Authorization decisions using conditioned permissions for resource collections

Assignee

• Dell Products L.P. · US

Inventors

• Ruchika Goyal · Cary, US
• Ashfaq Ahmed · Abu Dhabi, AE
• Ameer Jabbar · Lilburn, US
• Xiaojun Yang · Port Barrington, US
• Ching-Yun Chao · Austin, US
• Wai C. Yim · Merrimack, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/6209
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system can receive a request, and identify an attribute-based access control policy comprising a permission policy and a condition policy that is associated with performing an operation with respect to a group of computing resources with a first scope of the operation. The system can determine whether the account satisfies the permission policy for the operation, wherein determining whether the account satisfies the condition policy evaluates to true based on account attributes of the account and resource attributes of the group of computing resources in the first scope of the query operation. The system can, in response to determining that the account satisfies the condition policy, send an indication of the request as constrained by the first scope and a second scope that is based on the condition policy to a service, the service performing the operation to produce a result, and responding to the request with the result.