A multi-tenant environment refers to a technology wherein a single storage system is deployed to serve multiple customers, each customer using the same storage system for their protection storage requirements. A storage system, which supports multi-tenants, must satisfy the security and isolation requirements. Here, the “security and isolation requirements” refer to the requirements that each customer's dataset must be secured and isolated from the other customers on the storage component. The security and isolation requirements apply to the authentication and authorization of customers that request data access. For example, a customer (e.g., a tenant) must not be able to enter another customer's data sets, or read or write to data sets that belong to another customer. The security and isolation requirements can also refer to managing access control. For example, an administrator of one customer must not be able to perform system configuration, monitoring, etc., of the datasets that belong to another customer. Thus, although the customers may share the same storage system for authenticating, authorizing, backing up, restoring, or replicating their datasets, none of the customers can be aware of the presence of other customers in the storage system.
In order to improve security of a system, such as a backup system, it is desired that each and every access to a resource is properly authorized. In user-initiated workflows, this is typically achieved by enhancing client utilities to collect user credentials, and verify them with a configured authentication authority prior to making authorization and access control decisions. The challenge in providing such enhancement arises when the command line utilities are used in batch mode to perform various maintenance tasks driven by customer-written scripts. It is imperative to not break these workflows, and requiring the administrator to make user credentials part of such scripts is unacceptable and in many cases not feasible.