User abstracted RBAC in a multi tenant environment

摘要

A method and system for improving efficiency and security of a role based access control (RBAC) identity management system. A service provider owner requests an addition of a service provider identity dataset to a role dataset in the RBAC identity management system. The role dataset includes permissions to the individual users within the service provider identity dataset to access a secured resource of the RBAC identity management system and to perform the service on the secured resource. Addition of the service provider identity dataset to the role dataset is granted and is periodically revalidated which includes receiving an instruction to maintain or delete the service provider identity dataset from the role dataset. Access to the secured resource is based on the service provider identity dataset in the role dataset, instead of being based on the individual users, which improves the efficiency and security of the RBAC identity management system.