-
公开(公告)号:US20080120302A1
公开(公告)日:2008-05-22
申请号:US11601096
申请日:2006-11-17
IPC分类号: G06F17/00
CPC分类号: H04L63/105 , G06F21/6209 , G06F21/6218 , G06F2221/2141
摘要: A method, apparatus, and system for providing role-based access control (RBAC) for storage management are described herein. Resource-identifying information is stored in a role-based access database for a network storage system, in association with role-identifying information for each of a plurality of roles and operation-identifying information. The operation-identifying information indicates one or more authorized operations for each of the plurality of roles and the resource-identifying information identifies specific resources maintained by the network storage system. The role-identifying information, data indicating one or more authorized operations for at least one of the roles, and resource-specific identifying information in the role-based access database are used to determine whether to allow or deny a request from a network storage client to access a resource maintained by the network storage system.
摘要翻译: 本文描述了一种用于提供用于存储管理的基于角色的访问控制(RBAC)的方法,装置和系统。 资源识别信息与用于多个角色和操作标识信息中的每一个的角色识别信息相关联地存储在用于网络存储系统的基于角色的访问数据库中。 操作识别信息指示多个角色中的每一个的一个或多个授权操作,并且资源识别信息标识由网络存储系统维护的特定资源。 使用角色识别信息,指示角色中的至少一个角色的一个或多个授权操作的数据以及基于角色的访问数据库中的资源特定标识信息来确定是否允许或拒绝来自网络存储客户端的请求 访问由网络存储系统维护的资源。
-
2.发明授权Method and system of access control based on a constraint controlling role assumption 有权基于约束控制角色假设的访问控制方法和系统公开(公告)号:US07712127B1
公开(公告)日:2010-05-04
申请号:US11601098
申请日:2006-11-17
CPC分类号: G06F21/6218 , G06F17/30306
摘要: In an RBAC system, a capability is defined as including an operation and an object on which the operation is to be performed. The capability is assigned to a role, which is in turn assigned to a user. Whether a user's request to perform an operation on an object should be authorized is determined based on whether a capability to perform the operation on the object is assigned to a role which is in turn assigned to the user. Further, the authorization is determined based on the evaluation of the constraint(s) attached to the role. If the evaluation result of the constraint(s) disallows the user to assume the role, the user is prohibited from performing the operation on the object even the user has such capability.
摘要翻译: 在RBAC系统中,能力被定义为包括要在其上执行操作的操作和对象。 该功能被分配给角色,而角色又被分配给用户。 是否应该授权用户对对象执行操作的请求是基于对对象执行操作的能力是否被分配给依次分配给用户的角色来确定的。 此外,授权是基于附加到角色的约束的评估来确定的。 如果约束的评估结果不允许用户承担角色,即使用户具有这样的能力,也禁止用户对对象执行操作。
-
公开(公告)号:US08402514B1
公开(公告)日:2013-03-19
申请号:US11601100
申请日:2006-11-17
IPC分类号: H04L29/00
CPC分类号: H04L63/104 , H04L63/08 , H04L63/105
摘要: A method, apparatus, and system are described herein, in which system resources and operations are assigned to roles in a role-based access control system, and the roles are assigned to a plurality of users. An RBAC system is used to resolve the client request to perform an operation on a resource, the RBAC system using a hierarchy of the plurality of resources to determine if a user is permitted to perform the operation on a parent of the resource in the hierarchy of resources. The RBAC system also determines if a user is permitted to perform the operation on the resource if a user group to which the user belongs to has the required access.
摘要翻译: 本文描述了一种方法,装置和系统,其中将系统资源和操作分配给基于角色的访问控制系统中的角色,并且将角色分配给多个用户。 使用RBAC系统来解析对资源执行操作的客户端请求,RBAC系统使用多个资源的层次结构来确定是否允许用户对该层次结构中的资源的父节点执行操作 资源。 如果用户所属的用户组具有所需的访问权限,则RBAC系统还确定是否允许用户对资源执行操作。
-
4.发明授权公开(公告)号:US07685123B1
公开(公告)日:2010-03-23
申请号:US11513860
申请日:2006-08-30
IPC分类号: G06F17/30
CPC分类号: G06F17/30
摘要: In an RBAC system, a capability is defined as including an operation and an object on which the operation is to be performed. The capability is assigned to a role, which is in turn assigned to a user. Then the user will have the authorization to perform the operation on the object. Rather than specifying the object by predetermining the identity of the object, an expression (e.g., a regular expression, a query, etc.) may be specified in place of the predetermined object. In response to a request initiated by a user, the expression is then evaluated to determine the identity of the object(s) on which the operation may be performed.
摘要翻译: 在RBAC系统中,能力被定义为包括要在其上执行操作的操作和对象。 该功能被分配给角色,而角色又被分配给用户。 那么用户将有权对对象执行操作。 不是通过预先确定对象的身份来指定对象,而是可以指定表达式(例如,正则表达式,查询等)来代替预定对象。 响应于由用户发起的请求,然后评估表达式以确定可以在其上执行操作的对象的身份。
-
公开(公告)号:US07293039B1
公开(公告)日:2007-11-06
申请号:US10798987
申请日:2004-03-12
IPC分类号: G06F17/00
CPC分类号: G06F17/30067 , Y10S707/956 , Y10S707/99943
摘要: According to an embodiment of the invention, a filer or other storage server is coupled to a network to store files for users of the network. Agents are coupled to the filer, and performs a scan or file walk for a Multi-Appliance Management Application (MMA) which is coupled to the filer and can monitor and manage the filer. A directory structure of the filer may be divided into two or more paths, each of which may be scanned by an independent agent. The results of the scan, or file walk, are saved to a database server. In this way, multiple agents may be used to scan a single storage server, and the amount of time required for the scan is reduced.
摘要翻译: 根据本发明的实施例,文件管理器或其他存储服务器耦合到网络以存储用于网络的用户的文件。 代理被耦合到文件管理器,并且对于耦合到文件管理器并可以监视和管理文件管理器的多设备管理应用(MMA)执行扫描或文件行走。 文件管理器的目录结构可以被划分为两个或更多个路径,每个路径可以由独立代理扫描。 扫描或文件走过的结果将保存到数据库服务器。 以这种方式,可以使用多个代理来扫描单个存储服务器,并且减少扫描所需的时间量。
-
公开(公告)号:US5253304A
公开(公告)日:1993-10-12
申请号:US800653
申请日:1991-11-27
CPC分类号: G06K9/342 , G06K2209/01
摘要: Segmentation of characters in a character set (10), made by placing a dark mark against a light background (12), is accomplished by establishing a vertical pixel projection for each pixel column in the image. The vertical pixel projections are filtered with a decay parameter so those pixel columns which contain only background have the highest projection. Thereafter, a set of "cut-points" (points of image segmentation) is obtained so that each cut-point coincides with a pixel column whose vertical pixel projection is both a local maxima and exceeds a predetermined threshold. The number of such cut-points is counted and if the number is not significantly greater than a predetermined number, the image is segmented along the cut-points. Otherwise, the vertical projections of those pixel columns coincident with the cut-points are filtered with a decreasing threshold to reduce the number of potential cut-points.
摘要翻译: 通过为图像中的每个像素列建立垂直像素投影来实现通过对浅色背景(12)放置暗标记而对字符集(10)中的字符进行分割。 垂直像素投影用衰减参数进行滤波,因此仅包含背景的像素列具有最高的投影。 此后,获得一组“切点”(图像分割点),使得每个切割点与垂直像素投影都是局部最大值并超过预定阈值的像素列重合。 对这样的切点的数量进行计数,如果数量不大于预定数量,则沿切割点分割图像。 否则,与切点相一致的那些像素列的垂直投影被用减小的阈值进行滤波,以减少潜在的切割点的数量。
-
公开(公告)号:US07913300B1
公开(公告)日:2011-03-22
申请号:US11102422
申请日:2005-04-08
申请人: Joshua H. Flank , Steven R. Klinkner , Benjamin B. Swartzlander , Timothy J. Thompson , Alan G. Yoder
发明人: Joshua H. Flank , Steven R. Klinkner , Benjamin B. Swartzlander , Timothy J. Thompson , Alan G. Yoder
IPC分类号: G06F9/00
CPC分类号: G06F9/468 , G06F21/41 , G06F21/6218 , G06F2221/2115 , G06F2221/2141 , G06F2221/2149 , H04L63/0281 , H04L63/102
摘要: Centralized role-based access control (RBAC) for storage servers can include operating multiple storage servers, each configured to provide a set of clients with access to stored data, and using a separate network server to provide centralized RBAC. The network server may include an API proxy to proxy requests to access individual APIs of a storage server by an application which is external to the network server and the storage server and may control access to the individual APIs of the storage servers on a per-API, per-user and per-object basis. The API proxy may filter responses to API calls based on the access privileges of the user of the application which sent the API call. In some embodiments, the network server may implement a Windows domain server, an LDAP server or the like to evaluate security credentials of administrative users on behalf of multiple storage servers.
摘要翻译: 存储服务器的集中角色访问控制(RBAC)可以包括运行多个存储服务器,每个存储服务器都配置为提供一组客户端访问存储的数据,并使用单独的网络服务器提供集中式RBAC。 网络服务器可以包括API代理,以通过网络服务器和存储服务器外部的应用来代理访问存储服务器的各个API的请求,并且可以在每个API上控制对存储服务器的各个API的访问 ,每用户和每个对象的基础。 API代理可以基于发送API调用的应用程序的用户的访问权限来过滤对API调用的响应。 在一些实施例中,网络服务器可以实现Windows域服务器,LDAP服务器等来代表多个存储服务器评估管理用户的安全凭证。
-
8.发明授权Method and apparatus to manage configuration for multiple file server appliances 有权管理多个文件服务器设备配置的方法和设备公开(公告)号:US07831959B1
公开(公告)日:2010-11-09
申请号:US11090604
申请日:2005-03-24
IPC分类号: G06F9/44
CPC分类号: G06F9/44505
摘要: A system and method are provided to manage configuration of multiple file server appliances. The method comprises obtaining a source configuration from a storage server, and pushing a target configuration associated with the source configuration to one or more target storage servers.
摘要翻译: 提供了一种系统和方法来管理多个文件服务器设备的配置。 该方法包括从存储服务器获取源配置,以及将与源配置相关联的目标配置推送到一个或多个目标存储服务器。
-
9.发明申请SYSTEMS AND METHODS FOR MANAGING POWER CONSUMPTION IN A FLOW-BASED USER EXPERIENCE 有权基于流量的用户体验管理功耗的系统和方法公开(公告)号:US20090156270A1
公开(公告)日:2009-06-18
申请号:US11956240
申请日:2007-12-13
IPC分类号: H04B1/38
CPC分类号: H04B1/1615 , G06F1/3203 , G06F1/324 , G06F1/3287 , G06F1/329 , G06F1/3296 , H04W52/027 , H04W52/028 , Y02D10/126 , Y02D10/171 , Y02D10/172 , Y02D10/24 , Y02D70/164 , Y02D70/40
摘要: Methods and systems are provided for managing electrical power consumption in a mobile phone or other portable communications device having a battery and a display. A series of views forming a flow are retrieved from a memory or other digital storage device for presentation on the display. For each of the views in the flow, performance information relating to the portable communications device is determined while the view is displayed, and this information is stored in the digital storage medium. Upon subsequent retrieval of each view from the digital storage medium, configuring the operation of the portable communications device in response to the stored performance information to thereby manage the electrical power consumption of the portable communications device.
摘要翻译: 提供了用于管理具有电池和显示器的移动电话或其他便携式通信设备中的电力消耗的方法和系统。 从存储器或其他数字存储设备中检索形成流的一系列视图,以在显示器上呈现。 对于流程中的每个视图,在显示视图的同时确定与便携式通信设备相关的性能信息,并且该信息被存储在数字存储介质中。 随后从数字存储介质检索每个视图,响应于存储的性能信息配置便携式通信设备的操作,从而管理便携式通信设备的电力消耗。
-
公开(公告)号:US5592992A
公开(公告)日:1997-01-14
申请号:US482863
申请日:1995-06-07
申请人: Timothy J. Thompson
发明人: Timothy J. Thompson
摘要: A blade assembly for a lawn edging machine. The blade assembly includes a hub, at least two spaced-apart blade members having two or more blade arms extending radially therefrom, and a horizontal blade member connecting the two blade members at their radially extended arm ends.
摘要翻译: 用于草坪磨边机的刀片组件。 叶片组件包括毂,至少两个间隔开的叶片构件,其具有从其径向延伸的两个或更多个叶片臂,以及将两个叶片构件在其径向延伸的臂端部连接的水平叶片构件。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.031 秒)
