Conventional techniques enable access to components and/or operations of a storage system via an access control system, in which one or more access privileges is assigned to one or more users of the storage system. Further, conventional role based access control (RBAC) techniques enable a user to access storage system resources based on a role assigned to the user. As such, the user is permitted to access and/or perform operations on the storage system based on one or more access privileges assigned to the role. For example, storage system operations such as “create storage volume” and “delete storage volume” can be assigned to an “administrator” role. When the user is assigned the administrator role, the user can create and/or delete any storage volume included in the storage system.
One concern with conventional RBAC techniques is that such techniques authorize access to storage system resources merely at an operational level. For example, when users of an RBAC storage system request privileges to create and/or delete objects, e.g., storage volumes, within the RBAC storage system, the users are assigned a role associated with such privileges. Accordingly, accidental and/or intentional data loss/unauthorized data access can result because the role authorizes each of the users to delete and/or access the storage volumes.
Further, although conventional RBAC techniques associate management privileges of such objects with a role, e.g., storage administrator, which can be assigned to a limited number of skilled personnel, such centralized control reduce user experience(s) within a virtualized storage system environment. For example, users of virtual machines of an RBAC storage system are required to manage, e.g., duplicate, administrate, etc. their virtual machines via a limited number of skilled personnel.
The above-described deficiencies of today's role based access control environments and related technologies are merely intended to provide an overview of some of the problems of conventional technology, and are not intended to be exhaustive. Other problems with the state of the art, and corresponding benefits of some of the various non-limiting embodiments described herein, may become further apparent upon review of the following detailed description.