CN115242516A - Access authority management method, device, equipment and storage medium - Google Patents
Access authority management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115242516A CN115242516A CN202210877028.8A CN202210877028A CN115242516A CN 115242516 A CN115242516 A CN 115242516A CN 202210877028 A CN202210877028 A CN 202210877028A CN 115242516 A CN115242516 A CN 115242516A
- Authority
- CN
- China
- Prior art keywords
- access
- resource
- authority
- information
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The application relates to a method, a device, equipment and a storage medium for managing access authority, in particular to the technical field of computers. The method comprises the following steps: acquiring authority information of target equipment, wherein the authority information is used for representing a plurality of authority resources with access authority of the target equipment; recording the access condition of the target equipment to the plurality of authority resources, and generating access information; and adjusting the access authority of the target device to the plurality of authority resources based on the access information. According to the scheme, the problem that the scope of the authority resources is too large can be avoided, and therefore the access authority of the target device is reasonably managed.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, equipment and a storage medium for managing access authority.
Background
In the field of computer technology, servers may provide various types of resources for terminal devices.
In the related art, the resource is opened for the terminal equipment in the following form: the terminal equipment sends resource application information to the server, wherein the resource application information carries the indication information of the resources required to be opened by the terminal equipment; the server opens corresponding resources for the terminal equipment based on the resource application information, so that the terminal equipment has access authority to the opened resources; the resource opened by the terminal equipment is provided with expiration time, and when the expiration time is up, the resource is automatically invalid, so that the terminal equipment loses access authority.
As described above, according to the technical solutions provided by the related arts, the resource applied for opening by the terminal device is the resource having the access right for the subsequent terminal device. In specific implementation, when the terminal device applies for opening the resource, the actually required resource may not be determined, so that the resource range with the access right is too large, and the access right is set unreasonably.
Disclosure of Invention
The application provides a method, a device, equipment and a storage medium for managing access authority, which can avoid the problem of overlarge authority resource range, thereby reasonably managing the access authority of target equipment.
In one aspect, a method for managing access rights is provided, where the method includes:
acquiring authority information of target equipment, wherein the authority information is used for representing a plurality of authority resources with access authority of the target equipment;
recording the access condition of the target equipment to the plurality of authority resources, and generating access information;
and adjusting the access authority of the target equipment to the plurality of authority resources based on the access information.
In still another aspect, there is provided an apparatus for managing access rights, the apparatus including:
the system comprises an authority information acquisition module, a storage module and a processing module, wherein the authority information acquisition module is used for acquiring authority information of target equipment, and the authority information is used for representing a plurality of authority resources with access authority of the target equipment;
the access information generation module is used for recording the access condition of the target equipment to the plurality of authority resources and generating access information;
and the access authority adjusting module is used for adjusting the access authority of the target equipment to the plurality of authority resources based on the access information.
In a possible implementation manner, the access right adjusting module is further configured to delete the access right of the target device to the first resource when the access information indicates that the number of times of accessing the first resource in the multiple right resources is lower than a first threshold.
In a possible implementation manner, the access right adjusting module is further configured to delete the access right of the target device to a target access interface of a second resource in the multiple right resources when the access information indicates that the number of times of accessing the target access interface is lower than a second threshold.
In one possible implementation, the type of the target access interface includes:
a port;
or, an API.
In a possible implementation manner, the authority information obtaining module is further configured to receive resource application information of the target device, where the resource application information is used to indicate that the target device applies for an activated resource; and taking the resource which is applied for opening by the target equipment as the initial authority resource of the target equipment.
In a possible implementation manner, the access information generating module is further configured to receive access request information of the target device, where the access request information is used to indicate a third resource that the target device requests to access; and under the condition that the third resource belongs to the authority resource, allowing the target equipment to access the third resource, recording access time and the third resource, and generating the access information.
In one possible implementation, the apparatus further includes: a resource application prompting module;
and the resource application prompting module is used for sending application prompting information to the target equipment under the condition that the third resource does not belong to the authority resource, wherein the application prompting information is used for prompting the target equipment to initiate a resource application for the third resource.
In one possible implementation, the apparatus further includes: an authority resource setting module;
and the permission resource setting module is used for setting the permission resources of the other equipment with the access permission for the other equipment according to the permission resources of the adjusted target equipment with the access permission after the access permission of the target equipment to the plurality of permission resources is adjusted based on the access information.
In another aspect, a computer device is provided, where the computer device includes a processor and a memory, where the memory stores at least one instruction, at least one program, a code set, or a set of instructions, and the at least one instruction, at least one program, a code set, or a set of instructions is loaded and executed by the processor to implement the above method for managing access rights.
In still another aspect, a computer-readable storage medium is provided, in which at least one instruction is stored, and the at least one instruction is loaded and executed by a processor to implement the above-mentioned method for managing access rights.
In yet another aspect, a computer program product is provided, as well as a computer program product or a computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the method for managing the access right.
The technical scheme provided by the application can comprise the following beneficial effects:
the method comprises the steps of determining a plurality of authority resources of the target equipment with the current access authority through authority information, recording the access condition of the target equipment to the current authority resources, and generating access information, wherein the access information is used for adjusting the access authority of the target equipment to the plurality of authority resources.
Drawings
In order to more clearly illustrate the detailed description of the present application or the technical solutions in the prior art, the drawings needed to be used in the detailed description of the present application or the prior art description will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic structural diagram illustrating an access right management system according to an exemplary embodiment.
Fig. 2 is a method flow diagram illustrating a method of managing access rights in accordance with an exemplary embodiment.
Fig. 3 is a method flowchart illustrating a method of managing access rights according to an example embodiment.
Fig. 4 is a schematic diagram illustrating a management flow of access rights according to an exemplary embodiment.
Fig. 5 is a block diagram illustrating a structure of an apparatus for managing access rights according to an exemplary embodiment.
FIG. 6 is a schematic diagram of a computer device provided in accordance with an exemplary embodiment of the present application.
Detailed Description
The technical solutions of the present application will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be understood that "indication" mentioned in the embodiments of the present application may be a direct indication, an indirect indication, or an indication of an association relationship. For example, a indicates B, which may mean that a directly indicates B, e.g., B may be obtained by a; it may also mean that a indicates B indirectly, for example, a indicates C, and B may be obtained by C; it can also be shown that there is an association between a and B.
In the description of the embodiments of the present application, the term "correspond" may indicate that there is a direct correspondence or an indirect correspondence between the two, may also indicate that there is an association between the two, and may also indicate and be indicated, configure and configured, and so on.
In the embodiment of the present application, "predefining" may be implemented by pre-saving a corresponding code, table or other means that can be used to indicate related information in a device (for example, including a terminal device and a network device), and the present application is not limited to a specific implementation manner thereof.
Fig. 1 is a schematic structural diagram illustrating an access right management system according to an exemplary embodiment. The system for managing access rights includes a server 110 and at least one terminal device 120.
The terminal device 120 may be a device used by a user. For example, the terminal device 120 may be a device such as a smartphone, tablet, desktop, smart wearable, and the like.
Wherein the server 110 supports managing the access rights of the terminal device 120. Illustratively, the server 110 configures the right resource for the terminal device 120, and the terminal device correspondingly has an access right of the right resource.
Optionally, the server 110 may be an independent physical server, a server cluster formed by a plurality of physical servers, or a distributed system, and may also be a cloud server that provides technical computation services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and an artificial intelligence platform.
Illustratively, the server 110 is a server that provides Secure Socket Layer Virtual Private Network (SSLVPN) rights management. The SSLVPN belongs to a remote access technology, and is based on a hypertext Transfer Protocol over secure local area network (HTTPS) supporting SSL, a data communication tunnel which can be connected to a specific local area network is packaged on a public network by using an encryption technology for a user so as to meet the requirement that the user can safely access the specific local area network at any place through the Internet.
Optionally, the server 110 and the terminal device 120 are connected through a communication network. Optionally, the communication network is a wired network or a wireless network. Optionally, the wireless network or wired network described above uses standard communication techniques and/or protocols. The network is typically the internet, but may be any other network including, but not limited to, a local area network, a metropolitan area network, a wide area network, a mobile, a limited or wireless network, a private network, or any combination of virtual private networks.
Fig. 2 is a method flow diagram illustrating a method of managing access rights in accordance with an exemplary embodiment. The method is performed by a computer device, which may be a server in a system for managing access rights as shown in fig. 1. As shown in fig. 2, the method for managing access rights may include the following steps:
The computer device corresponds to a resource pool, and the computer device can control access authority of resources in the resource pool. For example, the resource in the resource pool may be an application in a network, or may also be a database owned by a system platform, and the like, and the embodiment of the present application does not limit the concrete representation form of the resource.
The target device may specifically be understood as an object that requests to acquire an access right of a resource in the resource pool.
The right resource is a part of resources in the resource pool, and the target device has access right.
Optionally, in the computer device, a correspondence between the target device and the right resource is stored. And the computer equipment acquires the authority information of the target equipment by inquiring the corresponding relation.
When the target device accesses any one authority resource, the computer device records the authority resource and performs summary statistics on a plurality of records so as to generate access information.
Optionally, when recording the access condition of the target device to the authorized resource, the computer device records at least one of the following information: identification information of the target device, such as: an Internet Protocol (IP) address, a Media Access Control (MAC) address; identification information of the rights resource, such as: IP address, domain name, port; time information of the access.
Optionally, the access information includes at least one of the following information: the number of accesses or the access frequency to the right resource; the access frequency or the access times of the access interface to the authorized resource, the access interface may include: ports, application Programming Interface (API).
It should be understood that, because the access condition of the target device to the authorized resource is recorded, on one hand, history tracing can be performed on the access condition, so that the access security is ensured, and on the other hand, data support is provided for the subsequent analysis of the behavior of the target device.
And step 203, adjusting the access authority of the target device to the plurality of authority resources based on the access information.
The computer equipment regularly adjusts the access authority of the target equipment to the multiple authority resources based on the acquired access information, so that the access authority of the target equipment is dynamically updated.
Illustratively, at the beginning of the current adjustment cycle, the resources with access rights of the target device form a resource set a, and in the adjustment cycle, the computer device obtains access information, and according to the access information, at the end of the current adjustment cycle, the computer device deletes the access rights of the target device to some resources with rights, and the resources with access rights of the target device are correspondingly adjusted to a resource set B. Resource set B in the above example may be a subset of resource set a.
In summary, according to the method for managing access permissions provided by this embodiment, multiple permission resources currently having access permissions of the target device are determined through the permission information, and the access condition of the target device to the current permission resources is recorded, so as to generate access information, where the access information is used to adjust the access permissions of the target device to the multiple permission resources, and compared with a technical scheme that a resource applied for opening by the target device is a subsequent permission resource having access permissions of the target device, the method for managing access permissions dynamically adjusts the range of the permission resources having access permissions of the target device by combining the access information, so as to avoid the problem of an excessively large range of the permission resources, and thus reasonably manage the access permissions of the target device.
In an exemplary embodiment, the adjusting of the access rights of the target device to the plurality of rights resources may refer to operations of recycling, refining and the like of the rights resources.
Fig. 3 is a method flow diagram illustrating a method of managing access rights in accordance with an exemplary embodiment. The method is performed by a computer device, which may be a server in a system for managing access rights as shown in fig. 1. As shown in fig. 3, the method for managing access rights may include the following steps:
In one possible implementation, step 301 includes: receiving resource application information of target equipment, wherein the resource application information is used for indicating the target equipment to apply for the opened resources; and taking the resource applied for opening by the target equipment as the initial authority resource of the target equipment.
That is, the target device may apply for resource provisioning through the resource application information, and after receiving the resource application information, the computer takes the resource indicated in the resource application information as the initial right resource of the target device.
Optionally, the resource application information carries an IP address field and a port, or carries a domain name and a port. And indicating the target equipment to apply for the opened resource by carrying the data.
It should be understood that, since the user does not know the resource to be accessed when using the target device to apply for the resource opening, the application is generally a relatively wide range of resources. For example: the resource application information carries 192.168.10.0 to 192.168.10.24, which totally contains 255 IP addresses, and each IP address contains 65535 ports.
It should be understood that, besides the foregoing implementation manner, the initial permission resource of the target device may also be set by a manual operation, or may also be set by default for the target device, which is not limited in this embodiment of the application.
In one possible implementation, step 302 includes: receiving access request information of the target device, wherein the access request information is used for indicating a third resource which the target device requests to access; and under the condition that the third resource belongs to the authority resource, allowing the target equipment to access the third resource, recording the access time and the third resource, and generating access information.
That is, when the target device accesses a specific resource, the access request information may be used to implement the access, and after receiving the access request information, the computer device matches the third resource indicated in the access request information with the right resource to which the target device currently has the access right, and if the third resource belongs to the right resource to which the target device has the access right, the target device is allowed to access the third resource, and the access condition is recorded. Optionally, the access request information carries an IP address and a port, or carries a domain name and a port. The data is carried, so that the resource which the target equipment requests to access is indicated.
Optionally, in a case that the second resource does not belong to the right resource, the computer device further performs the following steps: and sending application prompt information to the target equipment, wherein the application prompt information is used for prompting the target equipment to initiate a resource application for the second resource.
Illustratively, in the case that the resource that the user requests to access using the target device does not belong to the authorized resource, the computer device sends the reminding information that the user cannot access, and pushes the page applying for the resource.
And step 303, when the access information indicates that the access times of the first resource in the multiple authorized resources are lower than a first threshold value, deleting the access authority of the target device to the first resource.
The computer device analyzes the access requirement of the target device through the access information, if the access information indicates that the access times of a first resource in the multiple right resources are lower than a first threshold value, the access requirement of the target device on the first resource is low, the computer device recycles the first resource, and the access right of the target device on the first resource is deleted.
When the first threshold is 0, it indicates that the computer device may delete the access right of the target device to the unused resource.
And step 304, when the access information indicates that the access times of the target access interface of the second resource in the multiple authorized resources are lower than a second threshold value, deleting the access authorization of the target device to the target access interface of the second resource.
The computer device analyzes the access requirement of the target device through the access information, and if the access information indicates that the access times of a target access interface of a second resource in the multiple right resources are lower than a second threshold, the computer device indicates that the access requirement of the target device on the target access interface of the second resource is not high, and the computer device deletes the access right of the target device on the target access interface of the second resource.
When the second threshold is 0, it indicates that the computer device may delete the access right of the target device to the unused access interface in the resource.
Wherein the target access interface is a partial access interface of the second resource. It should be appreciated that step 304 may be considered a refinement of the management of the second resource, since it is the portion of the access interface in the second resource that is deleted.
Optionally, the types of the target access interface include: a port; or, an API.
Illustratively, the ports for which the target device applies for the second resource are 1-65535, but in actual use, only port 80 and port 443 are used. At this time, the computer device deletes the access right of the target device to other unused ports.
Illustratively, the target device applies for multiple APIs corresponding to the second Resource, and through the seven-layer unpacked access of the TCP/IP model, the computer device captures information of a Uniform Resource Locator (URL) in the HTTP message, and determines the API that the target device accesses at high frequency through the information. At this time, the computer device deletes the access right of the target device to other unused APIs.
In a possible implementation manner, after the execution of the above steps is completed, the computer device further executes the following steps:
and setting the authority resources of the other equipment with the access authority for the other equipment according to the adjusted authority resources of the target equipment with the access authority.
That is, the adjusted right resource has a certain versatility, and the computer device can also match the adjusted right resource for other devices. Therefore, the system resource is prevented from being wasted, and the repeated management work of the access authority is carried out on different terminal equipment.
Illustratively, a plurality of authorized resources adjusted by the device 1 are denoted as a resource set C, and when the device 2 applies for a resource or periodically adjusts access authorization, the computer device sets the resource in the resource set C as an authorized resource for which the device 2 has access authorization.
In summary, according to the method for managing access permissions provided by this embodiment, multiple permission resources currently having access permissions of the target device are determined through the permission information, and the access condition of the target device to the current permission resources is recorded, so as to generate access information, where the access information is used to adjust the access permissions of the target device to the multiple permission resources, and compared with a technical scheme that a resource applied for opening by the target device is a subsequent permission resource having access permissions of the target device, the method for managing access permissions dynamically adjusts the range of the permission resources having access permissions of the target device by combining the access information, so as to avoid the problem of an excessively large range of the permission resources, and thus reasonably manage the access permissions of the target device.
Meanwhile, in the method for managing access permissions provided in this embodiment, if the computer device determines that the access demand of the target device for part of the permission resources is not high based on the access information, the access permissions of the target device for the permission resources are deleted, that is, resources are recycled, or if the computer device determines that the access demand of the target device for part of the access interfaces in the permission resources is not high based on the access information, the access permissions of the target device for the access interfaces are deleted, that is, resources are refined, and the access permissions of the target device are reasonably controlled while the access demand of the target device is ensured.
Meanwhile, according to the management method of the access right provided by the embodiment, the target device applies for the opened resource as the initial right resource, so that the setting of the right resource can meet the access requirement of the target device.
Meanwhile, according to the method for managing access permissions provided by the embodiment, permission resources with access permissions of other devices are set for the other devices according to the permission resources with access permissions adjusted by the target device, so that the system resources are prevented from being wasted, and repeated management work of access permissions is performed on different terminal devices.
Reference is now made to fig. 4, which is a flowchart illustrating a management process for access rights according to an exemplary embodiment. As shown in fig. 4, the overall steps of the management of the access right are as follows.
Illustratively, the target device applies for resource provisioning through the resource application information, and after receiving the resource application information, the computer performs resource provisioning, and takes the resource indicated in the resource application information as the initial authority resource of the target device.
In step 403, the computer device records each access situation when the target device accesses the resource.
Illustratively, when a target device accesses a specific resource, the access request information can be used for realizing the access, after receiving the access request information, the computer device matches the resource indicated in the access request information with a right resource of which the current target device has access right, if the resource belongs to the right resource of which the target device has access right, the computer device allows the target device to access the resource and records the access condition, if the resource does not belong to the right resource of which the target device has access right, the computer device does not allow the target device to access the resource, sends the reminding information of the inaccessibility to the target device, and pushes the page applying for the resource.
In addition, all the access conditions are recorded, and data support can be provided for subsequent analysis of user behaviors.
At step 404, the computer device counts the number of times the resource is accessed.
In step 405, the computer device reclaims resources that have not been accessed for a long time.
At step 406, the computer device counts details of the resource being accessed.
In step 407, the computer device automatically refines the resource access entry.
For example, the computer device may automatically optimize the resources requested by the target device based on the details of the resources being accessed, such as refining the ports or APIs.
In step 409, the computer device uses the resource access record as a history source.
For example, there are times when it is not guaranteed that the target device is operating properly when accessing the resource. In order to avoid the situation, all the access records of the target device are recorded, so that information can be accurately positioned according to time subsequently, and a safety engineer can conveniently conduct source tracing query.
It should be noted that the above method embodiments may be implemented alone or in combination, and the present application is not limited thereto.
Fig. 5 is a block diagram illustrating a structure of an apparatus for managing access rights according to an exemplary embodiment. The device comprises:
an authority information obtaining module 501, configured to obtain authority information of a target device, where the authority information is used to represent multiple authority resources that the target device currently has access authority;
an access information generating module 502, configured to record an access condition of the target device to the multiple right resources, and generate access information;
an access right adjusting module 503, configured to adjust, based on the access information, an access right of the target device to the multiple right resources.
In a possible implementation manner, the access right adjusting module 503 is further configured to delete the access right of the target device to the first resource when the access information indicates that the number of times of accessing the first resource in the multiple right resources is lower than a first threshold.
In a possible implementation manner, the access right adjusting module 503 is further configured to delete the access right of the target device to the target access interface of the second resource when the access information indicates that the number of accesses to the target access interface of the second resource in the multiple authorized resources is lower than a second threshold.
In one possible implementation, the type of the target access interface includes:
a port;
or, an API.
In a possible implementation manner, the permission information obtaining module 501 is further configured to receive resource application information of the target device, where the resource application information is used to indicate that the target device applies for an opened resource; and taking the resource which is applied for opening by the target equipment as the initial authority resource of the target equipment.
In a possible implementation manner, the access information generating module 502 is further configured to receive access request information of the target device, where the access request information is used to indicate a third resource that the target device requests to access; and under the condition that the third resource belongs to the authorized resource, allowing the target equipment to access the third resource, recording access time and the third resource, and generating the access information.
In one possible implementation, the apparatus further includes: a resource application prompting module;
and the resource application prompting module is used for sending application prompting information to the target equipment under the condition that the third resource does not belong to the authority resource, wherein the application prompting information is used for prompting the target equipment to initiate a resource application for the third resource.
In one possible implementation, the apparatus further includes: an authority resource setting module;
and the permission resource setting module is used for setting the permission resources of the other equipment with the access permission for the other equipment according to the permission resources of the adjusted target equipment with the access permission after the access permission of the target equipment to the plurality of permission resources is adjusted based on the access information.
It should be noted that: the management apparatus for access rights provided in the foregoing embodiment is only illustrated by the division of the functional modules, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the functions described above. In addition, the apparatus and method embodiments provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments for details, which are not described herein again.
Please refer to fig. 6, which is a schematic diagram of a computer device according to an exemplary embodiment of the present application, the computer device includes a memory and a processor, the memory is used for storing a computer program, and the computer program is executed by the processor to implement the above-mentioned method for managing access rights.
The processor may be a Central Processing Unit (CPU). The Processor may also be other general purpose Processor, digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or a combination thereof.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the methods of the embodiments of the present invention. The processor executes various functional applications and data processing of the processor by executing non-transitory software programs, instructions and modules stored in the memory, that is, the method in the above method embodiment is realized.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor, and the like. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and such remote memory may be coupled to the processor via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
In an exemplary embodiment, a computer readable storage medium is also provided for storing at least one computer program, which is loaded and executed by a processor to implement all or part of the steps of the above method. For example, the computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a Compact Disc Read-Only Memory (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (11)
1. A method for managing access rights, the method comprising:
acquiring authority information of target equipment, wherein the authority information is used for representing a plurality of authority resources with access authority of the target equipment;
recording the access condition of the target equipment to the plurality of authority resources, and generating access information;
and adjusting the access authority of the target device to the plurality of authority resources based on the access information.
2. The method of claim 1, wherein the adjusting the access rights of the target device to the plurality of rights resources based on the access information comprises:
and when the access information indicates that the access times of a first resource in the plurality of authorized resources are lower than a first threshold value, deleting the access authority of the target device to the first resource.
3. The method of claim 1, wherein the adjusting the access rights of the target device to the plurality of rights resources based on the access information comprises:
and when the access information indicates that the access times of a target access interface of a second resource in the plurality of authorized resources are lower than a second threshold value, deleting the access authority of the target device to the target access interface of the second resource.
4. The method of claim 3, wherein the type of the target access interface comprises:
a port;
or, an application programming interface API.
5. The method according to any one of claims 1 to 4, wherein the obtaining the authority information of the target device comprises:
receiving resource application information of the target equipment, wherein the resource application information is used for indicating the target equipment to apply for the opened resource;
and taking the resource which is applied for opening by the target equipment as the initial authority resource of the target equipment.
6. The method according to any one of claims 1 to 4, wherein the recording the access condition of the target device to the plurality of authorized resources and generating access information comprises:
receiving access request information of the target device, wherein the access request information is used for indicating a third resource which the target device requests to access;
and under the condition that the third resource belongs to the authority resource, allowing the target equipment to access the third resource, recording access time and the third resource, and generating the access information.
7. The method of claim 6, further comprising:
and sending application prompt information to the target equipment under the condition that the third resource does not belong to the authority resource, wherein the application prompt information is used for prompting the target equipment to initiate a resource application for the third resource.
8. The method according to any one of claims 1 to 4, wherein after adjusting the access rights of the target device to the plurality of rights resources based on the access information, the method further comprises:
and setting the authority resources with the access authority of the other equipment for the other equipment according to the adjusted authority resources with the access authority of the target equipment.
9. An apparatus for managing access rights, the apparatus comprising:
the system comprises an authority information acquisition module, a storage module and a processing module, wherein the authority information acquisition module is used for acquiring authority information of target equipment, and the authority information is used for representing a plurality of authority resources with access authority of the target equipment;
the access information generation module is used for recording the access condition of the target equipment to the plurality of authority resources and generating access information;
and the access authority adjusting module is used for adjusting the access authority of the target equipment to the plurality of authority resources based on the access information.
10. A computer device comprising a processor and a memory, wherein the memory stores at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by the processor to implement the method of managing access rights according to any one of claims 1 to 8.
11. A computer-readable storage medium, having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by a processor to implement a method of managing access rights according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210877028.8A CN115242516A (en) | 2022-07-25 | 2022-07-25 | Access authority management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210877028.8A CN115242516A (en) | 2022-07-25 | 2022-07-25 | Access authority management method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115242516A true CN115242516A (en) | 2022-10-25 |
Family
ID=83675235
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210877028.8A Pending CN115242516A (en) | 2022-07-25 | 2022-07-25 | Access authority management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115242516A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104598778A (en) * | 2013-10-30 | 2015-05-06 | 中国移动通信集团江苏有限公司 | Permission dispatching method and device |
| US20170295181A1 (en) * | 2016-04-08 | 2017-10-12 | Balaji PARIMI | Activity based access control in heterogeneous environments |
| CN107979580A (en) * | 2016-10-24 | 2018-05-01 | 腾讯科技(深圳)有限公司 | A kind of access control method, device and server |
| CN108256313A (en) * | 2017-12-18 | 2018-07-06 | 广东睿江云计算股份有限公司 | A kind of right management method, system and device |
| CN111767574A (en) * | 2020-06-28 | 2020-10-13 | 北京天融信网络安全技术有限公司 | User permission determining method and device, electronic equipment and readable storage medium |
| US10986131B1 (en) * | 2014-12-17 | 2021-04-20 | Amazon Technologies, Inc. | Access control policy warnings and suggestions |
-
2022
- 2022-07-25 CN CN202210877028.8A patent/CN115242516A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104598778A (en) * | 2013-10-30 | 2015-05-06 | 中国移动通信集团江苏有限公司 | Permission dispatching method and device |
| US10986131B1 (en) * | 2014-12-17 | 2021-04-20 | Amazon Technologies, Inc. | Access control policy warnings and suggestions |
| US20170295181A1 (en) * | 2016-04-08 | 2017-10-12 | Balaji PARIMI | Activity based access control in heterogeneous environments |
| CN107979580A (en) * | 2016-10-24 | 2018-05-01 | 腾讯科技(深圳)有限公司 | A kind of access control method, device and server |
| CN108256313A (en) * | 2017-12-18 | 2018-07-06 | 广东睿江云计算股份有限公司 | A kind of right management method, system and device |
| CN111767574A (en) * | 2020-06-28 | 2020-10-13 | 北京天融信网络安全技术有限公司 | User permission determining method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102320755B1 (en) | On-device machine learning platform | |
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| CN111970315A (en) | Method, device and system for pushing message | |
| US9294468B1 (en) | Application-level certificates for identity and authorization | |
| CN109391673B (en) | Method, system and terminal equipment for managing update file | |
| US11632247B2 (en) | User security token invalidation | |
| WO2019192129A1 (en) | Customer data security access method and device based on mobile terminal | |
| CN110069909B (en) | Method and device for login of third-party system without secret | |
| CN108289074B (en) | User account login method and device | |
| WO2018001065A1 (en) | Method, device and system for managing application | |
| WO2019001082A1 (en) | Authentication method and device for video stream address | |
| CN113691646A (en) | Domain name service resource access method, device, electronic equipment and medium | |
| CN111988262B (en) | Authentication method, authentication device, server and storage medium | |
| JP2023519650A (en) | Internet-of-Things device registration method, device, device and storage medium | |
| CN111262819B (en) | VOIP SDK access control method and device | |
| CN115242516A (en) | Access authority management method, device, equipment and storage medium | |
| CN114157470B (en) | Token management method and device | |
| CN108566421B (en) | Network type distribution method and system based on network attached storage | |
| WO2022006825A1 (en) | Device access method in internet of things, apparatus, computer device, and storage medium | |
| JPWO2021064874A5 (en) | ||
| CN115643028A (en) | Business certificate management method and device, storage medium and electronic device | |
| CN109302446B (en) | Cross-platform access method and device, electronic equipment and storage medium | |
| CN114356355A (en) | Data burning method, device, equipment and storage medium | |
| CN109150893B (en) | Service request forwarding method and related device | |
| CN115189897A (en) | Access processing method and device for zero trust network, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |