CN111090839B - Resource operation authority management method and device, electronic equipment and storage medium - Google Patents
Resource operation authority management method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111090839B CN111090839B CN201811236175.7A CN201811236175A CN111090839B CN 111090839 B CN111090839 B CN 111090839B CN 201811236175 A CN201811236175 A CN 201811236175A CN 111090839 B CN111090839 B CN 111090839B
- Authority
- CN
- China
- Prior art keywords
- resource
- operator
- information
- identity credential
- operation request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
A resource operation authority management method, a device, an electronic device and a storage medium. The method comprises the following steps: receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator; carrying out identity authentication on an operator according to the relation between the identity credential information and the creator information of the resource; when the authentication is passed, executing the content of the operation request; and rejecting the operation request when the authentication is not passed.
Description
Technical Field
The present invention relates to the field of cloud resources, and in particular, to a method and apparatus for managing resource operation rights, an electronic device, and a storage medium.
Background
In cloud resource management, the hosting of resources is involved, that is, a user holds a plurality of basic resources, and when the number of resources is increased, the operation and inquiry of the resources and the like can bring great trouble to the management of the user, so that the resources are hosted to a certain product (mechanism), and the product (mechanism) is responsible for the operations of creating, operating, inquiring, releasing and the like of the user resources so as to increase the management efficiency of the user resources. Meanwhile, the resource hosting brings about the problem of authority release, which leads to two cases, namely, hosted products (institutions) possibly exceed the predicted responsibility range of users and cause abuse; secondly, the user cannot obtain the authority range contained in the escrow, so that the user cannot trust the product (organization).
Currently, the ways to solve the above problems include the following two ways:
1. the grant of rights, which is done directly, the user specifies that a certain product (institution) can operate a certain batch of resources and that certain resources can be created. The hosting of the resource can also be realized, but the disadvantage of this approach is that the division across the products (institutions) and the differentiation of the resource cannot be performed, the resource created by the product (institution) a cannot be differentiated from the resource created by the product (institution) B, and the operation of the product (institution) a to operate the resource to which the product (institution) B belongs cannot be managed.
2. With the underlying rights management tool, the resource operation rights between each sub-account are managed and isolated, or some access rights are granted to some product, but this way of determining is that there is no way to restrict some product to access only the creator's own resources.
Disclosure of Invention
The present application aims to solve at least one of the technical problems in the related art.
The application provides a resource operation authority management method, a device, electronic equipment and a storage medium, which at least realize clear definition and specification of authority of managed resources.
The application adopts the following technical scheme.
In a first aspect, the present invention provides a resource operation authority management method, including:
receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator;
carrying out identity authentication on an operator according to the relation between the identity credential information and the creator information of the resource; when the authentication is passed, executing the content of the operation request; and rejecting the operation request when the authentication is not passed.
Preferably, the identity credential information includes a relationship of a user identity and an operator identity.
Preferably, the step of authenticating the identity of the operator according to the relationship between the identity credential information and the creator information of the resource comprises:
carrying out identity authentication according to the pre-recorded creator information of the resource;
authentication passes when the operator is determined to be the resource creator according to the identity credential information;
authentication is not passed when it is determined from the identity credential information that the operator is not the resource creator.
Preferably, the identity credential information further includes role information, the role information being temporary identification information of a user authorized operator, the operator accessing the resource using the role information.
Preferably, the operation request includes one of:
create request, delete request, query request.
In a second aspect, the present invention provides a resource operation authority management apparatus, including:
the receiving module is used for receiving an operation request of an operator on the resource, wherein the operation request comprises identity credential information of an operator;
the authentication module is used for carrying out identity authentication on an operator according to the relation between the identity credential information and the creator information of the resource;
the execution module is used for executing the content of the operation request when the authentication passes; and rejecting the operation request when the authentication is not passed.
Preferably, the authentication module performs identity authentication on the operator according to the relationship between the identity credential information and the creator information of the resource, including:
carrying out identity authentication according to the pre-recorded creator information of the resource;
authentication passes when the operator is determined to be the resource creator according to the identity credential information;
authentication is not passed when it is determined from the identity credential information that the operator is not the resource creator.
In a third aspect, the present invention provides an electronic device comprising:
a memory storing a resource operation authority management program;
a processor configured to read the resource operation rights management program to perform the following operations:
receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator;
carrying out identity authentication on an operator according to the identity credential information; when the authentication is passed, executing the content of the operation request; and rejecting the operation request when the authentication is not passed.
In a fourth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the following processing:
receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator;
carrying out identity authentication on an operator according to the identity credential information; when the authentication is passed, executing the content of the operation request; and rejecting the operation request when the authentication is not passed.
The application comprises the following advantages:
on one hand, the embodiment of the invention provides an open authority management mode, which clearly defines and standardizes the authority of the managed resource.
In yet another aspect, embodiments of the present invention record the operator status of the resource, shielding other restricted (unauthorized) operators, and isolating between resource operators (who created who can operate) is achieved through the resource status record.
In yet another aspect, the embodiment of the present invention achieves a closed-loop of rights management by controlling the relationship between the resource creator and the resource user, and the resource created by a certain product (organization) is limited to the product (organization) to assist the user in operation, and the other products (organizations) have no rights to operate.
Of course, it is not necessary for any of the products of the present application to be practiced to achieve all of the advantages described above at the same time.
Drawings
FIG. 1 is a schematic diagram of a cloud resource operating system according to an embodiment;
FIG. 2 is a schematic diagram of an electronic device of an embodiment;
fig. 3 is a schematic structural diagram of a cloud server according to an embodiment;
FIG. 4 is a flow chart of a resource operation rights management method of an embodiment;
FIG. 5 is a flow chart of authentication of an embodiment;
FIG. 6 is a schematic diagram of a resource operation authority management device according to an embodiment;
FIG. 7 is a flow chart of a resource operation rights management process of an embodiment.
Detailed Description
The technical scheme of the present application will be described in more detail with reference to the accompanying drawings and examples.
It should be noted that, if not conflicting, the embodiments of the present application and the features of the embodiments may be combined with each other, which are all within the protection scope of the present application. In addition, while a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in a different order than is shown.
In one typical configuration, a computing device for resource operation rights management may include one or more processors (CPUs), input/output interfaces, network interfaces, and memory (memory).
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash memory (flashRAM). Memory is an example of computer-readable media. The memory may include module 1, module 2, … …, module N (N is an integer greater than 2).
Computer readable media include both non-transitory and non-transitory, removable and non-removable storage media. The storage medium may implement information storage by any method or technique. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, read only compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer readable media, as defined herein, does not include non-transitory computer readable media (transmission media), such as modulated data signals and carrier waves.
Aiming at the problem of resource operation authority management in the related technology, the application provides the following technical scheme.
As shown in fig. 1, a schematic view of a scenario provided in an exemplary embodiment of the present application is provided. As shown in fig. 2, the cloud resource operating system may include: virtual machines (virtual machines 1 and … …, virtual machines n, n being integers not less than 2), and cloud servers, each virtual machine communicating with the cloud servers. The cloud server can realize the creation, updating and maintenance of the resources according to the request of the virtual machine. It should be noted that the cloud resource operating system is only an example. The technical scheme of the application can be applied to any type of cloud resource operating system, and is not limited to the structure shown in fig. 1.
Various implementations of the technical solutions of the present application are described in detail below.
The virtual machine may be any device capable of implementing the functions described below. For example, a stationary terminal such as a desktop computer.
As shown in fig. 2, an exemplary structure of the above-described electronic device is shown. The electronic device may include a processor 31, a memory 32, an interface unit 33, a communication circuit 34, a display 35, and the like. Further, in some embodiments, one or more of the exemplary components may be incorporated into another component, e.g., in some implementations, memory or other portions may be incorporated into a processor.
The memory 32 is coupled to the processor 31 through an interface unit 33, which interface unit 33 may be a circuit or a component that facilitates input/output operations of the processor 31, the memory 32, and other components of the electronic device.
The communication circuit 34 may be any communication circuit, device, or collection thereof capable of communicating between the virtual machine and the cloud server. The communication circuitry may be configured to implement such communications using any one or more communication technologies (e.g., wireless or wired communications) and associated protocols (e.g., ethernet, bluetooth, wiFi, wiMAX, CDMA, TD-CDMA, LTE, etc.).
The display 35 may be any type of display capable of performing the functions described herein. A display 35 is coupled to the processor 31 through an interface unit 33 for displaying under control of the processor 31.
As shown in fig. 3, an exemplary structure of the cloud server is described above. The cloud server may include: an Input Output (IO) bus, a processor 40, a storage 41, a memory 42, and a communication device 43. The input/output (IO) bus is connected to other components (the processor 40, the storage 41, the memory 42, and the communication device 43) of the cloud server to which the IO bus belongs, and provides a transmission line for the other components. The processor 40 generally controls the overall operation of the cloud server to which it belongs. For example, the processor 40 performs operations such as calculation and validation. The processor 40 may be a Central Processing Unit (CPU), among others. The communication means 43, typically comprising one or more components, allow communication between the cloud server to which they belong and the virtual machine. The memory 41 stores processor 40 readable, processor executable software code that contains instructions (i.e., software execution functions) for controlling the processor 40 to perform the functions described below.
As shown in fig. 4, to solve the above-mentioned problem in the related art, the present application proposes a resource operation authority management method, which is characterized by comprising:
s101, receiving an operation request of an operator for resources, wherein the operation request comprises identity credential information of an operator;
s102, carrying out identity authentication on an operator according to the relation between the identity credential information and the creator information of the resource; when the authentication is passed, executing the content of the operation request; and rejecting the operation request when the authentication is not passed.
The embodiment of the invention can verify the mark creator of the resource in the resource operation process by authenticating the identity of the operator, thereby achieving the purpose of which product (institution) creates the resource which can only be used by which product (institution).
In the embodiment of the invention, the identity credential information comprises a relationship between a user identifier and an operator identifier.
As shown in fig. 5, in the embodiment of the present invention, in step S102, authenticating the operator according to the relationship between the identity credential information and the creator information of the resource includes:
s1021, carrying out identity authentication according to the pre-recorded creator information of the resource;
s1022, when the operator is determined to be the resource creator according to the identity credential information, authentication is passed;
s1023, when the operator is determined not to be the resource creator according to the identity credential information, authentication is not passed.
In the embodiment of the invention, the identity authentication is carried out according to the relation between the identity credential information and the creator information of the resource, and the two conditions are divided, when the operator is the resource creator, the operator passes the soundness, and the content of the operation request is executed; and refusing to execute the content of the operation request when the operator is not the resource creator.
In the embodiment of the invention, the identity credential information further comprises role information, wherein the role information is temporary identification information of a user authorized operator, and the operator uses the role information to access the resource.
In an embodiment of the present invention, the operation request includes one of the following:
create request, delete request, query request.
The user may create a role roll, uid: product A: roll 1, uid being the user identification, product A being the operator information, roll 1 being the role name. After creation is completed, the product a can use this role to generate a temporary identification information to authorize the operator to operate the resource. The operator can directly create and operate the user resource through the temporary identification information, and the authority set is defined by an authority rule which comprises two parts: behavior and resource descriptions, behavior is that including create, delete, query, etc., resource descriptions are characteristics about a resource, such as a unique descriptor of the resource, a tag on the resource, etc., and in embodiments of the present invention use the resource characteristics "whether consistent with creator" is utilized. The temporary identity information corresponding to this role may perform the actions specified in the definition on the user resources with the same resource description.
When an operator creates a user resource using temporary identification information, the underlying resource provider will record the user of the temporary identification information, namely the role name roll: uid: product A: roll 1, marking that the creator of this resource is product A, but the resource attribution is always the user.
When an operator uses temporary identification information to operate and inquire user resources, a basic resource provider inquires about the creator of the created resources of related resource records (when the inquiry is not completed, the resources are created for the user), if the creator of the recorded created resources is different from the user of the current temporary identification information, the operation_roll_resource is marked as false in the authentication process, otherwise, if the creator of the recorded created resources is the same as the user of the current temporary identification information, the operation_roll_resource is marked as true;
in the authentication flow, the resource description is identified, if the user defines that the role can only operate the resource created by the user, and the operation of the resource is refused if the operation_role_resource is false in the authentication flow, otherwise, the request passes.
As shown in fig. 6, an embodiment of the present invention further provides a resource operation authority management device, including:
a receiving module 100 configured to receive an operation request of an operator for a resource, the operation request including identity credential information of an operator;
an authentication module 200 configured to authenticate an operator according to the relationship between the identity credential information and creator information of the resource;
an execution module 300 configured to execute the content of the operation request when the authentication passes; and rejecting the operation request when the authentication is not passed.
The authentication module 200 performs identity authentication on the operator according to the relationship between the identity credential information and the creator information of the resource, including:
carrying out identity authentication according to the pre-recorded creator information of the resource;
authentication passes when the operator is determined to be the resource creator according to the identity credential information;
authentication is not passed when it is determined from the identity credential information that the operator is not the resource creator.
The embodiment of the invention also provides electronic equipment, which comprises:
a memory storing a resource operation authority management program;
a processor configured to read the resource operation rights management program to perform the following operations:
receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator;
carrying out identity authentication on an operator according to the identity credential information; when the authentication is passed, executing the content of the operation request; and rejecting the operation request when the authentication is not passed.
An embodiment of the present invention also provides a computer-readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the following process:
receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator;
carrying out identity authentication on an operator according to the identity credential information; when the authentication is passed, executing the content of the operation request; and rejecting the operation request when the authentication is not passed.
Example 1
As shown in fig. 7, this embodiment illustrates a main flow of resource operation authority management, as follows:
1. when a user uses the resource provided by the resource provider, in order to facilitate resource management, the user can give the authority to the product of the resource provider to perform resource management (product A and product B), and the authority granting mode is realized by creating a role, wherein the role information comprises the product, and the authority of the role is regulated by a rule. The role information description rule is: roll: uid: product a: roll 1 (uid is user identification, product a is product, roll 1 is a character name for marking-meaning that roll 1 can be used by product a), while requiring authorization to this character for a right: operating_role_resource: true (meaning that only resources marked as "own" can be operated).
2. The user defines how to manage the resources in the product A, and the product A can help the user to create, operate and delete the resources.
3. Product a generates a temporary authorization identity by the user's authorized character, which has all the rights the user gives to the character.
4. Product a uses the temporary authorization identity to assist the user in manipulating the resource at the base resource provider, creating the resource.
5&6. Upon receiving the request to create a resource for the temporary authorized identity, the base resource provider creates a resource for the user (the resource belongs to the user), and marks the creator of the resource as product A (marks the resource creation role as role: uid: product B: role 1). After creating the resource, when the product A requests to operate the created resource, the basic resource provider judges that the resource creator is consistent with the current user with temporary authorized identity, and an operation_role_resource is added in the authority check, and the checking finds that the operation_role_resource is consistent with the authority definition, so that the resource can be operated.
7&8. Product B is also granted user resource management rights, roles are roll: uid: product B: roll 1, product B generates a temporary authorization identity by using this role.
And 9, using the temporary authorized identity to try to operate the resource, judging that the resource creator is inconsistent with the current user of the temporary authorized identity by the basic resource provider, adding an operation_role_resource in the authority check, and refusing to operate the resource if the false check finds that the operation is inconsistent with the authority definition.
The embodiment is that when the product uses the user identity to operate the resource, the resource isolation is achieved by recording the temporary authorized identity user.
Of course, various other embodiments of the present application are possible, and those skilled in the art will recognize that various changes and modifications can be made in light of the application without departing from the spirit and substance of the application, but that such changes and modifications are intended to be within the scope of the claims of the application.
Claims (6)
1. A resource operation authority management method, characterized by comprising:
receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator; the identity credential information is generated by an operator according to role information authorized by a user, the role information is temporary identification information of the user authorized operator, and the operator uses the identity credential information to operate the resource;
when the operator is determined to be the resource creator according to the identity credential information, the authentication is passed, and the content of the operation request is executed;
and when the operator is determined not to be the resource creator according to the identity credential information, the authentication is not passed, and the operation request is refused.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the role information includes a relationship of a user identification of the user with an operator identification.
3. The method of claim 1, wherein the operation request comprises one of:
create request, delete request, query request.
4. A resource operation authority management apparatus, characterized by comprising:
the receiving module is used for receiving an operation request of an operator on the resource, wherein the operation request comprises identity credential information of an operator; the identity credential information is generated by an operator according to role information authorized by a user, the role information is temporary identification information of the user authorized operator, and the operator uses the identity credential information to operate the resource;
an authentication module arranged to pass authentication when it is determined that the operator is the resource creator according to the identity credential information; when the operator is determined not to be the resource creator according to the identity credential information, authentication is not passed;
the execution module is used for executing the content of the operation request when the authentication passes; and rejecting the operation request when the authentication is not passed.
5. An electronic device, comprising:
a memory storing a resource operation authority management program;
a processor configured to read the resource operation rights management program to perform the following operations:
receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator; the identity credential information is generated by an operator according to role information authorized by a user, the role information is temporary identification information of the user authorized operator, and the operator uses the identity credential information to operate the resource;
when the operator is determined to be the resource creator according to the identity credential information, the authentication is passed, and the content of the operation request is executed; and when the operator is determined not to be the resource creator according to the identity credential information, the authentication is not passed, and the operation request is refused.
6. A computer readable storage medium, having stored thereon a computer program which when executed by a processor performs the following process:
receiving an operation request of an operator on a resource, wherein the operation request comprises identity credential information of an operator; the identity credential information is generated by an operator according to role information authorized by a user, the role information is temporary identification information of the user authorized operator, and the operator uses the identity credential information to operate the resource;
when the operator is determined to be the resource creator according to the identity credential information, the authentication is passed, and the content of the operation request is executed; and when the operator is determined not to be the resource creator according to the identity credential information, the authentication is not passed, and the operation request is refused.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811236175.7A CN111090839B (en) | 2018-10-23 | 2018-10-23 | Resource operation authority management method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811236175.7A CN111090839B (en) | 2018-10-23 | 2018-10-23 | Resource operation authority management method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111090839A CN111090839A (en) | 2020-05-01 |
| CN111090839B true CN111090839B (en) | 2023-07-11 |
Family
ID=70392090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811236175.7A Active CN111090839B (en) | 2018-10-23 | 2018-10-23 | Resource operation authority management method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111090839B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114579211A (en) * | 2022-02-21 | 2022-06-03 | 阿里巴巴(中国)有限公司 | Flow control method, device, equipment and system of service providing system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1825826A (en) * | 2006-04-05 | 2006-08-30 | 中国科学院研究生院 | System and method based on internet access and shared remote apparatus |
| CN101034990A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Right management method and device |
| US9838430B1 (en) * | 2014-09-02 | 2017-12-05 | Amazon Technologies, Inc. | Temporarily providing a software product access to a resource |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532981B (en) * | 2013-10-31 | 2016-08-17 | 中国科学院信息工程研究所 | A kind of identity trustship towards many tenants authenticates cloud resource access control system and control method |
| CN104504343A (en) * | 2014-12-05 | 2015-04-08 | 国云科技股份有限公司 | Authority control method base on resource granularity |
-
2018
- 2018-10-23 CN CN201811236175.7A patent/CN111090839B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1825826A (en) * | 2006-04-05 | 2006-08-30 | 中国科学院研究生院 | System and method based on internet access and shared remote apparatus |
| CN101034990A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Right management method and device |
| US9838430B1 (en) * | 2014-09-02 | 2017-12-05 | Amazon Technologies, Inc. | Temporarily providing a software product access to a resource |
Non-Patent Citations (1)
| Title |
|---|
| 一种RBAC改进模型及其在军事Web信息系统中的应用;贺德富;苏喜生;胡安胜;康勇;;计算机与数字工程(第07期);第105-108页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111090839A (en) | 2020-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3108634B1 (en) | Facilitating third parties to perform batch processing of requests requiring authorization from resource owners for repeat access to resources | |
| US10397213B2 (en) | Systems, methods, and software to provide access control in cloud computing environments | |
| US9613219B2 (en) | Managing cross perimeter access | |
| US20190089810A1 (en) | Resource access method, apparatus, and system | |
| US20150195284A1 (en) | Delegating authorization to applications on a client device in a networked environment | |
| JP2021527858A (en) | Location-based access to access-controlled resources | |
| CN107465650B (en) | Access control method and device | |
| US9229700B2 (en) | Methods and systems for dynamic upgrade of an access manager | |
| CN112492028A (en) | Cloud desktop login method and device, electronic equipment and storage medium | |
| JP6923582B2 (en) | Information processing equipment, information processing methods, and programs | |
| US20240311447A1 (en) | Programmable model-driven license management and enforcement in a multi-tenant system | |
| CN111090839B (en) | Resource operation authority management method and device, electronic equipment and storage medium | |
| CA2959574C (en) | Access control system and access control method | |
| US20140007259A1 (en) | Methods for governing the disclosure of restricted data | |
| CN111753268B (en) | Single sign-on method, single sign-on device, storage medium and mobile terminal | |
| CN113672974A (en) | Authority management method, device, equipment and storage medium | |
| CN114692172A (en) | User request processing method and device | |
| EP3455769B1 (en) | Virtual smart cards with audit capability | |
| CN112422475A (en) | Service authentication method, device, system and storage medium | |
| US20220417240A1 (en) | Virtual Machine Provisioning and Directory Service Management | |
| CN112583777B (en) | Method and device for realizing user login | |
| CN110175038B (en) | Soft lock permission updating method and device | |
| DE102021132225A1 (en) | MANAGEMENT OF SHARED AUTHENTICATION Credentials | |
| CN115525880A (en) | Method, device, equipment and medium for providing SAAS service facing multi-tenant | |
| CN114626034A (en) | Memory access method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40029887 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |