CN112688955A - Resource group authorization management method - Google Patents
Resource group authorization management method Download PDFInfo
- Publication number
- CN112688955A CN112688955A CN202011587235.7A CN202011587235A CN112688955A CN 112688955 A CN112688955 A CN 112688955A CN 202011587235 A CN202011587235 A CN 202011587235A CN 112688955 A CN112688955 A CN 112688955A
- Authority
- CN
- China
- Prior art keywords
- resource group
- sub
- account
- strategy
- policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 17
- 238000007726 management method Methods 0.000 title abstract description 17
- 238000000034 method Methods 0.000 claims description 14
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a resource group authorization management method, which comprises the following steps: s1, creating a policy table for recording policy names, types and content information; creating an authority relation table for maintaining the relation among the resource group ID, the strategy ID and the sub-account ID; s2, allocating the resource groups to different sub-accounts according to different strategies: s3, when the sub-account operates the instance, the system checks whether the instance has the authority of the current operation, inquires the resource group of the current instance, checks whether the current resource group has the strategy corresponding to the current operation, if yes, the execution is continued, otherwise, the execution is not authorized. The resource group authorization management method can be used for carrying out operation management on the resources owned by the sub-account, and the authority management of the sub-account resources is more detailed.
Description
Technical Field
The invention belongs to the technical field of resource management, and particularly relates to a resource group authorization management method.
Background
The application provides an implementation method for authorization management of resource groups. The strategy concept is added on the basis of the original resource group, and under the mode that the cloud platform can support the primary and secondary accounts, the primary account can distribute the resource group to the secondary accounts, and meanwhile, different resource groups can be distributed to different users in the form of multiple strategies. For example, a host resource, an EIP resource, a cloud hard disk resource, and the like are in the same resource group, and the resource group is allocated to the sub-account 1, the sub-account 2, and the sub-account 3, and the sub-account 1 is allowed to have a right to view the host resource, the sub-account 2 has a right to view the EIP resource, and the sub-account 3 has a right to view the cloud hard disk resource. The function that the same resource group is allocated to different sub-accounts according to different strategies is achieved.
Disclosure of Invention
In view of this, the present invention is directed to a method for resource group authorization management, which implements a function that a same resource group can be allocated to different sub-accounts according to different policies.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method of resource group authorization management, comprising:
s1, creating a policy table for recording policy names, types and content information; creating an authority relation table for maintaining the relation among the resource group ID, the strategy ID and the sub-account ID;
s2, allocating the resource groups to different sub-accounts according to different strategies:
s3, when the sub-account operates the instance, the system checks whether the instance has the authority of the current operation, inquires the resource group of the current instance, checks whether the current resource group has the strategy corresponding to the current operation, if yes, the execution is continued, otherwise, the execution is not authorized.
Further, in step S2, the number of policies assigned once cannot exceed 5, and the same policies and the same resource group cannot be assigned to the same sub-account multiple times.
Further, the execution method of step S2 is specifically as follows:
s201, specifying a resource group;
s202, selecting a strategy;
s203, selecting a sub-account to be specified;
s204, checking whether the selected strategy quantity is excessive, if so, ending; otherwise, go on to step S205;
s205, checking whether the strategy and the sub account exist, and if so, executing a step S206; if not, ending;
and S206, storing the resource group, the strategy and the maintenance relation of the sub-account.
Further, when the policy is deleted, the binding relationship between the current policy and the resource group and the sub-account is also deleted.
Further, the deletion policy execution method is as follows:
s401, checking whether the strategy exists, if so, continuing to execute the step S402; if not, ending;
s402, deleting the strategy, and inquiring the relation of the strategy bound resource group;
s403, checking whether the binding relationship is null; if yes, ending; otherwise, continue to execute step S404;
s404, deleting the bound relation with the resource group.
Compared with the prior art, the resource group authorization management method has the following advantages:
the main account of the resource group authorization management method provided by the invention can be used for operating and managing the resources owned by the sub-accounts, and the authority management of the sub-account resources is more detailed; the same resource group is distributed to different sub-accounts according to different strategies, so that the disorder of resources in the same resource group is guaranteed, and the management function of a single resource group is enhanced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow diagram of resource group policy authorization;
FIG. 2 is a flow chart of resource operation;
FIG. 3 is a flow diagram of policy deletion.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
A method for resource group authorization management, the same resource group distributes resources in the resource group to a plurality of sub-accounts with different strategies, namely the resource management of the same resource group to the plurality of sub-accounts, and the operation authority of the instance in the resource group can be detailed to a specific operation, the specific method is as follows:
creating a policy table, wherein the table information is shown as the following table:
creating an authority relation table for maintaining the relation among the resource group ID, the strategy ID and the sub-account ID, wherein the table information is shown as the following table:
based on the created policy table and the authority relation table, the following steps are executed:
1. the resource group can be allocated to different sub-accounts according to different strategies, the number of strategies allocated for one time cannot exceed 5, and the same strategy and the same resource group cannot be allocated to the same sub-account for multiple times, and the flow is shown in fig. 1;
2. a sub-account operation example, wherein the system checks whether the example has the authority of the current operation (queries the resource group where the current example is located, and checks whether the current resource group has a policy corresponding to the current operation), and the flow is as shown in fig. 2;
3. when a policy is deleted, the binding relationship between the current policy and the resource group and the sub-account is also deleted, and the flow is shown in fig. 3.
Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of clearly illustrating the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in the present application, it should be understood that the disclosed method and system may be implemented in other ways. For example, the above described division of elements is merely a logical division, and other divisions may be realized, for example, multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not executed. The units may or may not be physically separate, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (5)
1. A method for resource group authorization management, comprising:
s1, creating a policy table for recording policy names, types and content information; creating an authority relation table for maintaining the relation among the resource group ID, the strategy ID and the sub-account ID;
s2, allocating the resource groups to different sub-accounts according to different strategies:
s3, when the sub-account operates the instance, the system checks whether the instance has the authority of the current operation, inquires the resource group of the current instance, checks whether the current resource group has the strategy corresponding to the current operation, if yes, the execution is continued, otherwise, the execution is not authorized.
2. The method for resource group authorization management according to claim 1, wherein in step S2, the number of policies assigned once cannot exceed 5, and the same policy and the same resource group cannot be assigned to the same sub-account multiple times.
3. The method for resource group authorization management according to claim 1, wherein the step S2 is executed as follows:
s201, specifying a resource group;
s202, selecting a strategy;
s203, selecting a sub-account to be specified;
s204, checking whether the selected strategy quantity is excessive, if so, ending; otherwise, go on to step S205;
s205, checking whether the strategy and the sub account exist, and if so, executing a step S206; if not, ending;
and S206, storing the resource group, the strategy and the maintenance relation of the sub-account.
4. The method of resource group authorization management according to claim 1, wherein: when the policy is deleted, the binding relationship between the current policy and the resource group and the sub-account is also deleted.
5. The method for resource group authorization management according to claim 4, wherein the deletion policy is executed by:
s401, checking whether the strategy exists, if so, continuing to execute the step S402; if not, ending;
s402, deleting the strategy, and inquiring the relation of the strategy bound resource group;
s403, checking whether the binding relationship is null; if yes, ending; otherwise, continue to execute step S404;
s404, deleting the bound relation with the resource group.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011587235.7A CN112688955A (en) | 2020-12-28 | 2020-12-28 | Resource group authorization management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011587235.7A CN112688955A (en) | 2020-12-28 | 2020-12-28 | Resource group authorization management method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112688955A true CN112688955A (en) | 2021-04-20 |
Family
ID=75454844
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011587235.7A Pending CN112688955A (en) | 2020-12-28 | 2020-12-28 | Resource group authorization management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112688955A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113688409A (en) * | 2021-08-05 | 2021-11-23 | 浪潮云信息技术股份公司 | Fine-grained distribution method based on container mirror image authority |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106254459A (en) * | 2016-05-13 | 2016-12-21 | 江苏云途腾科技有限责任公司 | A kind of resource elasticity allocation strategy for cloud platform user and device |
CN107465633A (en) * | 2016-06-06 | 2017-12-12 | 中兴通讯股份有限公司 | Method for managing resource and device based on software defined network |
CN109032799A (en) * | 2018-07-25 | 2018-12-18 | 郑州云海信息技术有限公司 | Storage resource management method, apparatus, equipment and readable storage medium storing program for executing |
CN109308422A (en) * | 2018-08-29 | 2019-02-05 | 北京航天云路有限公司 | Build the sub- account system of enterprise-oriented multistage and method |
CN110309666A (en) * | 2019-07-10 | 2019-10-08 | 浪潮云信息技术有限公司 | A kind of fine-grained access control method and system based on tactful grammer |
CN110730153A (en) * | 2018-07-16 | 2020-01-24 | 阿里巴巴集团控股有限公司 | Account configuration method, device and system of cloud equipment and data processing method |
-
2020
- 2020-12-28 CN CN202011587235.7A patent/CN112688955A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106254459A (en) * | 2016-05-13 | 2016-12-21 | 江苏云途腾科技有限责任公司 | A kind of resource elasticity allocation strategy for cloud platform user and device |
CN107465633A (en) * | 2016-06-06 | 2017-12-12 | 中兴通讯股份有限公司 | Method for managing resource and device based on software defined network |
CN110730153A (en) * | 2018-07-16 | 2020-01-24 | 阿里巴巴集团控股有限公司 | Account configuration method, device and system of cloud equipment and data processing method |
CN109032799A (en) * | 2018-07-25 | 2018-12-18 | 郑州云海信息技术有限公司 | Storage resource management method, apparatus, equipment and readable storage medium storing program for executing |
CN109308422A (en) * | 2018-08-29 | 2019-02-05 | 北京航天云路有限公司 | Build the sub- account system of enterprise-oriented multistage and method |
CN110309666A (en) * | 2019-07-10 | 2019-10-08 | 浪潮云信息技术有限公司 | A kind of fine-grained access control method and system based on tactful grammer |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113688409A (en) * | 2021-08-05 | 2021-11-23 | 浪潮云信息技术股份公司 | Fine-grained distribution method based on container mirror image authority |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6100712B2 (en) | Storage-side storage request management | |
US9497139B2 (en) | Client-allocatable bandwidth pools | |
US9154589B1 (en) | Bandwidth-optimized cloud resource placement service | |
KR102375129B1 (en) | System and method for providing a work manager in a multitenant application server environment | |
RU2598324C2 (en) | Means of controlling access to online service using conventional catalogue features | |
US8832246B2 (en) | Service level mapping method | |
CN109597853B (en) | Business scene element serial number generation method, device, medium and computer equipment | |
US8990952B2 (en) | Licensing platform | |
JP2008015984A (en) | Data migration device, method and program | |
CN102217256A (en) | Queue scheduling method and apparatus | |
US20020103904A1 (en) | Method and apparatus for controlling access to files associated with a virtual server | |
CN107341056A (en) | A kind of method and device of the thread distribution based on NFS | |
CN108376214A (en) | Right management method, device and vehicle-mounted background system | |
CN112688955A (en) | Resource group authorization management method | |
CN109032799A (en) | Storage resource management method, apparatus, equipment and readable storage medium storing program for executing | |
CN114661419A (en) | Service quality control system and method | |
CN106533961A (en) | Flow control method and device | |
US8473466B1 (en) | Systems and methods for storing data, such as storing data based on storage classes | |
CN117648682A (en) | Authority management method, device, terminal and storage medium | |
CN113014408B (en) | Distributed system and management method thereof | |
CN100391160C (en) | Method for setting user's power in communication system | |
CN103095833A (en) | Updating method of cloud service system and device | |
CN103841200A (en) | Method and device for controlling software licensing | |
CN112667399A (en) | Method for resource management of cloud platform main and sub account numbers | |
CN107766001A (en) | A kind of storage quota method based on groups of users |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210420 |
|
RJ01 | Rejection of invention patent application after publication |