The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

G06F 3/06 (2006.01); G06F 9/54 (2006.01); H04L 29/08 (2006.01); G06F 8/30 (2018.01); H04L 12/24 (2006.01); G06F 17/30 (2006.01); H04L 29/06 (2006.01); G06F 9/50 (2006.01);

U.S. Cl.

CPC ...

G06F 3/0647 (2013.01); G06F 3/064 (2013.01); G06F 3/0608 (2013.01); G06F 3/0652 (2013.01); G06F 3/0659 (2013.01); G06F 3/0673 (2013.01); G06F 8/315 (2013.01); G06F 9/5027 (2013.01); G06F 9/541 (2013.01); G06F 9/542 (2013.01); G06F 17/30321 (2013.01); G06F 17/30345 (2013.01); G06F 17/30424 (2013.01); H04L 41/0893 (2013.01); H04L 41/20 (2013.01); H04L 67/02 (2013.01); H04L 67/10 (2013.01); H04L 67/104 (2013.01); H04L 67/1095 (2013.01); H04L 67/16 (2013.01); H04L 67/32 (2013.01); H04L 67/327 (2013.01); H04L 67/42 (2013.01); G06F 2209/5011 (2013.01);

Abstract

A method of controlling access to a target resource of a plurality of resources managed by a control plane executing on a computing system includes: receiving, at the control plane, a request for the target resource by a client, the request including a user indicator; identifying a user group in which the user indicator is a member; identifying a role that includes an access policy, applicable to the user group, for accessing a group of the plurality of resources, the group of resources defined by a query executable against an index of states of the plurality of resources; obtaining a state of the target resource in response to the request; and applying the access policy of the role to the request for the target resource based on a determination of whether the state of the target resource satisfies a query filter corresponding to the query of the role.

Find Patent Forward Citations