公开(公告)号：US20240259388A1

公开(公告)日：2024-08-01

申请号：US18187188

申请日：2023-03-21

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/102 ,  H04L63/104

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may implement multi-tenancy role based access control (RBAC). A DMS that provides backup and recovery to multiple tenants may assign a data management cluster to a tenant organization, or specific resources from a data management cluster to a tenant, allowing multiple tenants to share a single data management cluster. The assignment of resources of the data management cluster respects the hierarchical relationship among computing objects, for example, assigning a top-level resource to a tenant implicitly assigns the descendent resources that descend from that top-level resource to the tenant.

公开(公告)号：US20240256575A1

公开(公告)日：2024-08-01

申请号：US18102315

申请日：2023-01-27

Applicant: Rubrik, Inc.

Inventor： Zhebin Zhang ,  Hao Wu ,  Kevin Mu ,  Xiang Xu

IPC: G06F16/28

CPC classification number: G06F16/287 ,  G06F16/282

Abstract: Methods, systems, and devices for data management are described. A multi-tenancy data management system (DMS) may include multiple computing objects organized as a hierarchy of computing objects. The DMS may receive a request for report data associated with a first set of computing objects of the DMS. The DMS may identify context information for a log-in session associated with the request. The context information may include a tenant identifier (ID) for a tenant associated with the request. The DMS may apply a filter to the first set of computing objects. The filter may be based on a second set of computing objects to which the tenant has access within the hierarchy of computing objects. The DMS may output the report data for at least one computing object of the first set based on the at least one computing object being included in the second set of computing objects.

公开(公告)号：US20240259389A1

公开(公告)日：2024-08-01

申请号：US18187191

申请日：2023-03-21

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan ,  Alex Medovar

IPC: H04L9/40

CPC classification number: H04L63/105

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may receive a federated login request from a user associated with one or more tenants of the DMS. The DMS may direct the federated login request to a centralized management service. The DMS may receive a security assertion markup language (SAML) assertion that indicates an identity of the user, a set of object-level permissions assigned to the user, and an identifier of a first tenant associated with the user. The DMS may identify one or more computing objects in a cluster of storage nodes that correspond to the first tenant based on the identifier from the SAML assertion. The DMS may determine that the user is authorized to perform a set of actions on the one or more computing objects based on the set of object-level permissions indicated by the SAML assertion.

公开(公告)号：US20240259386A1

公开(公告)日：2024-08-01

申请号：US18124553

申请日：2023-03-21

Applicant: Rubrik, Inc

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan

IPC: H04L9/40

CPC classification number: H04L63/105

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may implement multi-tenancy role based access control (RBAC). In accordance with the multi-tenancy based RBAC, tenant organizations of a DMS may be assigned permissions (i.e., privileges) for a given data management cluster and/or computing objects within a data management cluster. Customized user roles (RBAC roles) may also be created for a given tenant. For example, a role may be defined based on a corresponding set of permissions (e.g., permissions associated with computing objects, data management clusters, or data sources associated with the tenant). A user within a tenant may be assigned a user role, which may be a customized role, and the effective permissions for the user may be based on which permissions of the user's assigned role are also within the scope of the tenant's permissions.

公开(公告)号：US20240256518A1

公开(公告)日：2024-08-01

申请号：US18102326

申请日：2023-01-27

Applicant: Rubrik, Inc.

Inventor： Zhebin Zhang ,  Hao Wu ,  Kevin Mu ,  Xiang Xu ,  Jordon Marcell Barkley

IPC: G06F16/23 ,  G06F16/28

CPC classification number: G06F16/2358 ,  G06F16/288

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may provide backup services for multiple tenants. The DMS may receive a request to provide a first user of the DMS with audit information associated with an entity of the DMS. The DMS may identify context information for a log-in session associated with the request. The context information may include an identifier (ID) of a tenant associated with the request. The DMS may identify, based on the ID of the tenant, authorization information associated with the tenant. The authorization information may indicate that the tenant has access to a set of entities within a hierarchy associated with the DMS. The DMS may determine whether to output the requested audit information to the first user based on a hierarchical relationship, within the hierarchy, between the tenant and the entity.

公开(公告)号：US20240256358A1

公开(公告)日：2024-08-01

申请号：US18124547

申请日：2023-03-21

Applicant: Rubrik, Inc.

Inventor： Hao Wu ,  Sai Tanay Desaraju ,  Kevin Mu ,  Xiang Xu ,  Lokesh Jagasia ,  Zhebin Zhang ,  Shrihari Kalkar ,  Anam Bhatia ,  Michael Wronski ,  Arvind Swaminathan

IPC: G06F9/50 ,  G06F9/52

CPC classification number: G06F9/5077 ,  G06F9/52 ,  G06F2209/503 ,  G06F2209/505

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may receive a request to assign a first computing object in a first object hierarchy of the DMS to a first tenant of the DMS. The DMS may check the first object hierarchy to identify other computing objects having a hierarchical relationship with the first computing object. The other objects may be above or below the first computing object within the first object hierarchy. The DMS may determine whether at least one of the other computing objects in the first object hierarchy is assigned to a second tenant of the DMS. The DMS may output, in response to the request, an indication that the first computing object is unavailable for assignment to the first tenant if at least one of the other computing objects in the first object hierarchy is assigned to the second tenant.