CPC H04L 63/0876 (2013.01) [H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/20 (2013.01); H04W 12/08 (2013.01)] | 20 Claims |
1. A method, comprising:
receiving, by a device, credentials identifying different security levels of users for access to functionalities of an on-premises device,
wherein the different security levels include:
a first security level associated with accessing computing resources of the on-premises device,
a second security level associated with, when a user is authorized to access one or more of the computing resources, whether the user is authorized to access one or more operating systems, of a plurality of operating systems of the on-premises device,
wherein the user is not authorized to access the plurality of operating systems when the user is not authorized to access the one or more of the computing resources,
a third security level associated with, when the user is authorized to access the one or more operating systems, whether the user is authorized to access one or more virtual machine (VM) instances of a plurality of VM instances of the on-premises device,
wherein the user is not authorized to access the one or more VM instances when the user is not authorized to access the operating system, and
a fourth security level associated with, when the user is authorized to access the one or more VM instances, whether the user is authorized to access one or more applications of a plurality of applications of the on-premises device,
wherein the user is not authorized to access the one or more applications when the user is not authorized to access the one or more VM instances;
storing, by the device, the credentials in a data structure;
receiving, by the device, a credential of the user and a request of the user to access a functionality of the functionalities of the on-premises device,
wherein the credential of the user comprises a single credential of the user that is generated by the on-premises device for the user,
wherein the credential is generated based on one of the credentials stored in the data structure;
determining, by the device, that a security level of the credential matches the first security level of the one of the credentials stored in the data structure,
wherein the request is rejected when the security level of the credential fails to match the first security level of the one of the credentials;
determining, by the device and based on the security level of the credential matching the first security level, that a computing resource of the on-premises device, requested by the request, matches a computing resource of the first security level of the one of the credentials; and
providing, by the device, the user with access to the computing resource of the on-premises device based on the computing resource of the on-premises device matching the computing resource of the first security level of the one of the credentials,
wherein the request is rejected when the computing resource of the on-premises device fails to match the computing resource of the first security level of the one of the credentials, and
wherein the user is not provided access a remaining set of computing resources of the computing resources of the on-premises device based on the remaining set of computing resources not being indicated by the first security level of the one of the credentials.
|