CN109067756A - A kind of user's synchronization and authority control method suitable for cloudy management - Google Patents

A kind of user's synchronization and authority control method suitable for cloudy management Download PDF

Info

Publication number
CN109067756A
CN109067756A CN201810948949.2A CN201810948949A CN109067756A CN 109067756 A CN109067756 A CN 109067756A CN 201810948949 A CN201810948949 A CN 201810948949A CN 109067756 A CN109067756 A CN 109067756A
Authority
CN
China
Prior art keywords
user
cloud
management
platform
cloudy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810948949.2A
Other languages
Chinese (zh)
Inventor
袁炯钟
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
G Cloud Technology Co Ltd
Original Assignee
G Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by G Cloud Technology Co Ltd filed Critical G Cloud Technology Co Ltd
Priority to CN201810948949.2A priority Critical patent/CN109067756A/en
Publication of CN109067756A publication Critical patent/CN109067756A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to field of cloud computer technology, particularly relate to that a kind of user suitable for cloudy management is synchronous and authority control method.The present invention defines user management institutional framework in cloudy management platform first, and determines the mapping relations of tissue and cloud platform tenant;Secondly the user in cloudy management platform creation tissue, and synchronous correspond in cloud platform creates user in tenant;Then user function permission is defined in cloudy management platform, periodically to the synchronous user function permission of each cloud platform;Fine granularity control finally is carried out to particular cloud serve resources management range in cloudy management platform, and is synchronized to cloud platform.Cloud platform manager of the present invention manages the institutional framework and user right of oneself on cloudy management platform with unified mode of operation, without being concerned about the difference of each isomery cloud platform user management, it can ensure that the consistency of user and permission when user is directly managed using cloud platform again simultaneously, meet the safety and isolation requirement of user management cloud resource to greatest extent.

Description

A kind of user's synchronization and authority control method suitable for cloudy management
Technical field
The present invention relates to field of cloud computer technology, particularly relate to a kind of user's synchronization and permission control suitable for cloudy management Method processed.
Background technique
With the rapid development of cloud computing, domestic cloud platform producer is more and more, and client would generally select multiple cloud platforms To run oneself application.On the one hand it is to have the characteristics that due to the service of different cloud platforms respective, is able to satisfy answering for different demands With operation;Another aspect client wishes standby to application progress calamity by different platform.Cloudy management has been increasingly becoming cloud computing The trend of development, but current most of cloudy management platform is also in the starting stage;Resource management function is fewer, user Management is substantially using the mode of single user;I.e. by the accessKey of one administrator of a cloud platform and Secretkey or user name cryptographic acess cloud platform API.Then there is oneself independent user management mould in cloudy management platform Block unified user management and rights management.This mode is simply to realize cloudy management, but be unable to satisfy any Cloud resource regulatory requirement under scene;If user be not synchronized to cloud platform will lead to all users need it is directly flat using cloud All using the account access with highest permission when platform manages, security of system and resource isolation all have no idea to meet.
Summary of the invention
Present invention solves the technical problem that being to provide a kind of user's synchronization and permission controlling party suitable for cloudy management Method;It solves in the cloudy management of tradition using cloudy management caused by single user mode adapter tube cloud platform and single cloud management user and power Limit inconsistence problems;Ensure user security access cloud platform and resource isolation.
The technical solution that the present invention solves above-mentioned technical problem is:
The method includes the following steps:
Step 1: cloudy management platform defines user management institutional framework, and determines that the mapping of tissue and cloud platform tenant are closed System;
Step 2: the user in cloudy management platform creation tissue, and synchronous correspond in cloud platform creates user in tenant;
Step 3: cloudy management platform defines user function permission, periodically to the synchronous user function permission of each cloud platform;Institute The user function permission stated refers to the operating right of user management cloud resource, creation Cloud Server including elastic calculation service, Delete the operating rights such as Cloud Server, booting, shutdown;
Step 4: cloudy management platform carries out fine granularity control to particular cloud serve resources management range, and it is flat to be synchronized to cloud Platform;Described refers to that user weighs in the function management for possessing resource to the progress fine granularity control of particular cloud serve resources management range On the basis of limit, scope of resource, the resource usage amount etc. of user's operation are further controlled.
The cloudy management platform refers to the cloud management platform for being managed collectively multiple public clouds or private clound, and cloud platform is Zhi Yun producer provides the platform of cloud service, including Ali's cloud, Huawei's cloud.
The user management institutional framework, which refers in a unit or enterprise, contains the superior and the subordinate of which department, department The user that relationship and department include.
The cloud platform tenant is usually multi-tenant mode in public cloud field, and a tenant is equivalent to a cloud account Number, that is, register user;And private clound field is usually single tenant's mode, an enterprise using private clound is exactly a tenant; Multi-user can be created under tenant carries out resource management.
Described further controls scope of resource, the resource usage amount etc. of user's operation;It include: certain user The Cloud Server oneself created can be managed, user can only upload the file of 5G size toward some bucket of object storage.
The method of the present invention is easy to use, and cloud platform manager is managed certainly on cloudy management platform with unified mode of operation Oneself institutional framework and user right without being concerned about the difference of each isomery cloud platform user management, while can ensure that user is straight again The consistency of user and permission when being managed using cloud platform is connect, meets the safety of user management cloud resource to greatest extent With isolation requirement.
Detailed description of the invention
The following further describes the present invention with reference to the drawings:
Fig. 1 is flow chart of the invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing and with actual implementation case Example is made further to explain in detail, this case study on implementation illustrates that other cloud platforms are only needed tenant to synchronize Ali's cloud user And customer relationship corresponds to, same effect can be realized in calling platform API.As shown in Figure 1, specific implementation process is as follows:
1, cloudy management platform defines user management institutional framework, and determines the mapping relations of tissue and cloud platform tenant.
(1) two primary departments: department A and department B are established
Establish tier-2 department: A1, A2, B1, structure are as follows
-- department A
-- department A1
-- department A2
-- department B
-- department B1
(2) cloud platform creates two tenants: cloud account A, cloud account B
There are the superior and the subordinate's administrative relationships between (3) one tier-2 departments, and the resource of tier-2 department is really the subset of primary department, Therefore mapping relations are as follows
Department Tenant
Department A, A1, A2 Cloud account A
Department B, B1 Cloud account B
2, the user in cloudy management platform creation tissue, and synchronous correspond in cloud platform creates user in tenant.
(1) user UA and user UA1 is created in department A and department A1 respectively in cloudy management platform;
(2) RAM service is provided in Ali's cloud to be managed collectively the child user in tenant, it is therefore, synchronous in Ali's cloud Middle creation child user UA and user UA1 calls creation user interface to use the accessKey and secretkey of cloud account A
Https: //ram.aliyuncs.com/? Action=CreateUser&UserName=UA
Https: //ram.aliyuncs.com/? Action=CreateUser&UserName=UA1
3, cloudy management platform defines user function permission, periodically to the synchronous user function permission of each cloud platform.
(1) cloudy management platform creates the planning of Internet resources and is managed collectively by primary department, sets UA as level-one portion Door administrator, and possess VPC creation permission.Tier-2 department user UA1 only has access right.
(2) function privilege of Ali's cloud child user is set.The usual batch setting of cloudy management platform feature permission, in order to true The quick response for protecting cloudy management platform operation, can synchronize the function privilege of different cloud services in batches using timed task.
Create authorization policy:
Https: //ram.aliyuncs.com/? Action=CreatePolicy
&PolicyName=primary department administrator
&PolicyDocument=" Statement ": [" Action ": [" vpc:* "], " Effect ":
"Allow","Resource":["acs:vpc:*:*:*"]}],"Version":"1"}
Https: //ram.aliyuncs.com/? Action=CreatePolicy
&PolicyName=tier-2 department user
&PolicyDocument=" Statement ": [" Action ": [" vpc: " List* ",
"vpc:Get*"],"Effect":"Allow","Resource":["acs:vpc:*:*:*"]}],
"Version":"1"}
Authorization:
Https: //ram.aliyuncs.com/? Action=AttachPolicyToUser
&PolicyType=Custom
&PolicyName=primary department administrator
&UserName=UA
Https: //ram.aliyuncs.com/? Action=AttachPolicyToUser
&PolicyType=Custom
&PolicyName=tier-2 department user
&UserName=UA1
4, cloudy management platform carries out fine granularity control to particular cloud serve resources management range, and is synchronized to cloud platform.
(1) cloudy management platform, which limits user UA1, can only manage the Cloud Server of oneself, look into first in cloudy management platform Which Cloud Server Select instanceId from instanceTable where owner=user UA1 can manage out User UA1and platform=aliyun
(2) Cloud Server of above-mentioned inquiry can only be managed in the restriction of Ali's cloud platform construction strategy and license to user by synchronizing UA1
Https: //ram.aliyuncs.com/? Action=CreatePolicy
The self-built Cloud Server of &PolicyName=
&PolicyDocument=" Statement ": [" Action ": [" ecs:* "], " Effect ":
"Allow","Resource":["acs:ecs:*:*:instance/inst-001",
"acs:ecs:*:*:instance/inst-002"]}],"Version":"1"}
Https: //ram.aliyuncs.com/? Action=AttachPolicyToUser
&PolicyType=Custom
The self-built Cloud Server of &PolicyName=
&UserName=UA1.

Claims (7)

1. a kind of user's synchronization and authority control method suitable for cloudy management, it is characterised in that: the method includes such as Lower step:
Step 1: cloudy management platform defines user management institutional framework, and determines the mapping relations of tissue and cloud platform tenant;
Step 2: the user in cloudy management platform creation tissue, and synchronous correspond in cloud platform creates user in tenant;
Step 3: cloudy management platform defines user function permission, periodically to the synchronous user function permission of each cloud platform;Described User function permission refers to the operating right of user management cloud resource, creation Cloud Server, deletion including elastic calculation service The operating rights such as Cloud Server, booting, shutdown;
Step 4: cloudy management platform carries out fine granularity control to particular cloud serve resources management range, and is synchronized to cloud platform; Described refers to user in the function management permission for possessing resource the progress fine granularity control of particular cloud serve resources management range On the basis of, scope of resource, the resource usage amount etc. of user's operation are further controlled.
2. according to the method described in claim 1, it is characterized by: the cloudy management platform refers to the multiple public affairs of unified management There is the cloud management platform of cloud or private clound, cloud platform refers to that cloud producer provides the platform of cloud service, including Ali's cloud, Huawei's cloud.
3. according to the method described in claim 1, it is characterized by: the user management institutional framework refer to a unit or The user which department, the relationship between superior and subordinate of department and department include is contained in enterprise.
4. according to the method described in claim 2, it is characterized by: the user management institutional framework refer to a unit or The user which department, the relationship between superior and subordinate of department and department include is contained in enterprise.
5. method according to any one of claims 1 to 4, it is characterised in that: the cloud platform tenant leads in public cloud Domain is usually multi-tenant mode, and a tenant is equivalent to a cloud account, i.e. registration user;And private clound field is usually single rents Family mode, an enterprise using private clound are exactly a tenant;Multi-user can be created under tenant carries out resource management.
6. method according to any one of claims 1 to 4, it is characterised in that: the scope of resource to user's operation, Resource usage amount etc. is further controlled;Include: certain user can only manage oneself creation Cloud Server, user can only be past Some bucket of object storage uploads the file of 5G size.
7. according to the method described in claim 5, it is characterized by: described use the scope of resource of user's operation, resource Amount etc. is further controlled;It include: that certain user can only manage the Cloud Server of oneself creation, user can only store toward object Some bucket upload 5G size file.
CN201810948949.2A 2018-08-20 2018-08-20 A kind of user's synchronization and authority control method suitable for cloudy management Withdrawn CN109067756A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810948949.2A CN109067756A (en) 2018-08-20 2018-08-20 A kind of user's synchronization and authority control method suitable for cloudy management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810948949.2A CN109067756A (en) 2018-08-20 2018-08-20 A kind of user's synchronization and authority control method suitable for cloudy management

Publications (1)

Publication Number Publication Date
CN109067756A true CN109067756A (en) 2018-12-21

Family

ID=64686525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810948949.2A Withdrawn CN109067756A (en) 2018-08-20 2018-08-20 A kind of user's synchronization and authority control method suitable for cloudy management

Country Status (1)

Country Link
CN (1) CN109067756A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525605A (en) * 2019-01-03 2019-03-26 杭州数梦工场科技有限公司 A kind of account management method, device, system and computer readable storage medium
CN110233750A (en) * 2019-05-15 2019-09-13 咪咕文化科技有限公司 private cloud management system and method
CN110704851A (en) * 2019-09-18 2020-01-17 上海联蔚信息科技有限公司 Public cloud data processing method and device
CN110825452A (en) * 2019-10-10 2020-02-21 国云科技股份有限公司 Cloud service adaptation module management method for multi-cloud management
CN111181975A (en) * 2019-12-31 2020-05-19 奇安信科技集团股份有限公司 Account management method, device, equipment and storage medium
CN111538592A (en) * 2020-04-21 2020-08-14 上海思询信息科技有限公司 Method for realizing enterprise multi-user resource management by OpenStack single tenant
CN114095475A (en) * 2020-12-28 2022-02-25 京东科技控股股份有限公司 Data processing method, device, electronic equipment, system and storage medium
CN114257590A (en) * 2021-12-10 2022-03-29 中信银行股份有限公司 Cloud platform user information synchronization method and system
CN114285865A (en) * 2021-12-28 2022-04-05 天翼云科技有限公司 Access authority control system for sharing cloud hard disk
CN115801833A (en) * 2022-11-16 2023-03-14 浙江九州云信息科技有限公司 Enterprise-level public cloud resource management method and system
CN115834576A (en) * 2022-10-21 2023-03-21 济南浪潮数据技术有限公司 Cross-platform data distribution method and system based on multi-cloud nanotube

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571821A (en) * 2012-02-22 2012-07-11 浪潮电子信息产业股份有限公司 Cloud security access control model
US20150113546A1 (en) * 2013-10-18 2015-04-23 Power-All Networks Limited Server and method for managing application services
CN105323282A (en) * 2014-07-28 2016-02-10 神州数码信息系统有限公司 Enterprise application deployment and management system for multiple tenants
CN105550854A (en) * 2016-01-26 2016-05-04 中标软件有限公司 Access control device of cloud environment management platform
CN107819863A (en) * 2017-11-16 2018-03-20 郑州云海信息技术有限公司 A kind of Explore of Unified Management Ideas and device of cloud platform user
CN107992767A (en) * 2017-11-29 2018-05-04 国云科技股份有限公司 A kind of authority control method based on more cloud platforms
CN108092806A (en) * 2017-12-11 2018-05-29 国云科技股份有限公司 A kind of administration of multiple roles method based on cloudy platform

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571821A (en) * 2012-02-22 2012-07-11 浪潮电子信息产业股份有限公司 Cloud security access control model
US20150113546A1 (en) * 2013-10-18 2015-04-23 Power-All Networks Limited Server and method for managing application services
CN105323282A (en) * 2014-07-28 2016-02-10 神州数码信息系统有限公司 Enterprise application deployment and management system for multiple tenants
CN105550854A (en) * 2016-01-26 2016-05-04 中标软件有限公司 Access control device of cloud environment management platform
CN107819863A (en) * 2017-11-16 2018-03-20 郑州云海信息技术有限公司 A kind of Explore of Unified Management Ideas and device of cloud platform user
CN107992767A (en) * 2017-11-29 2018-05-04 国云科技股份有限公司 A kind of authority control method based on more cloud platforms
CN108092806A (en) * 2017-12-11 2018-05-29 国云科技股份有限公司 A kind of administration of multiple roles method based on cloudy platform

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525605B (en) * 2019-01-03 2021-07-27 杭州数梦工场科技有限公司 Account management method, device and system and computer readable storage medium
CN109525605A (en) * 2019-01-03 2019-03-26 杭州数梦工场科技有限公司 A kind of account management method, device, system and computer readable storage medium
CN110233750A (en) * 2019-05-15 2019-09-13 咪咕文化科技有限公司 private cloud management system and method
CN110704851A (en) * 2019-09-18 2020-01-17 上海联蔚信息科技有限公司 Public cloud data processing method and device
CN110825452A (en) * 2019-10-10 2020-02-21 国云科技股份有限公司 Cloud service adaptation module management method for multi-cloud management
CN111181975A (en) * 2019-12-31 2020-05-19 奇安信科技集团股份有限公司 Account management method, device, equipment and storage medium
CN111538592A (en) * 2020-04-21 2020-08-14 上海思询信息科技有限公司 Method for realizing enterprise multi-user resource management by OpenStack single tenant
CN114095475A (en) * 2020-12-28 2022-02-25 京东科技控股股份有限公司 Data processing method, device, electronic equipment, system and storage medium
CN114257590A (en) * 2021-12-10 2022-03-29 中信银行股份有限公司 Cloud platform user information synchronization method and system
CN114285865A (en) * 2021-12-28 2022-04-05 天翼云科技有限公司 Access authority control system for sharing cloud hard disk
CN114285865B (en) * 2021-12-28 2023-08-08 天翼云科技有限公司 Access authority control system for shared cloud hard disk
CN115834576A (en) * 2022-10-21 2023-03-21 济南浪潮数据技术有限公司 Cross-platform data distribution method and system based on multi-cloud nanotube
CN115801833A (en) * 2022-11-16 2023-03-14 浙江九州云信息科技有限公司 Enterprise-level public cloud resource management method and system

Similar Documents

Publication Publication Date Title
CN109067756A (en) A kind of user's synchronization and authority control method suitable for cloudy management
US7568022B2 (en) Automated display of an information technology system configuration
CN108377200B (en) LDAP and SLURM-based cloud user management method and system
US9736029B2 (en) Device and a method for managing access to a pool of computer and network resources made available to an entity by a cloud computing system
CN107682285A (en) A kind of isomery cloud platform unified resource authorization method
EP2510473A1 (en) Unified user login for co-location facilities
CN101951377A (en) Hierarchical authorization management method and device
US8312515B2 (en) Method of role creation
US11126460B2 (en) Limiting folder and link sharing
CN105550854A (en) Access control device of cloud environment management platform
CN105164660A (en) Cloud based service design inheritance
US11032178B2 (en) System and method for creating, deploying, and administering distinct virtual computer networks
CN107659450A (en) Distribution method, distributor and the storage medium of big data cluster resource
CN104301149A (en) Multi-data-center permission management method and system
US20060259955A1 (en) Attribute-based allocation of resources to security domains
CN114650170B (en) Cross-cluster resource management method, device, equipment and storage medium
CN106599718B (en) The control method and device of information access rights
CN109067736B (en) Method for user/employee to obtain mailbox account in system
CN111950866B (en) Role-based multi-tenant organization structure management system, method, equipment and medium
KR20070076342A (en) User Group Role / Permission Management System and Access Control Methods in a Grid Environment
CN110798354A (en) Multi-cloud-based VDC resource management method
CN111818090B (en) Authority management method and system on SaaS platform
CN111191256B (en) Method and device for configuring user permission
US11418509B2 (en) Cloud architecture to secure privacy of personal data
CN113051335A (en) Transformation method for private cloud multi-tenant shared application system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20181221

WW01 Invention patent application withdrawn after publication