SYSTEM AND METHOD FOR STORAGE OPERATION ACCESS SECURITY

US 20080243855A1
Filed: 03/28/2008
Published: 10/02/2008
Est. Priority Date: 10/17/2006
Status: Active Grant

First Claim

Patent Images

1. A method of creating users in a data management system, the method comprising:

identifying at least one preexisting user created in a security system external to the data management system, wherein the identified at least one preexisting user has certain access rights defined by the security system;

creating a group within the data management system that associates one or more users with at least one access right for performing data management operations;

adding the identified at least one preexisting user to the created group within the data management system; and

querying the security system to determine the certain access rights of the identified at least one preexisting user.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.

296 Citations

20 Claims

1. A method of creating users in a data management system, the method comprising:
- identifying at least one preexisting user created in a security system external to the data management system, wherein the identified at least one preexisting user has certain access rights defined by the security system;
  
  creating a group within the data management system that associates one or more users with at least one access right for performing data management operations;
  
  adding the identified at least one preexisting user to the created group within the data management system; and
  
  querying the security system to determine the certain access rights of the identified at least one preexisting user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein a user of the data management system who does not have privileges to create new users within the data management system adds the identified at least one preexisting user to the created group within the data management system.
  - 3. The method of claim 1 wherein a user of the data management system who does not have permissions to create new users within the security system adds the identified at least one preexisting user to the created group within the data management system.
  - 4. The method of claim 1 wherein the security system includes Microsoft®
    - Windows Active Directory.
  - 5. The method of claim 1, further comprising querying the security system to determine an email address associated with the preexisting user.
  - 6. The method of claim 1 wherein querying the security system to determine the certain access rights defined by the security system assigned to the identified at least one preexisting user includes determining at least one computer to which the preexisting user has access, and further comprising allowing the user to perform data management operations associated with the determined at least one computer.
  - 7. The method of claim 1, further comprising determining whether a user can perform a selected storage operation based on the certain access rights defined by the security system.
  - 8. The method of claim 1 wherein adding the identified at least one preexisting user to the created group within the data management system includes associating a reference to the identified at least one preexisting user in the security system with the created group.
  - 9. The method of claim 1 wherein the at least one access right for performing data management operations determines which copies of source data stored in multiple copies a user within the group can access.

10. A computer-readable medium containing instructions for controlling a computer system to migrate users from a preexisting security system to a data management system, by a method comprising:
- receiving a request to create a new security entity in the data management system, wherein the new security entity associates at least one privilege for performing a storage management operation with the security entity;
  
  providing a list of one or more preexisting security entities defined by a security infrastructure external to the data management system;
  
  receiving a selection of at least one preexisting security entity defined by the external security infrastructure; and
  
  migrating the at least one selected preexisting security entity defined by the external security infrastructure to the new security entity in the storage management application.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer-readable medium of claim 10 wherein migrating the at least one selected preexisting security entity includes determining information about the preexisting security entity and associating at least a portion of the information with the new security entity.
  - 12. The computer-readable medium of claim 10 wherein the external security infrastructure includes a directory provided by an operating system.
  - 13. The computer-readable medium of claim 10 wherein providing a list of one or more preexisting security entities defined by a security infrastructure external to the data management system includes retrieving information from a first external security infrastructure provided by a first operating system.
  - 14. The computer-readable medium of claim 13 wherein providing a list of one or more preexisting security entities defined by a security infrastructure external to the data management system further includes retrieving information from a second external security infrastructure provided by a second operating system.
  - 15. The computer-readable medium of claim 10 wherein the selected at least one preexisting security entity is an individual user.
  - 16. The computer-readable medium of claim 10 wherein the external security infrastructure provides one or more access control lists that define one or more access rights assigned to each preexisting security entity.

17. A system for securing storage operations in a storage management system, wherein the storage management system interfaces with an external security component configured to store one or more external users and one or more access rights associated with the one or more external users, the system comprising:
- a storage management application configured to store one or more storage management users and to perform storage operations on behalf of the one or more storage management users;
  
  a privileges migration component configured to interface with the external security component and with the storage management application, wherein the privileges migration component is further configured to determine the one or more privileges associated with selected external users stored by the external security component, create storage management users based on the selected external users, and apply at least one of the one or more permissions associated with the selected external users to the created storage management users.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17 wherein the privileges migration component is further configured to determine at least a name and an email address associated with each of the selected external users.
  - 19. The system of claim 17 wherein the storage management application is further configured to store, with each storage management user, privileges information describing storage management operations that each storage management user is allowed to perform.
  - 20. The system of claim 17 wherein the external security component includes a Lightweight Directory Access Protocol (LDAP) directory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CommVault Systems Incorporated
Original Assignee
CommVault Systems Incorporated
Inventors
Prahlad, Anand, Kavuri, Srinivas

Granted Patent

US 8,108,427 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

SYSTEM AND METHOD FOR STORAGE OPERATION ACCESS SECURITY

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

296 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR STORAGE OPERATION ACCESS SECURITY

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

296 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others