公开(公告)号：US20250141873A1

公开(公告)日：2025-05-01

申请号：US18385275

申请日：2023-10-30

Applicant: Rubrik, Inc.

Inventor： Xiaoqing Tao ,  Wesley Pang ,  Michelle Nguyen ,  Nathan Narasimhan ,  Hao Wu ,  Shrihari Kalkar ,  Michael Wronski ,  Haijin He ,  Barsa Tandukar ,  Seungyeop Han ,  Alex Medovar ,  Raghuram Janakiraman

IPC: H04L9/40

Abstract: A data management system (DMS) may receive an indication of a configuration for a quorum-based authorization (QAuth) policy that controls interactions between two or more users and a security cloud service of the DMS. The configuration may include a policy scope for the QAuth policy, protected actions that trigger the QAuth policy, and compute objects to which the QAuth policy is assigned. The DMS may receive an instruction to assign a set of role-based access control (RBAC) permissions associated with the QAuth policy to a first user. The DMS may receive a request to perform a protected action on at least one compute object to which the QAuth policy is assigned. In response to the request, the DMS may trigger a two-person rule (TPR) enforcement mechanism of the QAuth policy by requesting approval from the first user with the set of RBAC permissions.