CN107992767A - A kind of authority control method based on more cloud platforms - Google Patents

A kind of authority control method based on more cloud platforms Download PDF

Info

Publication number
CN107992767A
CN107992767A CN201711222430.8A CN201711222430A CN107992767A CN 107992767 A CN107992767 A CN 107992767A CN 201711222430 A CN201711222430 A CN 201711222430A CN 107992767 A CN107992767 A CN 107992767A
Authority
CN
China
Prior art keywords
function
role
association
overall leadership
system under
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201711222430.8A
Other languages
Chinese (zh)
Inventor
黄伟健
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
G Cloud Technology Co Ltd
Original Assignee
G Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by G Cloud Technology Co Ltd filed Critical G Cloud Technology Co Ltd
Priority to CN201711222430.8A priority Critical patent/CN107992767A/en
Publication of CN107992767A publication Critical patent/CN107992767A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The present invention relates to cloudy platform management technical field, particularly a kind of authority control method based on more cloud platforms.Method of the present invention is to set system under the overall leadership, and multiple cloud platforms, which are unified in system under the overall leadership, carries out control of authority;Specific steps include step 1:All function points of system under the overall leadership are concluded, establish simultaneously function of initializing table;Step 2:According to the role needed for business function requirement definition, establish and initialize role's table;Step 3:Establish and initialize role and function association table;Step 4:According to contingency table, system under the overall leadership carries out corresponding authority limitation to different roles.The present invention solves cloudy platform power control complexity, can not uniformly set the authority of more cloud platforms, cause the problems such as waste of human resource;It can be applied to cloudy platform power unified management environment.

Description

A kind of authority control method based on more cloud platforms
Technical field
The present invention relates to cloudy platform management technical field, particularly a kind of authority control method based on more cloud platforms.
Background technology
Due to cloud computing fast development for many years, large quantities of ripe cloud computing platforms have been emerged in large numbers, these cloud platforms are carried The function of confession is similar.Many large enterprises or government organs, all dispose the cloud platform of multiple and different brands, and these clouds Platform each has a set of authority control method;Thus there are following hidden danger:
First, the function that each cloud platform provides is similar, but its control of authority page, api interface are not consistent, It can not be managed collectively.
Second, each cloud platform is required for single expert engineer to carry out rights management, waste of human resource is caused.
The content of the invention
Present approach provides a kind of authority control method based on more cloud platforms, solves cloudy platform power control Complexity, can not uniformly set the authority of more cloud platforms, the problems such as causing waste of human resource.
The present invention solve above-mentioned technical problem technical solution be:
The method is to set system under the overall leadership, and multiple cloud platforms, which are unified in system under the overall leadership, carries out control of authority;Specifically Step is as follows:
Step 1:All function points of system under the overall leadership are concluded, establish simultaneously function of initializing table;
Step 2:According to the role needed for business function requirement definition, establish and initialize role's table;
Step 3:Establish and initialize role and function association table;
Step 4:According to contingency table, system under the overall leadership carries out corresponding authority limitation to different roles.
The system under the overall leadership, refers to the system of the multiple cloud platform infrastructure of unified management, all cloud platforms All registered in system under the overall leadership;The various functions of cloud platform are all operated by this system, and system under the overall leadership contains different clouds The all functions operation of platform.
The foundation and function of initializing table, refer to the association attributes according to function, define the table structure of its database, And created, then all functions point summarized in system under the overall leadership is inserted into menu.
The step 2 is according to specific institutional framework, is classified to user;According to business demand, for each A role, defines its exercisable envelop of function, which function point is specifically included;And according to the association attributes of role, define it The table structure of database, is created, and then all roles gone out according to business function requirement definition are inserted into role's table;
The step 3 refers to the association attributes according to role and function association, defines the table structure of its database, goes forward side by side Row creates, and then the association of the corresponding function point of each role is inserted into role and function association table.
The step 4 refers to, according to the current character of system currently logged on user under the overall leadership and associating for menu, only permit Perhaps the function point of the current user operation role association.
Beneficial effects of the present invention are as follows:
The method of the present invention provides a kind of method of the control of authority based on more cloud platforms, solves cloudy platform power control Complexity, can not uniformly set the authority of more cloud platforms, cause the problems such as waste of human resource;Under unified management, can effectively it reduce Human resources are put into, and simplify the control of authority of more cloud platforms.
Brief description of the drawings
The present invention is further described below in conjunction with the accompanying drawings:
Fig. 1 is flow chart of the present invention.
Embodiment
Flow chart as shown in Figure 1, the description of specific embodiment below the present invention to establish and function of initializing table, role Table, function and role association table, carry out different roles corresponding authority limitation core interface to illustrate implementation method, specifically Implementation process is as follows:
1st, establish and function of initializing table code is as follows:
Establish menu:
According to actual functional capability, function of initializing table:
INSERT INTO`gcloud_cloud_manager`.`gcm_function`(`id`,`parentId`,` Name`, `url`, `description`, `disabled`) VALUES (' 05', NULL, ' Server', NULL, ' cloud service Device ', ' 0');
INSERT INTO`gcloud_cloud_manager`.`gcm_function`(`id`,`parentId`,` Name`, `url`, `description`, `disabled`) VALUES (' 06', NULL, ' Storage', NULL, ' storage money Source ', ' 0');
INSERT INTO`gcloud_cloud_manager`.`gcm_function`(`id`,`parentId`,` Name`, `url`, `description`, `disabled`) VALUES (' 07', NULL, ' Network', NULL, ' network money Source ', ' 0');
INSERT INTO`gcloud_cloud_manager`.`gcm_function`(`id`,`parentId`,` Name`, `url`, `description`, `disabled`) VALUES (' 08', NULL, ' Image', NULL, ' mirror image pipe Reason ', ' 0');
2nd, establish and to initialize role's table code as follows:
Establish role's table:
According to actual role, role's table is initialized:
INSERT INTO`gcloud_cloud_manager`.`gcm_role`(`id`,`name`,`creator`,` scope`,`description`,`createTime`,`isSuperAdmin`)VALUES(' 7d4581b36e454f5d9dfbd8b54d775e5a', ' system manager ', ' 29fd7212dcb04247b533850d6ce9b5fc', ' 0', ' system manager ', ' 2017-10-10 20:30:37',' 1');
INSERT INTO`gcloud_cloud_manager`.`gcm_role`(`id`,`name`,`creator`,` scope`,`description`,`createTime`,`isSuperAdmin`)VALUES(' 7d4581b36e454f5d9dfbd8b54d775e5b', ' department manager ', ' 29fd7212dcb04247b533850d6ce9b5fc', ' 1', ' department manager ', ' 2017-10-10 20:30:37',' 0');
INSERT INTO`gcloud_cloud_manager`.`gcm_role`(`id`,`name`,`creator`,` scope`,`description`,`createTime`,`isSuperAdmin`)VALUES(' 7d4581b36e454f5d9dfbd8b54d775e5c', ' Project Manager ', ' 29fd7212dcb04247b533850d6ce9b5fc', ' 2', ' Project Manager ', ' 2017-10-10 20:30:37',' 0');
INSERT INTO`gcloud_cloud_manager`.`gcm_role`(`id`,`name`,`creator`,` scope`,`description`,`createTime`,`isSuperAdmin`)VALUES(' 7d4581b36e454f5d9dfbd8b54d775e5d', ' department rank and file ', ' 29fd7212dcb04247b533850d6ce9b5fc', ' 1', ' common sector member ', ' 2017-10-10 20:30:37',' 0');INSERT INTO`gcloud_cloud_manager`.`gcm_role`(`id`,`name`,`creator`,`scope `,`description`,`createTime`,`isSuperAdmin`)VALUES(' 7d4581b36e454f5d9dfbd8b54d775e5e', ' project rank and file ', ' 29fd7212dcb04247b533850d6ce9b5fc', ' 2', ' common sector member ', ' 2017-10-10 20:30:37',' 0');
3rd, establish and function of initializing and role association table code are as follows:
Establish function and role association table:
According to actual functional capability and role association, function of initializing and role association table:
INSERT INTO`gcloud_cloud_manager`.`gcm_role_function`(`id`,`roleId`,` functionId`)VALUES('771','7d4581b36e454f5d9dfbd8b54d775e5e','01');
INSERT INTO`gcloud_cloud_manager`.`gcm_role_function`(`id`,`roleId`,` functionId`)VALUES('772','7d4581b36e454f5d9dfbd8b54d775e5e','03');
INSERT INTO`gcloud_cloud_manager`.`gcm_role_function`(`id`,`roleId`,` functionId`)VALUES('773','7d4581b36e454f5d9dfbd8b54d775e5e','0302');
4th, it is as follows to the different corresponding authority constrained codes of role's progress:
Whole flow process terminates.

Claims (10)

  1. A kind of 1. authority control method based on more cloud platforms, it is characterised in that:The method is to set system under the overall leadership, multiple Cloud platform, which is unified in system under the overall leadership, carries out control of authority;Comprise the following steps that:
    Step 1:All function points of system under the overall leadership are concluded, establish simultaneously function of initializing table;
    Step 2:According to the role needed for business function requirement definition, establish and initialize role's table;
    Step 3:Establish and initialize role and function association table;
    Step 4:According to contingency table, system under the overall leadership carries out corresponding authority limitation to different roles.
  2. 2. according to the method described in claim 1, it is characterized in that:
    The system under the overall leadership, refers to the system of the multiple cloud platform infrastructure of unified management, and all cloud platforms all exist Registered in system under the overall leadership;The various functions of cloud platform are all operated by this system, and system under the overall leadership contains different cloud platforms All functions operation.
  3. 3. according to the method described in claim 1, it is characterized in that:
    The foundation and function of initializing table, refer to the association attributes according to function, define the table structure of its database, go forward side by side Row creates, and then all functions point summarized in system under the overall leadership is inserted into menu.
  4. 4. according to the method described in claim 2, it is characterized in that:
    The foundation and function of initializing table, refer to the association attributes according to function, define the table structure of its database, go forward side by side Row creates, and then all functions point summarized in system under the overall leadership is inserted into menu.
  5. 5. method according to any one of claims 1 to 4, it is characterised in that:
    The step 2 is according to specific institutional framework, is classified to user;According to business demand, for each angle Color, defines its exercisable envelop of function, which function point is specifically included;And according to the association attributes of role, define its data The table structure in storehouse, is created, and then all roles gone out according to business function requirement definition are inserted into role's table;
  6. 6. method according to any one of claims 1 to 4, it is characterised in that:
    The step 3 refers to the association attributes according to role and function association, defines the table structure of its database, and is created Build, then the association of the corresponding function point of each role is inserted into role and function association table.
  7. 7. according to the method described in claim 5, it is characterized in that:
    The step 3 refers to the association attributes according to role and function association, defines the table structure of its database, and is created Build, then the association of the corresponding function point of each role is inserted into role and function association table.
  8. 8. method according to any one of claims 1 to 4, it is characterised in that:
    The step 4 refers to according to the current character of system currently logged on user under the overall leadership and associating for menu, only allows to work as The function point of the preceding user's operation role association.
  9. 9. according to the method described in claim 5, it is characterized in that:
    The step 4 refers to according to the current character of system currently logged on user under the overall leadership and associating for menu, only allows to work as The function point of the preceding user's operation role association.
  10. 10. according to the method described in claim 7, it is characterized in that:
    The step 4 refers to according to the current character of system currently logged on user under the overall leadership and associating for menu, only allows to work as The function point of the preceding user's operation role association.
CN201711222430.8A 2017-11-29 2017-11-29 A kind of authority control method based on more cloud platforms Withdrawn CN107992767A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711222430.8A CN107992767A (en) 2017-11-29 2017-11-29 A kind of authority control method based on more cloud platforms

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711222430.8A CN107992767A (en) 2017-11-29 2017-11-29 A kind of authority control method based on more cloud platforms

Publications (1)

Publication Number Publication Date
CN107992767A true CN107992767A (en) 2018-05-04

Family

ID=62033988

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711222430.8A Withdrawn CN107992767A (en) 2017-11-29 2017-11-29 A kind of authority control method based on more cloud platforms

Country Status (1)

Country Link
CN (1) CN107992767A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108923991A (en) * 2018-08-15 2018-11-30 国云科技股份有限公司 A kind of policy template implementation method based on cloudy platform
CN108933699A (en) * 2018-07-16 2018-12-04 国云科技股份有限公司 A kind of cloudy platform message method based on message template
CN109067756A (en) * 2018-08-20 2018-12-21 国云科技股份有限公司 A kind of user's synchronization and authority control method suitable for cloudy management
CN109213478A (en) * 2018-09-13 2019-01-15 国云科技股份有限公司 A method of the self-defined template based on cloudy platform creates application
CN109710486A (en) * 2018-11-28 2019-05-03 国云科技股份有限公司 A method of the customized example warning strategies based on cloudy platform
CN114124524A (en) * 2021-11-19 2022-03-01 国云科技股份有限公司 Cloud platform permission setting method and device, terminal equipment and storage medium
WO2023087278A1 (en) * 2021-11-19 2023-05-25 国云科技股份有限公司 Cloud platform permission setting method and apparatus, terminal device, and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571821A (en) * 2012-02-22 2012-07-11 浪潮电子信息产业股份有限公司 Cloud security access control model
CN103188269A (en) * 2013-04-08 2013-07-03 汉柏科技有限公司 Method for controlling user access permission in cloud platform
CN106330575A (en) * 2016-11-08 2017-01-11 上海有云信息技术有限公司 Safety service platform and safety service deployment method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571821A (en) * 2012-02-22 2012-07-11 浪潮电子信息产业股份有限公司 Cloud security access control model
CN103188269A (en) * 2013-04-08 2013-07-03 汉柏科技有限公司 Method for controlling user access permission in cloud platform
CN106330575A (en) * 2016-11-08 2017-01-11 上海有云信息技术有限公司 Safety service platform and safety service deployment method

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108933699A (en) * 2018-07-16 2018-12-04 国云科技股份有限公司 A kind of cloudy platform message method based on message template
CN108923991A (en) * 2018-08-15 2018-11-30 国云科技股份有限公司 A kind of policy template implementation method based on cloudy platform
CN109067756A (en) * 2018-08-20 2018-12-21 国云科技股份有限公司 A kind of user's synchronization and authority control method suitable for cloudy management
CN109213478A (en) * 2018-09-13 2019-01-15 国云科技股份有限公司 A method of the self-defined template based on cloudy platform creates application
CN109710486A (en) * 2018-11-28 2019-05-03 国云科技股份有限公司 A method of the customized example warning strategies based on cloudy platform
CN114124524A (en) * 2021-11-19 2022-03-01 国云科技股份有限公司 Cloud platform permission setting method and device, terminal equipment and storage medium
WO2023087278A1 (en) * 2021-11-19 2023-05-25 国云科技股份有限公司 Cloud platform permission setting method and apparatus, terminal device, and storage medium
CN114124524B (en) * 2021-11-19 2023-12-29 国云科技股份有限公司 Cloud platform permission setting method and device, terminal equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107992767A (en) A kind of authority control method based on more cloud platforms
CN102185901B (en) Client message conversion method
CN105955208B (en) Network robot data control system based on cloud platform
CN102622262B (en) Distributed real-time interactive simulation system based on modelica modeling language
US20160261530A1 (en) Moderating online discussion using graphical text analysis
CN105894159A (en) Implementation method of cross-domain and cross-platform user unified management system
CN105278972A (en) A system and method using a dynamic install package to allow users to fast become friends
CN104239122A (en) VM (virtual machine) migration method and device
US20150066788A1 (en) Social media integration platform
CN107888673A (en) A kind of unified management implementation method suitable for isomery cloud platform
CN106716405A (en) System, method and computer program product for injecting directly into a web browser commands and/or contents created on local desktop applications of a computer device, and vice-versa
CN104484058A (en) Instant expression image outputting method and instant expression image outputting device
CN105808763A (en) Data processing method and apparatus
CN103761388A (en) HLA-based universal heterogeneous simulation system interconnection method
CN109840267B (en) Data ETL system and method
CN107292136A (en) A kind of pdf document anti-counterfei waterprint embedding grammar and system based on micro services
CN113177088B (en) Multi-scale simulation big data management system for material irradiation damage
CN104123135B (en) A kind of method and device of unified back office interface
CN104184791A (en) Image effect extraction
CN109683917A (en) For the method for being deployed in application server, equipment and medium will to be applied
CN107454456B (en) Management control method and system for floating layer elements
CN106790347A (en) A kind of large-scale concurrent data forwarding method based on netty
US20140181783A1 (en) Component integration by distribution of schema definition on heterogenous platforms
CN103414791A (en) Mobile application development cloud platform
CN102546809A (en) Unified control method of large-scale server cluster

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20180504