USER ABSTRACTED RBAC IN A MULTI TENANT ENVIRONMENT
First Claim
1. A method for abstracting individual users from a role based access control (RBAC) identity management system, said method comprising the steps of:
- assigning, by a computer processor of the identity management system, each of the individual users to a service provider identity dataset as a function of a service provider owner'"'"'s input data instructing the computer processor to assign each of the individual users to the service provider identity dataset;
requesting, by the computer processor, addition of the service provider identity dataset to a role dataset, wherein the role dataset includes permissions to access a secured resource of the identity management system;
granting, by the computer processor, the addition of the service provider identity dataset to the role dataset, as a function of input data from a tenant manager instructing the computer processor to add the service provider identity dataset to the role dataset; and
periodically revalidating, by the computer processor, the addition of the service provider identity dataset to the role dataset, wherein the input data of the tenant manager instructs the computer processor to maintain or delete the service provider identity dataset from the role dataset.
4 Assignments
0 Petitions
Accused Products
Abstract
Role based access control (RBAC) identity management tools, computing systems, computer products and methods of abstracting individual users from the role assignment and revalidation process of traditional RBAC. The RBAC tools, products and systems of the present disclosure organize and manage multi-tenanted networks and cloud computing environments by organizing individual users by service providers having a single or unified identity, which are separately managed by the service provider owners. The service provider identities are treated as a single service provider entity applying for one or more roles in the multi-tenant system, allowing for a simplified role revalidation that no longer requires managers of tenants in a multi-tenant network to approve the role assignment of each individual user, because the tenants and tenant managers are unaware of the users identities that make up the service provider identity.
64 Citations
20 Claims
-
1. A method for abstracting individual users from a role based access control (RBAC) identity management system, said method comprising the steps of:
-
assigning, by a computer processor of the identity management system, each of the individual users to a service provider identity dataset as a function of a service provider owner'"'"'s input data instructing the computer processor to assign each of the individual users to the service provider identity dataset; requesting, by the computer processor, addition of the service provider identity dataset to a role dataset, wherein the role dataset includes permissions to access a secured resource of the identity management system; granting, by the computer processor, the addition of the service provider identity dataset to the role dataset, as a function of input data from a tenant manager instructing the computer processor to add the service provider identity dataset to the role dataset; and periodically revalidating, by the computer processor, the addition of the service provider identity dataset to the role dataset, wherein the input data of the tenant manager instructs the computer processor to maintain or delete the service provider identity dataset from the role dataset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13)
-
-
9. A computer program product, comprising one or more computer readable hardware storage devices having computer readable program code stored therein, said program code containing instructions executable by the one or more computer processors to implement a method for abstracting one or more individual users from a role based access control identity management system, said method comprising the steps of:
-
assigning, by the computer processor, each of the individual users to a service provider identity dataset as a function of a service provider owner'"'"'s input data instructing the computer processor to assign each of the individual users to the service provider identity dataset; requesting, by the computer processor, addition of the service provider identity dataset to a role dataset, wherein the role dataset includes permissions to access a secured resource of the identity management system; granting, by the computer processor, the addition of the service provider identity dataset to the role dataset, as a function of input data from a tenant manager instructing the computer processor to add the service provider identity dataset to the role dataset; and periodically revalidating, by the computer processor, the addition of the service provider identity dataset to the role dataset, wherein the input data of the tenant manager instructs the computer processor to maintain or delete the service provider identity dataset from the role dataset. - View Dependent Claims (10, 11, 12, 14)
-
-
15. A computer system, comprising one or more processors, one or more memories coupled to the one or more computer processors, and one or more computer readable storage devices coupled to the one or more processors, said one or more storage devices containing program code executable by the one or more processors via one or more memories to implement a method for abstracting one or more individual users from a role based access control identity management system, said method comprising the steps of:
-
assigning, by a computer processor of the identity management system, each of the individual users to a service provider identity dataset as a function of a service provider owner'"'"'s input data instructing the computer processor to assign each of the individual users to the service provider identity dataset; requesting, by the computer processor, addition of the service provider identity dataset to a role dataset, wherein the role dataset includes permissions to access a secured resource of the identity management system; granting, by the computer processor, the addition of the service provider identity dataset to the role dataset, as a function of input data from a tenant manager instructing the computer processor to add the service provider identity dataset to the role dataset; and periodically revalidating, by the computer processor, the addition of the service provider identity dataset to the role dataset, wherein the input data of the tenant manager instructs the computer processor to maintain or delete the service provider identity dataset from the role dataset. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification