Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.

According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to determine, for each of a plurality of members in a group, a respective least privilege level for a resource and determine, based on the determined respective least privilege levels, a privilege level to be assigned to the group for the resource. The instructions may also cause the processor to assign the determined privilege level to the group for the resource and apply the assigned privilege level to the members of the group for the resource.

A distributed system provides access by a principal to a resource associated with sensitive data. Micro-services in communication with an authorization engine each include a resource provider that receives a resource action request from the principal to access the resource, determines a context for the request, and transmits the context to the authorization engine in an authorization request. The authorization engine receives the authorization request, resolves the authorization request context against a plurality of pre-defined resource conditions, and responds to the resource provider with an authorization response of allow, deny, or allow-with-conditions. The context for the request includes metadata regarding attributes of the principal, and each of the resource conditions includes a logical expression operating upon the attributes.

A system comprising an accelerator circuit comprising an accelerator function unit to implement a first function, and one or more device feature header (DFH) circuits to provide attributes associated with the accelerator function unit, and a processor to retrieve the attributes of the accelerator function unit by traversing a device feature list (DFL) referencing the one or more DFH circuits, execute, based on the attributes, an application encoding the first function to cause the accelerator function unit to perform the first function.

Apparatuses, systems, and methods for hierarchical memory systems are described. A hierarchical memory system can leverage persistent memory to store data that is generally stored in a non-persistent memory, thereby increasing an amount of storage space allocated to a computing system at a lower cost than approaches that rely solely on non-persistent memory. An example method includes receiving an interrupt message by a hypervisor, the interrupt message generated by a hierarchical memory component responsive to receiving a read request initiated by an input/output (I/O) device, gathering, by the hypervisor, address register access information from the hierarchical memory component, and determining, by the hypervisor, a physical location of data associated with the read request.

Arrangements for resource optimization and control are provided. In some aspects, one or more work process requests may be received. The work process requests may be aggregated to identify a current book of work. In some examples, availability data from a variety of sources, such as bots, resource operators, and the like, may be received. In some aspects, license data associated with the one or more bot resources may be retrieved. A machine learning engine may be executed to determine an optimal number of resources, type of resources, and the like, to process the book of work. Based on the determination, one or more instructions may be generated. For instance, instructions to provision one or more bots may be generated, instructions assigning work processes to one or more resource operators may be generated, and the like. The generated instructions may be transmitted to a resource for execution.

Systems and methods are directed to methods and apparatus for transferring ownership of common resources from a source entity, which owns a resource, to a destination entity, which will own the resource, in a distributed system. The method includes the source entity receiving a command to change ownership (the MOVE command), and then marking the source entity as no longer owning the common resource. The source entity then sends a MOVE command to the destination entity, which will then update its common resource ownership table to reflect that the ownership of the common resource has been transferred from the source entity to the destination entity. It is advantageous that the updating of ownership of the common resource in the source entity occur simultaneously with the dispatching of the MOVE command to the destination entity.

Systems and methods for enabling links between various devices is provided. The systems and methods may include a platform that enables different devices to access spatial models of a resource. The platform may enable the different devices to define and/or modify assignment conditions for access rights to resources. Further, the platform may enable definition of assignment conditions before or after the access rights are available for assignment.

An apparatus and method for monitoring the productivity of a portable machine are provided. The method includes receiving motion data for at least one component of the portable machine from a multi-axis accelerometer, receiving position data for the at least one component from a process parameter sensor communicatively coupled to the at least one component, and determining, based on the received motion data and the received position data that the at least one component is oriented in a predetermined position for productive operation. The method also includes determining an area of productive operation using at least one physical dimension of the at least one component and the received motion data when the at least one component is oriented in the predetermined position for productive operation and incrementing a total area counter based on the determination.

A method of process management for facilitating switching of operating modes within an electronic device is presented. In the method, the electronic device initiates a first process associated in a configuration file with a first operating mode of the device. The configuration file includes an indication as to whether the first process is authorized to request a switch to a second operating mode of the device. A request to switch to the second operating mode is received from the first process. The device determines by way of the indication whether the first process is authorized to issue the request. If the first process is authorized to issue the request, the device initiates a second process associated in the configuration file with the second operating mode in response to the request.