Security and permission architecture

What is claimed is: 1 . A machine in a multi-tenant computing system, comprising: a set of local policies that map commands to an isolation level in the multi-tenant computing system; an authentication worker component that receives a workflow that identifies a requested command to be performed on the machine from a remote user using a remote administrative client system, accesses the local policies to identify a corresponding isolation level and executes the command in an execution environment with the corresponding isolation level; and a processor that is activated by the authentication worker component and that facilitates accessing the local policies and executing the command. 2 . The machine in the multi-tenant computing environment of claim 1 wherein the authentication worker component comprises: an isolation level identifier component that accesses the set of local policies, based on the requested command, to identify the corresponding isolation level that is mapped to the requested command. 3 . The machine in the multi-tenant computing environment of claim 2 wherein the authentication worker component comprises: an execution environment generator that receives the identified isolation level and generates the execution environment on the machine with the identified isolation level. 4 . The machine in the multi-tenant computing environment of claim 3 wherein the authentication worker component comprises: a command execution engine that executes the requested command in the execution environment. 5 . The machine in the multi-tenant computing environment of claim 4 wherein the command execution engine obtains, from a trusted, remote authentication system, an access token corresponding to the isolation level and the execution environment and executes the requested command in the execution environment by launching a workflow for performing the requested command into a process on the machine using the access token. 6 . The machine in the multi-tenant computing environment of claim 4 wherein the requested command includes a plurality of different tasks, each task having a corresponding scope, wherein the set of local policies map the tasks to commands, and wherein the authentication worker component comprises: a local validation component that identifies a set of tasks to be performed to execute the requested command, and that accesses the local policies to validate that the identified set of tasks map to the requested command. 7 . The machine in the multi-tenant computing environment of claim 6 wherein the authentication worker component receives a capability token with the workflow, the capability token being generated by a remote authentication and authorization system that generates the capability token to authorize the workflow within a given scope and wherein the local validation component validates that the scope for each of the identified set of tasks corresponds to the given scope authorized in the capability token corresponding to the workflow. 8 . The machine in the multi-tenant computing environment of claim 7 wherein the set of local policies maps each scope to a given machine and wherein the local validation component accesses the local policies to validate that the scope for each task in the identified set of tasks is mapped to the machine. 9 . The machine in the multi-tenant computing environment of claim 8 wherein the remote authentication and authorization component authenticates the remote user and signs the capability token with a signature and wherein the authentication worker component comprises: a signature validation component verifies the signature of the remote authentication and authorization component. 10 . The machine in the multi-tenant computing environment of claim 1 wherein the machine comprises a capacity machine in a multi-tenant capacity system. 11 . The machine in the multi-tenant computing environment of claim 1 wherein the machine comprises a multi-tenant management machine in a multi-tenant management system. 12 . A computer implemented method implemented on a machine in a multi-tenant computing environment, the method comprising: receiving a workflow that identifies a requested command to be performed on the machine by a remote user using a remote administrative client system; accessing a set of local policies that map commands to an isolation level in the multi-tenant computing environment to identify an isolation level mapped to the requested command; generating an execution environment with the corresponding isolation level on the machine; and executing the command in the execution environment with the corresponding isolation level. 13 . The computer implemented method of claim 12 wherein receiving a workflow comprises: receiving a capability token with the workflow, the capability token being generated by a remote authentication and authorization system that generates the capability token to authorize the workflow within a given scope. 14 . The computer implemented method of claim 13 wherein the requested command includes a plurality of different tasks, each task having a corresponding scope, and wherein receiving a workflow comprises: identifying each task in the plurality of tasks, and its corresponding scope; and validating each task and its corresponding scope. 15 . The computer implemented method of claim 14 wherein the set of local policies map the tasks to commands, and wherein validating each task comprises: accessing the set of local policies to validate that each identified task, in the set of tasks, maps to the requested command. 16 . The computer implemented method of claim 15 wherein validating comprises: validating that the scope for each of the identified tasks in the set of tasks corresponds to the given scope authorized in the capability token corresponding to the workflow. 17 . The computer implemented method of claim 16 wherein the set of local policies maps each scope to a given machine and wherein validating comprises: accessing the local policies to validate that the scope for each task in the identified set of tasks is mapped to the machine. 18 . The computer implemented method of claim 18 wherein the remote authentication and authorization component authenticates the remote user and signs the capability token with a signature and wherein validating comprises: verifying the signature of the remote authentication and authorization component. 19 . A multi-tenant workload system, comprising: a requested command to be performed by a remote user using a remote administrative client system, the command request queue system sending the workflow to a trusted, remote authentication system and receiving an approved workflow from the remote authentication system; and a target machine on which the requested command is to be performed, the target machine receiving identifying, from the approved workflow, an isolation level corresponding to the approved workflow and executing the requested command in an execution environment with the identified isolation level. 20 . The multi-tenant workload system of claim 19 wherein the target machine comprises: a set of local policies that map commands to isolation levels, the isolation levels defining a least privileged execution environment for performing the requested command; and an authentication worker component that accesses the set of local policies to identify the isolation level corresponding to the requested command.