Abstract: Methods, systems, and devices for data management are described. A data management system may configure backup and recovery resources for tenant of the data management system. The data management system may receive an indication to create a set of subtenants within the resources configured for the tenant. The data management system may assign a first subset of resources configured for the tenant, and the first subset may be different from a second subset configured for a second subtenant. The data management system may activate a first backup procedure for the first subtenant. The first backup procedure may be configured to backup a first data source associated with the first subtenant of the tenant using the first subset of the set of backup and recovery resources, and the first backup procedure may be separate from a second backup procedure for a second data source associated with the second subtenant.

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may receive a request to assign a first computing object in a first object hierarchy of the DMS to a first tenant of the DMS. The DMS may check the first object hierarchy to identify other computing objects having a hierarchical relationship with the first computing object. The other objects may be above or below the first computing object within the first object hierarchy. The DMS may determine whether at least one of the other computing objects in the first object hierarchy is assigned to a second tenant of the DMS. The DMS may output, in response to the request, an indication that the first computing object is unavailable for assignment to the first tenant if at least one of the other computing objects in the first object hierarchy is assigned to the second tenant.

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may implement multi-tenancy role based access control (RBAC). A DMS that provides backup and recovery to multiple tenants may assign a data management cluster to a tenant organization, or specific resources from a data management cluster to a tenant, allowing multiple tenants to share a single data management cluster. The assignment of resources of the data management cluster respects the hierarchical relationship among computing objects, for example, assigning a top-level resource to a tenant implicitly assigns the descendent resources that descend from that top-level resource to the tenant.

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may implement multi-tenancy role based access control (RBAC). In accordance with the multi-tenancy based RBAC, tenant organizations of a DMS may be assigned permissions (i.e., privileges) for a given data management cluster and/or computing objects within a data management cluster. Customized user roles (RBAC roles) may also be created for a given tenant. For example, a role may be defined based on a corresponding set of permissions (e.g., permissions associated with computing objects, data management clusters, or data sources associated with the tenant). A user within a tenant may be assigned a user role, which may be a customized role, and the effective permissions for the user may be based on which permissions of the user's assigned role are also within the scope of the tenant's permissions.

Abstract: Methods, systems, and devices for data management are described. A data management system may receive an indication to create a set of subtenants of a tenant. A first set of user profiles are associated with the tenant and a second set of user profiles are associated with a parent tenant of the tenant. The system may assign a first subset of the first set of user profiles to a first subtenant and assign a second subset to a second subtenant. The first subset and the second subset exclude user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles. The system may update metadata corresponding to the first set of user profiles and the second set of user profiles such that the first subset has access to the first subtenant for and the second subset has access to the second subtenant.

Abstract: Methods, systems, and devices for data management are described. A data management system (DMS) may receive a federated login request from a user associated with one or more tenants of the DMS. The DMS may direct the federated login request to a centralized management service. The DMS may receive a security assertion markup language (SAML) assertion that indicates an identity of the user, a set of object-level permissions assigned to the user, and an identifier of a first tenant associated with the user. The DMS may identify one or more computing objects in a cluster of storage nodes that correspond to the first tenant based on the identifier from the SAML assertion. The DMS may determine that the user is authorized to perform a set of actions on the one or more computing objects based on the set of object-level permissions indicated by the SAML assertion.