| CPC G06F 21/6218 (2013.01) [G06F 21/31 (2013.01); G06F 2221/2113 (2013.01); G06F 2221/2145 (2013.01)] | 20 Claims |
|
1. In a centralized file storage system, a method for securing file system data objects, said method comprising:
establishing a first data connection with a first file storage system;
acquiring from said first file storage system a first set of file system permissions having a first set of permission semantics, said first set of file system permissions controlling access to at least one data object stored on said first file storage system by a first user associated with said first file storage system;
establishing a second data connection with a second file storage system;
acquiring from said second file storage system a second set of file system permissions having a second set of permission semantics different from said first set of permission semantics, said second set of file system permissions controlling access to at least one data object stored on said second file storage system by a second user associated with said second file storage system;
converting said first set of file system permissions and said second set of file system permissions to a unified set of file system permissions having unified permission semantics different from said first set of permission semantics and said second set of permission semantics;
storing said unified set of file system permissions in memory of said centralized file storage system;
analyzing said unified set of file system permissions;
altering said first set of file system permissions based on said step of analyzing said unified set of file system permissions to create an altered first set of file system permissions; and
causing a denial of access by said first user to a particular one of said data objects stored on said first file storage system, to which said first user had access prior to said step of altering, based on said altered first set of file system permissions.
|