&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12348521.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,348,521 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Virtual scopes for resource management</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Weijie Li,  Bellevue, WA (US); and  Bhavesh Chandrakant Doshi,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Microsoft Technology Licensing, LLC,  Redmond, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Microsoft Technology Licensing, LLC,  Redmond, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on May   13, 2022, as Appl. No. 17/743,702.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0370466 A1, Nov.  16, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/101</b></i> (2013.01)</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12348521-20250701-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method of controlling access to resource objects in a cloud-based storage system, the method comprising:<div class="claim_text">receiving an access request from a client device at an application server, the access request including information identifying a user associated with the access request, a role of the user, a requested resource for which access is requested, and a requested operation to be performed with the requested resource;</div>
                <div class="claim_text">determining a virtual scope for the user by accessing a virtual scope list for the requested resource, the virtual scope list including one or more virtual scope entries, each of the one or more virtual scope entries identifying at least one user and defining a virtual scope of access for the at least one user, the virtual scope defining a scope of operations permitted for the user and the virtual scope being independent of any operations permitted to users based on roles of the users as defined by a role-based access control system;</div>
                <div class="claim_text">determining an access scope for the role of the user according to the role-based access control system by accessing an access control list for the requested resource, the access control list including one or more access control entries, each of the one or more access control entries identifying at least one role and defining an access scope for the at least one role, the access scope defining a scope of operations permitted for the role of the user;</div>
                <div class="claim_text">determining whether the requested operation is in the virtual scope of operations permitted for the user and the access scope of operations permitted for the role of the user;</div>
                <div class="claim_text">when the requested operation is in the virtual scope of operations for the user and in the access scope of operations for the role of the user, granting the user access to the requested resource to perform the requested operation; and</div>
                <div class="claim_text">when the requested operation either is not in the virtual scope of the user or is not in the access scope of the role of the user, denying the user access to the requested resource to perform the requested operation.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>