公开(公告)号：US20160139845A1

公开(公告)日：2016-05-19

申请号：US14550276

申请日：2014-11-21

Applicant: NetApp Inc.

Inventor： Mark Muhlestein ,  Amit Aggarwal ,  Amrutha KS

IPC: G06F3/06

Abstract: One or more techniques and/or systems are provided for implementing storage level access control for data grouping structures. For example, a storage level access guard may be defined for a data grouping structure (e.g., a Qtree, a portion of a volume, etc.) of a storage device. The storage level access guard may be defined at a storage level of the storage device such that clients and/or certain administrators such as domain administrators may be restricted from accessing and/or changing the storage level access guard, which may increase data security. A hidden and unmodifiable property may be applied to the storage level access guard, which may be stored in a directory associated with the data grouping structure so that a logical replication of the data grouping structure may also replicate the storage level access guard.

Abstract translation: 提供一个或多个技术和/或系统用于实现数据分组结构的存储级访问控制。 例如，可以为存储设备的数据分组结构（例如，Qtree，卷的一部分等）定义存储级访问保护。 可以在存储设备的存储级别定义存储级别访问保护，使得可以限制客户端和/或诸如域管理员的某些管理员访问和/或改变存储级别访问保护，这可能增加数据安全性。 可以将隐藏和不可修改的属性应用于存储级访问保护，存储级别访问保护可以存储在与数据分组结构相关联的目录中，使得数据分组结构的逻辑复制也可以复制存储级访问保护。

公开(公告)号：US09152776B2

公开(公告)日：2015-10-06

申请号：US13873819

申请日：2013-04-30

Applicant: NetApp, Inc.

Inventor： Amit Aggarwal ,  Shekhar Amlekar

IPC: G06F12/00 ,  G06F21/31

CPC classification number: G06F21/31 ,  G06F2221/2107 ,  G06F2221/2111 ,  G06F2221/2141

Abstract: Embodiments described herein provide a technique for securely responding to an enumeration request of a data container stored at a location referenced by a junction or mount point within a share served by a storage system. To that end, the technique applies access permissions of the data container at the referenced location instead of permissions that may reside at the junction or mount point. Upon determining that the permissions are insufficient to allow access to the data container, the technique ensures that a descriptor of the junction or mount point is not included in a response to the enumeration request.

Abstract translation: 本文描述的实施例提供了一种用于安全地响应存储在由存储系统服务的共享内的连接点或安装点引用的位置处的数据容器的枚举请求的技术。 为此，该技术在引用的位置应用数据容器的访问权限，而不是可能驻留在连接点或装载点的权限。 在确定权限不足以允许访问数据容器时，该技术确保结点或装入点的描述符不包括在对枚举请求的响应中。

公开(公告)号：US10558375B2

公开(公告)日：2020-02-11

申请号：US14550276

申请日：2014-11-21

Applicant: NetApp Inc.

Inventor： Mark Muhlestein ,  Amit Aggarwal ,  Amrutha Ks

IPC: G06F3/06

Abstract: One or more techniques and/or systems are provided for implementing storage level access control for data grouping structures. For example, a storage level access guard may be defined for a data grouping structure (e.g., a Qtree, a portion of a volume, etc.) of a storage device. The storage level access guard may be defined at a storage level of the storage device such that clients and/or certain administrators such as domain administrators may be restricted from accessing and/or changing the storage level access guard, which may increase data security. A hidden and unmodifiable property may be applied to the storage level access guard, which may be stored in a directory associated with the data grouping structure so that a logical replication of the data grouping structure may also replicate the storage level access guard.

公开(公告)号：US20160012070A1

公开(公告)日：2016-01-14

申请号：US14325818

申请日：2014-07-08

Applicant: NetApp, Inc.

Inventor： Amit Aggarwal ,  Ajeet Kumar

IPC: G06F17/30

CPC classification number: G06F16/128

Abstract: A method, non-transitory computer readable medium, and device that manages requests to list previous versions of an object includes receiving a previous version listing request including an object path for an object. The presence of the junction point within the received previous version listing request is determined. The junction point is resolved to identify a snapshot directory when the received previous version listing request is determined to include the junction point. A plurality of object entries present within the identified snapshot directory is provided as previous versions of the object to a requesting client computing device.

Abstract translation: 管理要列出对象的先前版本的方法，非暂时计算机可读介质和设备包括接收包括对象的对象路径的先前版本列表请求。 确定接收的先前版本列表请求内的连接点的存在。 当接收到的先前版本列表请求被确定为包括连接点时，解析连接点以识别快照目录。 存在于所识别的快照目录内的多个对象条目作为对象的先前版本被提供给请求客户端计算设备。

公开(公告)号：US20140325640A1

公开(公告)日：2014-10-30

申请号：US13873819

申请日：2013-04-30

Applicant: NETAPP, INC.

Inventor： Amit Aggarwal ,  Shekhar Amlekar

IPC: G06F21/31

CPC classification number: G06F21/31 ,  G06F2221/2107 ,  G06F2221/2111 ,  G06F2221/2141

Abstract: Embodiments described herein provide a technique for securely responding to an enumeration request of a data container stored at a location referenced by a junction or mount point within a share served by a storage system. To that end, the technique applies access permissions of the data container at the referenced location instead of permissions that may reside at the junction or mount point. Upon determining that the permissions are insufficient to allow access to the data container, the technique ensures that a descriptor of the junction or mount point is not included in a response to the enumeration request.

Abstract translation: 本文描述的实施例提供了一种用于安全地响应存储在由存储系统服务的共享内的连接点或安装点引用的位置处的数据容器的枚举请求的技术。 为此，该技术在引用的位置应用数据容器的访问权限，而不是可能驻留在连接点或装载点的权限。 在确定权限不足以允许访问数据容器时，该技术确保结点或装入点的描述符不包括在对枚举请求的响应中。