CPC G06F 9/468 (2013.01) [G06F 9/505 (2013.01); G06F 9/5072 (2013.01); G06F 9/541 (2013.01); G06F 12/0815 (2013.01); G06F 21/6218 (2013.01); G06Q 30/0279 (2013.01)] | 15 Claims |
1. A computer implemented method of managing access to resources of a cloud platform that are made available to a tenant organization of the cloud platform comprising:
retrieving, at a computing device of the cloud platform, context data and policies for a requestor and an identified resource, where the requestor is external to the cloud platform and is associated with an entity that is separate from the tenant organization and provides services to the tenant organization through the cloud platform in connection with a predefined role assigned to the requestor, wherein the requestor's access to resources of the cloud platform is determined based on the context data, policies, role and resource;
combining, by the computing device, the policies with context data into a combined data structure, where the context data includes parameters of the policies to enable evaluation of dynamic expressions in the policies;
generating, by the computing device, in response to receiving a request from the requestor for the identified resource, resource permissions for the requestor using the combined data structure by evaluating the parameters of the policies in the context data that are applicable to the role of the requestor and the identified resource; and
returning, by the computing device, the resource permissions to the requestor.
|