Multi-protocol access control lists
US-2018288057-A1 · Oct 4, 2018 · US
Dynamic permission modes
US10460122B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-10460122-B1 |
| Application number | US-201816234395-A |
| Country | US |
| Kind code | B1 |
| Filing date | Dec 27, 2018 |
| Priority date | Dec 27, 2018 |
| Publication date | Oct 29, 2019 |
| Grant date | Oct 29, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments are directed to managing data in a file system. A file system engine provides a file system that includes file system objects that may be accessible by two or more clients that use different native permission schemes. And, a permissions engine may determine map rules based on characteristics of a request to access request a file. The permission engine may execute the one or more map rules to provide platform permission values based on the native permission values. The permission engine may compare requested platform permission values to the platform permission values associated with the file. The permission engine may provide the access rights to the file based on an affirmative result of the comparison.
First claim
Opening claim text (preview).
What is claimed as new and desired to be protected by Letters Patent of the United States is: 1. A method for managing data in a file system over a network using one or more processors that execute instructions to perform actions, comprising: instantiating a file system engine to perform actions including: providing a file system that includes one or more file system objects, wherein the one or more file system objects are accessible by two or more clients that use different native permission schemes; receiving, from a client, an access request that is associated with the one or more file system objects, wherein the access request includes one or more native permission values that are supported by the client; providing one or more other requested permission values included in another access request from another client, wherein the other access request is associated with the one or more file system objects, and wherein the one or more other requested permission values are unsupported by the native permission scheme used by the client; and associating the one or more requested permission values and the one or more other permission values with the one or more file system objects; and instantiating a permissions engine to perform actions including: determining one or more map rules based on one or more characteristics of the access request, wherein the one or more map rules include computer readable instructions that map native permission values to platform permission values from a platform permission scheme; executing the one or more map rules to provide one or more platform permission values based on the one or more native permission values, wherein the one or more platform permission values are associated with the one or more file system objects, and wherein the platform permission scheme reduces latency and improves efficiency of computing resources employed to access the one or more file system objects by replacing use of the two or more different native permission schemes to define access rights to the one or more file system objects; comparing one or more requested platform permission values to the platform permission values associated with the one or more file system objects; and providing the access rights to the one or more file system objects based on an affirmative result of the comparison. 2. The method of claim 1 , wherein the comparison, further comprises: iterating over the one or more platform permission values; and determining the access rights to the one or more file system objects based on a first platform permission value that matches the access request. 3. The method of claim 1 , wherein the file system engine performs further actions, including: receiving a request from the client to store a file system object in the file system, wherein the file system object is associated with one or more native permission values; and employing the permissions engine to associate one or more inheritable platform permission values to the file system object based on the platform permission values that are associated with a parent file system object or a container file system object associated with the file system object. 4. The method of claim 1 , wherein providing the one or more requested platform permission values further comprises, executing one or more mapping rules to convert between the platform permission values and the native permission values, wherein the platform permission values that are unsupported by a client's native permission scheme are omitted from the one or more requested platform permission values. 5. The method of claim 1 , wherein providing the one or more platform permission values, further comprises: providing one or more joint platform permission values that are supported by each of the two or more clients; and providing one or more disjoint platform permission values that are supported by a portion of the two or more clients. 6. The method of claim 1 , wherein the one or more requested platform permission values are based on the platform permission scheme and the native permission values included in the access request. 7. The method of claim 1 , wherein the comparison, further comprises: communicating with a separate service to confirm one or more characteristics of the client or the access request; and modifying the provided access rights based on a response to the communication. 8. A system for managing data in a file system over a network comprising: a network computer, comprising: a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including: instantiating a file system engine to perform actions including: providing a file system that includes one or more file system objects, wherein the one or more file system objects are accessible by two or more clients that use different native permission schemes; receiving, from a client, an access request that is associated with the one or more file system objects, wherein the access request includes one or more native permission values that are supported by the client; providing one or more other requested permission values included in another access request from another client, wherein the other access request is associated with the one or more file system objects, and wherein the one or more other requested permission values are unsupported by the native permission scheme used by the client; and associating the one or more requested permission values and the one or more other permission values with the one or more file system objects; and instantiating a permissions engine to perform actions including: determining one or more map rules based on one or more characteristics of the access request, wherein the one or more map rules include computer readable instructions that map native permission values to platform permission values from a platform permission scheme; executing the one or more map rules to provide one or more platform permission values based on the one or more native permission values, wherein the one or more platform permission values are associated with the one or more file system objects, and wherein the platform permission scheme reduces latency and improves efficiency of computing resources employed to access the one or more file system objects by replacing use of the two or more different native permission schemes to define access rights to the one or more file system objects; comparing one or more requested platform permission values to the platform permission values associated with the one or more file system objects; and providing the access rights to the one or more file system objects based on an affirmative result of the comparison; and a client computer, comprising: a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including: providing the access request and the other access request. 9. The system of claim 8 , wherein the comparison, further comprises: iterating over the one or more platform permission values; and determining the access rights to the one or more file system objects based on a first platform permission value that matches the access request. 10. The system of claim 8 , wherein the file system engine performs further actions, including: receiving a request from the client to store a file system object in the file system, wherein the file system object is associated with one or more native permission values; and employing the permissions engine to associate one or more inheritable platform permission values to the file system object based on the platform permission values that are associated with a parent file sys
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
Access control lists [ACL] · CPC title
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10460122B1 cover?
- Embodiments are directed to managing data in a file system. A file system engine provides a file system that includes file system objects that may be accessible by two or more clients that use different native permission schemes. And, a permissions engine may determine map rules based on characteristics of a request to access request a file. The permission engine may execute the one or more map…
- Who is the assignee on this patent?
- Qumulo Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 29 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).