CPC H04L 63/20 (2013.01) [H04L 63/104 (2013.01); G06Q 30/018 (2013.01)] | 20 Claims |
1. An access management system for providing access to computing environments based on a multi-environment policy, the system comprising:
one or more processors; and
one or more computer storage media storing computer-useable instructions that, when used by the one or more processors, cause the one or more processors to execute:
an access control manager configured for:
receiving request values of a request associated with a computing environment,
wherein the access control manager comprises programmed instructions that define integrated access provisioning operations for combined provisioning of access to provider-controlled computing environments and customer-controlled computing environment;
wherein the integrated access provisioning operations are based on a subscription classification that identifies a controlling subscriber of an identified computing environment;
wherein the computing environment is associated with a plurality of access vectors and the multi-environment policy, wherein an access vector comprises grouped computing environment aspects based on functional categories, the grouped computing environment aspects explicitly expose a security boundary construct based on enumerated values;
wherein the functional categories are associated with corresponding access provisioning operations that are defined and performed for different subscriptions to provide isolated access approval in a distributed computing environment;
wherein the enumerated values comprise different sets of support administrator operations that correspond to the plurality of access vectors;
wherein the multi-environment policy is a single policy configurable to define rules based on the plurality of access vectors for approving access to both provider-controlled computing environments and customer-controlled computing environments, wherein the rules are associated with both provider parameters and customer parameters for accessing selected computing environments;
based on the request values, determining whether the request is for a provider-controlled computing environment associated with the provider parameters of the plurality of access vectors or a customer-controlled computing environment associated with customer parameters of the plurality of access vectors, wherein the request values correspond to policy parameters of the multi-environment policy;
based on the multi-environment policy, communicating approval-request parameters of an approval-request to receive approval-request response values, wherein the approval-request parameters are associated with the provider-controlled computing environment or the customer-controlled computing environment, wherein the approval-request parameters are defined based on the plurality of access vectors;
receiving the approval-request response values for the approval-request; and
based on receiving the approval-request response values, communicating a request response indicating approval or denial of the request.
|