Role based access control utilizing scoped permissions

摘要

Systems and methods authorizing access to storage system resources are presented herein. A scoped permission assignment can be associated with an operation related to a type of at least one resource. The scoped permission assignment can be assigned to a role; and the role can be associated with user(s). A resource, or one or more resources of a resource group, can be associated with user(s) or user group(s). Further, a user can be authorized to perform the operation on the resource and/or one or more resources based on, at least in part, permission assignments directly granted to the user or granted in a role of the user. In addition, one or more resource flags can be assigned to the one or more resources. Accordingly, the user can be authorized to perform the operation based on, at least in part, the one or more resource flags and the scoped permission assignment.