公开(公告)号：US20230161895A1

公开(公告)日：2023-05-25

申请号：US18152343

申请日：2023-01-10

Applicant: Microsoft Technology Licensing, LLC

Inventor： Daniel John CARROLL, JR. ,  Kameshwar JAYARAMAN ,  Stuart KWAN ,  Kartik Tirunelveli KANAKASABESAN ,  Shefali GULATI ,  Charles Glenn JEFFRIES ,  Ganesh PANDEY ,  Roberto Carlos TABOADA ,  Parul MANEK ,  Steven Mark SILVERBERG

IPC: G06F21/62 ,  G06F9/451 ,  G06F9/50 ,  G06F21/31 ,  G06F21/60

CPC classification number: G06F21/6218 ,  G06F9/451 ,  G06F9/5072 ,  G06F21/31 ,  G06F21/602 ,  G06F2221/2141

Abstract: Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.