&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11954238.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,954,238 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Role-based access control for a storage system</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Yu Tan,  Sammamish, WA (US);  Shiva Ankam,  Sammamish, WA (US);  Hongbin Li,  Issaquah, WA (US); and  Ziyuan Song,  Bellevue, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Pure Storage, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Pure Storage, Inc.,  Mountain View, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Oct.  28, 2020, as Appl. No. 17/082,768.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/082,768 is a continuation in part of application No. 16/044,000, filed on Jul.  24, 2018, granted, now 11,146,564.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/78</b></i> (2013.01); <i><b>G06F 21/31</b></i> (2013.01); <i><b>G06F 21/60</b></i> (2013.01); <i><b>G06F 21/62</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/78</b></i> (2013.01)&#xa0;[<i><b>G06F 21/31</b></i> (2013.01); <i><b>G06F 21/604</b></i> (2013.01); <i><b>G06F 21/6218</b></i> (2013.01); <i>G06F 2221/2141</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>16 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11954238-20240409-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method of multi-level role-based access control for a storage system, the method comprising:<div class="claim_text">accessing, by an access control system, role permissions configuration data that specifies a plurality of roles and, for a role of the plurality of roles, a first set of permissions that define a first set of permitted operations on types of resources of the storage system and a second set of degraded permissions that define a second set of permitted operations on types of resources of the storage system, wherein the second set of degraded permissions defines the second set of permitted operations to be a subset of the first set of permitted operations defined by the first set of permissions;</div>
                <div class="claim_text">identifying, by an access control system from the role permissions configuration data and based on a role of a user requesting access to the storage system, a permission of the role to access a type of resource, wherein identifying the permission of the role to access the type of resource comprises selecting the permission of the role to access the type of resource from either the first set of permissions or the second set of degraded permissions;</div>
                <div class="claim_text">determining, by the access control system and based on the type of resource and on a mapping of resources of different secured endpoints of the storage system to types of resources, a set of resources of the storage system that the role has permission to access;</div>
                <div class="claim_text">identifying, by the access control system, a subset of the set of resources of the storage system that the user is authorized to access; and</div>
                <div class="claim_text">granting, by the access control system, the user role-based access to the subset of the set of resources of the storage system;</div>
                <div class="claim_text">wherein the mapping of resources of different secured endpoints of the storage system to types of resources comprises code associated with the resources indicating the types of the resources;</div>
                <div class="claim_text">wherein the resources comprise functions of an application program interface (API) configured to be called to interface with storage resources of the storage system.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>