CN111090839A - Resource operation authority management method and device, electronic equipment and storage medium - Google Patents
Resource operation authority management method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111090839A CN111090839A CN201811236175.7A CN201811236175A CN111090839A CN 111090839 A CN111090839 A CN 111090839A CN 201811236175 A CN201811236175 A CN 201811236175A CN 111090839 A CN111090839 A CN 111090839A
- Authority
- CN
- China
- Prior art keywords
- resource
- operator
- authentication
- information
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
A resource operation authority management method, a device, an electronic device and a storage medium are provided. The method comprises the following steps: receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator; performing identity authentication on an operator according to the relationship between the identity certificate information and creator information of the resource; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
Description
Technical Field
The invention relates to the technical field of cloud resources, in particular to a resource operation authority management method and device, electronic equipment and a storage medium.
Background
In cloud resource management, resource hosting is involved, that is, a user holds a plurality of basic resources, and when the number of resources is increased, operations, queries and the like of the resources bring great troubles to the management of the user, so that the resources are hosted to a certain product (mechanism), and the product (mechanism) is responsible for the operations of creation, operation, query, release and the like of the user resources to increase the user resource management efficiency. Meanwhile, the problem of permission release is brought by the resource hosting, so that two situations are caused, namely, a hosted product (mechanism) possibly exceeds the responsibility range predicted by a user to cause abuse; secondly, the user cannot acquire the authority range contained in the trusteeship, so that the product (mechanism) is not trusted.
Currently, the solutions to the above problems include the following two approaches:
1. with direct grant of rights, a user specifies that a certain product (organization) can operate a certain batch of resources and can create certain resources. The hosting of the resources can also be realized, but the method has the disadvantages that the resources cannot be divided across products (mechanisms) and distinguished, the resources created by the product (mechanism) a cannot be distinguished from the resources created by the product (mechanism) B, and the operation of the product (mechanism) a for operating the resources to which the product (mechanism) B belongs cannot be managed.
2. The method is characterized in that resource operation rights between every two sub-accounts are managed and isolated or certain access rights of a certain product are authorized by using a basic rights management tool, but the method has no way of limiting the certain product to only access the resource of which the creator is the product.
Disclosure of Invention
The present application is directed to solving at least one of the technical problems in the related art.
The application provides a resource operation authority management method, a resource operation authority management device, electronic equipment and a storage medium, and at least clear definition and specification of the authority of managed resources are realized.
The technical scheme is as follows.
In a first aspect, the present invention provides a method for managing resource operation permissions, including:
receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
performing identity authentication on an operator according to the relationship between the identity certificate information and creator information of the resource; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
Preferably, the identity credential information comprises a relationship of a user identity and an operator identity.
Preferably, the authenticating the identity of the operator according to the relationship between the identity credential information and the creator information of the resource comprises:
performing identity authentication according to the pre-recorded creator information of the resources;
when the operator is determined to be the resource creator according to the identity certificate information, the authentication is passed;
and when the operator is determined not to be the resource creator according to the identity certificate information, the authentication is not passed.
Preferably, the identity credential information further includes role information, where the role information is temporary identification information of an operator authorized by the user, and the operator uses the role information to access the resource.
Preferably, the operation request comprises one of:
create request, delete request, query request.
In a second aspect, the present invention provides a resource operation authority management device, including:
the receiving module is used for receiving an operation request of an operator for the resource, wherein the operation request comprises identity credential information of an operator;
the authentication module is arranged for authenticating the identity of an operator according to the relationship between the identity certificate information and the creator information of the resource;
the execution module is used for executing the content of the operation request when the authentication is passed; and when the authentication is not passed, rejecting the operation request.
Preferably, the authenticating module authenticating the identity of the operator according to the relationship between the identity credential information and the creator information of the resource includes:
performing identity authentication according to the pre-recorded creator information of the resources;
when the operator is determined to be the resource creator according to the identity certificate information, the authentication is passed;
and when the operator is determined not to be the resource creator according to the identity certificate information, the authentication is not passed.
In a third aspect, the present invention provides an electronic device comprising:
a memory storing a resource operation authority management program;
a processor configured to read the resource operation authority management program to perform the following operations:
receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
performing identity authentication on an operator according to the identity certificate information; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
In a fourth aspect, the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the following:
receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
performing identity authentication on an operator according to the identity certificate information; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
The application includes the following advantages:
on one hand, the embodiment of the invention provides an open authority management mode, and the authority of the managed resource is clearly defined and specified.
On the other hand, the embodiment of the invention can record the operator state of the resource, shield other limited (non-permission) operators, and achieve the isolation between the resource operators (who creates and can operate) through the resource state record.
On the other hand, the embodiment of the invention achieves the closed loop of the authority management by controlling the relationship between the resource creator and the resource user, the resource created by a certain product (mechanism) is limited to the product (mechanism) to help the user to operate, and other products (mechanisms) have no authority to operate.
Of course, it is not necessary for any product to achieve all of the above-described advantages at the same time for the practice of the present application.
Drawings
Fig. 1 is a schematic structural diagram of a cloud resource operating system according to an embodiment;
FIG. 2 is a schematic diagram of an electronic device of an embodiment;
fig. 3 is a schematic structural diagram of a cloud server according to an embodiment;
FIG. 4 is a flowchart of a resource operation privilege management method of an embodiment;
FIG. 5 is a flow diagram of identity authentication of an embodiment;
FIG. 6 is a schematic structural diagram of a resource operation authority management apparatus according to an embodiment;
FIG. 7 is a flow diagram of a resource operation privilege management process of an embodiment.
Detailed Description
The technical solutions of the present application will be described in more detail below with reference to the accompanying drawings and embodiments.
It should be noted that, if not conflicted, the embodiments and the features of the embodiments can be combined with each other and are within the scope of protection of the present application. Additionally, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
In a typical configuration, a computing device for resource operation rights management may include one or more processors (CPUs), input/output interfaces, network interfaces, and memory (memory).
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium. The memory may include module 1, module 2, … …, and module N (N is an integer greater than 2).
Computer readable media include both permanent and non-permanent, removable and non-removable storage media. A storage medium may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
Aiming at the problem of resource operation authority management in the related technology, the application provides the following technical scheme.
Fig. 1 is a schematic view of a scenario provided in an exemplary embodiment of the present application. As shown in fig. 2, the cloud resource operating system may include: virtual machines (virtual machine 1, … …, virtual machine n, n is an integer not less than 2), and a cloud server, each of which communicates with the cloud server. The cloud server can achieve creation, updating and maintenance of resources according to requests of the virtual machines. It should be noted that the cloud resource operating system is only an example. The technical scheme of the application can be applied to any type of cloud resource operating system and is not limited to the structure shown in fig. 1.
Various implementations of the present solution are described in detail below.
The virtual machine according to the technical solution of the present application may be any device capable of implementing the functions described below. E.g., a stationary terminal such as a desktop computer.
Fig. 2 shows an exemplary structure of the electronic device. The electronic device may include a processor 31, a memory 32, an interface unit 33, a communication circuit 34, a display 35, and the like. Further, in some embodiments, one or more of the example components may be incorporated in another component, e.g., in some implementations, memory or other portions may be incorporated in a processor.
The processor 31 may be any type of processor capable of performing the functions described herein. For example, the processor may be a single or multi-core processor, digital signal processor, or other processor or processing/control circuitry. In some implementations, an electronic device may include one or more processors.
The memory 32 is coupled to the processor 31 through an interface unit 33, and the interface unit 33 may be a circuit or a component that facilitates input/output operations of the processor 31, the memory 32, and other components of the electronic device.
The communication circuit 34 may be any communication circuit, device, or collection thereof capable of communicating between a virtual machine and a cloud server. The communication circuitry may be configured to enable such communication using any one or more communication technologies (e.g., wireless or wired communication) and associated protocols (e.g., ethernet, bluetooth, WiFi, WiMAX, CDMA, TD-CDMA, LTE, etc.).
Fig. 3 shows an exemplary structure of the cloud server. The cloud server may include: an Input Output (IO) bus, a processor 40, a memory 41, a memory 42, and a communication device 43. The input/output (IO) bus is connected to other components (the processor 40, the storage 41, the memory 42, and the communication device 43) of the cloud server to which the IO bus belongs, and provides a transmission line for the other components. The processor 40 typically controls the overall operation of the cloud server to which it belongs. For example, processor 40 performs computations, validation, etc. The processor 40 may be a Central Processing Unit (CPU). The communication means 43, typically comprising one or more components, allows communication between the cloud server to which it belongs and the virtual machine. The memory 41 stores processor 40 readable, processor executable software code comprising instructions for controlling the processor 40 to perform the functions described below (i.e., software performing functions).
As shown in fig. 4, in order to solve the above problem in the related art, the present application provides a resource operation authority management method, including:
s101, receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
s102, performing identity authentication on an operator according to the relation between the identity certificate information and creator information of the resource; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
The embodiment of the invention can verify the mark creator of the resource in the resource operation process by authenticating the identity of the operator, thereby achieving the purpose that the resource created by which product (mechanism) can only be used by which product (mechanism).
In the embodiment of the invention, the identity credential information comprises the relationship between the user identifier and the operator identifier.
As shown in fig. 5, in the embodiment of the present invention, the performing identity authentication on the operator according to the relationship between the identity credential information and the creator information of the resource in step S102 includes:
s1021, performing identity authentication according to the pre-recorded creator information of the resources;
s1022, when the operator is determined to be the resource creator according to the identity voucher information, the authentication is passed;
and S1023, if the operator is determined not to be the resource creator according to the identity certificate information, the authentication is not passed.
In the embodiment of the invention, identity authentication is carried out according to the relationship between the identity voucher information and the creator information of the resource, the two conditions are divided, when the operator is the creator of the resource, the operator passes the identity voucher information and executes the content of the operation request; and refusing to execute the content of the operation request when the operator is not the resource creator.
In the embodiment of the present invention, the identity credential information further includes role information, the role information is temporary identification information of an operator authorized by the user, and the operator uses the role information to access the resource.
In this embodiment of the present invention, the operation request includes one of:
create request, delete request, query request.
The user may create a role, uid, product A, role1, uid being the user identification, product A being the operator information, role1 being the role name. After creation is complete, productA may use the role to generate a temporary identification for authorization of resource operations for the operator. The operator can directly create and operate the resource of the user through the temporary identification information, the authority set is defined by an authority rule, and the rule comprises two parts: the behavior comprises creation, deletion, query and the like, the resource description is a feature related to the resource, such as a unique descriptor of the resource, a label on the resource and the like, and the resource feature is used to determine whether the resource is consistent with the creator or not in the embodiment of the invention. The temporary identification information corresponding to the role can execute the action specified in the definition on the user resource with the same resource description.
When the operator creates a user resource using the temporary identification information, the underlying resource provider records the user of the temporary identification information, i.e., role name role: uid: product A: role1, and marks that the creator of this resource is product A, but the resource attribution is always a user.
When an operator uses the temporary identification information to operate and inquire user resources, a basic resource provider can inquire a creator of the created resources of related resource records (when the user cannot inquire the user resources, the resources are created for the user), if the creator of the recorded created resources is different from the user of the current temporary identification information, the creator of the resources can mark operation _ role _ resource: false in the authentication process, otherwise, if the creator of the recorded created resources is the same as the user of the current temporary identification information, the creator of the resources can mark operation _ role _ resource: true;
in the authentication process, the resource description is identified, if the user defines that the role can only operate the self-created resource, and the operation _ role _ resource in the authentication process is false, the resource is refused to be operated, otherwise, the request passes.
As shown in fig. 6, an embodiment of the present invention further provides a resource operation authority management apparatus, including:
the receiving module 100 is configured to receive an operation request of an operator for a resource, where the operation request includes identity credential information of an operator;
an authentication module 200 configured to authenticate the identity of the operator according to the relationship between the identity certificate information and the creator information of the resource;
the execution module 300 is configured to execute the content of the operation request when the authentication is passed; and when the authentication is not passed, rejecting the operation request.
The authentication module 200 performs identity authentication on the operator according to the relationship between the identity certificate information and the creator information of the resource, including:
performing identity authentication according to the pre-recorded creator information of the resources;
when the operator is determined to be the resource creator according to the identity certificate information, the authentication is passed;
and when the operator is determined not to be the resource creator according to the identity certificate information, the authentication is not passed.
An embodiment of the present invention further provides an electronic device, including:
a memory storing a resource operation authority management program;
a processor configured to read the resource operation authority management program to perform the following operations:
receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
performing identity authentication on an operator according to the identity certificate information; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored thereon, and when executed by a processor, the computer program implements the following processing:
receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
performing identity authentication on an operator according to the identity certificate information; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
Example one
As shown in fig. 7, this embodiment illustrates a main process of resource operation authority management, as follows:
1. when a user uses a resource provided by a resource provider, in order to facilitate resource management, the user can give authority to a product of the resource provider to perform resource management (product a and product B), the authority is granted by creating a role, the role information includes the product, and the authority of the role is specified by a rule. The role information description rule is as follows: role: uid: product a role1(uid is user identification, product a is product, role1 is a role name for marking-meaning that this role1 can be used by product a), while a right to this role needs to be granted: operation _ role _ resource: true (meaning that only resources marked as "own" can be operated).
2. A user defines how to manage own resources in the product A, and the product A can help the user to create, operate and delete the resources.
3. The product A generates a temporary authorization identity through the role authorized by the user, and the identity has all the rights given to the role by the user.
4. And the product A uses the temporary authorization identity to help the user operate the resource and create the resource at the basic resource provider.
And 5&6, when the basic resource provider receives the resource creating request of the temporary authorization identity, the resource is created for the user (the resource belongs to the user), and the creator of the resource is marked as productA (the mark resource creating role is role: uid: productB: role 1). After creating the resource, when the product A requests to operate the created resource, the basic resource provider determines that the resource creator is consistent with the current user with the temporary authorization identity, and adds operation _ role _ resource: true in the permission check, and the check finds that the resource is consistent with the permission definition, so that the resource can be operated.
And 7&8, the product B is also granted the user resource management authority with the role of role: uid: product B: role1, and the product B generates the temporary authorization identity by using the role.
And 9&10, the product B tries to operate the resource by using the temporary authorization identity, the basic resource provider judges that the resource creator is inconsistent with the current user of the temporary authorization identity, operation _ role _ resource is added into the permission check, the false check finds that the resource is inconsistent with the permission definition, and the resource is refused to be operated.
In this embodiment, when the product uses the user identity to operate the resource, the resource isolation is achieved by recording the temporary authorized identity user.
There are, of course, many other embodiments of the invention that can be devised without departing from the spirit and scope thereof, and it will be apparent to those skilled in the art that various changes and modifications can be made herein without departing from the spirit and scope of the invention.
Claims (9)
1. A resource operation authority management method is characterized by comprising the following steps:
receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
performing identity authentication on an operator according to the relationship between the identity certificate information and creator information of the resource; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
2. The method of claim 1, wherein the identity credential information comprises a relationship of a user identification to an operator identification.
3. The method of claim 2, wherein authenticating the identity of the operator based on the relationship of the identity credential information to the creator information of the resource comprises:
performing identity authentication according to the pre-recorded creator information of the resources;
when the operator is determined to be the resource creator according to the identity certificate information, the authentication is passed;
and when the operator is determined not to be the resource creator according to the identity certificate information, the authentication is not passed.
4. The method of claim 2, wherein the identity credential information further includes role information, the role information being temporary identification information of a user authorized operator, the operator using the role information to access the resource.
5. The method of claim 1, wherein the operation request comprises one of:
create request, delete request, query request.
6. A resource operation authority management apparatus, comprising:
the receiving module is used for receiving an operation request of an operator for the resource, wherein the operation request comprises identity credential information of an operator;
the authentication module is arranged for authenticating the identity of an operator according to the relationship between the identity certificate information and the creator information of the resource;
the execution module is used for executing the content of the operation request when the authentication is passed; and when the authentication is not passed, rejecting the operation request.
7. The apparatus of claim 6, wherein the authentication module authenticating the identity of the operator according to the relationship between the identity credential information and the creator information of the resource comprises:
performing identity authentication according to the pre-recorded creator information of the resources;
when the operator is determined to be the resource creator according to the identity certificate information, the authentication is passed;
and when the operator is determined not to be the resource creator according to the identity certificate information, the authentication is not passed.
8. An electronic device, comprising:
a memory storing a resource operation authority management program;
a processor configured to read the resource operation authority management program to perform the following operations:
receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
performing identity authentication on an operator according to the identity certificate information; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
9. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, performs a process of:
receiving an operation request of an operator for a resource, wherein the operation request comprises identity credential information of an operator;
performing identity authentication on an operator according to the identity certificate information; when the authentication is passed, executing the content of the operation request; and when the authentication is not passed, rejecting the operation request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811236175.7A CN111090839B (en) | 2018-10-23 | 2018-10-23 | Resource operation authority management method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811236175.7A CN111090839B (en) | 2018-10-23 | 2018-10-23 | Resource operation authority management method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111090839A true CN111090839A (en) | 2020-05-01 |
| CN111090839B CN111090839B (en) | 2023-07-11 |
Family
ID=70392090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811236175.7A Active CN111090839B (en) | 2018-10-23 | 2018-10-23 | Resource operation authority management method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111090839B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114579211A (en) * | 2022-02-21 | 2022-06-03 | 阿里巴巴(中国)有限公司 | Flow control method, device, equipment and system of service providing system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1825826A (en) * | 2006-04-05 | 2006-08-30 | 中国科学院研究生院 | System and method based on internet access and shared remote apparatus |
| CN101034990A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Right management method and device |
| CN103532981A (en) * | 2013-10-31 | 2014-01-22 | 中国科学院信息工程研究所 | Identity escrow and authentication cloud resource access control system and method for multiple tenants |
| CN104504343A (en) * | 2014-12-05 | 2015-04-08 | 国云科技股份有限公司 | Authority control method base on resource granularity |
| US9838430B1 (en) * | 2014-09-02 | 2017-12-05 | Amazon Technologies, Inc. | Temporarily providing a software product access to a resource |
-
2018
- 2018-10-23 CN CN201811236175.7A patent/CN111090839B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1825826A (en) * | 2006-04-05 | 2006-08-30 | 中国科学院研究生院 | System and method based on internet access and shared remote apparatus |
| CN101034990A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Right management method and device |
| CN103532981A (en) * | 2013-10-31 | 2014-01-22 | 中国科学院信息工程研究所 | Identity escrow and authentication cloud resource access control system and method for multiple tenants |
| US9838430B1 (en) * | 2014-09-02 | 2017-12-05 | Amazon Technologies, Inc. | Temporarily providing a software product access to a resource |
| CN104504343A (en) * | 2014-12-05 | 2015-04-08 | 国云科技股份有限公司 | Authority control method base on resource granularity |
Non-Patent Citations (1)
| Title |
|---|
| 贺德富;苏喜生;胡安胜;康勇;: "一种RBAC改进模型及其在军事Web信息***中的应用", 计算机与数字工程 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114579211A (en) * | 2022-02-21 | 2022-06-03 | 阿里巴巴(中国)有限公司 | Flow control method, device, equipment and system of service providing system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111090839B (en) | 2023-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| US10956614B2 (en) | Expendable access control | |
| US11347876B2 (en) | Access control | |
| US10069629B2 (en) | Controlled access to data in a sandboxed environment | |
| US20190089810A1 (en) | Resource access method, apparatus, and system | |
| EP2876568B1 (en) | Permission management method and apparatus, and terminal | |
| WO2017054985A1 (en) | Access control | |
| GB2540977A (en) | Expendable access control | |
| CN107729758B (en) | Secure processor for multi-tenant cloud workloads | |
| CN110535884B (en) | Method, device and storage medium for cross-enterprise inter-system access control | |
| CN109347839B (en) | Centralized password management method and device, electronic equipment and computer storage medium | |
| US10831915B2 (en) | Method and system for isolating application data access | |
| US9928365B1 (en) | Automated mechanism to obtain detailed forensic analysis of file access | |
| US20160036823A1 (en) | Accessing privileged objects in a server environment | |
| CN105069383A (en) | Virtual desktop USB (Universal Serial Bus) storage peripheral management and control method and system | |
| US20140208409A1 (en) | Access to data stored in a cloud | |
| WO2017129660A1 (en) | Secure data storage | |
| CN113743955A (en) | Food material traceability data security access control method based on intelligent contract | |
| US20160373421A1 (en) | Virtual content repository | |
| CN111090839B (en) | Resource operation authority management method and device, electronic equipment and storage medium | |
| CN109446847B (en) | Configuration method of dual-system peripheral resources, terminal equipment and storage medium | |
| CA2959574A1 (en) | Access control system and access control method | |
| CN109784073A (en) | Data access method and device, storage medium, computer equipment | |
| CN111865916B (en) | Resource management method and device and electronic equipment | |
| CN110175038B (en) | Soft lock permission updating method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40029887 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |