CONTROLLING ACCESS TO CLOUD RESOURCES IN DATA USING CLOUD-ENABLED DATA TAGGING AND A DYNAMIC ACCESS CONTROL POLICY ENGINE

Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine proc...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: CARROLL, Daniel John, Jr, PANDEY, Ganesh, GULATI, Shefali, TABOADA, Roberto Carlos, KANAKASABESAN, Kartik Tirunelveli, MANEK, Parul, SILVERBERG, Steven Mark, JAYARAMAN, Kameshwar, KWAN, Stuart, JEFFRIES, Charles Glenn
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.