CN112118237A - Resource access management method - Google Patents
Resource access management method Download PDFInfo
- Publication number
- CN112118237A CN112118237A CN202010922173.4A CN202010922173A CN112118237A CN 112118237 A CN112118237 A CN 112118237A CN 202010922173 A CN202010922173 A CN 202010922173A CN 112118237 A CN112118237 A CN 112118237A
- Authority
- CN
- China
- Prior art keywords
- user
- cloud platform
- database
- information
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The resource access management method provided by the invention comprises the following steps of S1: user registration information is stored in a database, and an administrator adds a token and authority information to a user in the database; s2: a user sends a login request to a cloud platform, and the cloud platform accesses information of the user in a database according to id information of the user; s3: if the user in the database contains token information, allowing the user to log in the platform, otherwise, not allowing the user to log in the platform; s4: if the user requests to access the cloud platform resources, the cloud platform can access the information of the user in the database according to the client id information; s5: and if the database has the authority information value of the user, allowing the user to access the cloud platform resources, otherwise, refusing the user to access the cloud platform resources. The cloud platform judges whether the account can log in the cloud platform or not through the token, and the cloud platform judges whether the user account allows access to cloud platform resources or not according to the value of the authority information in the account, so that different customers can be managed in different manners.
Description
Technical Field
The invention relates to the field of cloud platform user identity identification and access management, in particular to a resource access management method.
Background
In a cloud platform, multiple tenants desire to share the shared resources of the cloud platform, and each tenant also desires to have the resources that can be shared individually. Meanwhile, partial tenants have resources with higher confidentiality and hope that only partial sub-tenants can access the resources.
For a general cloud platform, independent access of clients to different resources cannot be realized, and the problem of poor resource privacy is caused.
Disclosure of Invention
In order to overcome the defects in the prior art, the resource access management method has the advantages that different accounts are managed differently, each account can access different cloud platform data, the sharing privacy of cloud platform resources to the different accounts is improved, and one account can only access specific data in the cloud platform data.
In order to achieve the above object, the resource access management method of the present invention includes the following steps, step S1: user registration information is stored in a database, and an administrator adds a token and authority information to a user in the database; step S2: a user sends a login request to a cloud platform, and the cloud platform accesses information of the user in a database according to id information of the user; step S3: if the user in the database contains token information, allowing the user to log in the platform, and if the user in the database does not contain the token information, not allowing the user to log in the platform; step S4: after a user logs in a platform, if the user requests to access cloud platform resources, the cloud platform can access information of the user in a database according to client id information; step S5: if the database has the authority information value of the user, the user is allowed to access the cloud platform resources, and if the database does not have the authority information value of the user, the user is denied to access the cloud platform resources.
Further, the cloud platform adopts an identity recognition and access management platform IAM.
Furthermore, the account number of the user can be allocated with a plurality of sub-account numbers, and each sub-account number can be endowed with different token tokens and authority information.
Further, the charge of the sub-account is charged to the user's bill for payment.
Further, the database is a mysql database.
Has the advantages that: the cloud platform judges whether the account can log in the cloud platform or not according to whether the token is contained in different user accounts or not, and when the account accesses cloud platform resources in the cloud platform, the cloud platform judges whether the user account allows access to the cloud platform resources or not according to whether the account contains the value of the authority information or not.
Drawings
The present invention will be further described and illustrated with reference to the following drawings.
Fig. 1 is a flow chart of the entirety of a preferred embodiment of the present invention.
Detailed Description
The technical solution of the present invention will be more clearly and completely explained by the description of the preferred embodiments of the present invention with reference to the accompanying drawings.
As shown in fig. 1, the resource access management method according to the preferred embodiment of the present invention includes the following steps,
step S1: and the user registers information and stores the information in a database, and an administrator adds a token and authority information to the user in the database.
Specifically, after each user registers a personal account and stores the personal account into the database, the database mainly enters several items of content, including a user id, a token and an authority information value. The token is a value which corresponds to the user id and is recorded under the user id, the authority information value is also a value which is recorded under the user id and is different from the token, and the two values are both provided by an administrator and are recorded in a database.
Step S2: and the user sends a login request to the cloud platform, and the cloud platform accesses the information of the user in the database according to the id information of the user.
Specifically, when a user accesses the cloud platform, the cloud platform queries the database according to the user id, and the cloud platform can query all values stored in the data under the user id.
Step S3: if the user in the database contains the token information, allowing the user to log in the platform, and if the user in the database does not contain the token information, not allowing the user to log in the platform.
the token information is used for identifying whether a user has a key for logging in the cloud platform, and when the cloud platform receives information of 'request for accessing the cloud platform' sent by the user, the cloud platform queries the token value of the user in a database according to the user id. And if the token value exists in the database, allowing the user to access the cloud platform, otherwise, rejecting the request of the user to access the cloud platform.
Step S4: after the user logs in the platform, if the user requests to access the cloud platform resources, the cloud platform can access the information of the user in the database according to the client id information.
Specifically, after the user logs in the cloud platform, if the user wants to access other resources on the cloud platform, the cloud platform continues to verify the authority information value of the user.
Step S5: if the database has the authority information value of the user, the user is allowed to access the cloud platform resources, and if the database does not have the authority information value of the user, the user is denied to access the cloud platform resources.
Similarly, if the client accesses the cloud platform resources, the client sends a request of requesting access to the cloud platform resources to the cloud platform, the cloud platform queries the authority information value in the database according to the user id, if the user has the authority information value, it is indicated that the user has the qualification of enjoying the cloud platform resources, and otherwise, the user cannot access the cloud platform resources. And the qualification of each user with different authorities to browsing cloud platform resources is different, so that the client management is realized.
For convenience of management, one account can be allocated to a plurality of sub-accounts, the ids of the sub-accounts are different, and the ids, the authority information values and the token values of the sub-accounts are respectively recorded in a database. And each sub-account is determined by a cloud platform manager whether to have an authority information value or a token value, so that part of sub-accounts with the authority information value can achieve the purpose of accessing cloud platform resources.
Meanwhile, the payment bill cost generated by the sub-accounts is totally charged into the user account, and the management is convenient. The cloud platform is realized by adopting an identity recognition and access management platform (IAM), and the database adopts a mysql database.
The above detailed description merely describes preferred embodiments of the present invention and does not limit the scope of the invention. Without departing from the spirit and scope of the present invention, it should be understood that various changes, substitutions and alterations can be made herein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims and their equivalents. The scope of the invention is defined by the claims.
Claims (5)
1. Resource access management method, characterized by comprising the steps of,
step S1: user registration information is stored in a database, and an administrator adds a token and authority information to a user in the database;
step S2: a user sends a login request to a cloud platform, and the cloud platform accesses information of the user in a database according to id information of the user;
step S3: if the user in the database contains token information, allowing the user to log in the platform, and if the user in the database does not contain the token information, not allowing the user to log in the platform;
step S4: after a user logs in a platform, if the user requests to access cloud platform resources, the cloud platform can access information of the user in a database according to client id information;
step S5: if the database has the authority information value of the user, the user is allowed to access the cloud platform resources, and if the database does not have the authority information value of the user, the user is denied to access the cloud platform resources.
2. The method according to claim 1, wherein the cloud platform employs an identity and access management platform IAM.
3. The resource access management method according to claim 1, wherein the account of the user can be assigned with a plurality of sub-accounts, and each sub-account can be assigned with different token tokens and permission information.
4. The method of claim 3, wherein the charge for the sub-account is billed to a payment bill of the user.
5. The method according to claim 3, wherein the database is a mysql database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010922173.4A CN112118237A (en) | 2020-09-04 | 2020-09-04 | Resource access management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010922173.4A CN112118237A (en) | 2020-09-04 | 2020-09-04 | Resource access management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112118237A true CN112118237A (en) | 2020-12-22 |
Family
ID=73801814
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010922173.4A Pending CN112118237A (en) | 2020-09-04 | 2020-09-04 | Resource access management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112118237A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112615875A (en) * | 2020-12-24 | 2021-04-06 | 中国农业银行股份有限公司 | User access control method and device |
| CN114024751A (en) * | 2021-11-05 | 2022-02-08 | 北京字节跳动网络技术有限公司 | Application access control method and device, computer equipment and storage medium |
| CN114139128A (en) * | 2021-11-05 | 2022-03-04 | 苏州浪潮智能科技有限公司 | System resource access method, device and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110688643A (en) * | 2019-11-05 | 2020-01-14 | 北京集奥聚合科技有限公司 | Processing method for platform identity identification and authority authentication |
| CN111147572A (en) * | 2019-12-24 | 2020-05-12 | 中国建设银行股份有限公司 | Cloud customer service platform management system and method |
-
2020
- 2020-09-04 CN CN202010922173.4A patent/CN112118237A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110688643A (en) * | 2019-11-05 | 2020-01-14 | 北京集奥聚合科技有限公司 | Processing method for platform identity identification and authority authentication |
| CN111147572A (en) * | 2019-12-24 | 2020-05-12 | 中国建设银行股份有限公司 | Cloud customer service platform management system and method |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112615875A (en) * | 2020-12-24 | 2021-04-06 | 中国农业银行股份有限公司 | User access control method and device |
| CN114024751A (en) * | 2021-11-05 | 2022-02-08 | 北京字节跳动网络技术有限公司 | Application access control method and device, computer equipment and storage medium |
| CN114139128A (en) * | 2021-11-05 | 2022-03-04 | 苏州浪潮智能科技有限公司 | System resource access method, device and medium |
| CN114024751B (en) * | 2021-11-05 | 2023-05-23 | 抖音视界有限公司 | Application access control method and device, computer equipment and storage medium |
| CN114139128B (en) * | 2021-11-05 | 2024-03-08 | 苏州浪潮智能科技有限公司 | System resource access method, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112118237A (en) | Resource access management method | |
| CN108292331B (en) | Method and system for creating, verifying and managing identities | |
| CN105871914B (en) | CRM system access control method | |
| US7571473B1 (en) | Identity management system and method | |
| US7568218B2 (en) | Selective cross-realm authentication | |
| US6055637A (en) | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential | |
| JP2021177410A (en) | Customer relationship management system and method for processing customer service request | |
| CN101310286B (en) | Improved single sign on | |
| US7490347B1 (en) | Hierarchical security domain model | |
| US20080189776A1 (en) | Method and System for Dynamically Controlling Access to a Network | |
| CN110855599B (en) | Multi-tenant access control method and device and computer readable storage medium | |
| US20120222099A1 (en) | Multifactor authentication service | |
| CN107204978B (en) | A kind of access control method and device based on multi-tenant cloud environment | |
| CN111797418B (en) | Online service control method and device, service terminal, server and storage medium | |
| CN111159308B (en) | Transaction record sharing method and device based on block chain network and electronic equipment | |
| CN106326766A (en) | HBase data reading control method | |
| US9866587B2 (en) | Identifying suspicious activity in a load test | |
| CN108449348A (en) | A kind of on-line authentication system and method for supporting user identity secret protection | |
| CN109451043B (en) | Server access method for protecting user privacy through proxy access | |
| US20100058466A1 (en) | Systems and methods for providing security for software applications | |
| KR102111737B1 (en) | Method for providing FinTech service using virtual account and system therefor | |
| CN111324799B (en) | Search request processing method and device | |
| TWI622944B (en) | Multi-permission identity identification and access policy management system | |
| RU2536678C1 (en) | Method of authentication of user accounts in grid systems and system for its implementation | |
| CN101291333A (en) | Controlling method of used node number by network software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201222 |