-
公开(公告)号:US20080120302A1
公开(公告)日:2008-05-22
申请号:US11601096
申请日:2006-11-17
IPC分类号: G06F17/00
CPC分类号: H04L63/105 , G06F21/6209 , G06F21/6218 , G06F2221/2141
摘要: A method, apparatus, and system for providing role-based access control (RBAC) for storage management are described herein. Resource-identifying information is stored in a role-based access database for a network storage system, in association with role-identifying information for each of a plurality of roles and operation-identifying information. The operation-identifying information indicates one or more authorized operations for each of the plurality of roles and the resource-identifying information identifies specific resources maintained by the network storage system. The role-identifying information, data indicating one or more authorized operations for at least one of the roles, and resource-specific identifying information in the role-based access database are used to determine whether to allow or deny a request from a network storage client to access a resource maintained by the network storage system.
摘要翻译: 本文描述了一种用于提供用于存储管理的基于角色的访问控制(RBAC)的方法,装置和系统。 资源识别信息与用于多个角色和操作标识信息中的每一个的角色识别信息相关联地存储在用于网络存储系统的基于角色的访问数据库中。 操作识别信息指示多个角色中的每一个的一个或多个授权操作,并且资源识别信息标识由网络存储系统维护的特定资源。 使用角色识别信息,指示角色中的至少一个角色的一个或多个授权操作的数据以及基于角色的访问数据库中的资源特定标识信息来确定是否允许或拒绝来自网络存储客户端的请求 访问由网络存储系统维护的资源。
-
2.发明授权Method and system of access control based on a constraint controlling role assumption 有权基于约束控制角色假设的访问控制方法和系统公开(公告)号:US07712127B1
公开(公告)日:2010-05-04
申请号:US11601098
申请日:2006-11-17
CPC分类号: G06F21/6218 , G06F17/30306
摘要: In an RBAC system, a capability is defined as including an operation and an object on which the operation is to be performed. The capability is assigned to a role, which is in turn assigned to a user. Whether a user's request to perform an operation on an object should be authorized is determined based on whether a capability to perform the operation on the object is assigned to a role which is in turn assigned to the user. Further, the authorization is determined based on the evaluation of the constraint(s) attached to the role. If the evaluation result of the constraint(s) disallows the user to assume the role, the user is prohibited from performing the operation on the object even the user has such capability.
摘要翻译: 在RBAC系统中,能力被定义为包括要在其上执行操作的操作和对象。 该功能被分配给角色,而角色又被分配给用户。 是否应该授权用户对对象执行操作的请求是基于对对象执行操作的能力是否被分配给依次分配给用户的角色来确定的。 此外,授权是基于附加到角色的约束的评估来确定的。 如果约束的评估结果不允许用户承担角色,即使用户具有这样的能力,也禁止用户对对象执行操作。
-
公开(公告)号:US08402514B1
公开(公告)日:2013-03-19
申请号:US11601100
申请日:2006-11-17
IPC分类号: H04L29/00
CPC分类号: H04L63/104 , H04L63/08 , H04L63/105
摘要: A method, apparatus, and system are described herein, in which system resources and operations are assigned to roles in a role-based access control system, and the roles are assigned to a plurality of users. An RBAC system is used to resolve the client request to perform an operation on a resource, the RBAC system using a hierarchy of the plurality of resources to determine if a user is permitted to perform the operation on a parent of the resource in the hierarchy of resources. The RBAC system also determines if a user is permitted to perform the operation on the resource if a user group to which the user belongs to has the required access.
摘要翻译: 本文描述了一种方法,装置和系统,其中将系统资源和操作分配给基于角色的访问控制系统中的角色,并且将角色分配给多个用户。 使用RBAC系统来解析对资源执行操作的客户端请求,RBAC系统使用多个资源的层次结构来确定是否允许用户对该层次结构中的资源的父节点执行操作 资源。 如果用户所属的用户组具有所需的访问权限,则RBAC系统还确定是否允许用户对资源执行操作。
-
-
搜索结果
3 条记录 (耗时 0.018 秒)