CN106453395A - Hierarchical management method and system for cloud platform resource access authorities - Google Patents
Hierarchical management method and system for cloud platform resource access authorities Download PDFInfo
- Publication number
- CN106453395A CN106453395A CN201611007517.9A CN201611007517A CN106453395A CN 106453395 A CN106453395 A CN 106453395A CN 201611007517 A CN201611007517 A CN 201611007517A CN 106453395 A CN106453395 A CN 106453395A
- Authority
- CN
- China
- Prior art keywords
- role
- management
- security
- unit
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 114
- 238000000034 method Methods 0.000 claims abstract description 25
- 238000013475 authorization Methods 0.000 claims abstract description 13
- 238000012217 deletion Methods 0.000 claims description 7
- 230000037430 deletion Effects 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 description 9
- 238000000926 separation method Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 4
- 238000013507 mapping Methods 0.000 description 3
- 210000001519 tissue Anatomy 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 2
- BASFCYQUMIYNBI-UHFFFAOYSA-N platinum Chemical compound [Pt] BASFCYQUMIYNBI-UHFFFAOYSA-N 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 206010068052 Mosaicism Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 210000004027 cell Anatomy 0.000 description 1
- 239000003818 cinder Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 1
- 239000010931 gold Substances 0.000 description 1
- 229910052737 gold Inorganic materials 0.000 description 1
- 230000002401 inhibitory effect Effects 0.000 description 1
- 229910052697 platinum Inorganic materials 0.000 description 1
- 210000003765 sex chromosome Anatomy 0.000 description 1
- 238000013517 stratification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a hierarchical management method for cloud platform resource access authorities. The method comprises the steps of: dividing security levels of resources in a cloud platform, wherein the security levels are used for determining security protection strategies of different resources; determining content classes for the resources in the cloud platform; determining access authorities of a user to the resources according to the security levels and the content classes; and assigning one or more roles for the user from a role set according to the access authorities, wherein each of the one or more roles is used for determining the security level and content class which can be accessed by the user, and allocating dependency relations for the roles in the role set. The invention further discloses a hierarchical management system for cloud platform resource access authorities. The system comprises a security level division unit, a content class determination unit, an access authority determination unit, a role management unit and a hierarchical authorization management unit.
Description
Technical field
The present invention relates to cloud platform access authorization for resource management domain, and access more particularly, to a kind of cloud platform resource
The grading management method of authority and system.
Background technology
In July, 2010, OpenStack increases income cloud computing project by US National Aeronautics and Space Administration NASA (National
Aeronautics and Space Administrat ion, NASA) and Rackspace company jointly start.The whole world has now
More than 15000 developer and 135 countries participate in the exploitation of OpenStack jointly.OpenStack is to be developed with Python
, using Apache2.0 permission agreement, it is a free software and open source code project.OpenStack passes through multiple mutual
The service of contact is provided infrastructures and is serviced the cloud computing solution of (Infrastructure As A Service, IaaS) type
Certainly scheme.Connected each other by the API of respective REST style between each service.According to the demand of user, can select to pacify
The part or all of service of dress OpenStack, sets up publicly-owned or privately owned cloud storage service.OpenStack is currently acquired greatly
The support of amount hardware and software manufacturer, the platinum member of OpenStack foundation include AT&T, HP, IBM, Rackspace,
RedHat etc., gold member includes Cisco, Del l, Huawei, Intel, VMware, Yahoo!Etc..Because substantial amounts of tissue
With personal addition, the assembly of OpenStack, service and instrument in development rate and software quality all improve constantly, by
Gradually define a big ecosystem.
OpenStack mainly comprises 7 core projects:Calculate service Nova, network service Neutron, certified component
Keystone, object storage Swift, block storage Cinder, mirrored storage Glance and user mutual panel Dashboard.Its
Middle certified component keystone the user for OpenStack provide authentication and rights management, so that OpenStack's is each
Service can be safe and reliable work.It mainly comprises two functions:Management user and the authority of user, provide service
Catalogue and their end points URL.Following 3 are had with user-dependent key concept in Keystone identity authentication service:1. use
Family, represents the people accessing OpenStack cloud service or program;2. tenant, represents the resource set that can access in each service
Close, tenant can be tissue, consumer, a project, and tenant can comprise one or more users, in Swift
Middle resource is divided in units of tenant;3. role, represents the access authorization for resource that one group of user can access.Role be
Defined in Keystone, but concrete meaning is explained by the service executing operation.
The concept servicing correlation in Keystone has:1. service (Service), i.e. each serviced component of OpenStack,
As calculated service Nova, mirroring service Glance, object storage service Swift.Service typically can provide one or more access
Resource or the end points of execution operation;2. end points (Endpoint), is the accessing points that a service comes out, if necessary to access
One service is necessary for knowing its end points, typically one URL.Another very important concept of Keystone is token
(Token), token is other services and the resource accessing OpenStack.
Control is accessed based on the based role that tenant's Detailed Access Control Model of OpenStack cloud platform make use of standard
The basis of RBAC (Role-based Access Control, RBAC) model processed.Because it authorizes authority by role, will
Authority is separated with user, makes mandate work simple, flexible, and the mandate of role-security and maintenance are simple.Because in RBAC mould
In type, between role, there is hierarchical relationship, authority can be transmitted by the succession of role.This allow for manager without for
Each authority is authorized, and simplifies the maintenance of authority and authorizes.RBAC model adopts responsibility separation principle to protect simultaneously
The safety of card system.RBAC model separates the principle with dynamic duty separation using static responsibility.Static responsibility separate be for
User distributes the constraint limiting during role, and dynamic duty separation is the restriction in ession for telecommunication to role, and both mechanism makes
The restriction of role is more flexible, and especially dynamic duty separation constraint is more flexible, meets detached to responsibility in reality tissue wanting
Ask.The conflict that RBAC is not only solved using responsibility separation principle between role improves the safety of system simultaneously.In a word, base
In OpenStack cloud platform tenant's Detailed Access Control Model have the advantages that in terms of access control a lot, but when faced by
During user group's structure of substantial amounts of cloud platform user and complexity, the simple corresponding relation of user and tenant can not meet application
Need.For example there are two tenant A and B, if the user B in tenant B is added in tenant A, then this project is complete to user B
Open and use resource, user B changes and check appointing under tenant A without lower can the deletion that allow of other users in tenant A again
What resource.This has management potential safety hazard.It follows that the two-layer of user based on OpenStack cloud platform and tenant is thin
Granularity delineation of power method can not effectively cope with the mechanism of user group of complexity and substantial amounts of cloud platform user authority management shape
Condition.Accordingly, it would be desirable to delineation of power is carried out to the fine granularity in the current cloud platform tenant based on OpenStack.
Content of the invention
In order to solve the above problems, according to an aspect of the invention, it is provided a kind of cloud platform resource access rights
Grading management method, methods described includes:
Resource in cloud platform is divided level of security, described level of security is used for determining the safeguard protection plan of different resource
Slightly;
Determine content type for the resource in cloud platform;
The access rights for resource for the user are determined according to described level of security and content type;And
It is grouped as user according to described access rights from role and assign one or more roles, wherein said one or more
Each role in role is used for determining level of security and the content type that user is able to access that, and in described role set
Role distributes dependence.
Preferably, wherein access rights are divided at least 2 administrative units.
Preferably, wherein distribute rights management grade for each administrative unit, each administrative unit described includes:User
Collection, role set, authority set and constraint set.
Preferably, each administrative unit wherein said is the management interval of closing, and each administrative unit described has one
Single Component Management person and Single Component Management person can be managed to the authority of described Single Component Management person place administrative unit.
Preferably, wherein higher level role can inherit the authority of subordinate role.
Preferably, wherein said role's distribution includes:Role-security distribution and the distribution of Role Users group.
According to another aspect of the present invention, there is provided a kind of hierarchical management system of cloud platform resource access rights, institute
The system of stating includes:
Security classification unit, the resource in cloud platform is divided level of security, and described level of security is used for determining not
Security Techniques with resource;
Content type determining unit, is that the resource in cloud platform determines content type;
Rights management unit, for being managed to the access operating right of resource in cloud platform;
Access rights determining unit, determines the access right for resource for the user according to described level of security and content type
Limit;
Role Management unit, for being managed to the increase of role, deletion, modification and search operation;And
Graduation authorization management unit, is grouped as user according to described access rights from role and assigns one or more roles,
Each role in wherein said one or more role is used for determining level of security and the content type that user is able to access that, and
And distribute dependence for the role in described role set.
Preferably, wherein access rights are divided at least 2 administrative units.
Preferably, wherein distribute rights management grade for each administrative unit, each administrative unit described includes:User
Collection, role set, authority set and constraint set.
Preferably, each administrative unit wherein said is the management interval of closing, and each administrative unit described has one
Single Component Management person and Single Component Management person can be managed to the authority of described Single Component Management person place administrative unit.
Preferably, wherein higher level role can inherit the authority of subordinate role.
Preferably, wherein said role's distribution includes:Role-security distribution and the distribution of Role Users group.
The beneficial effects of the present invention is:
1. the concept by introducing role achieves the logical separation of user and authority, provides one kind from group to manager
Knit the effective way that angle carries out Modeling with Security, significantly reduce the burden of rights management. for user role distribution and revocation
And rights management security hidden trouble present in role authorization process, with the addition of the management process of role's distribution, in distribution
In the licensing process of revocation role, whole process is monitored manage, the illegal behaviour of licensing process can be found in real time
Make.
2., by the administrative unit of hierarchical structure, authority and user are assigned in administrative units at different levels so that each manage
The reason a part of user of Single Component Management and authority, it is achieved thereby that the graduation authorization management to user and authority.Graduation authorization management
On the one hand reduce the complexity of empowerment management operation, the empowerment management operation that traditional RBAC model camber is concentrated is distributed to
In each administrative unit;On the other hand, graduation authorization management is restricted to Admin Administration's authority, eliminates original authority pipe
Super keepe in reason system, the substitute is the managers at different levels in management on levels unit, the authority to manager
Abuse serves some inhibitory action.
Brief description
By reference to the following drawings, the illustrative embodiments of the present invention can be more fully understood by:
Fig. 1 is the flow chart of the management method 100 according to embodiment of the present invention;
Fig. 2 is the structural representation of the management system 200 according to embodiment of the present invention;
Fig. 3 is the structural representation of the administrative unit according to embodiment of the present invention;And
Fig. 4 is the structural representation of the access control system according to embodiment of the present invention.
Specific embodiment
With reference now to accompanying drawing, introduce the illustrative embodiments of the present invention, however, the present invention can be with many different shapes
Formula is implementing, and is not limited to embodiment described herein, provides these embodiments to be at large and fully disclose
The present invention, and fully pass on the scope of the present invention to person of ordinary skill in the field.For showing of being illustrated in the accompanying drawings
Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached
Icon is remembered.
Unless otherwise stated, term (inclusion scientific and technical terminology) used herein has to person of ordinary skill in the field
Common understand implication.Further it will be understood that the term being limited with the dictionary that is usually used is it should be understood to and it
The linguistic context of association area has consistent implication, and is not construed as Utopian or excessively formal meaning.
Present invention is primarily based on OpenStack cloud computing platform, can not meet for resource and the simple corresponding relation of user
Application demand problem is it is proposed that a kind of grading management method of cloud platform resource access rights and system.
Fig. 1 is the flow chart of the management method 100 according to embodiment of the present invention.As shown in figure 1, methods described 100 from
Step 101 place starts, and in step 101, the resource in cloud platform is divided level of security, and described level of security is used for determining difference
The Security Techniques of resource.
Preferably, the resource in step 102 is for cloud platform determines content type.For example, content type is video, music
And text.
Preferably, in step 103, the access rights for resource for the user are determined according to described level of security and content type.
Preferably, it is grouped as user according to described access rights from role in step 104 and assign one or more roles, its
Described in each role in one or more roles be used for determining level of security and the content type that user is able to access that, and
For the role's distribution dependence in described role set.Preferably, wherein access rights are divided at least 2 administrative units.
Preferably, wherein distribute rights management grade for each administrative unit, each administrative unit described includes:User's collection, role set,
Authority set and constraint set.Preferably, each administrative unit wherein said is the management interval of closing, described each administrative unit tool
There is a Single Component Management person and Single Component Management person can be managed to the authority of described Single Component Management person place administrative unit.
Preferably, wherein higher level role can inherit the authority of subordinate role.Preferably, wherein said role's distribution includes:Role weighs
Limit distribution and the distribution of Role Users group.
Fig. 2 is the structural representation of the management system 200 according to embodiment of the present invention.As shown in Fig. 2 described management system
System 200 includes:Security classification unit 201, content type determining unit 202, rights management unit 203, access rights are true
Order unit 204, Role Management unit 205 and graduation authorization management unit 206.Preferably, will in security classification unit 201
Resource in cloud platform divides level of security, and described level of security is used for determining the Security Techniques of different resource.
Preferably, the resource in content type determining unit 202 is for cloud platform determines content type.
Preferably, in rights management unit 203 is to cloud platform, the access operating right of resource is managed.First, base
Introduce the concept of role in fine-grained right management method in the OpenStack tenant, the access rights of resource are distributed to
Role, simplifies the management of authority by distributing the inheritance between role and role to user.Rights management unit pair
In OpenStack cloud platform, the access operation of resource is divided, and the main authority information that includes is inquired about, added authority, deletes power
Several functional modules such as limit, modification authority information.In OpenStack cloud platform, a resource operation corresponds to an access right
Limit, the corresponding relation of this resource operation and access rights is realized in configuration file.Authority is added, deletes, changes
Deng operating process, be equivalent to authority configuration that the resource in OpenStack cloud platform is conducted interviews.In the present invention, by means of
This main body of role, to manage the system resource access authority positioned at each application layer using role this " intermediary ", to greatly improve
The efficiency of management, reduces the complexity of empowerment management, reduces administration overhead, and can also for manager provide one relatively good
Management environment.Strong rights management is necessary to the safety of guarantee cloud platform.Rights management is to solve cloud platform peace
Full sex chromosome mosaicism provides important leverage.
Preferably, determine user for money in access rights determining unit 204 according to described level of security and content type
The access rights in source.
Preferably, in Role Management unit 205, increase, deletion, modification and the search operation of role are managed.Role
Administrative unit is to enter row constraint to fine-granularity access control in OpenStack tenant.Role Management be the increase of role, modification,
The management of the operations such as deletion, by Role Management indirect control user right.Role Management is mapped in tenant, and each user can
To give some roles, the different authority of each role distribution.Clearly, role can inherit role hierarchy upwards.For example
Role A is the upper strata role of role B and role C, then role A inherits the authority of role B and role C, and awards without Repeated-Role
Power mapping process.Based on the concept employing role in Detailed Access Control Model in OpenStack cloud platform tenant, but simultaneously
It is not carried out the content in RBAC access control model, role is managed.Role Management unit complete user and authority it
Between mapping and bridge beam action.Just because of the importance of Role Management mechanism, therefore by role original to OpenStack
Administrative mechanism is extended improving can reach application requirement.
Preferably, it is grouped as user according to described access rights from role in graduation authorization management unit 206 and assign one
Or multiple role, each role in wherein said one or more roles be used for determining level of security that user is able to access that and
Content type, and distribute dependence for the role in described role set.Preferably, wherein access rights are divided at least
2 administrative units.Preferably, wherein distribute rights management grade for each administrative unit, each administrative unit described includes:With
Family collection, role set, authority set and constraint set.Preferably, each administrative unit wherein said is the management interval of closing, described every
Individual administrative unit has a Single Component Management person and Single Component Management person can be to described Single Component Management person place administrative unit
Authority is managed.Preferably, wherein higher level role can inherit the authority of subordinate role.Preferably, wherein said role divides
Join including:Role-security distribution and the distribution of Role Users group.
The concept introducing administrative unit (Administration Unit) in RBAC model is relative with actual tenant's structure
Should, and authorities various in system are divided in each administrative unit on demand, each administrative unit has a Single Component Management
Member, only this Single Component Management member can be managed to the authority of this administrative unit, such as the establishment of role and role-security
Authorize and cancel. and formulate corresponding role and distribute to corresponding user, thus forming the administration by different levels structure to authority, to upper
The manager of level administrative unit can not directly participate in the rights management of subordinate's administrative unit so that the direct manager of unit has one
Fixed autonomy.Fig. 3 is the structural representation of the administrative unit according to embodiment of the present invention.As shown in Figure 3, shown management is single
Unit includes:User's collection, role set, authority set and constraint set.Administrative unit is substantially the set of a management object.Management is single
Adopt RBAC hierarchical model in unit, realize the management of role and the distribution of authority, in each administrative unit, have a basis
Role, this role is the sub- role of all roles in this unit, and that is, in this unit, all roles must inherit this role.?
In graduation authorization management module, administrative unit is that the management of a closing is interval, determines a gerentocratic range of management.Cause
This, how to divide administrative unit is a key issue.We adopt a kind of administrative unit of tree structure, by user and authority
It is divided in administrative units at different levels according to application demand, and corresponding constraint is set in each administrative unit.In other words, lead to
User in traditional RBAC model, authority and constraint are carried out classifying rationally by the administrative unit crossing stratification so that system
Interior all management works are distributed in each administrative unit, realize distributed management.Graduation authorization management, manager respectively takes charge of it
Duty, upper management person can control subordinate's management but direct management of not bypassing the immediate leadership, and meets modern management concept.
Fig. 4 is the structural representation of the access control system according to embodiment of the present invention.As shown in figure 4, described system
Including:Client expression layer, application service layer data layer.Wherein, application service layer is made up of one or more server;Should
Layer has good autgmentability.Wherein, the major function of user management module is that user to OpenStack cloud platform enters line pipe
Reason, including functions such as the establishment of user, deletion, inquiries;The major function of authority management module is to OpenStack cloud platform
Resources use right limit is managed, and the resource registering of OpenStack cloud platform is become different access control rights, right to realize
The rights management of OpenStack cloud platform resource;The major function of Role Management this module of module is to Subscriber Management System
Role is managed, including functions such as the establishment of role, deletions.Achieve the mapping assigning process of authority and role, and complete
The functional realiey that the succession of role, mutual exclusion restriction, radix limit;The major function of entitlement management module defines authority and angle
The strategy that color should be followed in distribution licensing process, due to administrative units at different levels administrative section authority respectively, and administrative power
Limit can not extend to bottom-ranked unit, thus the overlapping problem with management of bypassing the immediate leadership of administration authority overcoming traditional RBAC.
The present invention is described by reference to a small amount of embodiment.However, known in those skilled in the art, as
Subsidiary Patent right requirement is limited, except present invention others disclosed above embodiment equally falls the present invention's
In the range of.
Normally, all terms using in the claims are all solved in the usual implication of technical field according to them
Release, unless in addition clearly defined wherein.All of reference "/described/be somebody's turn to do [device, assembly etc.] " is all opened ground
It is construed at least one of described device, assembly etc. example, unless otherwise expressly specified.Any method disclosed herein
Step all need not be run with disclosed accurate order, unless explicitly stated otherwise.
Claims (12)
1. a kind of grading management method of cloud platform resource access rights, methods described includes:
Resource in cloud platform is divided level of security, described level of security is used for determining the Security Techniques of different resource;
Determine content type for the resource in cloud platform;
The access rights for resource for the user are determined according to described level of security and content type;And
It is grouped as user according to described access rights from role and assign one or more roles, wherein said one or more roles
In each role be used for determining level of security and the content type that user is able to access that, and for the role in described role set
Distribution dependence.
2. access rights are wherein divided at least 2 administrative units by method according to claim 1.
3. method according to claim 2, wherein distributes rights management grade, each management described for each administrative unit
Unit includes:User's collection, role set, authority set and constraint set.
4. method according to claim 3, each administrative unit wherein said is that the management of closing is interval, each pipe described
Reason unit has a Single Component Management person and Single Component Management person can be to the authority of described Single Component Management person place administrative unit
It is managed.
5. method according to claim 1, wherein higher level role can inherit the authority of subordinate role.
6. method according to claim 1, wherein said role's distribution includes:Role-security distribution and Role Users component
Join.
7. a kind of hierarchical management system of cloud platform resource access rights, described system includes:
Security classification unit, the resource in cloud platform is divided level of security, and described level of security is used for determining different moneys
The Security Techniques in source;
Content type determining unit, is that the resource in cloud platform determines content type;
Rights management unit, for being managed to the access operating right of resource in cloud platform;
Access rights determining unit, determines the access rights for resource for the user according to described level of security and content type;
Role Management unit, for being managed to the increase of role, deletion, modification and search operation;And
Graduation authorization management unit, is grouped as user according to described access rights from role and assigns one or more roles, wherein
Each role in one or more of roles is used for determining level of security and the content type that user is able to access that, and is
Role's distribution dependence in described role set.
8. access rights are wherein divided at least 2 administrative units by system according to claim 7.
9. system according to claim 8, wherein distributes rights management grade, each management described for each administrative unit
Unit includes:User's collection, role set, authority set and constraint set.
10. system according to claim 9, each administrative unit wherein said is that the management of closing is interval, described each
Administrative unit has a Single Component Management person and Single Component Management person can be to the power of described Single Component Management person place administrative unit
Limit is managed.
11. systems according to claim 7, wherein higher level role can inherit the authority of subordinate role.
12. systems according to claim 7, wherein said role's distribution includes:Role-security distribution and Role Users group
Distribution.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611007517.9A CN106453395A (en) | 2016-11-16 | 2016-11-16 | Hierarchical management method and system for cloud platform resource access authorities |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611007517.9A CN106453395A (en) | 2016-11-16 | 2016-11-16 | Hierarchical management method and system for cloud platform resource access authorities |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106453395A true CN106453395A (en) | 2017-02-22 |
Family
ID=58208066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611007517.9A Pending CN106453395A (en) | 2016-11-16 | 2016-11-16 | Hierarchical management method and system for cloud platform resource access authorities |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106453395A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070946A (en) * | 2017-05-19 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | The cloud storage system realized based on openstack |
| CN107301354A (en) * | 2017-06-27 | 2017-10-27 | 北京微影时代科技有限公司 | A kind of System right management method and device |
| CN107679749A (en) * | 2017-09-30 | 2018-02-09 | 新奥(中国)燃气投资有限公司 | The measures and procedures for the examination and approval and Current Authorization Management Platform of a kind of authority application |
| CN107864211A (en) * | 2017-11-17 | 2018-03-30 | 中国联合网络通信集团有限公司 | Cluster resource dispatching method and system |
| CN108376271A (en) * | 2018-01-18 | 2018-08-07 | 南京信息工程大学 | A kind of workbench operating right control system based on cloud platform |
| CN108769049A (en) * | 2018-06-08 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of method and server synchronizing user right to openstack |
| CN109636704A (en) * | 2018-12-21 | 2019-04-16 | 湖北省楚天云有限公司 | A kind of configuration method and equipment of the resource of government affairs cloud computing platform |
| CN109756527A (en) * | 2017-11-01 | 2019-05-14 | 阿里巴巴集团控股有限公司 | Data sharing method, apparatus and system |
| CN109862001A (en) * | 2019-01-23 | 2019-06-07 | 中国电子科技集团公司电子科学研究院 | Multi-level rights management method based on cloud management platform |
| CN111125676A (en) * | 2019-12-23 | 2020-05-08 | 北京百度网讯科技有限公司 | Joint authorization method and apparatus |
| CN111556005A (en) * | 2019-12-31 | 2020-08-18 | 远景智能国际私人投资有限公司 | Authority management method, device, electronic equipment and storage medium |
| CN111881427A (en) * | 2020-05-13 | 2020-11-03 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Authorization method and device in railway engineering management system |
| CN112187769A (en) * | 2020-09-23 | 2021-01-05 | 中国核动力研究设计院 | Authority management system for nuclear power plant security level DCS |
| CN112230832A (en) * | 2020-10-14 | 2021-01-15 | 浪潮云信息技术股份公司 | Hierarchical management system of cross-organization users |
| CN112748983A (en) * | 2020-12-29 | 2021-05-04 | 中国人寿保险股份有限公司上海数据中心 | OpenStack-based virtual private cloud system and construction method thereof |
| CN114036480A (en) * | 2022-01-07 | 2022-02-11 | 北京悦游信息技术有限公司 | Security access control method and system for private application and readable storage medium |
| CN115544488A (en) * | 2022-09-30 | 2022-12-30 | 招商局金融科技有限公司 | Project cloud authority management method, device, electronic equipment and storage medium |
| CN116599700A (en) * | 2023-04-20 | 2023-08-15 | 南京航空航天大学 | Access control authorization method based on security context and resource hierarchy |
| CN116781329A (en) * | 2023-05-26 | 2023-09-19 | 内蒙古达闻电子科技有限责任公司 | Internet-based data security access system and method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030229623A1 (en) * | 2002-05-30 | 2003-12-11 | International Business Machines Corporation | Fine grained role-based access to system resources |
| CN101453475A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Authentication management system and method |
| CN102571745A (en) * | 2011-11-16 | 2012-07-11 | 烽火通信科技股份有限公司 | User access authority management method aiming at large capacity of objects |
| CN103107899A (en) * | 2011-11-10 | 2013-05-15 | 天津市国瑞数码安全系统有限公司 | Separation-of-three-powers hierarchical authorization management system and method thereof |
| CN104050401A (en) * | 2013-03-12 | 2014-09-17 | 腾讯科技(深圳)有限公司 | User permission management method and system |
| CN104579726A (en) * | 2013-10-16 | 2015-04-29 | 航天信息股份有限公司 | Method and device for managing network resource use permission of user |
-
2016
- 2016-11-16 CN CN201611007517.9A patent/CN106453395A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030229623A1 (en) * | 2002-05-30 | 2003-12-11 | International Business Machines Corporation | Fine grained role-based access to system resources |
| CN101453475A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Authentication management system and method |
| CN103107899A (en) * | 2011-11-10 | 2013-05-15 | 天津市国瑞数码安全系统有限公司 | Separation-of-three-powers hierarchical authorization management system and method thereof |
| CN102571745A (en) * | 2011-11-16 | 2012-07-11 | 烽火通信科技股份有限公司 | User access authority management method aiming at large capacity of objects |
| CN104050401A (en) * | 2013-03-12 | 2014-09-17 | 腾讯科技(深圳)有限公司 | User permission management method and system |
| CN104579726A (en) * | 2013-10-16 | 2015-04-29 | 航天信息股份有限公司 | Method and device for managing network resource use permission of user |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070946A (en) * | 2017-05-19 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | The cloud storage system realized based on openstack |
| CN107301354A (en) * | 2017-06-27 | 2017-10-27 | 北京微影时代科技有限公司 | A kind of System right management method and device |
| CN107679749A (en) * | 2017-09-30 | 2018-02-09 | 新奥(中国)燃气投资有限公司 | The measures and procedures for the examination and approval and Current Authorization Management Platform of a kind of authority application |
| CN107679749B (en) * | 2017-09-30 | 2021-05-25 | 新奥(中国)燃气投资有限公司 | Authority application approval method and authorization management platform |
| CN109756527A (en) * | 2017-11-01 | 2019-05-14 | 阿里巴巴集团控股有限公司 | Data sharing method, apparatus and system |
| CN107864211A (en) * | 2017-11-17 | 2018-03-30 | 中国联合网络通信集团有限公司 | Cluster resource dispatching method and system |
| CN107864211B (en) * | 2017-11-17 | 2019-09-10 | 中国联合网络通信集团有限公司 | Cluster resource dispatching method and system |
| CN108376271A (en) * | 2018-01-18 | 2018-08-07 | 南京信息工程大学 | A kind of workbench operating right control system based on cloud platform |
| CN108376271B (en) * | 2018-01-18 | 2020-12-01 | 南京信息工程大学 | A workbench operation authority control system based on cloud platform |
| CN108769049A (en) * | 2018-06-08 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of method and server synchronizing user right to openstack |
| CN109636704A (en) * | 2018-12-21 | 2019-04-16 | 湖北省楚天云有限公司 | A kind of configuration method and equipment of the resource of government affairs cloud computing platform |
| CN109862001A (en) * | 2019-01-23 | 2019-06-07 | 中国电子科技集团公司电子科学研究院 | Multi-level rights management method based on cloud management platform |
| CN111125676A (en) * | 2019-12-23 | 2020-05-08 | 北京百度网讯科技有限公司 | Joint authorization method and apparatus |
| CN111125676B (en) * | 2019-12-23 | 2022-06-03 | 北京百度网讯科技有限公司 | Joint authorization method and device |
| CN111556005A (en) * | 2019-12-31 | 2020-08-18 | 远景智能国际私人投资有限公司 | Authority management method, device, electronic equipment and storage medium |
| CN111556005B (en) * | 2019-12-31 | 2023-08-08 | 远景智能国际私人投资有限公司 | Authority management method, device, electronic equipment and storage medium |
| CN111881427A (en) * | 2020-05-13 | 2020-11-03 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Authorization method and device in railway engineering management system |
| CN111881427B (en) * | 2020-05-13 | 2024-05-28 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Authorization method and device in railway engineering management system |
| CN112187769A (en) * | 2020-09-23 | 2021-01-05 | 中国核动力研究设计院 | Authority management system for nuclear power plant security level DCS |
| CN112230832A (en) * | 2020-10-14 | 2021-01-15 | 浪潮云信息技术股份公司 | Hierarchical management system of cross-organization users |
| CN112748983A (en) * | 2020-12-29 | 2021-05-04 | 中国人寿保险股份有限公司上海数据中心 | OpenStack-based virtual private cloud system and construction method thereof |
| CN114036480A (en) * | 2022-01-07 | 2022-02-11 | 北京悦游信息技术有限公司 | Security access control method and system for private application and readable storage medium |
| CN114036480B (en) * | 2022-01-07 | 2022-04-12 | 北京悦游信息技术有限公司 | Security access control method and system for private application and readable storage medium |
| CN115544488A (en) * | 2022-09-30 | 2022-12-30 | 招商局金融科技有限公司 | Project cloud authority management method, device, electronic equipment and storage medium |
| CN116599700A (en) * | 2023-04-20 | 2023-08-15 | 南京航空航天大学 | Access control authorization method based on security context and resource hierarchy |
| CN116781329A (en) * | 2023-05-26 | 2023-09-19 | 内蒙古达闻电子科技有限责任公司 | Internet-based data security access system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106453395A (en) | Hierarchical management method and system for cloud platform resource access authorities | |
| CN109643242B (en) | Security design and architecture for multi-tenant HADOOP clusters | |
| CN111431843B (en) | Access control method based on trust and attribute in cloud computing environment | |
| CN111259378B (en) | Multi-tenant management system and implementation method thereof | |
| CN103139159B (en) | Secure communication between virtual machine in cloud computing framework | |
| CN100458813C (en) | Method for role-based access control model with precise access control strategy | |
| CN104537488A (en) | Enterprise-level information system function authority unified management method | |
| CN109981552B (en) | A method and device for assigning rights | |
| EP2021935A1 (en) | Translating role-based access control policy to resource authorization policy | |
| CA2894894A1 (en) | Computer-implemented method, system and computer program product for deploying an application on a computing resource | |
| CN110941856A (en) | Data differential privacy protection sharing platform based on block chain | |
| CN106230818A (en) | A kind of resource authorization method of information management system | |
| US20040088563A1 (en) | Computer access authorization | |
| CN111581635B (en) | Data processing method and system | |
| WO2010028583A1 (en) | Method and apparatus for managing the authority in workflow component based on authority component | |
| CN102073817A (en) | Dynamic access control improvement method on basis of RBAC (Role-Based policies Access Control) model | |
| CN110135146B (en) | Database authority management method | |
| CN105653962B (en) | A kind of user role access authorization for resource model management method of object-oriented | |
| KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment | |
| CN108268782A (en) | The meeting mechanism of based role permission control | |
| ES3021011T3 (en) | Method for operating a network, and computer program product | |
| CN110691099B (en) | System and method for realizing cascade authorization under micro-service architecture | |
| CN109063439A (en) | A kind of user authority control method and system for Spark SQL | |
| Singh | Study on cloud computing and cloud database | |
| Obelheiro et al. | Role-based access control for CORBA distributed object systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |