CN103067463B - user root authority centralized management system and management method - Google Patents
user root authority centralized management system and management method Download PDFInfo
- Publication number
- CN103067463B CN103067463B CN201210557359.XA CN201210557359A CN103067463B CN 103067463 B CN103067463 B CN 103067463B CN 201210557359 A CN201210557359 A CN 201210557359A CN 103067463 B CN103067463 B CN 103067463B
- Authority
- CN
- China
- Prior art keywords
- server
- user
- authority
- information
- root
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title abstract description 42
- 238000013475 authorization Methods 0.000 claims description 32
- 230000004048 modification Effects 0.000 claims description 27
- 238000012986 modification Methods 0.000 claims description 27
- 238000012795 verification Methods 0.000 claims description 27
- 238000000034 method Methods 0.000 claims description 25
- 238000012790 confirmation Methods 0.000 claims description 9
- 230000001360 synchronised effect Effects 0.000 claims 1
- 230000008569 process Effects 0.000 description 5
- 241000282326 Felis catus Species 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 238000013479 data entry Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of user root authority centralized management system and management method, described system comprises: empowerment management server, data center, and server cluster; Wherein, described empowerment management server receives after user right amendment information, the record in the authority information database of renewal data center; Server in described server cluster, after user's login, the order of input root authority, according to title, the server identification generated query condition of the root authority order of the user name of this user's login, input, uses this querying condition data query center; According to Query Result, determine whether to carry out the order of root authority. Due to user right information is stored in to data center, by data center is unified, the user root authority of the each server in server cluster is managed concentratedly, and needn't in the configuration file of every station server, store all user right information; Thereby greatly save the resource in system.
Description
Technical Field
The invention relates to a computer technology, in particular to a user root authority centralized management system and a user root authority centralized management method in a computer operating system.
Background
root authority, which is a kind of System authority, and System authority can be understood as a concept, but is higher than administeror authority; root accounts are the super administrator user accounts in Linux and Unix systems that have the highest privilege for the entire system, can start or stop a process, delete or add users, add or disable hardware, and so on.
For example, a user with root privileges in a Linux system may enter a root privilege command in the command line to perform certain functions. For normal users that are not root users, the operating system may also allow them to use certain root permission commands: the user name of a common user and the corresponding relation between root authority commands which can be used by the user who logs in by adopting the user name are recorded in the configuration file/etc/sudoers of the Linux system. After a user logs in the system by using the user name, if a root permission command is input in a command line, the operating system firstly searches the root permission command corresponding to the user name recorded in a configuration file/etc/sudoers, if the root permission command comprises a command currently input by the user, the operating system indicates that the user is authorized, and executes the command; if the command currently entered by the user is not included, indicating that the user is not authorized to use the command, the operating system will refuse to execute the command. The Root user has the right to modify the above profile/etc/sudoers.
For the root authority management of the operating system of a single server, the root authority management can be completed by modifying a configuration file/etc/sudoers by a root user; if the root permission commands in the operating systems of the servers need to be managed in a centralized manner, the management is complicated; as shown in fig. 1, the system needs to perform centralized management on root permission commands in operating systems of servers in a plurality of server clusters; for example, root permission commands in the operating system of each server in the server cluster A, B, C need to be managed centrally. Then, according to the configuration file format, the administrator modifies or adds the user right information in the configuration file and submits the user right information to an SVN (Subversion, which is an open source code version control system), the SVN further issues the user right information to a Cfengine (a Unix management tool) root node, the Cfengine root node further issues the user right information to a Cfengine secondary node, and the Cfengine secondary node issues the configuration file to each server in a server cluster communicating with the node.
The following description will be given by taking an example that a user a applies for a server a (10.0.0.1) authority in a server cluster a: after acquiring the latest configuration file/etc/sudoners information through the SVN, the administrator with root authority modifies or adds the authority information of the user A:
Cmnd_AliasCMD_CAT=/bin/cat
USERA10.0.0.1=rootNOPASSWD:CMD_CAT
which indicates the execution rights of user a to the root rights command/bin/cat owned by server a with IP address 10.0.0.1.
And the administrator submits the modified configuration file to the SVN, and the SVN sends the configuration file to each server in a server cluster communicated with the node through the Cfengine root node, each Cfengine secondary node and each Cfengine secondary node.
After the server A obtains the configuration file, the authorization operation is completed; after the user A logs in the operating system of the server A, the root authority command/bin/cat can be used according to the configuration file.
However, the inventor of the present invention finds that the system in the prior art also issues the configuration file to other servers; for other servers, the execution authority of the user A on the bin/cat owned by the server A, which is recorded in the configuration file, is redundant information; with the rapid increase of the number of servers needing centralized management and the increase of the number of users, redundant information recorded in configuration files will increase greatly, which causes resource waste.
Disclosure of Invention
The embodiment of the invention provides a user root authority centralized management system and a management method, which are used for saving resources in the user root authority centralized management system.
According to an aspect of the present invention, there is provided a root permission command centralized authorization system, including: an authorization management server, a data center, and a server cluster; wherein,
the authorization management server is used for generating a corresponding database operation statement after receiving user authority modification information input by an administrator with root authority; updating records in the authority information database of the data center according to the generated database operation statements;
after a user logs in and inputs a root authority command, a server in the server cluster generates a query condition according to a user name logged in by the user and sends a query request carrying the query condition to the data center; the data center returns the information of the user authority matched with the query condition in the authority information database as a query result according to the received query request; the server confirms whether the authority verification passes according to the returned query result; if the confirmation is passed, executing the input root authority command;
wherein, the user authority modification information comprises: modifying type and user authority information; the information of the user authority comprises: the user name used by the user, the server identification of the server that the user requests to authorize, and the name of the root permission command that the user requests to authorize the server.
According to another aspect of the present invention, there is also provided a root permission command centralized authorization method, including:
after a user logs in and inputs a root authority command, a server in the server cluster generates a query condition according to a user name logged in by the user, and sends a query request carrying the query condition to a data center;
the data center returns the information of the user authority matched with the query condition in the authority information database as a query result according to the received query request;
the server confirms whether the authority verification passes according to the returned query result; if the confirmation is passed, executing the input root authority command;
wherein the record in the authority information database of the data center is updated by an authorization management server: the authorization management server receives user authority modification information input by an administrator with root authority, and then generates corresponding database operation statements; and updating records in the authority information database of the data center according to the generated database operation statements.
In the embodiment of the invention, because the user authority information is stored in the data center, the data center uniformly manages the user root authority of each server in the server cluster, and all the user authority information is not required to be stored in the configuration file of each server as in the prior art; therefore, resources in the system are greatly saved, particularly storage resources of each server; the whole system can manage the user root authority of a larger server cluster more quickly and centrally at lower cost.
Drawings
FIG. 1 is a schematic diagram of a user root rights centralized management system in the prior art;
fig. 2a and 2b are schematic diagrams of a user root authority centralized management system according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for centralized authorization management of root rights of a user according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for performing centralized user root right verification on each server in a server cluster according to information stored in a data center in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings by way of examples of preferred embodiments. It should be noted, however, that the numerous details set forth in the description are merely for the purpose of providing the reader with a thorough understanding of one or more aspects of the present invention, which may be practiced without these specific details.
As used in this application, the terms "module," "system," and the like are intended to include a computer-related entity, such as but not limited to hardware, firmware, a combination of hardware and software, or software in execution. For example, a module may be, but is not limited to: a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. For example, an application running on a computing device and the computing device may both be a module. One or more modules may reside within a process and/or thread of execution and a module may be localized on one computer and/or distributed between two or more computers.
The inventor of the invention considers that the method for performing authority verification on the input command by using the configuration file is more suitable for the management of the root authority command of a single server after a user logs in the server; still adopt this method to manage the root authority command of the server cluster, then very inapplicable; therefore, in the embodiment of the invention, the execution authority of the user on the root authority command owned by each server is stored in the data center, and each server in the server cluster can communicate with the data center when performing authority verification on the command input by the user and perform authority verification according to the stored authority information; in this way, centralized authorization of the root permission command is also facilitated. Because the authority verification is mainly completed by the data center, each server does not need to store a large amount of configuration file information, and redundant information of the authority information of other servers does not exist, so that the resource of the centralized authorization system is greatly saved.
The technical solution of the embodiments of the present invention is described in detail below with reference to the accompanying drawings. As shown in fig. 2a, the system for centralized management of root rights of users provided in the embodiment of the present invention includes: an entitlement management server 201, a data center 202, and each server 203 in the server cluster.
The method flow of centralized authorization management of the user root authority of each server 203 in the server cluster through the authorization management server 201, as shown in fig. 3, includes the following steps:
s301: the entitlement management server 201 receives user entitlement modification information input by an administrator.
Specifically, the authorization management server 201 may have authority management software installed therein, and when an administrator with root authority runs the authority management software, the software may provide an input interface or a WEB page; and inputting user authority modification information through an input interface or a WEB page administrator. The user right modification information specifically includes: type of modification, and information of user rights.
Wherein, the modification type input by the administrator may include: add (add), delete (delete), and some other operation modification types, such as read (read), etc.
The information of the user authority input by the administrator includes: a user name used by a user, a server identifier of a server requested to be authorized by the user, and a name of a root authority command requested to be authorized by the user; the server identifier may specifically be an IP address of the server.
Preferably, according to the similarity of the user operations, the user names of the users with similar operations may be divided into the same user group, that is, one user group may include a plurality of user names; some root permission commands can be divided into a root permission command set, that is, one root permission command set can include the names of a plurality of root permission commands;
then, one method for inputting the information about the user authority more efficiently may be that the input information about the user authority may further include: the name of the user group, the server identification of the server for which the user of the user group requests authorization, and the name of the root permission command set for which the user of the user group requests authorization.
Further, the information of the user authority may further include: valid time of authorization, authorization remarks and the like.
S302: the authorization management server 201 generates a corresponding database operation statement according to the input user authority modification information.
Specifically, the authority management software in the authorization management server 201 invokes an API function corresponding to the modification type according to the input user authority modification information, and generates a corresponding database operation statement according to the information of the user authority in the input user authority modification information.
For example, for the add modification type, an API (application program interface) function for adding records is called, and a database operation statement for adding information of the user right in the input user right modification information is generated;
and for the delete modification type, calling an API (application program interface) function for deleting the record, and generating a database operation statement for deleting the user authority information in the input user authority modification information.
S303: the authorization management server 201 updates the record in the authority information database in the data center 202 according to the generated database operation statement.
Specifically, the information of the user authority is recorded in the authority information database of the data center 202; the entitlement management server 201 may update a record in the entitlement information database in the data center 202 according to the generated database operation statement. Preferably, the authorization management server 201 can update the records in the authority information database in the data center 202 by using Hive technology; the database operation statement generated in step S302 may specifically be a HiveSQL (structured query language) statement.
The authorization management server 201 sends a HiveSQL statement to a HiveServer of the data center; the HiveServer analyzes the data of the received HiveSQL request and performs corresponding database operation.
Preferably, the rights information database in the data center 202 may be an LDAP (lightweight directory access protocol) database.
As shown in fig. 4, the flowchart of the method for performing centralized user root authority verification on each server 203 in the server cluster according to the information stored in the data center includes the following steps:
s401: after the non-root user logs in, if the user inputs a root permission command, the server 203 receives the root permission command input by the user.
S402: the server 203 generates a query condition, sends a query request to the data center 202, and queries the authority information database in the data center 202; the query request carries the generated query condition.
In this step, the server 203 may generate a query condition according to the user name of the user login, and send a query request to the data center 202 according to the generated query condition; or,
the server 203 may also generate a query condition according to a user name logged in by the user and a server identifier of the server, and send a query request to the data center 202 according to the generated query condition; or,
the server 203 may also generate a query condition according to the user name logged in by the user, the name of the root authority command input, and the server identifier of the server, and send a query request to the data center 202 according to the generated query condition.
In fact, the authority verification mode and the network address of the data center 202 are configured in advance in the operating system of the server 203; according to the pre-configuration, after the user inputs a root permission command, the operating system queries a remote database for permission verification according to a configured permission verification mode instead of performing permission verification through a configuration file; and the pre-configured network address indicates the access address of the remote database. Accordingly, server 203 may send the generated query to data center 202 based on the preconfigured network address.
Querying a remote database for permission verification of a user's permission command is a technique well known to those skilled in the art; in fact, with the advent of NIS (network information service) and DNS (domain name system), finding user information and system information is not only done by searching for local files. Previously, user rights information could be obtained by viewing/etc/sudorer files, and a variety of ways to find such information are now available. For example, file/etc/nsswitch. conf (name service switching configuration) specifies which ways to go through and in what order to go through for a particular type of information. It may also specify what actions the system will take if a certain method works or fails. Conf in the file nsswitch.conf indicates how to search for information, such as root rights information. Conf may be configured as follows:
sudoersldap
therefore, after the user inputs the root permission command, the operating system queries the LDAP database of the remote database according to the configured permission verification mode to acquire the relevant information for permission verification. In the verification process, the operating system of the server 203 generally sends two or three query data requests to a remote database for querying related information; and the authority is verified according to the returned information. The first request is for resolving the global configuration (for controlling the verification authentication level); the second request is used for inquiring the information of the matched user; if no matching user is returned, a third request is used to query all data entries, checking if the user belongs to one of them.
S403: the server 203 confirms whether the authority verification passes according to the query result returned by the data center 202; if the confirmation is passed, executing step S404; otherwise, step S405 is executed.
If the query condition in the query request sent by the server 203 to the data center 202 is generated only according to the user name, the data center 202 queries the authority information database according to the query request, and then returns the information of the user authority matched with the user name in the query condition as a query result to the server 203; the server 203 searches whether the information of the user authority matched with the name of the input root authority command and the server identification of the server exists according to the query result; if yes, the confirmation is passed; otherwise, the verification is not passed.
If the query condition in the query request sent by the server 203 to the data center 202 is generated according to the user name and the server identifier of the server, the data center 202 queries the authority information database according to the query request, and then returns the information of the user authority matched with the user name and the server identifier in the query condition as a query result to the server 203; the server 203 searches whether the information of the user authority matched with the name of the input root authority command exists or not according to the query result; if yes, the confirmation is passed; otherwise, the verification is not passed.
If the query condition in the query request sent by the server 203 to the data center 202 is generated according to the user name, the name of the root authority command input, and the server identifier of the server, the data center 202 queries the authority information database according to the query request, and then returns the information of the user authority matched with the user name, the server identifier, and the name of the root authority command in the query condition as a query result to the server 203; if the query result received by the server 203 contains the information of the user authority, the user is confirmed to pass; otherwise, the verification is not passed.
S404: the server 203 executes the root permission command input by the user.
S405: the server 203 does not execute the root authority command input by the user and displays unauthorized information.
Preferably, if the system needs to manage a plurality of server clusters, the data center 202 in fig. 2a may specifically be as shown in fig. 2b, including: a master database server 211, and a plurality of slave database servers 212; each slave database server 212 is responsible for the centralized management of the user root rights of one server cluster, i.e. each server cluster is assigned one slave database server to communicate with. And the permission information database in each slave database server realizes synchronization with the permission information database in the master database server.
For a data center with a master-slave structure, in step S303, the authorization management server 201 updates records in the authority information database in the data center 202 according to the generated database operation statement, which specifically includes:
the authorization management server 201 updates the records in the authority information database in the main database server 211 according to the generated database operation statements;
after the master database server 211 completes the updating of the authority information database, the master database server 211 synchronizes the updated data to the authority information database of each slave database server 212; after the synchronization process is completed, each slave database server 212 stores therein a database having the same contents as the database of the master database server 211.
The method for performing centralized user root authority verification on the basis of the information stored in the slave database server by each server in the server cluster communicating with the slave database server 212 is the same as the method described in the above fig. 4, that is, in the above step S402, the server 203 queries the authority information database in the data center 202 according to the generated query condition, specifically: the server 203 queries the authority information database in the slave database server which is communicated with the server cluster where the server is located according to the generated query condition; and the network address of the slave database server is configured in advance in each server in the server cluster.
In the embodiment of the invention, because the user authority information is stored in the data center, the data center uniformly manages the user root authority of each server in the server cluster, and all the user authority information is not required to be stored in the configuration file of each server as in the prior art; therefore, resources in the system are greatly saved, particularly storage resources of each server; the whole system can manage the user root authority of a larger server cluster more quickly and centrally at lower cost.
Those skilled in the art will appreciate that all or part of the steps in the method for implementing the above embodiments may be implemented by relevant hardware instructed by a program, and the program may be stored in a computer readable storage medium, such as: ROM/RAM, magnetic disk, optical disk, etc.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that those skilled in the art can make various improvements and modifications without departing from the principle of the present invention, and these improvements and modifications should also be construed as the protection scope of the present invention.
Claims (10)
1. A centralized management system for root rights of users, comprising: an authorization management server, a data center, and a server cluster; wherein,
the authorization management server is used for receiving user authority modification information input by an administrator with root authority and then generating corresponding database operation statements; updating records in the authority information database of the data center according to the generated database operation statements;
after a user logs in and inputs a root authority command, a server in the server cluster generates a query condition according to a user name logged in by the user and sends a query request carrying the query condition to the data center; the data center returns the information of the user authority matched with the query condition in the authority information database as a query result according to the received query request; the server confirms whether the authority verification passes according to the returned query result; if the confirmation is passed, executing the input root authority command;
wherein, the user authority modification information comprises: modifying type and user authority information; the information of the user authority comprises: the user name used by the user, the server identification of the server that the user requests to authorize, and the name of the root permission command that the user requests to authorize the server.
2. The system of claim 1, wherein the server cluster is multiple, and the data center specifically includes: a master database server, and a plurality of slave database servers; each server cluster is allocated with a slave database server to communicate with; the authority information database in each slave database server is synchronous with the authority information database in the master database server; and
the authorization management server is specifically configured to update a record in the authority information database of the master database server according to the generated database operation statement.
3. The system of claim 1 or 2, wherein the information of the user authority further comprises: the name of the user group, the server identification of the server which is requested to be authorized by the user of the user group, and the name of the root permission command set which is requested to be authorized by the user of the user group; the user group comprises a plurality of user names, and the root permission command set comprises the names of a plurality of root permission commands.
4. A method for centralized management of user root authority comprises the following steps:
after a user logs in and inputs a root authority command, a server in the server cluster generates a query condition according to a user name logged in by the user, and sends a query request carrying the query condition to a data center;
the data center returns the information of the user authority matched with the query condition in the authority information database as a query result according to the received query request;
the server confirms whether the authority verification passes according to the returned query result; if the confirmation is passed, executing the input root authority command;
wherein the record in the authority information database of the data center is updated by an authorization management server: the authorization management server receives user authority modification information input by an administrator with root authority, and then generates corresponding database operation statements; updating records in the authority information database of the data center according to the generated database operation statements;
wherein the information of the user authority comprises: the user name used by the user, the server identification of the server that the user requests to authorize, and the name of the root permission command that the user requests to authorize the server.
5. The method of claim 4, wherein the server confirms whether the permission verification passes the specific steps of:
the server searches whether the information of the user authority matched with the name of the input root authority command and the server identification of the server exists or not according to the returned query result; if yes, the confirmation is passed; otherwise, the acknowledgement is not passed.
6. The method of claim 4, wherein the query further comprises: a server identifier of the server; and
the server confirms whether the authority verification passes according to the returned query result specifically as follows:
the server searches whether the information of the user authority matched with the name of the input root authority command exists or not according to the returned query result; if yes, the confirmation is passed; otherwise, the acknowledgement is not passed.
7. The method of claim 4, wherein the query further comprises: server identification of the server and name of the input root authority command; and
the server confirms whether the authority verification passes according to the returned query result specifically as follows:
if the query result received by the server contains the information of the user authority, the server is confirmed to pass; otherwise, the acknowledgement is not passed.
8. The method according to any one of claims 4 to 7, wherein the data center comprises in particular: a master database server, and a plurality of slave database servers; and
the server clusters are multiple, and each server cluster is distributed with a slave database server to communicate with the server clusters; and
the updating records in the authority information database of the data center according to the generated database operation statements specifically includes:
the authorization management server updates records in the authority information database in the main database server according to the generated database operation statements;
the master database server synchronizes the updated data to each slave database server; and
the query of the authority information database of the data center communicating with the server cluster by using the query condition is specifically as follows:
and the server in the server cluster queries the authority information database in the slave database server which is communicated with the server cluster in which the server is positioned by using the query condition.
9. The method of claim 8, wherein the information of the user authority further comprises: the name of the user group, the server identification of the server which is requested to be authorized by the user of the user group, and the name of the root permission command set which is requested to be authorized by the user of the user group; the user group comprises a plurality of user names, and the root permission command set comprises the names of a plurality of root permission commands.
10. The method of claim 9, wherein the generating of the corresponding database operation statement by the authorization management server after receiving the user right modification information input by the administrator with root right comprises:
and after receiving user permission modification information input by an administrator with root permission, the authorization management server calls an API function corresponding to the modification type in the user permission modification information and generates a corresponding database operation statement according to the user permission information in the user permission modification information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210557359.XA CN103067463B (en) | 2012-12-19 | 2012-12-19 | user root authority centralized management system and management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210557359.XA CN103067463B (en) | 2012-12-19 | 2012-12-19 | user root authority centralized management system and management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103067463A CN103067463A (en) | 2013-04-24 |
| CN103067463B true CN103067463B (en) | 2016-05-11 |
Family
ID=48109917
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210557359.XA Active CN103067463B (en) | 2012-12-19 | 2012-12-19 | user root authority centralized management system and management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067463B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103365685A (en) * | 2013-06-03 | 2013-10-23 | 深圳创维无线技术有限公司 | Super authority method and super authority device based on android |
| CN104243154B (en) | 2013-06-07 | 2018-07-06 | 腾讯科技(深圳)有限公司 | Server user's permission centralized control system and method |
| CN103826215B (en) * | 2014-02-11 | 2018-03-02 | 北京奇虎科技有限公司 | A kind of method and apparatus for carrying out Root authority management on the terminal device |
| CN105376203B (en) * | 2014-08-26 | 2019-11-05 | 阿里巴巴集团控股有限公司 | The processing method of interactive information, apparatus and system |
| CN104618486A (en) * | 2015-02-06 | 2015-05-13 | 浪潮电子信息产业股份有限公司 | Unified management method of multi-platform users of cluster storage system |
| CN105303119A (en) * | 2015-09-14 | 2016-02-03 | 浪潮集团有限公司 | Multi-data center privilege management method and system |
| CN105956457B (en) * | 2016-04-27 | 2018-11-13 | 四川秘无痕信息安全技术有限责任公司 | A method of it frequently executing root authority and operates and obtain real-time results feedback |
| CN107517124A (en) * | 2017-07-18 | 2017-12-26 | 交控科技股份有限公司 | Method and device based on Transmission Control Protocol Remote configuration Version Management Software SVN authorities |
| CN108563958B (en) * | 2018-04-17 | 2022-06-14 | 平安普惠企业管理有限公司 | Role permission updating method and device, computer equipment and storage medium |
| CN109359443A (en) * | 2018-09-07 | 2019-02-19 | 郑州云海信息技术有限公司 | An interface implementation method for editing locally authenticated users in a distributed block storage system |
| CN109522368A (en) * | 2018-09-28 | 2019-03-26 | 北京英视睿达科技有限公司 | A kind of method for managing user right and system |
| CN109543420B (en) * | 2018-09-29 | 2023-07-21 | 中国平安人寿保险股份有限公司 | Permission configuration method and device based on sud, electronic equipment and storage medium |
| CN109408593A (en) * | 2018-10-16 | 2019-03-01 | 国家电网有限公司 | A kind of data base management system, device and method |
| CN109784087A (en) * | 2018-12-13 | 2019-05-21 | 平安科技(深圳)有限公司 | Method, apparatus, medium and the electronic equipment of virtual platform user authority management |
| CN109711147B (en) * | 2019-01-02 | 2020-06-02 | 浪潮商用机器有限公司 | Separation management method, device, system and storage medium of operating system |
| CN112688983A (en) * | 2019-10-18 | 2021-04-20 | 顺丰科技有限公司 | Proxy right management device, terminal device and storage medium |
| CN110968568B (en) * | 2019-12-04 | 2023-08-18 | 常熟理工学院 | Database management system |
| CN111414423B (en) * | 2020-03-20 | 2023-07-25 | 北京金山云网络技术有限公司 | Method, device and server for operating MongoDB database |
| CN115348185B (en) * | 2022-08-19 | 2023-12-05 | 招银云创信息技术有限公司 | Control method and control device of distributed query engine |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170409A (en) * | 2006-10-24 | 2008-04-30 | 华为技术有限公司 | Method, system, service device and authentication server for realizing device access control |
| CN102088351A (en) * | 2009-12-08 | 2011-06-08 | 长春吉大正元信息技术股份有限公司 | Authorization management system and implementation method thereof |
| CN102088350A (en) * | 2009-12-08 | 2011-06-08 | 长春吉大正元信息技术股份有限公司 | Directory service-based authorization management system and implementation method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4968917B2 (en) * | 2006-07-28 | 2012-07-04 | キヤノン株式会社 | Authority management apparatus, authority management system, and authority management method |
-
2012
- 2012-12-19 CN CN201210557359.XA patent/CN103067463B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170409A (en) * | 2006-10-24 | 2008-04-30 | 华为技术有限公司 | Method, system, service device and authentication server for realizing device access control |
| CN102088351A (en) * | 2009-12-08 | 2011-06-08 | 长春吉大正元信息技术股份有限公司 | Authorization management system and implementation method thereof |
| CN102088350A (en) * | 2009-12-08 | 2011-06-08 | 长春吉大正元信息技术股份有限公司 | Directory service-based authorization management system and implementation method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103067463A (en) | 2013-04-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067463B (en) | user root authority centralized management system and management method | |
| JP7222036B2 (en) | Model training system and method and storage medium | |
| CN111698228B (en) | System access authority granting method, device, server and storage medium | |
| US10902016B2 (en) | Autonomous interdependent repositories | |
| CN110188573B (en) | Partition authorization method, partition authorization device, partition authorization equipment and computer readable storage medium | |
| US20110214165A1 (en) | Processor Implemented Systems And Methods For Using Identity Maps And Authentication To Provide Restricted Access To Backend Server Processor or Data | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| US7774472B2 (en) | System and method for cross-authoritative configuration management | |
| US8484309B2 (en) | Owner controlled access to shared data resource | |
| CN103685463A (en) | Access control method and system in cloud computing system | |
| CN111680041A (en) | Safe and efficient access method for heterogeneous data | |
| CN110457307B (en) | Metadata management system, user cluster creation method, device, equipment and medium | |
| CN111783050A (en) | Role and authority control system of website user | |
| CN115906178B (en) | Database management method, data subscription terminal and data publishing terminal | |
| CN111723401A (en) | Data access authority control method, device, system, storage medium and equipment | |
| CN118468320B (en) | Data authority control method and system | |
| Won et al. | Advanced resource management with access control for multitenant Hadoop | |
| CN117633090B (en) | Data interaction method, system, terminal and medium based on high-performance blockchain | |
| CN115203670A (en) | Service access processing method and device, computer readable medium and electronic equipment | |
| CN116842546B (en) | Distributed data access authorization and data service method and device, equipment, and medium | |
| KR101672962B1 (en) | Adaptive device software management system and management method of device software | |
| US11803569B2 (en) | Computer system and method for accessing user data that is distributed within a multi-zone computing platform | |
| KR20170125665A (en) | Semantic Information Management Method for a M2M/IoT platform | |
| CN113448775B (en) | Multi-source heterogeneous data backup method and device | |
| CN115599982A (en) | Data query method and device of hybrid cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230417 Address after: Room 501-502, 5/F, Sina Headquarters Scientific Research Building, Block N-1 and N-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193 Patentee after: Sina Technology (China) Co.,Ltd. Address before: 100080, International Building, No. 58 West Fourth Ring Road, Haidian District, Beijing, 20 floor Patentee before: Sina.com Technology (China) Co.,Ltd. |