Controlled deployment of application feature
US-2017192767-A1 · Jul 6, 2017 · US
Creating roles and controlling access within a computer network
US12184659B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12184659-B2 |
| Application number | US-202218047727-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 19, 2022 |
| Priority date | Dec 28, 2018 |
| Publication date | Dec 31, 2024 |
| Grant date | Dec 31, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.
First claim
Opening claim text (preview).
What is claimed is: 1. A controller having access to a network, wherein the controller comprises: a storage device; and one or more processors in communication with the storage device, wherein the one or more processors are configured to: output, to a user interface, data indicative of a plurality of objects for presentation by the user interface, wherein the user interface is configured for user selection of, for each object, a viewing capability, a creation capability, and an editing capability; receive, from the user interface, data indicative of a selection of a first set of capabilities and a first role identifier for a first role, wherein the first role identifier corresponds to the first set of capabilities, wherein the first set of capabilities includes network security capabilities and object deployment capabilities; create, based on the data indicative of the selection of the first set of capabilities and the first role identifier, the first role, wherein the first role enables performance of a first set of actions within the network, the first set of actions corresponding to the first set of cap abilities from the selection, and wherein the first role and the first set of capabilities define a first subscription level in a multi-level subscription program, wherein a second role e enables performance of a second set of actions within the network, the second set of actions corresponding to a second set of capabilities, and wherein the second role and the second set of capabilities define a second subscription level in the multi-level subscription program, where the second subscription level represents a different class of service than the first subscription level, and wherein: the first set of actions includes one or more actions that are not present in the second set of actions; or the second set of actions includes one or more actions that are not present in the first set of actions; and associate the first role with a user, enabling the user to perform the first set of actions. 2. The controller of claim 1 , wherein to output the data indicative of the plurality of objects, the controller is further configured to: output data enabling the user interface to display the plurality of objects in a list. 3. The controller of claim 1 , wherein the one or more processors are further configured to: receive, from the user interface, data indicative of a modification of the first role; modify the first role based on the data indicative of the modification by performing at least one of: adding at least one capability to the first set of capabilities associated with the first role, and removing at least one capability of the first set of capabilities associated with the first role; and output data indicative of the modification. 4. The controller of claim 1 , wherein the controller is further configured to: receive a token specifying a set of roles, wherein the set of roles is associated with the user; and retrieve the plurality of objects, wherein the plurality of objects is associated with the set of roles, and wherein the plurality of objects represents the plurality of objects for presentation by the user interface. 5. The controller of claim 1 , wherein the one or more processors are further configured to: output data indicative of the first role to a role data store, wherein the role data store includes a group of roles including a set of pre-defined roles and a set of user-created roles, and wherein the first role represents a user-created role of the set of user-created roles. 6. The controller of claim 1 , wherein before associating the first role with the user, the one or more processors are further configured to: receive, from the user interface, data indicative of instructions to associate the first role with the user corresponding to a tenant of a plurality of tenants. 7. The controller of claim 1 , wherein the first set of capabilities includes network configuration capabilities and network policy capabilities. 8. The controller of claim 4 , wherein the one or more processors are further configured to: receive, from the user interface, data indicative of a selection of the second set of capabilities and a selection of a second role identifier, wherein the second role identifier corresponds to the second set of capabilities; and create, based on the second set of capabilities and the second role identifier, the second role which enables performance of the second set of actions within the network, the second set of actions corresponding to the second set of capabilities. 9. The controller of claim 6 , wherein the one or more processors are further configured to: receive a token specifying a set of roles, wherein the set of roles is associated with the user; and retrieve, from a role data store, a plurality of capabilities, wherein the plurality of capabilities is associated with the set of roles, and wherein the plurality of capabilities represents the first set of capabilities for presentation by the user interface. 10. A method comprising: outputting, by one or more processors of a controller and to a user interface, data indicative of a plurality of objects for presentation by the user interface, wherein the user interface is configured for user selection of, for each object, a viewing capability, a creation capability, and an editing capability; receiving, by the one or more processors and from the user interface, data indicative of a selection of a first set of capabilities and a first role identifier for a first role, wherein the first role identifier corresponds to the first set of capabilities, wherein the first set of capabilities includes network security capabilities and object deployment capabilities; creating, by the one or more processors and based on the data indicative of the selection of a first set of capabilities and the first role identifier, the first role, wherein the one or more processors are in communication with a storage device, wherein the first role enables performance of a first set of actions within a network, the first set of actions corresponding to the first set of capabilities from the selection, and wherein the first role and the first set of capabilities define a first subscription level in a multi-level subscription program, wherein a second role enables performance of a second set of actions within the network, the second set of actions corresponding to a second set of capabilities, and wherein the second role and the second set of capabilities define a second subscription level in the multi-level subscription program, where the second subscription level represents a different class of service than the first subscription level, and wherein: the first set of actions includes one or more actions that are not present in the second set of actions; or the second set of actions includes one or more actions that are not present in the first set of actions; and associating, by the one or more processors, the first role with a user, enabling the user to perform the first set of actions. 11. The method of claim 10 , wherein outputting the data indicative of the plurality of objects comprises: outputting data enabling the user interface to display the plurality of objects in a list. 12. The method of claim 10 , further comprising: receiving, by the one or more processors and from the user interface, data indicative of a modification of the first role; modifying, by the one or more processors, the first role based on the data indicative of the modification by performing at least one of: adding at least one capability to the first set of capabilities associated with the first role; and removing a
Assignees
Inventors
Classifications
Multiple levels of security · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Tools and structures for managing or administering access control systems · CPC title
- H04L63/104Primary
Grouping of entities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12184659B2 cover?
- This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output…
- Who is the assignee on this patent?
- Juniper Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/104. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 31 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).