CN112989293B - Permission configuration method and device for IPMI user - Google Patents
Permission configuration method and device for IPMI user Download PDFInfo
- Publication number
- CN112989293B CN112989293B CN202110296666.6A CN202110296666A CN112989293B CN 112989293 B CN112989293 B CN 112989293B CN 202110296666 A CN202110296666 A CN 202110296666A CN 112989293 B CN112989293 B CN 112989293B
- Authority
- CN
- China
- Prior art keywords
- permission
- sub
- user
- group
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 108010028984 3-isopropylmalate dehydratase Proteins 0.000 title claims abstract 17
- 230000004044 response Effects 0.000 claims abstract description 32
- 238000012795 verification Methods 0.000 claims description 10
- 238000003745 diagnosis Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a permission configuration method and a permission configuration device for an IPMI user, wherein the permission configuration method comprises the following steps: reading and verifying user authority information from an external storage device; extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user; selectively adding each main permission group as a user of a sub permission group to each sub permission group based on the enabling state of each main permission group to each sub permission group in the user permission information; the specific operation is selectively permitted based on whether the IPMI user is in the master permission group or not in a sub permission group related to the specific operation in response to the IPMI user in the master permission group requesting the specific operation based on the IPMI protocol. The invention can improve the logic execution efficiency and safety and stability of authority configuration and inquiry.
Description
Technical Field
The present invention relates to the field of configuration, and in particular, to a method and an apparatus for configuring an authority of an IPMI user.
Background
In view of the requirements of security consideration and field monitoring and maintenance, the IPMI protocol defines the concept of an IPMI user, that is, if corresponding information needs to be acquired from the BMC through an IPMI instruction, a corresponding user name and a password need to be provided for authentication, and only the user who passes the authentication can acquire the right corresponding to the user and perform related operations within the right range. Currently, the User's permission defined in the IPMI protocol includes administeror, Operatoer, User, etc., where administeror has the highest permission and can operate all functions in the BMC.
In consideration of the fact that the several permission levels defined in the BMC are large in granularity and cannot meet actual requirements of field clients, User permissions are refined in customization requirements of the clients at present, and multiple permissions are refined aiming at an Administrator, an Operator and a User respectively to meet the customization requirements of the clients. If a configuration file is created, details of the administeror, Operator, and User rights are recorded in the configuration file, such as the enabled and disabled states of multiple sub-rights of the administeror. When an external user configures the sub-authority of the related authority, updating the configuration information into a configuration file; when the sub-authority of the related authority is inquired, the sub-authority is obtained from the configuration file and then returned to the inquiring user; when the sub-authority of the authority is used, the corresponding sub-authority of the user authority is directly read from the configuration file, and then whether the related operation is allowed to be executed or not is judged according to the enabling and disabling state of the sub-authority.
The method needs a programmer to realize all logic codes, including inquiry, configuration and judgment logic of sub-rights, design and initialization of configuration files, and has the advantages of large workload, high code redundancy and relatively low execution efficiency; meanwhile, all code logics are completed by a programmer, so that the bug introduction probability is improved to a great extent, the stability of engineering operation is influenced, especially for a crucial parameter of user authority, once a problem occurs, a user cannot normally operate, log in and monitor, and a series of safety problems are introduced seriously, and under the background of crucial current safety, service information leakage and damage of malicious persons are easily caused; in addition, the configuration file is used as a storage medium for user permission refinement, and when a BMC (baseboard management controller) image is updated, especially when erasing and writing refreshing are carried out on Flash of the BMC in band, the configuration file is lost and restored to an initial state, so that configured user permission information is lost.
Aiming at the problems of complex and redundant permission configuration means, instability and insecurity and easy loss of configuration information in the prior art, no effective solution is available at present.
Disclosure of Invention
In view of this, an embodiment of the present invention provides an authority configuration method and an authority configuration device for an IPMI user, which can improve logic execution efficiency and security stability of authority configuration and query.
Based on the above object, a first aspect of the embodiments of the present invention provides a method for configuring an authority of an IPMI user, including the following steps:
reading and verifying user authority information from an external storage device;
extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user;
selectively adding each main permission group as a user of a sub permission group to each sub permission group based on the enabling state of each main permission group to each sub permission group in the user permission information;
the specific operation is selectively permitted based on whether the IPMI user is in the master permission group or not in a sub permission group related to the specific operation in response to the IPMI user in the master permission group requesting the specific operation based on the IPMI protocol.
In some embodiments, the user right information includes group information of a plurality of master right groups, and each group information includes at least one of the following of the corresponding master right group: name, number, enablement status with respect to each sub-permission group, check code.
In some embodiments, verifying the user entitlement information comprises: determining a check bit based on the name, number, and encoded value of the enable state with respect to each sub-permission group of the particular master permission group; and determining that the verification of the specific main permission group is successful in response to the verification bit being equal to the verification code of the specific main permission group, and determining that the verification of the user permission information is successful in response to each main permission group being successful.
In some embodiments, the method further comprises: and in response to the user right information not being read or not being successfully verified, using a pre-specified default right configuration as the user right information.
In some embodiments, the plurality of master rights groups includes at least one of: administrators, operators, general users, equipment manufacturers; the plurality of sub-permission groups include at least one of: inquiry authority, configuration authority, KVM authority, Rmedia authority, safety management authority, user-defined authority, power control authority and fault diagnosis authority.
In some embodiments, selectively adding each master permission group as a user of a sub permission group to each sub permission group includes performing the following steps for each master permission group and each sub permission group respectively, based on an enabled state of each master permission group for each sub permission group in the user permission information:
in response to the enablement status of the master permission group for a sub permission group being enabled, adding the master permission group to the sub permission group as a user identity;
the enabling state of the main permission group for a sub permission group is disabled without performing any addition operation.
In some embodiments, respectively covertly creating a plurality of sub-permission groups that do not include any user includes, for each sub-permission group, respectively performing the following steps:
judging whether the sub-permission group exists by using system call;
creating a sub-permission group directly in response to the sub-permission group not existing;
all users in the sub-permission group are cleared in response to the sub-permission group already existing.
In some embodiments, selectively allowing the specific operation based on whether the IPMI user is in the master permission group is in a sub permission group related to the specific operation includes:
judging whether the main authority group where the IPMI user is located is in a sub-authority group related to specific operation or not by using system call;
allowing the particular operation in response to the master permission group being in the sub-permission group;
in response to the master permission set not being in the sub-permission set, the particular operation is denied.
In some embodiments, the external storage device includes a non-volatile memory that operates independently of the baseboard management controller, the non-volatile memory storing user rights information in a configured file format and unaffected when the baseboard management controller is flash refreshed.
A second aspect of an embodiment of the present invention provides an apparatus, including:
an external storage device storing user authority information; and
a baseboard management controller electrically connected to an external storage device and storing program code executable by the baseboard management controller, the program code, when executed, performing the following steps:
reading and verifying user authority information from an external storage device;
extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user;
selectively adding each main permission group as a user of a sub permission group to each sub permission group based on the enabling state of each main permission group to each sub permission group in the user permission information;
the specific operation is selectively permitted based on whether the IPMI user is in the master permission group or not in a sub permission group related to the specific operation in response to the IPMI user in the master permission group requesting the specific operation based on the IPMI protocol.
The invention has the following beneficial technical effects: according to the permission configuration method and device for the IPMI user, provided by the embodiment of the invention, the user permission information is read and verified from the external storage equipment; extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user; selectively adding each main permission group as a user of a sub permission group to each sub permission group based on the enabling state of each main permission group to each sub permission group in the user permission information; the technical scheme that the specific operation is selectively allowed based on whether the main authority group where the IPMI user is located is in the sub-authority group related to the specific operation or not by responding to the specific operation requested by the IPMI user in the main authority group based on the IPMI protocol can improve the logic execution efficiency and the safety and stability of the authority configuration and query.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating a method for configuring IPMI user rights according to the present invention;
FIG. 2 is a detailed flowchart of the permission configuration method for IPMI users according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In view of the foregoing, a first aspect of the embodiments of the present invention provides an embodiment of an authority configuration method for an IPMI user, which can improve the logic execution efficiency and security stability of authority configuration and query. Fig. 1 is a flowchart illustrating an authority configuration method for IPMI users provided by the present invention.
The method for configuring the authority of the IPMI user, as shown in fig. 1, includes the following steps:
step S101, reading and verifying user authority information from an external storage device;
step S103, extracting a plurality of sub-permission group names to be configured from the user permission information so as to respectively establish a plurality of sub-permission groups which do not include any user in a covering manner;
step S105, based on the starting state of each main authority group in the user authority information to each sub-authority group, selectively adding each main authority group as a user of the sub-authority group to each sub-authority group;
step S107, in response to the IPMI user in the main right group requesting a specific operation based on the IPMI protocol, the specific operation is selectively allowed based on whether the IPMI user is in the main right group or not in the sub right group related to the specific operation.
All inquiry, setting and judgment aiming at permission refinement are realized based on system call related to a user group in the system, so that redundancy and complexity of codes are reduced, relatively speaking, the logic execution efficiency is high, the stability is good, and the dynamic link library is easy to abstract to facilitate further expansion. The user permission refinement parameters are stored in an external storage device, such as an EEPROM (electrically erasable programmable read-only memory), so that the work of designing a configuration file format is omitted, and the user permission refinement parameters can be kept all the time when the BMC updates the firmware. In addition, the invention skillfully takes the main authority group where the user is positioned as a user and adds the user into the sub-authority group to which the authority group belongs, and the mode skillfully utilizes the concepts of the user and the group of the system and combines with the IPMI protocol, so that more mature interfaces called by the system are utilized, and the working stability is further improved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like. Embodiments of the computer program may achieve the same or similar effects as any of the preceding method embodiments to which it corresponds.
In some embodiments, the user right information includes group information of a plurality of master right groups, and each group information includes at least one of the following of the corresponding master right group: name, number, enablement status with respect to each sub-permission group, check code.
In some embodiments, verifying the user entitlement information comprises: determining a check bit based on the name, number, and encoded value of the enable state with respect to each sub-permission group of the particular master permission group; and determining that the verification of the specific main permission group is successful in response to the verification bit being equal to the verification code of the specific main permission group, and determining that the verification of the user permission information is successful in response to each main permission group being successful.
In some embodiments, the method further comprises: and in response to the user right information not being read or not being successfully verified, using a pre-specified default right configuration as the user right information.
In some embodiments, the plurality of master rights groups includes at least one of: administrators, operators, general users, equipment manufacturers; the plurality of sub-permission groups include at least one of: inquiry authority, configuration authority, KVM authority, Rmedia authority, safety management authority, user-defined authority, power control authority and fault diagnosis authority.
In some embodiments, selectively adding each master permission group as a user of a sub permission group to each sub permission group includes performing the following steps for each master permission group and each sub permission group respectively, based on an enabled state of each master permission group for each sub permission group in the user permission information:
in response to the enablement status of the master permission group for a sub permission group being enabled, adding the master permission group to the sub permission group as a user identity;
the enabling state of the main permission group for a sub permission group is disabled without performing any addition operation.
In some embodiments, respectively covertly creating a plurality of sub-permission groups that do not include any user includes, for each sub-permission group, respectively performing the following steps:
judging whether the sub-permission group exists by using system call;
creating a sub-permission group directly in response to the sub-permission group not existing;
all users in the sub-permission group are cleared in response to the sub-permission group already existing.
In some embodiments, selectively allowing the specific operation based on whether the IPMI user is in the master permission group is in a sub permission group related to the specific operation includes:
judging whether the main authority group where the IPMI user is located is in a sub-authority group related to specific operation or not by using system call;
allowing the particular operation in response to the master permission group being in the sub-permission group;
in response to the master permission set not being in the sub-permission set, the particular operation is denied.
In some embodiments, the external storage device includes a non-volatile memory that operates independently of the baseboard management controller, the non-volatile memory storing user rights information in a configured file format and unaffected when the baseboard management controller is flash refreshed.
The following further illustrates embodiments of the invention in accordance with the specific example shown in fig. 2.
First, the BMC (baseboard management controller) is powered on and the processes associated with the IPMI (intelligent platform management interface) protocol are started in order. After starting, the BMC reads the user right information from the agreed position in the EEPROM (electrically erasable programmable read only memory) of the motherboard, and the information storage structure of each refinement right read back is as shown in the following table as desired.
If the information read from the EEPROM is 0xFF, it indicates that the refinement authority information is not configured at present, and default authority refinement information is adopted. And if the information read from the EEPROM is not 0xFF and the data verification is successful, adopting the user authority detailed information in the EEPROM.
And further, judging whether the system comprises the corresponding user groups with the refined permissions through system call, if not, creating, and if so, clearing the users in the corresponding user groups. For each main authority group (administeror, Operator, User, etc.), respectively judging whether the sub-authority of Query, etc. is in the enabled state, if so, adding the main authority group to the corresponding sub-authority group (i.e. regarding the main authority group as a common User). And when judging whether the operation of one user accords with the corresponding sub-authority, judging whether the main authority group where the user is located is added into the sub-authority group. If the user group is added, the user group has the corresponding authority, and if the user group is not added, the user group does not have the corresponding authority, and the step can be realized by adopting system call related to the user group.
As can be seen from the foregoing embodiments, the permission configuration method for an IPMI user provided in the embodiments of the present invention reads and verifies the user permission information from the external storage device; extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user; selectively adding each main permission group as a user of a sub permission group to each sub permission group based on the enabling state of each main permission group to each sub permission group in the user permission information; the technical scheme that the specific operation is selectively allowed based on whether the main authority group where the IPMI user is located is in the sub-authority group related to the specific operation or not by responding to the specific operation requested by the IPMI user in the main authority group based on the IPMI protocol can improve the logic execution efficiency and the safety and stability of the authority configuration and query.
It should be particularly noted that, the steps in the embodiments of the method for configuring the authority of the IPMI user described above can be mutually intersected, replaced, added, and deleted, so that the method for configuring the authority of the IPMI user by these reasonable permutation and combination transformations shall also belong to the scope of the present invention, and shall not limit the scope of the present invention to the described embodiments.
In view of the above-mentioned objects, a second aspect of the embodiments of the present invention provides an embodiment of an authority configuration apparatus for IPMI users, which is capable of improving the logic execution efficiency and security stability of authority configuration and query. The device comprises:
an external storage device storing user authority information; and
a baseboard management controller electrically connected to an external storage device and storing program code executable by the baseboard management controller, the program code, when executed, performing the following steps:
reading and verifying user authority information from an external storage device;
extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user;
selectively adding each main permission group as a user of a sub permission group to each sub permission group based on the enabling state of each main permission group to each sub permission group in the user permission information;
the specific operation is selectively permitted based on whether the IPMI user is in the master permission group or not in a sub permission group related to the specific operation in response to the IPMI user in the master permission group requesting the specific operation based on the IPMI protocol.
As can be seen from the foregoing embodiments, the apparatus provided in the embodiments of the present invention reads and verifies the user right information from the external storage device; extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user; selectively adding each main permission group as a user of a sub permission group to each sub permission group based on the enabling state of each main permission group to each sub permission group in the user permission information; the technical scheme that the specific operation is selectively allowed based on whether the main authority group where the IPMI user is located is in the sub-authority group related to the specific operation or not by responding to the specific operation requested by the IPMI user in the main authority group based on the IPMI protocol can improve the logic execution efficiency and the safety and stability of the authority configuration and query.
It should be particularly noted that, the above-mentioned embodiment of the apparatus adopts the embodiment of the permission configuration method of the IPMI user to specifically describe the working process of each module, and those skilled in the art can easily think that these modules are applied to other embodiments of the permission configuration method of the IPMI user. Of course, since the steps in the embodiment of the method for configuring the authority of the IPMI user can be mutually intersected, replaced, added, or deleted, these reasonable permutations and combinations should also fall within the scope of the present invention, and should not limit the scope of the present invention to the embodiment.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of an embodiment of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (10)
1. An authority configuration method for IPMI users is characterized by comprising the following steps executed by a baseboard management controller:
reading and verifying user authority information from an external storage device;
extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user;
selectively adding each main permission group as a user of the sub permission group to each sub permission group based on the enabled state of each main permission group to each sub permission group in the user permission information;
selectively allowing a specific operation based on IPMI protocol in response to an IPMI user in the master permission group requesting the specific operation based on the IPMI protocol based on whether the IPMI user is in the master permission group or not in the sub permission group related to the specific operation.
2. The method according to claim 1, wherein the user right information includes group information of a plurality of master right groups, and each of the group information includes at least one of the following of the corresponding master right group: name, number, enablement status with respect to each of the sub-permission groups, check code.
3. The method of claim 2, wherein verifying the user rights information comprises:
determining a check bit based on the name, number, and encoded value of the enable state relative to each of the sub-permission groups that specify the master permission group;
determining that the verification of the specific master permission group is successful in response to the check bit being identical to the check code of the specific master permission group, and determining that the verification of the user permission information is successful in response to each of the master permission groups being successful.
4. The method of claim 3, further comprising: and in response to the user permission information not being read or not being successfully verified, using a pre-specified default permission configuration as the user permission information.
5. The method of claim 2, wherein a plurality of the master sets of rights comprise at least one of: administrators, operators, general users, equipment manufacturers; the plurality of sub-permission groups includes at least one of: inquiry authority, configuration authority, KVM authority, Rmedia authority, safety management authority, user-defined authority, power control authority and fault diagnosis authority.
6. The method of claim 2, wherein selectively adding each of the master permission groups as users of the sub permission groups to each of the sub permission groups based on an enablement status of each of the master permission groups for each of the sub permission groups in the user permission information comprises performing the following steps for each of the master permission groups and each of the sub permission groups, respectively:
in response to the enablement status of the master permission group for a sub-permission group being enabled, adding the master permission group to the sub-permission group as a user identity;
in response to the master permission set being disabled with respect to the enablement status of a sub-permission set, no add operation is performed.
7. The method according to claim 1, wherein covertly creating a plurality of sub-permission groups, respectively, not including any user comprises performing the following steps, respectively, for each of the sub-permission groups:
judging whether the sub-permission group already exists by using system call;
creating the sub-permission group directly in response to the sub-permission group not already existing;
clearing all users in the sub-permission group in response to the sub-permission group already existing.
8. The method of claim 1, wherein selectively allowing a particular operation based on whether the IPMI user is in the master permission group is in the sub permission group associated with the particular operation comprises:
judging whether the main authority group where the IPMI user is located is in the sub-authority group related to specific operation or not by using system call;
allowing the particular operation in response to the master permission group being in the sub-permission group;
denying the particular operation in response to the master permission group not being in the sub-permission group.
9. The method of claim 1, wherein the external storage device comprises a non-volatile memory that operates independently of the baseboard management controller, the non-volatile memory storing the user rights information in a configured file format and unaffected when the baseboard management controller is flash refreshed.
10. An authority configuration apparatus for an IPMI user, comprising:
an external storage device storing user authority information; and
a baseboard management controller electrically connected to the external storage device and storing program code executable by the baseboard management controller, the program code, when executed, performing the following steps:
reading and verifying the user authority information from the external storage device;
extracting a plurality of sub-permission group names to be configured from the user permission information to respectively covertly create a plurality of sub-permission groups not including any user;
selectively adding each main permission group as a user of the sub permission group to each sub permission group based on the enabled state of each main permission group to each sub permission group in the user permission information;
selectively allowing a specific operation based on IPMI protocol in response to an IPMI user in the master permission group requesting the specific operation based on the IPMI protocol based on whether the IPMI user is in the master permission group or not in the sub permission group related to the specific operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110296666.6A CN112989293B (en) | 2021-03-19 | 2021-03-19 | Permission configuration method and device for IPMI user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110296666.6A CN112989293B (en) | 2021-03-19 | 2021-03-19 | Permission configuration method and device for IPMI user |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112989293A CN112989293A (en) | 2021-06-18 |
| CN112989293B true CN112989293B (en) | 2022-03-22 |
Family
ID=76333392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110296666.6A Active CN112989293B (en) | 2021-03-19 | 2021-03-19 | Permission configuration method and device for IPMI user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112989293B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103164658A (en) * | 2011-12-12 | 2013-06-19 | 鸿富锦精密工业(深圳)有限公司 | Protecting method and protecting system for configuration files |
| CN104679685A (en) * | 2013-11-29 | 2015-06-03 | 英业达科技有限公司 | Access method of baseboard management controller |
| CN106326766A (en) * | 2016-08-16 | 2017-01-11 | 陈亮 | HBase data reading control method |
| CN107895107A (en) * | 2017-12-21 | 2018-04-10 | 郑州云海信息技术有限公司 | A kind of method and system of batch setting BMC username and passwords |
| CN109032995A (en) * | 2018-08-21 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of transmission method of data information, device, equipment and storage medium |
| CN109684804A (en) * | 2018-12-21 | 2019-04-26 | 郑州云海信息技术有限公司 | A kind of method for security protection and system of BMC serial ports |
| CN110401563A (en) * | 2019-06-29 | 2019-11-01 | 苏州浪潮智能科技有限公司 | One kind automatically creating user method and terminal based on server B MC WEB |
| CN110933037A (en) * | 2019-10-31 | 2020-03-27 | 贝壳技术有限公司 | User authority verification method and authority management system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9515999B2 (en) * | 2011-12-21 | 2016-12-06 | Ssh Communications Security Oyj | Automated access, key, certificate, and credential management |
-
2021
- 2021-03-19 CN CN202110296666.6A patent/CN112989293B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103164658A (en) * | 2011-12-12 | 2013-06-19 | 鸿富锦精密工业(深圳)有限公司 | Protecting method and protecting system for configuration files |
| CN104679685A (en) * | 2013-11-29 | 2015-06-03 | 英业达科技有限公司 | Access method of baseboard management controller |
| CN106326766A (en) * | 2016-08-16 | 2017-01-11 | 陈亮 | HBase data reading control method |
| CN107895107A (en) * | 2017-12-21 | 2018-04-10 | 郑州云海信息技术有限公司 | A kind of method and system of batch setting BMC username and passwords |
| CN109032995A (en) * | 2018-08-21 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of transmission method of data information, device, equipment and storage medium |
| CN109684804A (en) * | 2018-12-21 | 2019-04-26 | 郑州云海信息技术有限公司 | A kind of method for security protection and system of BMC serial ports |
| CN110401563A (en) * | 2019-06-29 | 2019-11-01 | 苏州浪潮智能科技有限公司 | One kind automatically creating user method and terminal based on server B MC WEB |
| CN110933037A (en) * | 2019-10-31 | 2020-03-27 | 贝壳技术有限公司 | User authority verification method and authority management system |
Non-Patent Citations (4)
| Title |
|---|
| "A Study of Problems and Alternatives of Connecting Performance Management(BSC) and Budget Management in Local Government : Busan Metropolitan City Case";Kim等;《The Korean Journal of Local Government Studies》;20110101;全文 * |
| "Smart Garbage Management System";Parth Jajoo等;《2018 International Conference on Smart City and Emerging Technology 》;20181115;全文 * |
| "基于IPMI技术的服务器管理系统的设计与实现";李娜;《中国优秀博硕士学位论文全文数据库 信息科技辑》;20100315(第03期);全文 * |
| "基于IPMI的服务器管理系统的实现";王栩浩;《中国优秀博硕士学位论文全文数据库 信息科技辑》;20170215(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112989293A (en) | 2021-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109542518B (en) | Chip and method for starting chip | |
| EP1374056B1 (en) | Storage area network (san) security | |
| KR102117724B1 (en) | Managing distributed operating system physical resources | |
| JP2024050647A (en) | Secure Firmware Verification | |
| EP1953668A2 (en) | System and method of data encryption and data access of a set of storage devices via a hardware key | |
| CN105812357A (en) | User password management method for cloud computing platform | |
| CN111090882B (en) | Operation control method, device and equipment for redis database | |
| CN102201935B (en) | Access control method and device based on VIEW | |
| CN110543775B (en) | Data security protection method and system based on super-fusion concept | |
| US20140041053A1 (en) | Data block access control | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| US11190519B2 (en) | Dock administration using a token | |
| CN112989293B (en) | Permission configuration method and device for IPMI user | |
| CN110569042B (en) | System, method, equipment and storage medium for supporting function of updating FPGA in virtual machine | |
| WO2021169106A1 (en) | Trusted startup method and apparatus, electronic device and readable storage medium | |
| CN112733165B (en) | File access control method, device and medium | |
| CN114066182A (en) | Relay protection constant value management intelligent contract method, system, equipment and storage medium | |
| CN111062063B (en) | System and method for controlling access of mobile storage equipment based on power supply strategy | |
| KR20100053537A (en) | System and method of tamper-resistant control | |
| CN115062290A (en) | Component authentication method and device | |
| CN101820438B (en) | Computer starting method in local area network (LAN) and LAN | |
| DE102010053698A1 (en) | Safe programming of vehicle modules | |
| CN113468618A (en) | Mobile hard disk multi-security-level interaction method and system | |
| JP5314485B2 (en) | Client server system | |
| CN110929283B (en) | Hierarchical protection system of UEFI BIOS and corresponding implementation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |