INTELLIGENT ROLE BASED ACCESS CONTROL BASED ON TRUSTEE APPROVALS

摘要

A device is configured to receive a role request to generate a role used for access control. The device may generate the role based on the role request. The device may associate a group of accounts, a group of resources, and a group of operations with the role. The device may receive an account trustee approval decision for the role from an account trustee. The account trustee may be responsible for managing at least one account included in the group of accounts. The device may receive a resource trustee approval decision for the role from a resource trustee. The resource trustee may be responsible for managing at least one resource included in the group of resources. The device may selectively cause an account to be permitted to perform an operation on a resource based on the account trustee decision and the resource trustee decision.

主权项

1. A device, comprising:
one or more processors to:
receive a role request to generate a role used for access control;generate the role based on the role request;associate a group of accounts, a group of resources, and a group of operations with the role;receive an account trustee approval decision for the role from an account trustee,
the account trustee being responsible for managing at least one account included in the group of accounts;receive a resource trustee approval decision for the role from a resource trustee,
the resource trustee being responsible for managing at least one resource included in the group of resources; andselectively cause an account to be permitted to perform an operation on a resource based on the account trustee decision and the resource trustee decision,
the account being included in the group of accounts,the operation being included in the group of operations, andthe resource being included in the group of resources.