A virtual machine is a software construct or the like operating on a computing device or the like for the purpose of emulating a hardware system. Typically, although not necessarily, the virtual machine is an application or the like and is employed on the computing device to host a user application or the like while at the same time isolating such user application from such computing device or from other applications on such computing device. A different variation of a virtual machine may for example be written for each of a plurality of different computing devices so that any user application written for the virtual machine can be operated on any of the different computing devices. Thus, a different variation of the user application for each different computing device is not needed.
New architectures for computing devices and new software now allow a single computing device to instantiate and run a plurality of partitions, each of which can be employed to instantiate a virtual machine to in turn host an instance of an operating system upon which one or more applications may be instantiated. Typically, although not necessarily, the computing device includes a virtualization layer with a virtual machine monitor or the like that acts as an overseer application or ‘hypervisor’, where the virtualization layer oversees and/or otherwise manages supervisory aspects of each virtual machine and acts as a possible link between each virtual machine and the world outside of such virtual machine.
Among other things, a particular virtual machine on a computing device may require access to a resource associated with the computing device. As may be appreciated, such resource may be any sort of resource that can be associated with a computing device. For example, the resource may be a storage device to store and retrieve data, and generally for any purpose that a storage device would be employed. Likewise, the resource may be any other asset such as a network, a printer, a scanner, a network drive, a virtual drive, a server, a software application, and the like. Accordingly, whatever the resource may be, the virtual machine may in fact be provided with access to services provided by such resource.
One or more administrators may be responsible for the management of virtual resources among multiple users. Various difficulties with the management of such resources may ensue, such as a timely allocation of requested resources and a fair distribution of access to the resources among the users.
Neither uncontrolled access nor strictly-regulated access are desirable options for the management of virtual machine resources. Providing uncontrolled access of the resources is not a desirable option as such access may result in some users consuming more resources than desired by the administrator. Furthermore, a strict management policy overseen by the administrator, in which management of virtual resources is closely regulated, may be time-consuming and unnecessary. An administrator may not need to grant permission or access for every resource desired by a user, but such an act is compulsory if a strict management policy is enforced.
Thus a self-service restriction system in which the administrator creates a policy for a user indicating the rights desired for the user is highly desirable.