In general, it is important to establish not only who can physically access a particular computer system, but what functions they can perform once they have physical access. Without properly controlling access, a malicious or otherwise unwelcome user may retrieve sensitive data from the computer system. Alternatively, a malicious or otherwise unwelcome user may use the computer system's functionality in an unintended or undesirable manner.
Authorization policies are rules that define what functions each user can perform within a computer system. For example, authorization policies may define what resources different users are allowed to access and what actions they are allowed to perform on those resources. In some cases, users are assigned to different user groups. Authorization policies may be defined at a user group level. For example, a particular user may belong to a system administrators group. Generally, system administrators have access to more resources and functionality of the computer system than standard users.
In cloud computing, many different users may be accessing the same cloud service from different locations. Authorization policies are important to ensure that different users do not have access to each other's private data and functionality. For example, cloud services are often multi-tenancy applications, i.e., having multiple tenants (sometimes also referred to as subscribers, if there is a subscription contract to use the cloud service) accessing the same resources directly and/or through virtualization. Generally, different tenants share system resources without sharing each other's private data and functionality. A particular tenancy may also have multiple user groups. Data access and functionality may be different between different user groups in the same tenancy. For example, a particular tenancy may have access to a particular virtual machine hosted by a cloud service, and there may be different authorization policies for different users and/or user groups accessing that particular virtual machine.
Managing authorization policies becomes more complicated as computer systems become larger and more distributed. For example, a cloud service may rely on redundancy to help ensure system uptime. It can be challenging to keep authorization policies synchronized across redundant locations. Also, as the number of tenancies grows, the system overhead associated with authorizing users of those tenancies also grows. Each attempt to perform an action on a resource may result in network traffic to ask the cloud service whether the action is authorized. These authorization requests may consume considerable network resources. Authorization requests may also demand considerable processing time for the cloud service to handle, particularly as the number of users making authorization requests increases.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.