-
公开(公告)号:US09762585B2
公开(公告)日:2017-09-12
申请号:US14663082
申请日:2015-03-19
发明人: Rajalakshmi Dani , Anand Madhava Menon , Paul H. Rich , Naveen Madan , Vikas Ahuja , Siddhartha Mathur , Liqiang Zhu
CPC分类号: H04L63/104 , G06F21/604 , G06F21/6218 , H04L63/08 , H04L63/101 , H04L63/102 , H04L63/20
摘要: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.
-
公开(公告)号:US11700262B2
公开(公告)日:2023-07-11
申请号:US17141734
申请日:2021-01-05
发明人: Vikas Ahuja , Joel T. Hendrickson , Xiaoting Zhang , Yi Zeng
CPC分类号: H04L63/102 , G06F9/45512 , H04L63/0428 , H04L63/083 , G06F9/547 , H04L2463/082
摘要: Disclosed in various examples are methods, systems, and machine-readable media for exposing a Representational State Transfer (RESTful) interface to users whereby management commands on a datacenter may be issued remotely from the users' workstations for secure, remote management of the datacenter. An application task automation command (e.g., a POWERSHELL® command) is executed remotely by creating a proxy command (e.g., based on a POWERSHELL® cmdlet code) to cause the application task automation command to be executed when the proxy command is remotely invoked and deploying the proxy command to a remote computer, such as the user's workstation. The remote computer issues a request including a user identifier and any parameters for the application task automation command when the corresponding proxy command has been invoked by the remote computer. The datacenter determines whether the user is authorized to execute the application task automation command invoked by the proxy command, and upon authorization of the user, the datacenter computer runs the application task automation command with any parameters provided in the request to control configuration of, or data stored on, at least one computer in the datacenter.
-
公开(公告)号:US11075917B2
公开(公告)日:2021-07-27
申请号:US15637242
申请日:2017-06-29
发明人: Rajalakshmi Dani , Anand Madhava Menon , Paul H. Rich , Naveen Madan , Vikas Ahuja , Siddhartha Mathur , Liqiang Zhu
摘要: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.
-
公开(公告)号:US20210250361A1
公开(公告)日:2021-08-12
申请号:US16784802
申请日:2020-02-07
发明人: Matthias Leibmann , Grigory V. Kaplin , Vikas Ahuja , Kapil Kumar Jain , Qinxiao Zhou , Ran Cheng
IPC分类号: H04L29/06
摘要: An authorization policy defines permissions that are exposed by a microservice. When a call is made to the microservice, it includes an access token. An application identifier uniquely identifying the calling application is extracted from the token. An access pattern, used by the calling application to obtain the access token and make the call to the microservice, is identified. Permissions that may be granted to the calling application are identified in the authorization policy based upon the application identifier and the access pattern that is identified. An authorization decision is made as to whether to authorize the call, based upon the granted permissions.
-
公开(公告)号:US10509690B2
公开(公告)日:2019-12-17
申请号:US15954306
申请日:2018-04-16
IPC分类号: G06F9/54
摘要: The exposing of a server function to a browser. From the browser's perspective, the browser submits a request for a web page to a web server, the web page being one of multiple web pages in a web application offered by the web server. The web server responds to the request by, for at least one of the server functions, formulating a corresponding script language function that defines a matching name and parameter set of the server side function. The script language function has a body that, when executed, serializes at least the name and parameter set of the server side function. The web server then provides the web page code and the corresponding script language function to the browser. The browser may then calls the server side function via the script language function.
-
公开(公告)号:US20180239653A1
公开(公告)日:2018-08-23
申请号:US15954306
申请日:2018-04-16
IPC分类号: G06F9/54
CPC分类号: G06F9/54
摘要: The exposing of a server function to a browser. From the browser's perspective, the browser submits a request for a web page to a web server, the web page being one of multiple web pages in a web application offered by the web server. The web server responds to the request by, for at least one of the server functions, formulating a corresponding script language function that defines a matching name and parameter set of the server side function. The script language function has a body that, when executed, serializes at least the name and parameter set of the server side function. The web server then provides the web page code and the corresponding script language function to the browser. The browser may then calls the server side function via the script language function.
-
公开(公告)号:US20160277411A1
公开(公告)日:2016-09-22
申请号:US14663082
申请日:2015-03-19
发明人: Rajalakshmi Dani , Anand Madhava Menon , Paul H. Rich , Naveen Madan , Vikas Ahuja , Siddhartha Mathur , Liqiang Zhu
IPC分类号: H04L29/06
CPC分类号: H04L63/104 , G06F21/604 , G06F21/6218 , H04L63/08 , H04L63/101 , H04L63/102 , H04L63/20
摘要: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.
摘要翻译: 提供了租户对租户数据访问权限的批准。 为了授权维修人员操作人员访问租户的数据以执行所请求的操作,锁箱确定操作员需要提升以执行请求的操作的安全组角色,计算一组内部管理员和授权的租户管理员 授予临时角色提升,并向管理员发送访问控制请求。 在收到来自内部管理员和租户管理员的访问控制请求的批准后,该锁箱将操作员提升到安全组角色,授予操作者所需的一组权限,以允许操作者执行所请求的动作。 因此,租户可以控制对其数据的访问,并根据其公司流程和合规性需求仔细检查访问请求。
-
公开(公告)号:US20230291741A1
公开(公告)日:2023-09-14
申请号:US18198766
申请日:2023-05-17
发明人: Vikas Ahuja , Joel T. Hendrickson , Xiaoting Zhang , Yi Zeng
CPC分类号: H04L63/102 , H04L63/0428 , G06F9/45512 , H04L63/083 , H04L2463/082 , G06F9/547
摘要: Disclosed in various examples are methods, systems, and machine-readable media for exposing a Representational State Transfer (RESTful) interface to users whereby management commands on a datacenter may be issued remotely from the users' workstations for secure, remote management of the datacenter. An application task automation command (e.g., a POWERSHELL® command) is executed remotely by creating a proxy command (e.g., based on a POWERSHELL® cmdlet code) to cause the application task automation command to be executed when the proxy command is remotely invoked and deploying the proxy command to a remote computer, such as the user's workstation. The remote computer issues a request including a user identifier and any parameters for the application task automation command when the corresponding proxy command has been invoked by the remote computer. The datacenter determines whether the user is authorized to execute the application task automation command invoked by the proxy command, and upon authorization of the user, the datacenter computer runs the application task automation command with any parameters provided in the request to control configuration of, or data stored on, at least one computer in the datacenter.
-
公开(公告)号:US11658983B2
公开(公告)日:2023-05-23
申请号:US16784802
申请日:2020-02-07
发明人: Matthias Leibmann , Grigory V. Kaplin , Vikas Ahuja , Kapil Kumar Jain , Qinxiao Zhou , Ran Cheng
CPC分类号: H04L63/105 , H04L63/083
摘要: An authorization policy defines permissions that are exposed by a microservice. When a call is made to the microservice, it includes an access token. An application identifier uniquely identifying the calling application is extracted from the token. An access pattern, used by the calling application to obtain the access token and make the call to the microservice, is identified. Permissions that may be granted to the calling application are identified in the authorization policy based upon the application identifier and the access pattern that is identified. An authorization decision is made as to whether to authorize the call, based upon the granted permissions.
-
公开(公告)号:US10917409B2
公开(公告)日:2021-02-09
申请号:US15957470
申请日:2018-04-19
发明人: Vikas Ahuja , Joel T. Hendrickson , Xiaoting Zhang , Yi Zeng
摘要: Disclosed in various examples are methods, systems, and machine-readable media for exposing a Representational State Transfer (RESTful) interface to users whereby management commands on a datacenter may be issued remotely from the users' workstations for secure, remote management of the datacenter. An application task automation command (e.g., a POWERSHELL® command) is executed remotely by creating a proxy command (e.g., based on a POWERSHELL® cmdlet code) to cause the application task automation command to be executed when the proxy command is remotely invoked and deploying the proxy command to a remote computer, such as the user's workstation. The remote computer issues a request including a user identifier and any parameters for the application task automation command when the corresponding proxy command has been invoked by the remote computer. The datacenter determines whether the user is authorized to execute the application task automation command invoked by the proxy command, and upon authorization of the user, the datacenter computer runs the application task automation command with any parameters provided in the request to control configuration of, or data stored on, at least one computer in the datacenter.
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.018 秒)
