Because traditional file systems are too large to be transferred, this problem is typically addressed through the use of snapshots. A snapshot is a restorable version of a file system created at a predetermined point in time. A snapshot may contain any changes to a file system's data blocks since a previous snapshot has been taken. To transfer a file system using a snapshot, a first client requests a file server to create a snapshot and then a second client accesses the snapshot and recreates the file system. The recreated snapshot can either be shared with the second client or the second client can replicate the data contained within the snapshot using a software application.
However, file servers in use today frequently use role based access control (RBAC). Pursuant to RBAC, a file server creating a snapshot cannot define a role that restricts access to the snapshot. The file server creating the snapshot defines a capability of restoring the snapshot and a role to a group of clients as opposed to a target recipient of the snapshot.
Capabilities, including the capability of restoring a snapshot, are usually defined by a storage administrator. However, the storage administrator may not be aware of the application semantics used at the file servers for storage objects created by the file servers. Therefore, a file server defines capabilities for snapshots and other storage objects created by the file server.
A combination of these capabilities defines a role. A group of clients are created having specified roles. Thus, all clients within a group have the same capabilities defined by a specified role and no clients outside the group have those capabilities.
The capability of restoring a snapshot is common across all snapshots. For example, suppose a creator of a snapshot is from a human resource department and a user restoring the snapshot is from a finance department. If a user in the engineering department has a capability of restoring a snapshot, that user is able to access the data contained in the created snapshot even though that user is not the intended recipient of the snapshot. Currently, there may be no way for the user in the human resource department to prevent users in the engineering department from accessing the data contained in the snapshot.
This lack of access control poses a security threat to data contained within the snapshot, because any user within the group is able to view the contents of the snapshot. Currently, there may be no mechanism that permits the user creating the snapshot to restrict access to the snapshot to a selected user or a selected group of users. Therefore, there is a need for managing access control to snapshots to enable the creator of a snapshot to define different capabilities for different snapshots without the limitations of the prior art.