主权项 |
1. A device, comprising:
one or more processors to:
receive a role request to generate a role used for access control;generate the role based on the role request;associate a group of accounts, a group of resources, and a group of operations with the role;receive an account trustee approval decision for the role from an account trustee,
the account trustee being responsible for managing at least one account included in the group of accounts;receive a resource trustee approval decision for the role from a resource trustee,
the resource trustee being responsible for managing at least one resource included in the group of resources; andselectively cause an account to be permitted to perform an operation on a resource based on the account trustee decision and the resource trustee decision,
the account being included in the group of accounts,the operation being included in the group of operations, andthe resource being included in the group of resources. |