CN103312721A - Cloud platform access control framework and implementation method thereof - Google Patents

Cloud platform access control framework and implementation method thereof Download PDF

Info

Publication number
CN103312721A
CN103312721A CN2013102793427A CN201310279342A CN103312721A CN 103312721 A CN103312721 A CN 103312721A CN 2013102793427 A CN2013102793427 A CN 2013102793427A CN 201310279342 A CN201310279342 A CN 201310279342A CN 103312721 A CN103312721 A CN 103312721A
Authority
CN
China
Prior art keywords
tenant
access control
top layer
layer
cloud platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013102793427A
Other languages
Chinese (zh)
Other versions
CN103312721B (en
Inventor
肖志辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING MAIPU HUAXIN INFORMATION TECHNOLOGY Co Ltd
Original Assignee
BEIJING MAIPU HUAXIN INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING MAIPU HUAXIN INFORMATION TECHNOLOGY Co Ltd filed Critical BEIJING MAIPU HUAXIN INFORMATION TECHNOLOGY Co Ltd
Priority to CN201310279342.7A priority Critical patent/CN103312721B/en
Publication of CN103312721A publication Critical patent/CN103312721A/en
Application granted granted Critical
Publication of CN103312721B publication Critical patent/CN103312721B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a cloud platform access control framework and an implementation method thereof. In a cloud platform environment, access control is realized through layered architecture design of a cloud platform. The implementation method has the advantages that access control of an application software component is shared to tenant layers from a basic platform layer, upper-layer tenants manage access control authority limit of lower-layer sub-tenants, and the basic platform layer only manages top-layer tenants, so that management complexity of the platform layer to the access control of tenants is reduced, self-management capability of cloud platform access control is improved, and system usability and maintainability are improved; component subleasing capabilities of the tenants are realized; a multi-brand and multi-tenant access function is realized through mapping of domain names and the tenants; expansibility and generality are high.

Description

A kind of cloud platform access control framework and its implementation
Technical field
The invention belongs to areas of information technology, relate in particular under the cloud platform environment, by adopting layer architecture to design to the cloud platform, realize access control.
Background technology
Under the cloud platform environment, there is SaaS(Software as a service, software is namely served) this application software component pattern, this pattern is passed through the application software component unified plan on server, the tenant is according to the demand of oneself, order required application software component to service provider, and pay corresponding expense according to lease time or the concrete application software component of ordering.This application model is a kind of many tenants' system architecture, and each of platform application software component all supports a plurality of tenants to use simultaneously, in use is independent of each other between the tenant, and perceptual image is that oneself to exclusively enjoy this application software component the same.Need strict access control under this pattern, thereby guarantee between the tenant and the data isolation between the user under the tenant and application, configuration isolation, improve fail safe, consistency and the integrality of data.
Traditional access control RBAC(Role-Based Access Control, access control based on the role) generally for the unified component accesses that solves large enterprise inside, basic principle is the definition role, and formulate this role have the visit one or more groups application software component authority, the user is assigned as this role, the mode by authority-role-user realizes access control again.Yet, there is not tenant's concept on the RBAC, can not adapt to cloud platform application scene, lack role's ability of self-management, in large-scale cloud plateform system, adopt RBAC need set up a large amount of roles, reduced system's ease for use and maintainability.
Prior art is at the characteristics of cloud platform, to improving on traditional RBAC, increased tenant's concept, to adapt to the requirement of cloud platform, but under this framework, when too much or application software component is too much as the tenant, management to access control remains a huge job, and, under this framework, because the tenant can only define the user of self, isolate fully between the tenant, cause realizing subleting of tenant's assembly or application, on the other hand, when different users uses the cloud platform, need at first visit the public login interface of cloud platform, by when login that the tenant is related with the user again, and then change tenant's privately owned interface over to, can not be from supporting the characteristics of multi-user's brand under many tenants in essence.
Therefore, be necessary to propose a kind of new application platform access control framework, solving in the prior art can not simultaneously compatible multistage tenant's multi-brand service on same platform, and the problem that can not sublet of the access control right of application software component.
Summary of the invention
In view of this, the invention provides a kind of cloud platform access control framework and its implementation, with solve deposit in the prior art solve in the prior art can not be on same platform compatible multistage tenant simultaneously, and the problem that can not sublet of the access control right of application software component.
For solving the problems of the technologies described above, technical scheme of the present invention is achieved in that
First invention the invention provides a kind of cloud platform access control framework, comprising:
The basic platform layer is positioned at the top layer of access control framework, is used to the top layer tenant in the top layer tenant layer that spendable application software component is provided, and directly manages each top layer tenant's access control right;
Top layer tenant layer is positioned under the basic platform layer, is used to each top layer tenant to create sub-tenant, realizes subleting the employed application software component of top layer tenant; And directly manage next straton tenant's of each top layer tenant access control right.
Further, described cloud platform access control framework also comprises: the tenant of lower floor layer, the described tenant of lower floor layer are made of described top layer tenant's sub-tenant or are made of more next straton tenant of each straton tenant.
Further, described basic platform layer comprises the podium level keeper, is used for the application software component that described top layer tenant asks to use is examined and managed; And the top layer tenant who passes through for each audit creates the tenant keeper.
Concrete, described tenant keeper is used for creating this tenant's user role, and when creating the user distributing user role, the application software component of the user being asked to use according to the user role control that conducts interviews.And described tenant keeper, also be used for the application software component that following straton tenant asks to sublet is examined and managed, and the sub-tenant who passes through for each audit creates the tenant keeper.
Concrete, top layer tenant and each sub-tenant identify by unique tenant ID in the cloud platform, and each tenant provides unique domain name access address to the user, and the IP address of domain name reference address all is mapped on the real ip address of cloud platform.
Second invention provides a kind of cloud platform access to control the implementation method of framework, comprising:
Step 1 is created the basic platform layer that application software component is provided;
Step 2, the top layer tenant initiates to use the application for registration of application software component to the basic platform layer; The basic platform layer receives described application for registration and audit pass through after, directly manage top layer tenant's access control right;
Step 3 after the top layer tenant receives down straton tenant's application for registration and audit and passes through, realizes subleting the employed application software component of this top layer tenant; And directly straton tenant's access control right is descended in management.
Further, in step 2, the podium level keeper examines the application for registration that the top layer tenant initiates, and the application software component that the top layer tenant applies for is authorized by the back in audit, and for the top layer tenant creates tenant layer-management person, directly manage top layer tenant's access control right;
In step 3, the top layer tenant receive down the straton tenant application for registration and the audit pass through after, the application software component that the following straton tenant who sends application for registration applies for is authorized, and create tenant layer-management person for the described tenant of lower floor, directly manage top layer tenant's access control right.
Further, described method also comprises step 4, after sub-tenant receives next straton tenant's more application for registration and audit and passes through, more next the straton tenant who sends application for registration is applied for that the application software component of using authorizes establishment tenant layer-management person; And direct management next straton tenant's access control right more.
Concrete, described step 1 and/or step 2 and/or step 3 and/or step 4 specifically also comprise:
Create role access control step: after the application for registration audit is passed through, the tenant keeper directly has the administration authority of the application software component of use of applying for, tenant layer-management person defines a plurality of roles according to the actual requirements, and each role has the access rights of corresponding function and data;
Create user's access control step: directly create the user for affiliated tenant by the tenant keeper, and the user who creates is carried out role assignments;
Realize the access control step: the user visits the unique domain name of tenant to cloud platform login interface, behind input account number and the password, the cloud platform obtains this tenant's information according to tenant's domain name and ID that this user visits from database, carry out authentication and allow login by the back; System will obtain this user role information, specify the access rights of application software component for the user according to role-security.
In sum, the present invention's beneficial effect of the present invention comprises: by the method for layering, the access control of application software component is shared tenant's layer from podium level, managed down straton tenant's access control right by the upper strata tenant, podium level is only managed the top layer tenant, reduce the management complexity of podium level to tenant's access control, improved the ability of self-management of cloud platform access control, improved ease for use and the maintainability of system; Realization tenant's assembly is subleted ability; By domain name and tenant's mapping, realize many tenants of multi-brand access function; Autgmentability is strong, highly versatile.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, to do to introduce simply to the accompanying drawing of required use among the embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the structured flowchart of the cloud platform access control framework of the embodiment of the invention;
Fig. 2 is the access control model figure of the cloud platform access control framework of the embodiment of the invention;
Fig. 3 is the implementation method flow chart of the cloud platform access control framework of the embodiment of the invention;
Fig. 4 is the access control flow chart of user in the cloud platform of the embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Referring to Fig. 1, the structured flowchart for the cloud platform access of the embodiment of the invention of the present invention control framework comprises:
Basic platform layer 101 is positioned at the top layer of access control framework, is used to the top layer tenant in the top layer tenant layer that spendable application software component is provided, and directly manages each top layer tenant's access control right.This basic platform layer can not manage the operating position of tenant's application software component, only has the administrative power of all application software component of system, does not have the right to use of application software component.
Top layer tenant layer 102 is positioned under the basic platform layer, is used to each top layer tenant to create sub-tenant, realizes subleting the employed application software component of top layer tenant; And directly manage next straton tenant's of each top layer tenant access control right.Described tenant may be company and enterprise or any public organization, is the user of application software component, and each tenant uses application software component to have the highest rights of using to request.Can set up the tenant again under each tenant, realize having formed the tenant of lower floor layer 103 to using subleting of software component software, last layer tenant management and control is tenant's that one deck is set up access rights down.
The tenant of lower floor layer 103, the described tenant of lower floor layer 103 are made of described top layer tenant's sub-tenant or are made of more next straton tenant of each straton tenant.
Referring to Fig. 2, control the access control model figure of framework for the cloud platform access of the embodiment of the invention.Become many-to-one relationship between tenant and the basic platform layer, the basic platform layer is set up the podium level keeper, directly manage top layer tenant's access control right by the podium level keeper, may also have expense, state etc., and establishment top layer tenant's tenant keeper, the basic platform layer can not be managed except the access control right below the top layer tenant.
The tenant can realize subleting the application software component of oneself using and give other tenants, after subleting, the two becomes father tenant and sub-tenant relation, father tenant directly manages sub-tenant's access control right, may also have expense, state etc., and create sub-tenant's tenant keeper, father tenant can not the antithetical phrase tenant concrete business manage, be many-one relationship between father tenant and the sub-tenant, the tenant can sublet application software component and give a plurality of permit holders, and permit holder can only be inherited application software component from a tenant.
The tenant directly defines user's role, specifically carried out by the tenant keeper, and be many-to-one relationship between role and the tenant, the role is limited in coming into force in tenant's the scope.Role's authority is specified by the tenant keeper, is many-to-many relationship between role and the authority, and the authority that has of role must be limited in the extent of competence that the tenant has under the role.
The tenant directly creates the user, is specifically carried out by the tenant keeper, and the user of establishment needs designated user role, is many-to-one relationship between user and the role, and the user is limited in the interior application software component of using the cloud platform of scope that the tenant authorizes.Mapping relations between user and the role are sessions, the authority that the authority that recording user is allowed to and role are allowed to.
The authority that each tenant has is directly specified by this tenant's father tenant, and authority comprises the function right to use and the reading and writing data power of application software component, is many-to-many relationship between authority and the tenant.
Another object of the present invention provides the implementation method of a kind of cloud platform access control framework, and referring to Fig. 3, the implementation method flow chart for the cloud platform access control framework of the embodiment of the invention comprises:
Step 301 is created the basic platform layer that application software component is provided.The cloud service that described application software component comprises for example task management, customer account management, sends work attendance to some other department, address list, employee position, media push, intelligent network management etc. provide for enterprise.This component software also can be to be finished by the tenant customization exploitation.
Step 302, the top layer tenant initiates to use the application for registration of application software component to the basic platform layer; The basic platform layer receives described application for registration and audit pass through after, directly manage top layer tenant's access control right.
The registering functional of top layer tenant by using the basic platform layer to provide, initiate application for registration to the basic platform layer, the application for registration content comprises essential information, for example unit, domain name, lease content, lease time, examine the application content by the podium level keeper, after audit is passed through, and the application software component that the tenant applies for authorized, create tenant layer-management person.
Step 303 after the top layer tenant receives down straton tenant's application for registration and audit and passes through, realizes subleting the employed application software component of this top layer tenant; And directly straton tenant's access control right is descended in management.
When the application software component that it need be had as top layer tenant's sub-tenant is subleted to other permit holder, permit holder need be initiated application for registration to this sublessee, the mode of application is this tenant's of visit registering functional address, wherein, the access to netwoks address of different tenants and cloud platform all is to identify by unique domain name; By this tenant keeper audit, after the audit application was passed through, permit holder became this top layer tenant's sub-tenant.For example permit holder C plan is from the top layer tenant B rental applications component software of cloud platform A, then permit holder C is at first by domain name access top layer tenant B, initiate application for registration, content comprises unit, domain name, lease content, term of a lease etc., top layer tenant B keeper examines application, and the content of lease and time limit are limited in the scope that top layer tenant B has.
If audit is passed through, the newly-built tenant D of system then, and unique domain name of preserving tenant D, the keeper of top layer tenant B distributes corresponding access rights according to the application content for tenant D, and the tenant keeper who creates tenant D, then top layer tenant B becomes the father tenant of tenant D, and tenant D becomes the sub-tenant of top layer tenant B; Otherwise, refusal.After audit is passed through, specifically carry out following steps:
1) creates role access control: after the application audit is passed through, tenant layer-management person directly has the administration authority of the application software component of leasing, tenant layer-management person defines a plurality of roles according to the actual requirements, and each role has the access rights of corresponding function and data;
2) create user's access control: directly create the user for affiliated tenant by tenant layer-management person, and the user who creates is carried out role's appointment;
3) realize access control: the user visits the unique domain name of tenant to cloud platform login interface, behind input account number and the password, tenant's domain name and ID that the cloud platform is visited according to this user, from database, obtain this tenant's information, obtain this user's information then, carry out authentication, if pass through, then allow login, system will obtain this user role information, specify the access rights of application software component for the user according to role-security; If do not have this user, perhaps this user belongs to other tenant, and then authentication all can not be passed through, and login will be refused by system.
Step 304 after sub-tenant receives next straton tenant's more application for registration and audit and passes through, applies for that to more next the straton tenant who sends application for registration the application software component of using authorizes establishment tenant layer-management person; And direct management next straton tenant's access control right more.
For example, top layer tenant's sub-tenant A sublets certain application software component behind permit holder C, and sub-tenant A becomes the father tenant of tenant C, and permit holder C becomes next straton tenant of sub-tenant A, and namely permit holder C becomes the 3rd layer of tenant of cloud plateform system.
Referring to Fig. 4, be the access control flow chart of user in the cloud platform of the embodiment of the invention, comprise the steps:
Step 401, the user arrives the cloud platform by the unique domain name of visit tenant;
Step 402, the access request that the cloud plateform system is submitted to according to the user is resolved the domain name that the user visits from the host field of http agreement, and searches the tenant of this domain name correspondence from database;
Step 403, cloud plateform system find this tenant's corresponding tenant's brand and login page data from database, content of pages is returned to the user;
Step 405, the user imports username and password and attempts login, and the cloud plateform system judges whether there is this user among the tenant, whether this user login code is correct according to tenant and user's relation, judges namely whether login is successful;
Step 406, if login successfully, then the cloud plateform system is searched user role, and the granted access content; Otherwise, refusal.
The above is preferred embodiment of the present invention only, is not for limiting protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. a cloud platform access control framework is characterized in that, comprising:
The basic platform layer is positioned at the top layer of access control framework, is used to the top layer tenant in the top layer tenant layer that spendable application software component is provided, and directly manages each top layer tenant's access control right;
Top layer tenant layer is positioned under the basic platform layer, is used to each top layer tenant to create sub-tenant, realizes subleting the employed application software component of top layer tenant; And directly manage next straton tenant's of each top layer tenant access control right.
2. cloud platform access control framework according to claim 1 is characterized in that, also comprises:
The tenant of lower floor layer, the described tenant of lower floor layer are made of described top layer tenant's sub-tenant or are made of more next straton tenant of each straton tenant.
3. cloud platform access control framework according to claim 1 and 2 is characterized in that described basic platform layer comprises the podium level keeper, is used for the application software component that described top layer tenant asks to use is examined and managed; And the top layer tenant who passes through for each audit creates the tenant keeper.
4. cloud platform access according to claim 3 is controlled framework, it is characterized in that described tenant keeper is used for creating this tenant's user role, and when creating the user distributing user role, the application software component of the user being asked to use according to the user role control that conducts interviews.
5. cloud platform access according to claim 4 is controlled framework, it is characterized in that, described tenant keeper also be used for the application software component that following straton tenant asks to sublet is examined and managed, and the sub-tenant who passes through for each audit creates the tenant keeper.
6. according to claim 4 or 5 described cloud platform access control frameworks, it is characterized in that, top layer tenant and each sub-tenant identify by unique tenant ID in the cloud platform, and each tenant provides unique domain name access address to the user, and the IP address of domain name reference address all is mapped on the real ip address of cloud platform.
7. the implementation method of a cloud platform access control framework is characterized in that, comprising:
Step 1 is created the basic platform layer that application software component is provided;
Step 2, the top layer tenant initiates to use the application for registration of application software component to the basic platform layer; The basic platform layer receives described application for registration and audit pass through after, directly manage top layer tenant's access control right;
Step 3 after the top layer tenant receives down straton tenant's application for registration and audit and passes through, realizes subleting the employed application software component of this top layer tenant; And directly straton tenant's access control right is descended in management.
8. the implementation method of cloud platform access control framework as claimed in claim 7 is characterized in that,
In step 2, the podium level keeper examines the application for registration that the top layer tenant initiates, the application software component that the top layer tenant applies for is authorized by the back in audit, and for the top layer tenant creates tenant layer-management person, directly manage top layer tenant's access control right;
In step 3, the top layer tenant receive down the straton tenant application for registration and the audit pass through after, the application software component that the following straton tenant who sends application for registration applies for is authorized, and create tenant layer-management person for the described tenant of lower floor, directly manage top layer tenant's access control right.
9. as the implementation method of claim 7 or 8 described cloud platform access control frameworks, it is characterized in that, described method also comprises step 4, after sub-tenant receives next straton tenant's more application for registration and audit and passes through, more next the straton tenant who sends application for registration is applied for that the application software component of using authorizes, create tenant layer-management person; And direct management next straton tenant's access control right more.
10. cloud platform access as claimed in claim 9 is controlled the implementation method of framework, it is characterized in that described step 1 and/or step 2 and/or step 3 and/or step 4 specifically also comprise:
Create role access control step: after the application for registration audit is passed through, the tenant keeper directly has the administration authority of the application software component of use of applying for, tenant layer-management person defines a plurality of roles according to the actual requirements, and each role has the access rights of corresponding function and data;
Create user's access control step: directly create the user for affiliated tenant by the tenant keeper, and the user who creates is carried out role assignments;
Realize the access control step: the user visits the unique domain name of tenant to cloud platform login interface, behind input account number and the password, the cloud platform obtains this tenant's information according to tenant's domain name and ID that this user visits from database, carry out authentication and allow login by the back; System will obtain this user role information, specify the access rights of application software component for the user according to role-security.
CN201310279342.7A 2013-07-04 2013-07-04 A kind of cloud platform accesses and controls framework and implementation method thereof Active CN103312721B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310279342.7A CN103312721B (en) 2013-07-04 2013-07-04 A kind of cloud platform accesses and controls framework and implementation method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310279342.7A CN103312721B (en) 2013-07-04 2013-07-04 A kind of cloud platform accesses and controls framework and implementation method thereof

Publications (2)

Publication Number Publication Date
CN103312721A true CN103312721A (en) 2013-09-18
CN103312721B CN103312721B (en) 2016-12-28

Family

ID=49137505

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310279342.7A Active CN103312721B (en) 2013-07-04 2013-07-04 A kind of cloud platform accesses and controls framework and implementation method thereof

Country Status (1)

Country Link
CN (1) CN103312721B (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243565A (en) * 2014-09-04 2014-12-24 华为软件技术有限公司 Method and device for obtaining configuration data
CN105354891A (en) * 2015-11-12 2016-02-24 浪潮软件股份有限公司 Attendance checking management method and system
CN105917309A (en) * 2014-01-20 2016-08-31 惠普发展公司,有限责任合伙企业 Determining a permission of a first tenant with respect to a second tenant
CN106302334A (en) * 2015-05-22 2017-01-04 中兴通讯股份有限公司 Access role acquisition methods, Apparatus and system
CN106487770A (en) * 2015-09-01 2017-03-08 阿里巴巴集团控股有限公司 Method for authenticating and authentication device
CN106959849A (en) * 2017-02-28 2017-07-18 广州市飞元信息科技有限公司 A kind of method for controlling instrument to perform in many mechanism public door families
CN107430666A (en) * 2015-03-19 2017-12-01 微软技术许可有限责任公司 Tenant's lock box
CN108471421A (en) * 2018-03-29 2018-08-31 深信服科技股份有限公司 Method, system and the relevant apparatus of multiple exclusive platforms are built under a kind of cloud environment
CN105429999B (en) * 2015-12-17 2018-09-25 北京荣之联科技股份有限公司 Unified single sign-on system based on cloud platform
CN108701059A (en) * 2016-02-19 2018-10-23 华为技术有限公司 Multi-tenant resource allocation methods and system
CN108933623A (en) * 2018-09-10 2018-12-04 西安天问智能科技有限公司 A kind of register method, the apparatus and system of unmanned plane and cloud platform
CN109450984A (en) * 2018-10-16 2019-03-08 深信服科技股份有限公司 A kind of management method of cloud framework, equipment and computer readable storage medium
CN109510866A (en) * 2018-10-23 2019-03-22 东软集团股份有限公司 For the method for pushing of cloud supplying system, device, storage medium and electronic equipment
CN110414252A (en) * 2019-08-02 2019-11-05 湖南御家科技有限公司 A kind of method for processing business, system and electronic equipment and storage medium
CN110968880A (en) * 2018-09-30 2020-04-07 北京国双科技有限公司 Account authority processing method and device
CN111429223A (en) * 2020-03-26 2020-07-17 中国建设银行股份有限公司 Configuration method and device based on multi-tenant platform
CN111712792A (en) * 2018-02-19 2020-09-25 西门子股份公司 Method and system for managing sub-tenants in cloud computing environment
CN111736827A (en) * 2020-08-25 2020-10-02 长沙慧码至一信息科技有限公司 Cloud native development component system
CN111818090A (en) * 2020-08-04 2020-10-23 蝉鸣科技(西安)有限公司 Authority management method and system on SaaS platform
CN111865943A (en) * 2020-07-02 2020-10-30 北京同创永益科技发展有限公司 Multi-level tenant authentication method and device based on micro-service
CN111988173A (en) * 2020-08-19 2020-11-24 北京安瑞志远科技有限公司 Tenant management platform and tenant management method based on multi-layer parent-child structure tenant
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
CN112487378A (en) * 2020-12-11 2021-03-12 宝付网络科技(上海)有限公司 Tenant authority management system suitable for big data platform
CN112948798A (en) * 2021-03-19 2021-06-11 深圳市商汤科技有限公司 Data processing method and related product
CN114327445A (en) * 2022-01-25 2022-04-12 上海电气集团数字科技有限公司 Model development platform and method based on user-defined operator component

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101263504A (en) * 2005-09-16 2008-09-10 皇家飞利浦电子股份有限公司 Cryptographic role-based access control
CN102314509A (en) * 2011-09-09 2012-01-11 华南理工大学 Industry knowledge collaborative management system of SAAS (Software As A Service) mode and integration method thereof
EP2469444A1 (en) * 2010-12-22 2012-06-27 Tata Consultancy Services Ltd. Multi-tenant system
CN102739771A (en) * 2012-04-18 2012-10-17 上海和辰信息技术有限公司 Cloud application integrated management platform and method supporting service fusion
WO2012151419A1 (en) * 2011-05-03 2012-11-08 Symantec Corporation Techniques for providing access to data in dynamic shared accounts

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101263504A (en) * 2005-09-16 2008-09-10 皇家飞利浦电子股份有限公司 Cryptographic role-based access control
EP2469444A1 (en) * 2010-12-22 2012-06-27 Tata Consultancy Services Ltd. Multi-tenant system
WO2012151419A1 (en) * 2011-05-03 2012-11-08 Symantec Corporation Techniques for providing access to data in dynamic shared accounts
CN102314509A (en) * 2011-09-09 2012-01-11 华南理工大学 Industry knowledge collaborative management system of SAAS (Software As A Service) mode and integration method thereof
CN102739771A (en) * 2012-04-18 2012-10-17 上海和辰信息技术有限公司 Cloud application integrated management platform and method supporting service fusion

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
马立林等: "基于RBAC的SaaS系统的权限模型", 《计算机应用与软件》, vol. 27, no. 4, 30 April 2010 (2010-04-30) *

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105917309A (en) * 2014-01-20 2016-08-31 惠普发展公司,有限责任合伙企业 Determining a permission of a first tenant with respect to a second tenant
CN105917309B (en) * 2014-01-20 2020-02-07 惠普发展公司,有限责任合伙企业 Determining permissions of a first tenant with respect to a second tenant
US10218703B2 (en) 2014-01-20 2019-02-26 Hewlett-Packard Development Company, L.P. Determining a permission of a first tenant with respect to a second tenant
CN104243565A (en) * 2014-09-04 2014-12-24 华为软件技术有限公司 Method and device for obtaining configuration data
CN104243565B (en) * 2014-09-04 2018-02-06 华为软件技术有限公司 The method and apparatus for obtaining configuration data
CN107430666B (en) * 2015-03-19 2020-06-26 微软技术许可有限责任公司 Tenant lock box
US11075917B2 (en) 2015-03-19 2021-07-27 Microsoft Technology Licensing, Llc Tenant lockbox
CN107430666A (en) * 2015-03-19 2017-12-01 微软技术许可有限责任公司 Tenant's lock box
CN106302334A (en) * 2015-05-22 2017-01-04 中兴通讯股份有限公司 Access role acquisition methods, Apparatus and system
CN106302334B (en) * 2015-05-22 2020-06-12 中兴通讯股份有限公司 Access role obtaining method, device and system
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
CN106487770A (en) * 2015-09-01 2017-03-08 阿里巴巴集团控股有限公司 Method for authenticating and authentication device
CN106487770B (en) * 2015-09-01 2019-07-30 阿里巴巴集团控股有限公司 Method for authenticating and authentication device
CN105354891A (en) * 2015-11-12 2016-02-24 浪潮软件股份有限公司 Attendance checking management method and system
CN105429999B (en) * 2015-12-17 2018-09-25 北京荣之联科技股份有限公司 Unified single sign-on system based on cloud platform
CN108701059A (en) * 2016-02-19 2018-10-23 华为技术有限公司 Multi-tenant resource allocation methods and system
CN106959849A (en) * 2017-02-28 2017-07-18 广州市飞元信息科技有限公司 A kind of method for controlling instrument to perform in many mechanism public door families
CN111712792B (en) * 2018-02-19 2023-12-05 西门子股份公司 Method and system for managing sub-tenants in cloud computing environment
CN111712792A (en) * 2018-02-19 2020-09-25 西门子股份公司 Method and system for managing sub-tenants in cloud computing environment
CN108471421B (en) * 2018-03-29 2021-10-19 深信服科技股份有限公司 Method, system and related device for constructing multiple exclusive platforms in cloud environment
CN108471421A (en) * 2018-03-29 2018-08-31 深信服科技股份有限公司 Method, system and the relevant apparatus of multiple exclusive platforms are built under a kind of cloud environment
CN108933623A (en) * 2018-09-10 2018-12-04 西安天问智能科技有限公司 A kind of register method, the apparatus and system of unmanned plane and cloud platform
CN110968880A (en) * 2018-09-30 2020-04-07 北京国双科技有限公司 Account authority processing method and device
CN109450984A (en) * 2018-10-16 2019-03-08 深信服科技股份有限公司 A kind of management method of cloud framework, equipment and computer readable storage medium
CN109450984B (en) * 2018-10-16 2021-12-21 深信服科技股份有限公司 Cloud architecture management method and device and computer readable storage medium
CN109510866A (en) * 2018-10-23 2019-03-22 东软集团股份有限公司 For the method for pushing of cloud supplying system, device, storage medium and electronic equipment
CN110414252A (en) * 2019-08-02 2019-11-05 湖南御家科技有限公司 A kind of method for processing business, system and electronic equipment and storage medium
CN111429223A (en) * 2020-03-26 2020-07-17 中国建设银行股份有限公司 Configuration method and device based on multi-tenant platform
CN111865943A (en) * 2020-07-02 2020-10-30 北京同创永益科技发展有限公司 Multi-level tenant authentication method and device based on micro-service
CN111818090B (en) * 2020-08-04 2022-09-23 蝉鸣科技(西安)有限公司 Authority management method and system on SaaS platform
CN111818090A (en) * 2020-08-04 2020-10-23 蝉鸣科技(西安)有限公司 Authority management method and system on SaaS platform
CN111988173A (en) * 2020-08-19 2020-11-24 北京安瑞志远科技有限公司 Tenant management platform and tenant management method based on multi-layer parent-child structure tenant
CN111988173B (en) * 2020-08-19 2023-09-12 北京安瑞志远科技有限公司 Tenant management platform and tenant management method based on multi-layer father-son structure tenant
CN111736827B (en) * 2020-08-25 2020-12-01 长沙慧码至一信息科技有限公司 Cloud native development component system
CN111736827A (en) * 2020-08-25 2020-10-02 长沙慧码至一信息科技有限公司 Cloud native development component system
CN112487378A (en) * 2020-12-11 2021-03-12 宝付网络科技(上海)有限公司 Tenant authority management system suitable for big data platform
CN112948798A (en) * 2021-03-19 2021-06-11 深圳市商汤科技有限公司 Data processing method and related product
CN114327445A (en) * 2022-01-25 2022-04-12 上海电气集团数字科技有限公司 Model development platform and method based on user-defined operator component
CN114327445B (en) * 2022-01-25 2024-10-15 上海电气集团数字科技有限公司 Model development platform and method based on custom operator component

Also Published As

Publication number Publication date
CN103312721B (en) 2016-12-28

Similar Documents

Publication Publication Date Title
CN103312721A (en) Cloud platform access control framework and implementation method thereof
US9047462B2 (en) Computer account management system and realizing method thereof
EP2510466B1 (en) Delegated and restricted asset-based permissions management for co-location facilities
CN105393219B (en) application market for virtual desktop
CN106411857B (en) A kind of private clound GIS service access control method based on virtual isolation mech isolation test
US8495197B1 (en) Resource pooling and subletting from user to another user
CN109819061A (en) A kind of method, apparatus and equipment handling cloud service in cloud system
US9668124B2 (en) Rule based mobile device management delegation
CN109643242A (en) Safe design and framework for multi-tenant HADOOP cluster
CN107104931A (en) A kind of access control method and platform
CN110413923A (en) Campus informatization management system and method based on B/S framework
CN109213724A (en) Automate desktop arrangement
WO2018031308A1 (en) Secure private location based services
CN108924466B (en) Enterprise conference system based on multimedia technology
CN107003886A (en) The management that application of the trustship directory service to catalogue is accessed
CN112804193B (en) Unified account system for realizing multi-platform service intercommunication
CN101459542B (en) Method, apparatus and management system for authority control to administrator
KR20090128203A (en) Apparatus and method for controlling access in hosting service environment
Thakur et al. User identity & lifecycle management using LDAP directory server on distributed network
CN110460513B (en) Method, server and system for constructing multiple public number entries to realize space renting
CN116702123A (en) Enterprise-level steel trade user authority management platform and steel trade user authority distribution method
TWI635400B (en) Cloud-based management method
Tan et al. OpenStack Café: A Novel Time-Based User-centric Resource Management Framework in the Cloud
Rajpurohit et al. A Review on Cloud Computing and its Security Issues
KR20100115106A (en) System and method for supplying messenger service

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant