponding to permissions granted to users for the storage items; receiving a request to create another access control list entry in a metadata database for a new storage item in a directory managed by the file server virtual machine (FSVM), wherein the another access control list comprises permission information associated with the new storage item; retrieving a parent directory access control list associated with the directory; in response to a determination that the access control list matches the parent directory access control list, inserting a pointer to the parent directory access control list for the access control list entry for the new storage item; in response to receiving a request associated with a user for permission information for the directory including the new storage item, extracting a relevant permission pertaining to the user for the new storage item and storing the parent directory access control list in the cache, including the relevant permission pertaining to the user for the new storage item; and in response to receiving another request directed to the new storage item associated with the user, checking the parent directory access control list in the cache to determine whether the another request is permissible. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. At least one non-transitory computer readable medium encoded with instructions which, when executed, cause a system to perform actions comprising:
-
hosting a file server virtual machine (FSVM) on a host machine of a cluster of host machines, the host machine including a memory having a cache, the FSVM configured to manage storage items stored in a storage pool distributed across the cluster, the storage pool including local storage coupled to at least the host machine, wherein the storage pool is configured to store respective access control lists (ACLs) corresponding to permissions granted to users for the storage items; receiving, at the FSVM, an access request associated with a user and directed to a storage item stored in the storage pool; retrieving an access control list of the ACLs and corresponding permissions, including one or more access rights granted to the user for the storage item; extracting a relevant permission pertaining to the user for the storage item and storing a permission profile for the user in the cache of the memory, the permission profile including the relevant permission pertaining to the user for the storage item; and based on receiving another access request directed to the storage item associated with the user, checking the permission profile stored in the cache to determine whether the another access request is permissible. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification