公开(公告)号：US20250141873A1

公开(公告)日：2025-05-01

申请号：US18385275

申请日：2023-10-30

Applicant: Rubrik, Inc.

Inventor： Xiaoqing Tao ,  Wesley Pang ,  Michelle Nguyen ,  Nathan Narasimhan ,  Hao Wu ,  Shrihari Kalkar ,  Michael Wronski ,  Haijin He ,  Barsa Tandukar ,  Seungyeop Han ,  Alex Medovar ,  Raghuram Janakiraman

IPC: H04L9/40

Abstract: A data management system (DMS) may receive an indication of a configuration for a quorum-based authorization (QAuth) policy that controls interactions between two or more users and a security cloud service of the DMS. The configuration may include a policy scope for the QAuth policy, protected actions that trigger the QAuth policy, and compute objects to which the QAuth policy is assigned. The DMS may receive an instruction to assign a set of role-based access control (RBAC) permissions associated with the QAuth policy to a first user. The DMS may receive a request to perform a protected action on at least one compute object to which the QAuth policy is assigned. In response to the request, the DMS may trigger a two-person rule (TPR) enforcement mechanism of the QAuth policy by requesting approval from the first user with the set of RBAC permissions.

公开(公告)号：US20240259389A1

公开(公告)日：2024-08-01

申请号：US18187191

申请日：2023-03-21

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan ,  Alex Medovar

IPC: H04L9/40

CPC classification number: H04L63/105

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may receive a federated login request from a user associated with one or more tenants of the DMS. The DMS may direct the federated login request to a centralized management service. The DMS may receive a security assertion markup language (SAML) assertion that indicates an identity of the user, a set of object-level permissions assigned to the user, and an identifier of a first tenant associated with the user. The DMS may identify one or more computing objects in a cluster of storage nodes that correspond to the first tenant based on the identifier from the SAML assertion. The DMS may determine that the user is authorized to perform a set of actions on the one or more computing objects based on the set of object-level permissions indicated by the SAML assertion.

公开(公告)号：US20240259379A1

公开(公告)日：2024-08-01

申请号：US18128191

申请日：2023-03-29

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Alex Medovar ,  Xiaoqing Tao ,  Jinshuo Zhang ,  Seungyeop Han ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0815 ,  H04L63/083

Abstract: Methods, systems, and devices for data management are described. A data management system may receive an indication to create a set of subtenants of a tenant. A first set of user profiles are associated with the tenant and a second set of user profiles are associated with a parent tenant of the tenant. The system may assign a first subset of the first set of user profiles to a first subtenant and assign a second subset to a second subtenant. The first subset and the second subset exclude user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles. The system may update metadata corresponding to the first set of user profiles and the second set of user profiles such that the first subset has access to the first subtenant for and the second subset has access to the second subtenant.

公开(公告)号：US20240256400A1

公开(公告)日：2024-08-01

申请号：US18187647

申请日：2023-03-21

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Alex Medovar ,  Xiaoqing Tao ,  Jinshuo Zhang ,  Seungyeop Han ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan

IPC: G06F11/14 ,  G06F9/50

CPC classification number: G06F11/1469 ,  G06F9/5077

Abstract: Methods, systems, and devices for data management are described. A data management system may configure backup and recovery resources for tenant of the data management system. The data management system may receive an indication to create a set of subtenants within the resources configured for the tenant. The data management system may assign a first subset of resources configured for the tenant, and the first subset may be different from a second subset configured for a second subtenant. The data management system may activate a first backup procedure for the first subtenant. The first backup procedure may be configured to backup a first data source associated with the first subtenant of the tenant using the first subset of the set of backup and recovery resources, and the first backup procedure may be separate from a second backup procedure for a second data source associated with the second subtenant.