公开(公告)号：US20200092286A1

公开(公告)日：2020-03-19

申请号：US16133494

申请日：2018-09-17

Applicant: Rubrik, Inc.

Inventor： Seungyeop Han ,  Shrihari Kalkar

IPC: H04L29/06 ,  G06F9/455 ,  G06F17/30

Abstract: A data management and storage (DMS) cluster of peer DMS nodes provides domain shares and authentication for different domains. Each DMS node includes a domain manager and multiple containers, each container including a domain share. Each container associated with a domain may provide an authentication service for authenticating users for a different domain to access domain shares of the domain, such as by contacting a domain controller of a compute infrastructure associated with the domain. The domain manager controls the creation and deletion of containers and their domain shares. The domain manager also provides a proxy service for the containers for communication with client devices of different domains external to the DMS cluster.

公开(公告)号：US20240259388A1

公开(公告)日：2024-08-01

申请号：US18187188

申请日：2023-03-21

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/102 ,  H04L63/104

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may implement multi-tenancy role based access control (RBAC). A DMS that provides backup and recovery to multiple tenants may assign a data management cluster to a tenant organization, or specific resources from a data management cluster to a tenant, allowing multiple tenants to share a single data management cluster. The assignment of resources of the data management cluster respects the hierarchical relationship among computing objects, for example, assigning a top-level resource to a tenant implicitly assigns the descendent resources that descend from that top-level resource to the tenant.

公开(公告)号：US20250103754A1

公开(公告)日：2025-03-27

申请号：US18977619

申请日：2024-12-11

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Arohi Kumar ,  Seungyeop Han ,  Michael Wronski ,  Shrihari Kalkar ,  Xiaoqing Tao ,  Michelle Nguyen

IPC: G06F21/62 ,  G06F11/14

Abstract: A method for updating configuration settings of a backup database supported by a data management system is described. The method may include receiving, from a first user in a first user group, a request to update configuration settings of the backup database. The method may further include determining that the first user is authorized to update the configuration settings of the backup database based on a set of permissions associated with the first user. The method may further include identifying a second user in a second user group that is authorized to approve the request from the first user. The method may further include transmitting an indication of the request to the second user and receiving a notification that the second user has approved the request from the first user. The method may further include updating the configuration settings of the backup database in response to the notification.

公开(公告)号：US12197624B2

公开(公告)日：2025-01-14

申请号：US17839057

申请日：2022-06-13

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Arohi Kumar ,  Seungyeop Han ,  Michael Wronski ,  Shrihari Kalkar ,  Xiaoqing Tao ,  Michelle Nguyen

IPC: H04L29/06 ,  G06F11/14 ,  G06F21/62

Abstract: A method for updating configuration settings of a backup database supported by a data management system is described. The method may include receiving, from a first user in a first user group, a request to update configuration settings of the backup database. The method may further include determining that the first user is authorized to update the configuration settings of the backup database based on a set of permissions associated with the first user. The method may further include identifying a second user in a second user group that is authorized to approve the request from the first user. The method may further include transmitting an indication of the request to the second user and receiving a notification that the second user has approved the request from the first user. The method may further include updating the configuration settings of the backup database in response to the notification.

公开(公告)号：US20230401337A1

公开(公告)日：2023-12-14

申请号：US17839057

申请日：2022-06-13

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Arohi Kumar ,  Seungyeop Han ,  Michael Wronski ,  Shrihari Kalkar ,  Xiaoqing Tao ,  Michelle Nguyen

IPC: G06F21/62 ,  G06F11/14

CPC classification number: G06F21/629 ,  G06F11/1458 ,  G06F2201/80

Abstract: A method for updating configuration settings of a backup database supported by a data management system is described. The method may include receiving, from a first user in a first user group, a request to update configuration settings of the backup database. The method may further include determining that the first user is authorized to update the configuration settings of the backup database based on a set of permissions associated with the first user. The method may further include identifying a second user in a second user group that is authorized to approve the request from the first user. The method may further include transmitting an indication of the request to the second user and receiving a notification that the second user has approved the request from the first user. The method may further include updating the configuration settings of the backup database in response to the notification.

公开(公告)号：US10862887B2

公开(公告)日：2020-12-08

申请号：US16133494

申请日：2018-09-17

Applicant: Rubrik, Inc.

Inventor： Seungyeop Han ,  Shrihari Kalkar

IPC: G06F3/06 ,  H04L29/06 ,  G06F9/455 ,  G06F16/951

Abstract: A data management and storage (DMS) cluster of peer DMS nodes provides domain shares and authentication for different domains. Each DMS node includes a domain manager and multiple containers, each container including a domain share. Each container associated with a domain may provide an authentication service for authenticating users for a different domain to access domain shares of the domain, such as by contacting a domain controller of a compute infrastructure associated with the domain. The domain manager controls the creation and deletion of containers and their domain shares. The domain manager also provides a proxy service for the containers for communication with client devices of different domains external to the DMS cluster.

公开(公告)号：US20250141873A1

公开(公告)日：2025-05-01

申请号：US18385275

申请日：2023-10-30

Applicant: Rubrik, Inc.

Inventor： Xiaoqing Tao ,  Wesley Pang ,  Michelle Nguyen ,  Nathan Narasimhan ,  Hao Wu ,  Shrihari Kalkar ,  Michael Wronski ,  Haijin He ,  Barsa Tandukar ,  Seungyeop Han ,  Alex Medovar ,  Raghuram Janakiraman

IPC: H04L9/40

Abstract: A data management system (DMS) may receive an indication of a configuration for a quorum-based authorization (QAuth) policy that controls interactions between two or more users and a security cloud service of the DMS. The configuration may include a policy scope for the QAuth policy, protected actions that trigger the QAuth policy, and compute objects to which the QAuth policy is assigned. The DMS may receive an instruction to assign a set of role-based access control (RBAC) permissions associated with the QAuth policy to a first user. The DMS may receive a request to perform a protected action on at least one compute object to which the QAuth policy is assigned. In response to the request, the DMS may trigger a two-person rule (TPR) enforcement mechanism of the QAuth policy by requesting approval from the first user with the set of RBAC permissions.

公开(公告)号：US20240259389A1

公开(公告)日：2024-08-01

申请号：US18187191

申请日：2023-03-21

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan ,  Alex Medovar

IPC: H04L9/40

CPC classification number: H04L63/105

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may receive a federated login request from a user associated with one or more tenants of the DMS. The DMS may direct the federated login request to a centralized management service. The DMS may receive a security assertion markup language (SAML) assertion that indicates an identity of the user, a set of object-level permissions assigned to the user, and an identifier of a first tenant associated with the user. The DMS may identify one or more computing objects in a cluster of storage nodes that correspond to the first tenant based on the identifier from the SAML assertion. The DMS may determine that the user is authorized to perform a set of actions on the one or more computing objects based on the set of object-level permissions indicated by the SAML assertion.

公开(公告)号：US20240259386A1

公开(公告)日：2024-08-01

申请号：US18124553

申请日：2023-03-21

Applicant: Rubrik, Inc

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan

IPC: H04L9/40

CPC classification number: H04L63/105

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may implement multi-tenancy role based access control (RBAC). In accordance with the multi-tenancy based RBAC, tenant organizations of a DMS may be assigned permissions (i.e., privileges) for a given data management cluster and/or computing objects within a data management cluster. Customized user roles (RBAC roles) may also be created for a given tenant. For example, a role may be defined based on a corresponding set of permissions (e.g., permissions associated with computing objects, data management clusters, or data sources associated with the tenant). A user within a tenant may be assigned a user role, which may be a customized role, and the effective permissions for the user may be based on which permissions of the user's assigned role are also within the scope of the tenant's permissions.

公开(公告)号：US20240259379A1

公开(公告)日：2024-08-01

申请号：US18128191

申请日：2023-03-29

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Alex Medovar ,  Xiaoqing Tao ,  Jinshuo Zhang ,  Seungyeop Han ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0815 ,  H04L63/083

Abstract: Methods, systems, and devices for data management are described. A data management system may receive an indication to create a set of subtenants of a tenant. A first set of user profiles are associated with the tenant and a second set of user profiles are associated with a parent tenant of the tenant. The system may assign a first subset of the first set of user profiles to a first subtenant and assign a second subset to a second subtenant. The first subset and the second subset exclude user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles. The system may update metadata corresponding to the first set of user profiles and the second set of user profiles such that the first subset has access to the first subtenant for and the second subset has access to the second subtenant.