US 12,169,537 B2
Scope-based access control system and method
Sudhir Vittal Shetty, Cedar Park, TX (US); Venkata Bala Koteswararao Donepudi, Round Rock, TX (US); and Pushkala Iyer, Round Rock, TX (US)
Assigned to Dell Products, L.P., Round Rock, TX (US)
Filed by Dell Products, L.P., Round Rock, TX (US)
Filed on Oct. 1, 2021, as Appl. No. 17/491,643.
Prior Publication US 2023/0109278 A1, Apr. 6, 2023
Int. Cl. G06F 21/31 (2013.01)
CPC G06F 21/31 (2013.01) 18 Claims
OG exemplary drawing
 
1. A scope-based access control system comprising:
a plurality of computing devices of a computing cluster;
a systems manager configured to monitor and control the operation of the plurality of computing devices, the systems manager stored in at least one memory and executed by at least one processor to:
receive a request to perform an operation on one of the computing devices, the request including a session identifier associated with an established session of a user who issued the request;
forward the request and the session identifier to a global authentication authority, wherein the global authentication authority responds to the request by issuing a claim that specifies a computing device group that the session is authorized to access, the computing device group comprising a subset of the computing devices;
receive the claim from the global authentication authority, wherein the claim specifies a computing device group that the session is authorized to access, wherein the computing device group comprises one of a plurality of computing device groups that are arranged in a hierarchy of computing device groups according to at least one of a location of each of the computing devices, a device type of each of the computing devices, or an entity that each of the computing devices are licensed to;
when a first computing device is included in the computing device group, perform the operation on the first computing device; and
when the first computing device is not included in the computing device group, disallow the operation on the first computing device.