| CPC G06F 21/6227 (2013.01) [G06F 2221/2113 (2013.01); G06F 2221/2141 (2013.01)] | 20 Claims |
|
1. A system, comprising:
one or more processors; and
memory to store computer-executable instructions that, when executed, cause the one or more processors to:
receive, at a first consumer cluster, a query that accesses one or more objects of a database stored in a data storage service;
send, by the first consumer cluster, a request to obtain access to the database to a federated permission management service;
receive, from the federated permission management service:
a first set of access permissions for the database specified, at least in part, via an interface at the federated permission management service, wherein the first set of access permissions is one of a plurality of different sets of access permissions applicable to consumer clusters that access the database, wherein the first set of access permissions is determined by the federated permission management service as applicable to the first consumer cluster out of the plurality of different sets of access permissions according to a user association of the first consumer cluster, wherein the first set of access permissions as applied to the one or more objects of the database is different than a second set of access permissions of the plurality of different sets of access permissions as applied to the one or more data objects of the database, and wherein both the first set of access permissions and the second set of access permissions provide access to at least some of the database; and
perform, by the first consumer cluster, the query that accesses the one or more objects of database according to the first set of access permissions.
|