| CPC H04L 63/105 (2013.01) | 20 Claims |
|
1. A method for data management, comprising:
receiving, at a user interface associated with a cluster of storage nodes in a data management system (DMS), a federated login request from a user associated with one or more tenants of the DMS;
redirecting, by the DMS, the federated login request from the cluster of storage nodes to a centralized management service for the DMS;
receiving, at the cluster of storage nodes from the centralized management service, a security assertion markup language (SAML) assertion that indicates an identity of the user, a set of object-level permissions assigned to the user, and an identifier of a first tenant of the one or more tenants associated with the user, the set of object-level permissions corresponding to a set of computing objects that the user is authorized to access and a set of actions the user is authorized to perform on the set of computing objects;
identifying, by the DMS, one or more computing objects that are included in the cluster of storage nodes and that correspond to the first tenant based at least in part on the identifier from the SAML assertion; and
determining, by the DMS, that the user is authorized to perform the set of actions on the one or more computing objects included in the cluster of storage nodes based at least in part on the set of object-level permissions indicated by the SAML assertion.
|