CN110247927A

CN110247927A - A kind of right management method and device of cloud computing resources

Info

Publication number: CN110247927A
Application number: CN201910580117.4A
Authority: CN
Inventors: 吴丽星; 朱建庭
Original assignee: Beijing Kingsoft Cloud Network Technology Co Ltd; Beijing Kingsoft Cloud Technology Co Ltd
Current assignee: Beijing Kingsoft Cloud Network Technology Co Ltd; Beijing Kingsoft Cloud Technology Co Ltd
Priority date: 2019-06-28
Filing date: 2019-06-28
Publication date: 2019-09-17
Anticipated expiration: 2039-06-28
Also published as: CN110247927B

Abstract

The embodiment of the present application provides the right management method and device of a kind of cloud computing resources, belong to computer field, the method is applied to the server of management cloud computing resources, the described method includes: after the sub- account of primary account number successfully logs in predetermined registration operation interface, it obtains for requesting the operation requests operated to cloud computing resources, the resource identification of the sub- account of target and target cloud computing resources to be obtained is carried in operation requests；Sub- account has all or part of permission of primary account number operation cloud computing resources；According to the sub- account of target, the resource identification of target cloud computing resources, pre-stored sub- account and resource identification corresponding relationship, determine whether the sub- account of target has the operating right of target cloud computing resources；In the case where determining has operating right, then the sub- account of target is allowed to operate target cloud computing resources.Using technical solution provided by the embodiments of the present application, the efficiency of management of cloud computing resources operating right can be improved.

Description

A kind of right management method and device of cloud computing resources

Technical field

This application involves field of computer technology, more particularly to the right management method and dress of a kind of cloud computing resources It sets.

Background technique

In cloud computing resources management, if a certain enterprise has the operating right of a certain cloud computing resources, cloud meter is managed The server for calculating resource can store the corresponding relationship of the primary account number of the enterprise and the resource identification of the cloud computing resources.Cloud computing Resource such as RDS (Relational Database Service, relevant database service) example, SLB (Server Load Balance, load balancing) example.

In the related technology, when the staff of enterprise wants using a certain cloud computing resources, which can be The primary account number of the enterprise and the password of primary account number are filled in preset login interface, to log in the management application of cloud computing resources Program.Then, which can execute predetermined registration operation, and to generate the acquisition request for obtaining the cloud computing resources, acquisition is asked Seek the target resource identifier for carrying primary account number, cloud computing resources to be obtained.Server is after receiving acquisition request, Ke Yigen According to the corresponding relationship of pre-stored primary account number and resource identification, judge whether target resource identifier is the corresponding money of the primary account number Source mark.If target resource identifier is the corresponding resource identification of the primary account number, server can be confirmed that the primary account number has The available cloud computing resources of the operating right of the cloud computing resources, the i.e. staff.

However, operating right of the staff of different departments when using cloud computing resources is different in same enterprise, altogether The staff that primary account number uses cloud computing resources to each is enjoyed, is not easy to enterprise for the pipe of cloud computing resources operating right Reason.

Summary of the invention

The right management method and device for being designed to provide a kind of cloud computing resources of the embodiment of the present application, to improve cloud The efficiency of management of computing resource operating right.Specific technical solution is as follows:

In a first aspect, providing a kind of right management method of cloud computing resources, the method is applied to management cloud computing The server of resource, which comprises

After the sub- account of primary account number successfully logs in predetermined registration operation interface, obtain for requesting to carry out cloud computing resources The operation requests of operation, wherein the sub- account of target and target cloud computing resources to be obtained are carried in the operation requests Resource identification；Wherein, the sub- account has all or part of permission of primary account number operation cloud computing resources；

According to the sub- account of the target, the resource identification of the target cloud computing resources, pre-stored sub- account and money The corresponding relationship of source mark, determines whether the sub- account of the target has the operating right of the target cloud computing resources；

In the case where determining has the operating right, then the sub- account of the target is allowed to provide the target cloud computing Source is operated.

Optionally, the method also includes:

Receive the logging request that the sub- account logs in the predetermined registration operation interface, wherein carry in the logging request The password of the sub- account of target primary account number, target and the sub- account of the target；

If the target primary account number is pre-stored primary account number, according to the target primary account number, pre-stored The corresponding relationship of primary account number and sub- account judges whether the sub- account of the target is the corresponding sub- account of the target primary account number；

If the sub- account of target be the corresponding sub- account of the target primary account number, according to the sub- account of the target, The corresponding relationship of pre-stored sub- account and password verifies the password of the sub- account of the target；

If the password of the sub- account of target is correct, the predetermined registration operation interface is successfully logged in.

Optionally, it is obtaining for before requesting the operation requests operated to cloud computing resources, the method also to be wrapped It includes:

Receive the setting request of sub- account, wherein setting request carrying target primary account number, the sub- account of target and The password of the sub- account of target；

According to the target primary account number, the corresponding relationship of pre-stored primary account number and resource identification, it is determined as the mesh The target resource identifier of the cloud computing resources of sub- account distribution is marked, the target resource identifier is arranged for the sub- account of the target The operating right of affiliated cloud computing resources；

It is corresponding to store the target primary account number and the sub- account of the target, obtain the corresponding relationship of primary account number Yu sub- account； The corresponding password for storing the target sub- account and the sub- account of the target, obtains the corresponding relationship of sub- account and password；It is corresponding The sub- account of the target and the target resource identifier are stored, the corresponding relationship of sub- account and resource identification is obtained.

Optionally, described according to the target primary account number, the corresponding relationship of pre-stored primary account number and resource identification, really The target resource identifier for being set to the cloud computing resources of the target sub- account distribution includes:

According to the target primary account number, the corresponding relationship of pre-stored primary account number and resource identification, the target is determined The resource identification of the corresponding cloud computing resources of primary account number；

The resource identification of the corresponding cloud computing resources of the target primary account number is sent to the terminal of the target primary account number, So that the terminal shows the resource identification of the corresponding cloud computing resources of the target primary account number in display interface；

In response to the distribution request for batch operation permission, the target resource identifier that the distribution request carries is obtained, Wherein, the distribution request is to act on the selection operation of the display interface to be triggered, and the selection operation is used for from institute It states and selects the target resource identifier in the resource identification of the corresponding cloud computing resources of target primary account number.

Optionally, after obtaining the target resource identifier that the distribution request carries, the method also includes:

If the target resource identifier corresponding with the sub- account of the target has been locally stored, what deletion was locally stored The target resource identifier, to cancel the behaviour for distributing the affiliated cloud computing resources of the target resource identifier for the sub- account of the target Make permission；

If the local not stored target resource identifier corresponding with the sub- account of the target, executes the correspondence and deposits The sub- account of the target and the target resource identifier are stored up, the corresponding relationship step of sub- account and resource identification is obtained.

Second aspect, provides a kind of rights management device of cloud computing resources, and described device is applied to management cloud computing The server of resource, described device include:

Module is obtained, after successfully logging in predetermined registration operation interface for the sub- account in primary account number, is obtained for request pair The operation requests that cloud computing resources are operated, wherein the sub- account of target and mesh to be obtained are carried in the operation requests Mark the resource identification of cloud computing resources；Wherein, the sub- account has whole or the portion of primary account number operation cloud computing resources Fraction limit；

First determining module, for according to the resource identification of the sub- account of the target, the target cloud computing resources, in advance The sub- account of storage and the corresponding relationship of resource identification, determine whether the sub- account of the target has the target cloud computing resources Operating right；

Execution module, in the case where determining has the operating right, then allowing the sub- account of the target to institute Target cloud computing resources are stated to be operated.

Optionally, described device further include:

First receiving module logs in the logging request at the predetermined registration operation interface for receiving the sub- account, wherein institute State the password that target primary account number, the sub- account of target and the sub- account of the target are carried in logging request；

First judgment module is used for when the target primary account number is pre-stored primary account number, according to the target master The corresponding relationship of account, pre-stored primary account number and sub- account judges whether the sub- account of the target is the main account of the target Number corresponding sub- account；

Second judgment module is used for when the sub- account of the target sub- account corresponding for the target primary account number, according to The corresponding relationship of the sub- account of the target, pre-stored sub- account and password, tests the password of the sub- account of the target Card；

Login module, for successfully logging in the predetermined registration operation interface when the password of the sub- account of the target is correct.

Optionally, described device further include:

Second receiving module, the setting for receiving sub- account are requested, wherein the setting request carries the main account of target Number, the password of the sub- account of target and the sub- account of the target；

Second determining module, for corresponding with resource identification according to the target primary account number, pre-stored primary account number Relationship is determined as the target resource identifier of the cloud computing resources of the sub- account distribution of the target, to set for the sub- account of the target Set the operating right of the affiliated cloud computing resources of the target resource identifier；

Memory module stores the target primary account number and the sub- account of the target for corresponding, obtains primary account number and sub- account Number corresponding relationship；The corresponding password for storing the target sub- account and the sub- account of the target obtains sub- account and password Corresponding relationship；It is corresponding to store the sub- account of target and the target resource identifier, it is corresponding with resource identification to obtain sub- account Relationship.

Optionally, second determining module includes:

Submodule is determined, for according to the target primary account number, pre-stored primary account number pass corresponding with resource identification System, determines the resource identification of the corresponding cloud computing resources of the target primary account number；

Sending submodule, for the resource identification of the corresponding cloud computing resources of the target primary account number to be sent to the mesh The terminal for marking primary account number, so that the terminal shows the resource of the corresponding cloud computing resources of the target primary account number in display interface Mark；

Acquisition submodule, for obtaining the distribution request and carrying in response to the distribution request for batch operation permission Target resource identifier, wherein the distribution request is to act on the selection operation of the display interface to be triggered, the choosing Operation is selected for selecting the target resource identifier from the resource identification of the corresponding cloud computing resources of the target primary account number.

Optionally, described device further include:

Removing module, for deleting when the target resource identifier corresponding with the sub- account of the target has been locally stored It is that the sub- account of the target distributes the affiliated cloud of target resource identifier to cancel except the target resource identifier being locally stored The operating right of computing resource；

The memory module is also used to when the local not stored target resource identifier corresponding with the sub- account of the target When, the corresponding storage sub- account of target and the target resource identifier are executed, pair of sub- account and resource identification is obtained Answer relationship step.

The third aspect provides a kind of server, including processor, communication interface, memory and communication bus, wherein Processor, communication interface, memory complete mutual communication by communication bus；

Memory, for storing computer program；

Processor when for executing the program stored on memory, realizes method and step described in any first aspect.

Fourth aspect provides a kind of computer readable storage medium, is stored in the computer readable storage medium Computer program, the computer program realize method and step described in any first aspect when being executed by processor.

The right management method and device of a kind of cloud computing resources provided by the embodiments of the present application, can be in the son of primary account number After account successfully logs in predetermined registration operation interface, obtain for requesting the operation requests operated to cloud computing resources, operation The resource identification of the sub- account of target and target cloud computing resources to be obtained is carried in request；Sub- account is grasped with primary account number Make all or part of permission of cloud computing resources.Then, according to the sub- account of target, the resource identification, pre- of target cloud computing resources The corresponding relationship of the sub- account and resource identification that first store, determines whether the sub- account of target has the operation of target cloud computing resources Permission.If the sub- account of target has the operating right of target cloud computing resources, allow the sub- account of target to target cloud computing Resource is operated.Due to allowing the sub- account of target after determining the operating right that the sub- account of target has target cloud computing resources Number target cloud computing resources are operated, can be avoided and obtain the cloud computing resources that the sub- account of target does not have operating right, It can be improved the efficiency of management of cloud computing resources operating right.

Certainly, implement the application any product or method it is not absolutely required to and meanwhile reach all the above excellent Point.

Detailed description of the invention

In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.

Fig. 1 is a kind of flow chart of the right management method of cloud computing resources provided by the embodiments of the present application；

Fig. 2 is a kind of flow chart of the right management method of cloud computing resources provided by the embodiments of the present application；

Fig. 3 is a kind of flow chart of the right management method of cloud computing resources provided by the embodiments of the present application；

Fig. 4 is a kind of flow chart of the right management method of cloud computing resources provided by the embodiments of the present application；

Fig. 5 is a kind of structural schematic diagram of the rights management device of cloud computing resources provided by the embodiments of the present application；

Fig. 6 is a kind of structural schematic diagram of server provided by the embodiments of the present application.

Specific embodiment

Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.

The embodiment of the present application provides a kind of right management method of cloud computing resources, and this method is applied to management cloud computing The server of resource, server can be the electronic equipment with store function, function of search, in a kind of feasible implementation In, it can store cloud computing resources in server.For the enterprise of purchase cloud computing resources, this can store in server Pair of the resource identification for the cloud computing resources that the primary account number of enterprise, the account number cipher of the primary account number and the enterprise have bought It should be related to.

It, can be according to the cloud computing resources that staff has after buying cloud computing resources in the embodiment of the present application Different sub- accounts is arranged in the difference of operating right, for example, chief engineer has the operation of all cloud computing resources bought Permission, then primary account number can be used in chief engineer；The operating right for the cloud computing resources that there is junior engineer part to have bought, Then preset sub- account can be used in junior engineer.Thereby, it is possible to avoid sharing the behaviour of all cloud computing resources bought Make permission to different staff, another aspect can be by the operation note of the sub- account of inquiry, to the cloud meter of staff The history usage record for calculating resource is tracked.

As shown in Figure 1, the concrete processing procedure that sub- account is arranged in server may include:

Step 101, the setting request of sub- account is received.

Wherein, setting request carries the password of the sub- account of target primary account number, target and the sub- account of target.

In an implementation, when a certain staff needs using a certain cloud computing resources, if the staff does not make When with the qualification of primary account number and without the sub- account of the operating right with the cloud computing resources, the administrative staff of enterprise can be with The first predetermined registration operation is executed, so that server receives setting request, thus one new sub- account of setting.Alternatively, when needing When changing the operating right for the cloud computing resources that a certain sub- account has, the first predetermined registration operation can be executed, so that server connects Setting request is received, to change the operating right of the corresponding cloud computing resources of the sub- account.

Administrative staff can log in boundary default by being equipped with the user terminal of the management application program of cloud computing resources The target primary account number of the enterprise, the password of target primary account number are filled in face, to log in the management application program of cloud computing resources.So Afterwards, administrative staff can execute the first predetermined registration operation, generate the setting request of sub- account.It is pre- that the first predetermined registration operation can be click If set interface in for indicating the icon of " sub- account is arranged ".The first predetermined registration operation, which is also possible to input, to be indicated to generate sub- account Number character.

The available target primary account number currently logged in of user terminal, the sub- account of target of input and target as a result, The password of account generates setting request.Then, setting request can be sent to server by user terminal.

In a kind of feasible implementation, server may include display unit, and administrative staff can pass through server The display unit for including fills in the target primary account number of the enterprise, the password of target primary account number in default login interface, to log in The management application program of cloud computing resources.Then, administrative staff can execute the first predetermined registration operation, so that server receives son The setting of account is requested.

Later, it is requested in response to the setting of the sub- account received, the target that the available setting request of server carries The password of the sub- account of primary account number, target and the sub- account of target.

In the embodiment of the present application, the sub- account of target includes at least one of self-defined title, mailbox, cell-phone number, difference The password of sub- account answers difference.

Step 102, according to target primary account number, the corresponding relationship of pre-stored primary account number and resource identification, it is determined as mesh The target resource identifier for marking the cloud computing resources of sub- account distribution, to be arranged in terms of the affiliated cloud of target resource identifier for the sub- account of target Calculate the operating right of resource.

In an implementation, server can be in the corresponding relationship of pre-stored primary account number and resource identification, determining and mesh The identical primary account number of primary account number is marked, and by the corresponding resource identification of the primary account number, as the corresponding cloud computing money of target primary account number The resource identification in source.Then, server can be determined as mesh according to the resource identification of the corresponding cloud computing resources of target primary account number Mark the target resource identifier of the cloud computing resources of sub- account distribution.

Server is determined as the sub- account distribution of target according to the resource identification of the corresponding cloud computing resources of target primary account number The mode of the target resource identifier of cloud computing resources may is that administrative staff can input in set interface wait be target The resource identification of the cloud computing resources of account distribution, as a result, setting request can also carry resource identification.Then, server May determine that setting request carry resource identification whether be the corresponding cloud computing resources of target primary account number resource identification, if Judging result be it is yes, then server can will setting request carry resource identification as target resource identifier；If it is determined that knot Fruit be it is no, then server can send preset sub- account setup failed message, not make subsequent processing.

In the embodiment of the present application, server can also be determined as the cloud computing money of the sub- account distribution of target by other means The target resource identifier in source, concrete processing procedure is subsequent to will do it detailed description.

Step 103, corresponding storage target primary account number and the sub- account of target, obtain the corresponding relationship of primary account number Yu sub- account； The password of corresponding storage target sub- account and the sub- account of target, obtains the corresponding relationship of sub- account and password；Corresponding storage target Sub- account and target resource identifier obtain the corresponding relationship of sub- account and resource identification.

In an implementation, after being determined as the target resource identifier of cloud computing resources of the sub- account distribution of target, server can With corresponding storage target primary account number and the sub- account of target, the corresponding relationship of primary account number Yu sub- account is obtained；Corresponding storage target The password of account and the sub- account of target, obtains the corresponding relationship of sub- account and password；It is corresponding to store the sub- account of target and target money Source mark, obtains the corresponding relationship of sub- account and resource identification.

In the embodiment of the present application, server can receive the setting request of sub- account, obtain the target that setting request carries The password of the sub- account of primary account number, target and the sub- account of target.Then, according to target primary account number, pre-stored primary account number with The corresponding relationship of resource identification is determined as the target resource identifier of the cloud computing resources of the sub- account distribution of target, for target The operating right of the account setting affiliated cloud computing resources of target resource identifier.After determining target resource identifier, corresponding storage mesh Primary account number and the sub- account of target are marked, the corresponding relationship of primary account number Yu sub- account is obtained；It is corresponding to store the sub- account of target and target The password of account obtains the corresponding relationship of sub- account and password；It is corresponding to store the sub- account of target and target resource identifier, obtain son The corresponding relationship of account and resource identification.

Due to being provided with the sub- account of target, and therefore the sub- account of corresponding storage target and target resource identifier can be mesh The operating right for marking the sub- account distribution affiliated cloud computing resources of target resource identifier, is easy to use the work of different cloud computing resources Personnel obtain cloud computing resources, can be improved the efficiency of management of cloud computing resources operating right by the sub- account of corresponding target.

It, can be to different operating personnel based on a kind of right management method of cloud computing resources provided by the embodiments of the present application The operating rights of cloud computing resources carry out minimum distribution, on the one hand, pass through the operation note of each sub- account of storage, Neng Gouji The cloud computing resources service condition for recording the staff of different departments in enterprise, carries out convenient for the usage record to cloud computing resources Management.On the other hand, it can reduce and share all operating rights for having bought cloud computing resources to the wind of different staff Danger.In addition, establishing associated with primary account number account does not need other expenses, can save the management of cloud computing resources at This.

Optionally, it is requested in response to the setting of the sub- account received, it is corresponding that server can also export target primary account number Whole cloud computing resources resource identification, so that administrative staff are therefrom selected as the cloud computing resources of target sub- account distribution Target resource identifier, concrete processing procedure include:

Step 1, according to target primary account number, the corresponding relationship of pre-stored primary account number and resource identification, determine target master The resource identification of the corresponding cloud computing resources of account.

In an implementation, server can be according to target primary account number, pre-stored primary account number pass corresponding with resource identification System, determines the resource identification of the corresponding cloud computing resources of target primary account number.

Step 2, the resource identification of the corresponding cloud computing resources of target primary account number is sent to the terminal of target primary account number, with Make terminal in the resource identification of the corresponding cloud computing resources of display interface displaying target primary account number.

It should be noted that above-mentioned display interface can be the same interface with above-mentioned predetermined registration operation interface, it is also possible to Different interfaces, however it is not limited to this.Above-mentioned display interface is the interface that above-mentioned target primary account number logs in.

In a kind of feasible implementation, for the resource identification of each cloud computing resources, selection interface (shows boundary Face) in corresponding position choice box can be set, such administrative staff can click choice box, and user terminal is available The corresponding resource identification of selected choice box generates the distribution request of the resource identification comprising obtaining, and distribution request is for asking The operating right for the affiliated cloud computing resources of resource identification for asking distribution to obtain.In another feasible implementation, boundary is selected Character input column can be set in face, such administrative staff can input the resource identification of cloud computing resources to be allocated, use The resource identification of the available input of family terminal generates the distribution request of the resource identification comprising input, and distribution request is for asking The operating right for the affiliated cloud computing resources of resource identification for asking distribution to input.Then, user terminal can send distribution request To server.

Include display unit for above-mentioned server, sub- account is arranged by the realization that interacts between administrative staff and server Number and the case where batch operation permission, server can be by display unit, the main account of displaying target in preset selection interface The resource identification of number corresponding cloud computing resources.Administrative staff can click choice box or input cloud computing resources to be allocated Resource identification so that server receives the distribution request for batch operation permission.

Step 3, the distribution request for batch operation permission in response to receiving obtain the target that distribution request carries Resource identification.Wherein, the distribution request is to act on the selection operation of the display interface to be triggered, the selection operation For selecting the target resource identifier from the resource identification of the corresponding cloud computing resources of the target primary account number.

In an implementation, the resource identification carried in response to the distribution request received, the available distribution request of server, As the target resource identifier to the cloud computing resources for the sub- account setting of target.

In the embodiment of the present application, server can export the resource identification of the corresponding cloud computing resources of target primary account number, so Afterwards, in response to the distribution request received, it is determined as the target resource identifier of the cloud computing resources of the sub- account setting of target, is convenient for Administrative staff are selected as the target resource identifier of the cloud computing resources of the sub- account distribution of target, further increase cloud computing resources behaviour Make the efficiency of management of permission.

Optionally, after sub- account is arranged in server, which can log in cloud computing resources by the sub- account Application program is managed, as shown in Fig. 2, the concrete processing procedure of server includes:

Step 201, the logging request that sub- account logs in predetermined registration operation interface is received.

Wherein, the password of target primary account number, the sub- account of target and the sub- account of target is carried in logging request.

In an implementation, staff can by being equipped with the user terminal of the management application program of cloud computing resources, The target primary account number of the enterprise, the password of the sub- account of target and the sub- account of target are filled in preset login interface, to log in The management application program of cloud computing resources.Then, staff can execute second predetermined registration operation, generate logging request.

Second predetermined registration operation, which can be, to be clicked in predetermined registration operation interface for indicating the icon of " logging in sub- account ".Second is pre- If operation, which is also possible to input, to be indicated to log in the character of sub- account.As a result, the target primary account number of the available input of user terminal, The password of the sub- account of target and the sub- account of target generates logging request, and logging request is sent to server.

Later, server is after the logging request for receiving sub- account, the main account of target of available logging request carrying Number, the password of the sub- account of target and the sub- account of target.Server may determine that whether target primary account number is pre-stored master Account, with test-target primary account number whether be mistake registered in advance effective primary account number.

If target primary account number is pre-stored primary account number, server can execute step 202.If the main account of target It number is not pre-stored primary account number, then server can send preset the first mistake for indicating the input error of target primary account number Message does not make subsequent processing.

Step 202, according to target primary account number, the corresponding relationship of pre-stored primary account number and sub- account, judge target Whether account is the corresponding sub- account of target primary account number.

In an implementation, server can according to target primary account number, the corresponding relationship of pre-stored primary account number and sub- account, Judge whether the sub- account of target is the corresponding sub- account of target primary account number, whether is mistake registered in advance with the sub- account of test-target Effective sub- account.

If the sub- account of target is the corresponding sub- account of target primary account number, server can execute step 203.If mesh Marking sub- account not is the corresponding sub- account of target primary account number, then server can send the preset sub- account input error of expression Second error message, does not make subsequent processing.

Step 203, according to the corresponding relationship of the sub- account of target, pre-stored sub- account and password, to the sub- account of target Password verified.

In an implementation, server can be according to the corresponding relationship of the sub- account of target, pre-stored sub- account and password, really The corresponding password of the sub- account that sets the goal, then, server may determine that the corresponding password of the sub- account of target and the sub- account of target Whether password is identical, is verified with the password to the sub- account of target.

Password phase such as fruit account password corresponding with the sub- account of target in the corresponding relationship of password, with the sub- account of target Together, then server can be determined that the password of the sub- account of target is correct, and then, server can execute step 204.Such as fruit account Password corresponding with the sub- account of target in the corresponding relationship of password, different from the password of the sub- account of target, then server can be sentenced The password mistake for the sub- account that sets the goal, then server can send preset Password Input error message, not make subsequent processing.

Step 204, predetermined registration operation interface is successfully logged in.

In the embodiment of the present application, server can obtain logging request and carry after the logging request for receiving sub- account Target primary account number, the sub- account of target and the sub- account of target password, then, successively to target primary account number, the sub- account of target Number and the password of the sub- account of target verified.When target primary account number, the password of the sub- account of target and the sub- account of target When all verifying is correct, predetermined registration operation interface, the safety used thereby, it is possible to ensure sub- account, convenient for making just successfully are logged in Pass through corresponding sub- account with the staff of different cloud computing resources, obtains cloud computing resources, can be improved cloud computing resources The efficiency of management of operating right.

Optionally, after the management application program that staff successfully logs in cloud computing resources by sub- account, server Cloud computing money can be provided for staff according to receiving for requesting the operation requests operated to cloud computing resources Source, as shown in figure 3, the concrete processing procedure of server includes:

Step 301, it after the sub- account of primary account number successfully logs in predetermined registration operation interface, obtains for requesting to provide cloud computing The operation requests that source is operated.

Wherein, the resource identification of the sub- account of target and target cloud computing resources to be obtained, son are carried in operation requests Account has all or part of permission of primary account number operation cloud computing resources.

In an implementation, staff can execute third predetermined registration operation in predetermined registration operation interface, and third predetermined registration operation can Be input target cloud computing resources resource identification, third predetermined registration operation be also possible to click for indicate target cloud computing provide The icon of the resource identification in source.Then, the available sub- account of target currently logged in of user terminal and target cloud computing money The resource identification in source generates operation requests, and operation requests is sent to server.

Later, server can receive the operation requests of cloud computing resources, and the available operation requests of server are taken The resource identification of the sub- account of the target of band and target cloud computing resources to be obtained.

Step 302, according to the sub- account of target, the resource identification of target cloud computing resources, pre-stored sub- account and money The corresponding relationship of source mark, determines whether the sub- account of target has the operating right of target cloud computing resources.

In an implementation, server can be in the corresponding relationship of pre-stored sub- account and resource identification, will be with target The corresponding resource identification of the identical sub- account of sub- account, as the corresponding resource identification of the sub- account of target.

Then, server may determine that whether the resource identification of target cloud computing resources is the corresponding resource of the sub- account of target Mark, if the resource identification of target cloud computing resources is the corresponding resource identification of the sub- account of target, server can be determined The sub- account of target has the operating right of target cloud computing resources, and then, server can execute step 303.If target cloud The resource identification of computing resource is not the corresponding resource identification of the sub- account of target, then server can send preset without behaviour Make entitlement messages, does not make subsequent processing.

Step 303, the sub- account of target is allowed to operate target cloud computing resources.

In an implementation, the mode that server allows the sub- account of target to operate target cloud computing resources can be a variety of Multiplicity, in a kind of feasible implementation, server can be with the acquisition address of displaying target cloud computing resources.In another kind In feasible implementation, server can be with the acquisition password of displaying target cloud computing resources.

In the embodiment of the present application, server can obtain after the sub- account of primary account number successfully logs in predetermined registration operation interface Operation requests for requesting to operate cloud computing resources.Then, according to the sub- account of target, the money of target cloud computing resources The corresponding relationship of source mark, pre-stored sub- account and resource identification, determines whether the sub- account of target has target cloud computing The operating right of resource.If the sub- account of target has the operating right of target cloud computing resources, allow the sub- account pair of target Target cloud computing resources are operated.Thereby, it is possible to avoid obtaining cloud computing resources of the sub- account of target without operating right, It can be improved the efficiency of management of cloud computing resources operating right.

Optionally, when it has been the operating right of cloud computing resources of the sub- account distribution of target that administrative staff, which want to cancel, The administrative staff can send the setting request of sub- account, as shown in figure 4, server can be in the mesh for obtaining distribution request carrying After marking resource identification, following steps are executed:

Step 401, judge locally whether be stored with target resource identifier corresponding with the sub- account of target.

In an implementation, server can judge target with the corresponding relationship of sub- account and resource identification according to the pre-stored data Whether resource identification is resource identification corresponding with the sub- account of target.

If target resource identifier is not resource identification corresponding with the sub- account of target, server can be determined locally not Target resource identifier corresponding with the sub- account of target is stored, then, server can execute step 402.If target resource mark Knowing is resource identification corresponding with the sub- account of target, then server, which can determine, has been locally stored mesh corresponding with the sub- account of target Resource identification is marked, then, server can execute step 403.

Step 402, the sub- account of corresponding storage target and target resource identifier, it is corresponding with resource identification to establish sub- account Relationship.

In an implementation, the concrete processing procedure of this step is referred to the treatment process of step 103, and details are not described herein again.

Server can be implemented as the operation of the sub- account distribution corresponding cloud computing resources of target resource identifier of target as a result, Permission.

Step 403, the target resource identifier being locally stored is deleted, is that the sub- account of target distributes target resource identifier to cancel The operating right of corresponding cloud computing resources.

In an implementation, server can delete the corresponding target resource identifier of the sub- account of the target being locally stored, to cancel The operating right of the corresponding cloud computing resources of target resource identifier is distributed for the sub- account of target.

In the embodiment of the present application, it is the main account of target that server, which can determine the target resource identifier that request is arranged and carries, After the resource identification of number corresponding cloud computing resources, by judging local whether be stored with target corresponding with the sub- account of target and provide Source mark, determines and stores the target resource identifier, to be embodied as the operating right that sub- account distributes corresponding cloud computing resources, or The target resource identifier is deleted, is that sub- account distributes the operating right to cancel.Thereby, it is possible to flexibly complete operating right It assigns and recycles, the efficiency of management of cloud computing resources operating right can be improved.

The embodiment of the present application also provides a kind of rights management devices of cloud computing resources, as shown in figure 5, described device is answered For managing the server of cloud computing resources, described device includes:

Module 510 is obtained, after successfully logging in predetermined registration operation interface for the sub- account in primary account number, is obtained for requesting The operation requests that cloud computing resources are operated, wherein the sub- account of target and to be obtained is carried in the operation requests The resource identification of target cloud computing resources；Wherein, the sub- account have the primary account number operation cloud computing resources whole or Part permission；

First determining module 520, for according to the resource identification of the sub- account of the target, the target cloud computing resources, The corresponding relationship of pre-stored sub- account and resource identification, determines whether the sub- account of the target has the target cloud computing The operating right of resource；

Execution module 530, in the case where determining has the operating right, then allowing the sub- account pair of the target The target cloud computing resources are operated.

Optionally, described device further include:

Optionally, second determining module includes:

Optionally, described device further include:

A kind of rights management device of cloud computing resources provided by the embodiments of the present application, can primary account number sub- account at After function logs in predetermined registration operation interface, obtain for requesting the operation requests that are operated to cloud computing resources, in operation requests Carry the resource identification of the sub- account of target and target cloud computing resources to be obtained；There is sub- account primary account number to operate cloud meter Calculate all or part of permission of resource.Then, according to the sub- account of target, target cloud computing resources resource identification, be stored in advance Sub- account and resource identification corresponding relationship, determine whether the sub- account of target has the operating right of target cloud computing resources. If the sub- account of target have target cloud computing resources operating right, allow the sub- account of target to target cloud computing resources into Row operation.Due to allowing the sub- account of target to mesh after determining the operating right that the sub- account of target has target cloud computing resources Mark cloud computing resources are operated, and be can be avoided and are obtained the cloud computing resources that the sub- account of target does not have operating right, Neng Gouti The efficiency of management of high cloud computing resources operating right.

The embodiment of the present application also provides a kind of servers, as shown in fig. 6, including processor 601, communication interface 602, depositing Reservoir 603 and communication bus 604, wherein processor 601, communication interface 602, memory 603 are completed by communication bus 604 Mutual communication,

Memory 603, for storing computer program；

Processor 601 when for executing the program stored on memory 603, realizes following steps:

Optionally, the method also includes:

The communication bus that above-mentioned server is mentioned can be Peripheral Component Interconnect standard (Peripheral Component Interconnect, PCI) bus or expanding the industrial standard structure (Extended Industry Standard Architecture, EISA) bus etc..The communication bus can be divided into address bus, data/address bus, control bus etc..For just It is only indicated with a thick line in expression, figure, it is not intended that an only bus or a type of bus.

Communication interface is for the communication between above-mentioned server and other equipment.

Memory may include random access memory (Random Access Memory, RAM), also may include non-easy The property lost memory (Non-Volatile Memory, NVM), for example, at least a magnetic disk storage.Optionally, memory may be used also To be storage device that at least one is located remotely from aforementioned processor.

Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit, CPU), network processing unit (Network Processor, NP) etc.；It can also be digital signal processor (Digital Signal Processing, DSP), it is specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing It is field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete Door or transistor logic, discrete hardware components.

A kind of server provided by the embodiments of the present application can successfully log in predetermined registration operation interface in the sub- account of primary account number Later, obtain for request the operation requests that are operated to cloud computing resources, in operation requests the sub- account of carrying target and The resource identification of target cloud computing resources to be obtained；Sub- account has all or part of power of primary account number operation cloud computing resources Limit.Then, according to the sub- account of target, the resource identification of target cloud computing resources, pre-stored sub- account and resource identification Corresponding relationship, determines whether the sub- account of target has the operating right of target cloud computing resources.If the sub- account of target has mesh The operating right for marking cloud computing resources, then allow the sub- account of target to operate target cloud computing resources.Due to determining mesh After sub- account is marked with the operating right of target cloud computing resources, the sub- account of target is allowed to grasp target cloud computing resources Make, can be avoided and obtain the cloud computing resources that the sub- account of target does not have operating right, can be improved cloud computing resources operating rights The efficiency of management of limit.

In another embodiment provided by the present application, a kind of computer readable storage medium is additionally provided, which can It reads to be stored with computer program in storage medium, the computer program realizes any of the above-described cloud computing money when being executed by processor The step of right management method in source.

In another embodiment provided by the present application, a kind of computer program product comprising instruction is additionally provided, when it When running on computers, so that computer executes the right management method of any cloud computing resources in above-described embodiment.

In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program Product includes one or more computer instructions.When loading on computers and executing the computer program instructions, all or It partly generates according to process or function described in the embodiment of the present application.The computer can be general purpose computer, dedicated meter Calculation machine, computer network or other programmable devices.The computer instruction can store in computer readable storage medium In, or from a computer readable storage medium to the transmission of another computer readable storage medium, for example, the computer Instruction can pass through wired (such as coaxial cable, optical fiber, number from a web-site, computer, server or data center User's line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or Data center is transmitted.The computer readable storage medium can be any usable medium that computer can access or It is comprising data storage devices such as one or more usable mediums integrated server, data centers.The usable medium can be with It is magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk Solid State Disk (SSD)) etc..

It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.

Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.

The foregoing is merely the preferred embodiments of the application, are not intended to limit the protection scope of the application.It is all Any modification, equivalent replacement, improvement and so within spirit herein and principle are all contained in the protection scope of the application It is interior.

Claims

1. a kind of right management method of cloud computing resources, which is characterized in that the method is applied to management cloud computing resources Server, which comprises

After the sub- account of primary account number successfully logs in predetermined registration operation interface, obtain for requesting to operate cloud computing resources Operation requests, wherein the resource of the sub- account of target and target cloud computing resources to be obtained is carried in the operation requests Mark；Wherein, the sub- account has all or part of permission of primary account number operation cloud computing resources；

According to the sub- account of the target, the resource identification of the target cloud computing resources, pre-stored sub- account and resource mark The corresponding relationship of knowledge, determines whether the sub- account of the target has the operating right of the target cloud computing resources；

Determine have the operating right in the case where, then allow the sub- account of the target to the target cloud computing resources into Row operation.

2. the method according to claim 1, wherein the method also includes:

Receive the logging request that the sub- account logs in the predetermined registration operation interface, wherein carry target in the logging request The password of the sub- account of primary account number, target and the sub- account of the target；

If the target primary account number is pre-stored primary account number, according to the target primary account number, pre-stored main account Number and sub- account corresponding relationship, judge whether the sub- account of the target is the corresponding sub- account of the target primary account number；

If the sub- account of target is the corresponding sub- account of the target primary account number, according to the sub- account of the target, in advance The sub- account of storage and the corresponding relationship of password, verify the password of the sub- account of the target；

3. method according to claim 1 or 2, which is characterized in that obtaining for requesting to grasp cloud computing resources Before the operation requests of work, the method also includes:

Receive the setting request of sub- account, wherein setting request carrying target primary account number, the sub- account of target and described The password of the sub- account of target；

According to the target primary account number, the corresponding relationship of pre-stored primary account number and resource identification, it is determined as target The target resource identifier of the cloud computing resources of account distribution, to be arranged belonging to the target resource identifier for the sub- account of the target The operating right of cloud computing resources；

It is corresponding to store the target primary account number and the sub- account of the target, obtain the corresponding relationship of primary account number Yu sub- account；It is corresponding The password for storing the sub- account of the target and the sub- account of the target, obtains the corresponding relationship of sub- account and password；Corresponding storage The sub- account of target and the target resource identifier, obtain the corresponding relationship of sub- account and resource identification.

4. according to the method described in claim 3, it is characterized in that, described according to the target primary account number, pre-stored master The corresponding relationship of account and resource identification is determined as the target resource identifier packet of the cloud computing resources of the sub- account distribution of the target It includes:

According to the target primary account number, the corresponding relationship of pre-stored primary account number and resource identification, the main account of the target is determined The resource identification of number corresponding cloud computing resources；

In response to the distribution request for batch operation permission, the target resource identifier that the distribution request carries is obtained, wherein The distribution request is to act on the selection operation of the display interface to be triggered, and the selection operation is used for from the target The target resource identifier is selected in the resource identification of the corresponding cloud computing resources of primary account number.

5. according to the method described in claim 4, it is characterized in that, in the target resource identifier for obtaining the distribution request carrying Later, the method also includes:

If the target resource identifier corresponding with the sub- account of the target has been locally stored, delete be locally stored it is described Target resource identifier, to cancel the operating rights for distributing the affiliated cloud computing resources of the target resource identifier for the sub- account of the target Limit；

If the local not stored target resource identifier corresponding with the sub- account of the target, the corresponding storage institute is executed The sub- account of target and the target resource identifier are stated, the corresponding relationship step of sub- account and resource identification is obtained.

6. a kind of rights management device of cloud computing resources, which is characterized in that described device is applied to management cloud computing resources Server, described device include:

Module is obtained, after successfully logging in predetermined registration operation interface for the sub- account in primary account number, is obtained by requesting based on to cloud Calculate the operation requests that resource is operated, wherein the sub- account of target and target cloud to be obtained are carried in the operation requests The resource identification of computing resource；Wherein, the sub- account has all or part of power of primary account number operation cloud computing resources Limit；

First determining module, for according to the resource identification of the sub- account of the target, the target cloud computing resources, be stored in advance Sub- account and resource identification corresponding relationship, determine whether the sub- account of the target has the behaviour of the target cloud computing resources Make permission；

Execution module, in the case where determining has the operating right, then allowing the sub- account of the target to the mesh Mark cloud computing resources are operated.

7. device according to claim 6, which is characterized in that described device further include:

First receiving module logs in the logging request at the predetermined registration operation interface for receiving the sub- account, wherein described to step on The password of target primary account number, the sub- account of target and the sub- account of the target is carried in record request；

First judgment module, for when the target primary account number be pre-stored primary account number when, according to the target primary account number, The corresponding relationship of pre-stored primary account number and sub- account judges whether the sub- account of the target is that the target primary account number is corresponding Sub- account；

Second judgment module is used for when the sub- account of the target sub- account corresponding for the target primary account number, according to described The corresponding relationship of the sub- account of target, pre-stored sub- account and password verifies the password of the sub- account of the target；

8. device according to claim 6 or 7, which is characterized in that described device further include:

Second receiving module, the setting for receiving sub- account are requested, wherein the setting request carries target primary account number, mesh Mark the password of sub- account and the sub- account of the target；

Second determining module, for the corresponding relationship according to the target primary account number, pre-stored primary account number and resource identification, It is determined as the target resource identifier of the cloud computing resources of the sub- account distribution of the target, for described in the sub- account setting of the target The operating right of the affiliated cloud computing resources of target resource identifier；

Memory module stores the target primary account number and the sub- account of the target for corresponding, obtains primary account number and sub- account Corresponding relationship；The corresponding password for storing the target sub- account and the sub- account of the target, it is corresponding with password to obtain sub- account Relationship；It is corresponding to store the sub- account of target and the target resource identifier, obtain the corresponding relationship of sub- account and resource identification.

9. device according to claim 8, which is characterized in that second determining module includes:

Determine submodule, for the corresponding relationship according to the target primary account number, pre-stored primary account number and resource identification, really Determine the resource identification of the corresponding cloud computing resources of the target primary account number；

Sending submodule, for the resource identification of the corresponding cloud computing resources of the target primary account number to be sent to the target master The terminal of account, so that the terminal shows the resource mark of the corresponding cloud computing resources of the target primary account number in display interface Know；

Acquisition submodule, for obtaining the mesh that the distribution request carries in response to the distribution request for batch operation permission Mark resource identification, wherein the distribution request is to act on the selection operation of the display interface to be triggered, and the selection is grasped It acts on and selects the target resource identifier from the resource identification of the corresponding cloud computing resources of the target primary account number.

10. device according to claim 9, which is characterized in that described device further include:

Removing module, for deleting this when the target resource identifier corresponding with the sub- account of the target has been locally stored The target resource identifier of ground storage is that the sub- account of the target distributes the affiliated cloud computing of target resource identifier to cancel The operating right of resource；

The memory module is also used to when the local not stored target resource identifier corresponding with the sub- account of the target, The corresponding storage sub- account of target and the target resource identifier are executed, sub- account pass corresponding with resource identification is obtained It is step.

11. a kind of server, which is characterized in that including processor, communication interface, memory and communication bus, wherein processing Device, communication interface, memory complete mutual communication by communication bus；

Memory, for storing computer program；

Processor when for executing the program stored on memory, realizes any method and step of claim 1-5.

12. a kind of computer readable storage medium, which is characterized in that be stored with computer in the computer readable storage medium Program realizes claim 1-5 any method and step when the computer program is executed by processor.