CN107194239A - A kind of right management method and device - Google Patents
A kind of right management method and device Download PDFInfo
- Publication number
- CN107194239A CN107194239A CN201710374682.6A CN201710374682A CN107194239A CN 107194239 A CN107194239 A CN 107194239A CN 201710374682 A CN201710374682 A CN 201710374682A CN 107194239 A CN107194239 A CN 107194239A
- Authority
- CN
- China
- Prior art keywords
- user
- authority
- module
- bill
- create
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a kind of right management method and device, and the above method comprises the following steps:After the request of the authority application from user is received, bill corresponding with the user is generated, and create authority corresponding with the user;The bill is sent to the user, the uniform permission administration to the ecological each component of big data is completed, ensures the multi-tenant stability and security of big data cluster.
Description
Technical field
The invention belongs to computer realm, more particularly to a kind of right management method and device.
Background technology
In recent years, the development of big data Hadoop correlation techniques was like a raging fire, and the demand to rights management is also more and more urgent.
Big data control of authority is authorized user, group and computer to access the process of the data of big data environmentally.Its main work(
Can be that data resources use right limit is controlled, the data that the user by mandate can have been authorized with the access of normal legal
And computing resource, and the disabled user of those unauthorizeds is kept outside of the door, legal user is also possible to prevent to shielded number
Unauthorized access is carried out according to computing resource.
Therefore, in the urgent need to providing a kind of scheme that uniform permission administration is provided for big data platform.
The content of the invention
The present invention provides a kind of right management method and device, to solve the above problems.
The present invention provides a kind of right management method.The above method comprises the following steps:
After the request of the authority application from user is received, bill corresponding with the user is generated, and create and institute
State the corresponding authority of user;
The bill is sent to the user.
The present invention also provides a kind of rights management device, including:Authority management module, feedback module, wherein, the authority
Management module is connected with the feedback module;
Authority management module, for after the request of the authority application from user is received, generating corresponding with the user
Bill, and create corresponding with user authority;
Feedback module, for the bill to be sent to the user.
Pass through following scheme:After the request of the authority application from user is received, ticket corresponding with the user is generated
According to, and create authority corresponding with the user;The bill is sent to the user, the power for having universal significance is set up
Controlling model is limited, the ecological security of big data is greatly improved.
Pass through following scheme:Creating authority corresponding with the user includes:Create private of the user in database
There is name space, user's private database of Hive components creates the corresponding queue in resource management component, and establishment file is distributed
Data manipulation catalogue in component, completes the uniform permission administration to the ecological each component of big data, ensures many of big data cluster
Tenant's stability and security.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 show the right management method process chart of the embodiment of the present invention 1;
Fig. 2 show the rights management Organization Chart of the embodiment of the present invention 2;
Fig. 3 show the rights management structure drawing of device of the embodiment of the present invention 3.
Embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that not conflicting
In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
Fig. 1 show the right management method process chart of the embodiment of the present invention 1, comprises the following steps:
Step 102:After the request of the authority application from user is received, bill corresponding with the user is generated, and
Create authority corresponding with the user.
Step 104:The bill is sent to the user.
Further, in a step 102, creating authority corresponding with the user includes:
Create privately owned name space of the user in database, user's private database of Hive components.
Creating authority corresponding with the user also includes:
Create the data manipulation catalogue in resource management component in corresponding queue, establishment file distributed component.
Wherein, authority corresponding with the user is created in Ranger.
Further, interacting between user interface and data cluster is realized using Hue technologies.
The present embodiment solves the problems, such as the integrated management of multi-tenant and control of authority in big data cluster, will
Tri- component depth of Kerberos, Ranger, Yarn are combined, and by laterally getting through, longitudinal direction is associated, and whole big data is realized jointly
Tenant's management, rights management and the resource management of cluster.Realize to the big data group such as HDFS, Hive, Hbase, Yarn queue
User right distribution and the multi-tenant of part are managed, and have environment easily to build, the characteristics of autgmentability is good.
Fig. 2 show the rights management Organization Chart of the embodiment of the present invention 2.
As shown in Fig. 2 by the organic assembling of Kerberos, Ranger, Hue, Yarn4 components, being collectively forming unification
Mandate system.Kerberos is safety certification component, and ranger control data access rights components, Hue is one and increased income
Apache Hadoop UI system components, YARN is the control assembly to queue.
First, user is to this rights management platform application bill;
Then rights management platform generates bill after this application is received, during bill is generated,
Create corresponding in HBASE privately owned name space (namespace), user's private database of Hive components and Yarn in Ranger
Queue, HDFS (file distribution component) data manipulation catalogue, and above-mentioned items are authorized accordingly;
Then bill is issued to user by rights management platform, and user obtains logging in HUE usemame/password and bill
(being called for background application used).
Using Hue technologies, analyzing and processing can be interacted to Hadoop clusters on the web console of browser end
Data, for example, operate the data on HDFS, operation MapReduce Job etc..
This rights management platform carries out corresponding operating using HUE.From top to bottom, control authority can be minimal to Hbase
Cell (unit/field level);Hive supports traditional authority such as ALTER, UPDATE, CREATE, DROP, INDEX, SELECT;
YARN is the control to queue;HDFS controls of authority are the mandate to respective directories.
By this such scheme, the mandate entrance of whole big data cluster is unique, the security of cluster is enhanced, from user
Mandate is created to, then is operated to HUE visualization interface, has accomplished the lifecycle management of whole big data user.
Fig. 3 show the rights management structure drawing of device of the embodiment of the present invention 3.
As shown in figure 3, rights management device a kind of according to an embodiment of the invention, including:Data transmission module 302,
Data processing module 304, wherein, the data transmission module is connected with the data processing module;
Authority management module 302, for after the request of the authority application from user is received, generating and the user couple
The bill answered, and create authority corresponding with the user;
Feedback module 304, for the bill to be sent to the user.
Further, the authority management module 302 includes:
First granted unit 3022, for creating privately owned name space of the user in database, Hive components
User's private database.
Wherein, the authority management module also includes:
Second granted unit 3024, is created in resource management component in corresponding queue, establishment file distributed component
Data manipulation catalogue.
The authority management module 302 creates authority corresponding with the user in Ranger.
Further, in addition to:Interface control module 306, is connected to the authority management module 302, for using Hue
Technology realizes interacting between user interface and data cluster.
By the organic assembling of Kerberos, Ranger, Hue, Yarn4 components, unified mandate system is collectively forming.
By customized authorization flow, to the building component such as hdfs, hive operating space, the initialization operation space to tenant is completed
Definition.For different user, different components, initialize an operating space and used for tenant, then make for tenant's demand
Authorized with Ranger to intersecting data.
Pass through following scheme:After the request of the authority application from user is received, ticket corresponding with the user is generated
According to, and create authority corresponding with the user;The bill is sent to the user, the power for having universal significance is set up
Controlling model is limited, the ecological security of big data is greatly improved.
Pass through following scheme:Creating authority corresponding with the user includes:Create private of the user in database
There is name space, user's private database of Hive components creates the corresponding queue in resource management component, and establishment file is distributed
Data manipulation catalogue in component, completes the uniform permission administration to the ecological each component of big data, ensures many of big data cluster
Tenant's stability and security.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (10)
1. a kind of right management method, it is characterised in that comprise the following steps:
After the request of the authority application from user is received, bill corresponding with the user is generated, and create and the use
The corresponding authority in family;
The bill is sent to the user.
2. according to the method described in claim 1, it is characterised in that creating authority corresponding with the user includes:
Create privately owned name space of the user in database, user's private database of Hive components.
3. method according to claim 2, it is characterised in that creating authority corresponding with the user also includes:
Create the data manipulation catalogue in resource management component in corresponding queue, establishment file distributed component.
4. according to the method described in claim 1, it is characterised in that authority corresponding with the user is created in Ranger.
5. method according to any one of claim 1 to 4, it is characterised in that realize that user operates boundary using Hue technologies
Interacting between face and data cluster.
6. a kind of rights management device, it is characterised in that including:Authority management module, feedback module, wherein, the authority pipe
Reason module is connected with the feedback module;
Authority management module, for after the request of the authority application from user is received, generating ticket corresponding with the user
According to, and create authority corresponding with the user;
Feedback module, for the bill to be sent to the user.
7. device according to claim 6, it is characterised in that the authority management module includes:
First granted unit, for creating privately owned name space of the user in database, the user of Hive components is privately owned
Storehouse.
8. device according to claim 7, it is characterised in that the authority management module also includes:
Second granted unit, creates the data behaviour in resource management component in corresponding queue, establishment file distributed component
Make catalogue.
9. device according to claim 6, it is characterised in that the authority management module created in Ranger with it is described
The corresponding authority of user.
10. the device according to any one of claim 6 to 9, it is characterised in that also include:
Interface control module, is connected to the authority management module, for realizing user interface and data using Hue technologies
Interaction between cluster.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710374682.6A CN107194239A (en) | 2017-05-24 | 2017-05-24 | A kind of right management method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710374682.6A CN107194239A (en) | 2017-05-24 | 2017-05-24 | A kind of right management method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107194239A true CN107194239A (en) | 2017-09-22 |
Family
ID=59874370
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710374682.6A Pending CN107194239A (en) | 2017-05-24 | 2017-05-24 | A kind of right management method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107194239A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109309686A (en) * | 2018-11-01 | 2019-02-05 | 浪潮软件集团有限公司 | Multi-tenant management method and device |
CN110519285A (en) * | 2019-08-30 | 2019-11-29 | 浙江大搜车软件技术有限公司 | User authen method, device, computer equipment and storage medium |
CN111427589A (en) * | 2020-03-13 | 2020-07-17 | 苏州浪潮智能科技有限公司 | Data space deployment method and device of big data cluster resource management system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207482A (en) * | 2007-12-13 | 2008-06-25 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
CN101567785A (en) * | 2008-04-25 | 2009-10-28 | 华为技术有限公司 | Method, system and entity for authenticating notes in network service |
CN105656903A (en) * | 2016-01-15 | 2016-06-08 | 国家计算机网络与信息安全管理中心 | Hive platform user safety management system and application |
CN106301892A (en) * | 2016-08-02 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | Method for deploying, configuring and monitoring Hue service based on Apache Ambari |
CN106301791A (en) * | 2016-08-23 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | Method and system for realizing unified user authentication authorization based on big data platform |
-
2017
- 2017-05-24 CN CN201710374682.6A patent/CN107194239A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207482A (en) * | 2007-12-13 | 2008-06-25 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
CN101567785A (en) * | 2008-04-25 | 2009-10-28 | 华为技术有限公司 | Method, system and entity for authenticating notes in network service |
CN105656903A (en) * | 2016-01-15 | 2016-06-08 | 国家计算机网络与信息安全管理中心 | Hive platform user safety management system and application |
CN106301892A (en) * | 2016-08-02 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | Method for deploying, configuring and monitoring Hue service based on Apache Ambari |
CN106301791A (en) * | 2016-08-23 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | Method and system for realizing unified user authentication authorization based on big data platform |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109309686A (en) * | 2018-11-01 | 2019-02-05 | 浪潮软件集团有限公司 | Multi-tenant management method and device |
CN110519285A (en) * | 2019-08-30 | 2019-11-29 | 浙江大搜车软件技术有限公司 | User authen method, device, computer equipment and storage medium |
CN111427589A (en) * | 2020-03-13 | 2020-07-17 | 苏州浪潮智能科技有限公司 | Data space deployment method and device of big data cluster resource management system |
CN111427589B (en) * | 2020-03-13 | 2022-12-06 | 苏州浪潮智能科技有限公司 | Data space deployment method and device of big data cluster resource management system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109643242B (en) | Security design and architecture for multi-tenant HADOOP clusters | |
CN108293045B (en) | Single sign-on identity management between local and remote systems | |
CN108475288B (en) | System, method and equipment for unified access control of combined database | |
US8381306B2 (en) | Translating role-based access control policy to resource authorization policy | |
US8819068B1 (en) | Automating creation or modification of database objects | |
CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
US20150089575A1 (en) | Authorization policy objects sharable across applications, persistence model, and application-level decision-combining algorithm | |
CN104769908A (en) | LDAP-based multi-tenant in-cloud identity management system | |
US11126460B2 (en) | Limiting folder and link sharing | |
WO2018119589A1 (en) | Account management method and apparatus, and account management system | |
WO2020135492A1 (en) | Software hierarchical management system | |
KR20220051841A (en) | Smart Device Management Resource Selector | |
CN111552953B (en) | Security policy as a service | |
CN105550590A (en) | Role-based access control mechanism | |
Coppola et al. | Virtual organization support within a grid-wide operating system | |
CN107194239A (en) | A kind of right management method and device | |
Jin et al. | Role and attribute based collaborative administration of intra-tenant cloud iaas | |
CN107659450A (en) | Distribution method, distributor and the storage medium of big data cluster resource | |
US20240007458A1 (en) | Computer user credentialing and verification system | |
CN106529230A (en) | Role-based permission control mechanism | |
KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment | |
Sinnott | Grid security | |
CN110348184B (en) | Industrial cloud-based permission resource configuration method, system and storage medium | |
Hafeez et al. | Interoperability among access control models | |
CN110414213A (en) | A kind of method and device to rights management in operation management system based on keycloak |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170922 |
|
RJ01 | Rejection of invention patent application after publication |