CN112688955A - Resource group authorization management method - Google Patents

Resource group authorization management method Download PDF

Info

Publication number
CN112688955A
CN112688955A CN202011587235.7A CN202011587235A CN112688955A CN 112688955 A CN112688955 A CN 112688955A CN 202011587235 A CN202011587235 A CN 202011587235A CN 112688955 A CN112688955 A CN 112688955A
Authority
CN
China
Prior art keywords
resource group
sub
account
strategy
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011587235.7A
Other languages
Chinese (zh)
Inventor
李朝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unicloud Technology Co Ltd
Original Assignee
Unicloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unicloud Technology Co Ltd filed Critical Unicloud Technology Co Ltd
Priority to CN202011587235.7A priority Critical patent/CN112688955A/en
Publication of CN112688955A publication Critical patent/CN112688955A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a resource group authorization management method, which comprises the following steps: s1, creating a policy table for recording policy names, types and content information; creating an authority relation table for maintaining the relation among the resource group ID, the strategy ID and the sub-account ID; s2, allocating the resource groups to different sub-accounts according to different strategies: s3, when the sub-account operates the instance, the system checks whether the instance has the authority of the current operation, inquires the resource group of the current instance, checks whether the current resource group has the strategy corresponding to the current operation, if yes, the execution is continued, otherwise, the execution is not authorized. The resource group authorization management method can be used for carrying out operation management on the resources owned by the sub-account, and the authority management of the sub-account resources is more detailed.

Description

Resource group authorization management method
Technical Field
The invention belongs to the technical field of resource management, and particularly relates to a resource group authorization management method.
Background
The application provides an implementation method for authorization management of resource groups. The strategy concept is added on the basis of the original resource group, and under the mode that the cloud platform can support the primary and secondary accounts, the primary account can distribute the resource group to the secondary accounts, and meanwhile, different resource groups can be distributed to different users in the form of multiple strategies. For example, a host resource, an EIP resource, a cloud hard disk resource, and the like are in the same resource group, and the resource group is allocated to the sub-account 1, the sub-account 2, and the sub-account 3, and the sub-account 1 is allowed to have a right to view the host resource, the sub-account 2 has a right to view the EIP resource, and the sub-account 3 has a right to view the cloud hard disk resource. The function that the same resource group is allocated to different sub-accounts according to different strategies is achieved.
Disclosure of Invention
In view of this, the present invention is directed to a method for resource group authorization management, which implements a function that a same resource group can be allocated to different sub-accounts according to different policies.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method of resource group authorization management, comprising:
s1, creating a policy table for recording policy names, types and content information; creating an authority relation table for maintaining the relation among the resource group ID, the strategy ID and the sub-account ID;
s2, allocating the resource groups to different sub-accounts according to different strategies:
s3, when the sub-account operates the instance, the system checks whether the instance has the authority of the current operation, inquires the resource group of the current instance, checks whether the current resource group has the strategy corresponding to the current operation, if yes, the execution is continued, otherwise, the execution is not authorized.
Further, in step S2, the number of policies assigned once cannot exceed 5, and the same policies and the same resource group cannot be assigned to the same sub-account multiple times.
Further, the execution method of step S2 is specifically as follows:
s201, specifying a resource group;
s202, selecting a strategy;
s203, selecting a sub-account to be specified;
s204, checking whether the selected strategy quantity is excessive, if so, ending; otherwise, go on to step S205;
s205, checking whether the strategy and the sub account exist, and if so, executing a step S206; if not, ending;
and S206, storing the resource group, the strategy and the maintenance relation of the sub-account.
Further, when the policy is deleted, the binding relationship between the current policy and the resource group and the sub-account is also deleted.
Further, the deletion policy execution method is as follows:
s401, checking whether the strategy exists, if so, continuing to execute the step S402; if not, ending;
s402, deleting the strategy, and inquiring the relation of the strategy bound resource group;
s403, checking whether the binding relationship is null; if yes, ending; otherwise, continue to execute step S404;
s404, deleting the bound relation with the resource group.
Compared with the prior art, the resource group authorization management method has the following advantages:
the main account of the resource group authorization management method provided by the invention can be used for operating and managing the resources owned by the sub-accounts, and the authority management of the sub-account resources is more detailed; the same resource group is distributed to different sub-accounts according to different strategies, so that the disorder of resources in the same resource group is guaranteed, and the management function of a single resource group is enhanced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow diagram of resource group policy authorization;
FIG. 2 is a flow chart of resource operation;
FIG. 3 is a flow diagram of policy deletion.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
A method for resource group authorization management, the same resource group distributes resources in the resource group to a plurality of sub-accounts with different strategies, namely the resource management of the same resource group to the plurality of sub-accounts, and the operation authority of the instance in the resource group can be detailed to a specific operation, the specific method is as follows:
creating a policy table, wherein the table information is shown as the following table:
Figure BDA0002866272670000031
Figure BDA0002866272670000041
creating an authority relation table for maintaining the relation among the resource group ID, the strategy ID and the sub-account ID, wherein the table information is shown as the following table:
Figure BDA0002866272670000042
based on the created policy table and the authority relation table, the following steps are executed:
1. the resource group can be allocated to different sub-accounts according to different strategies, the number of strategies allocated for one time cannot exceed 5, and the same strategy and the same resource group cannot be allocated to the same sub-account for multiple times, and the flow is shown in fig. 1;
2. a sub-account operation example, wherein the system checks whether the example has the authority of the current operation (queries the resource group where the current example is located, and checks whether the current resource group has a policy corresponding to the current operation), and the flow is as shown in fig. 2;
3. when a policy is deleted, the binding relationship between the current policy and the resource group and the sub-account is also deleted, and the flow is shown in fig. 3.
Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of clearly illustrating the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in the present application, it should be understood that the disclosed method and system may be implemented in other ways. For example, the above described division of elements is merely a logical division, and other divisions may be realized, for example, multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not executed. The units may or may not be physically separate, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (5)

1. A method for resource group authorization management, comprising:
s1, creating a policy table for recording policy names, types and content information; creating an authority relation table for maintaining the relation among the resource group ID, the strategy ID and the sub-account ID;
s2, allocating the resource groups to different sub-accounts according to different strategies:
s3, when the sub-account operates the instance, the system checks whether the instance has the authority of the current operation, inquires the resource group of the current instance, checks whether the current resource group has the strategy corresponding to the current operation, if yes, the execution is continued, otherwise, the execution is not authorized.
2. The method for resource group authorization management according to claim 1, wherein in step S2, the number of policies assigned once cannot exceed 5, and the same policy and the same resource group cannot be assigned to the same sub-account multiple times.
3. The method for resource group authorization management according to claim 1, wherein the step S2 is executed as follows:
s201, specifying a resource group;
s202, selecting a strategy;
s203, selecting a sub-account to be specified;
s204, checking whether the selected strategy quantity is excessive, if so, ending; otherwise, go on to step S205;
s205, checking whether the strategy and the sub account exist, and if so, executing a step S206; if not, ending;
and S206, storing the resource group, the strategy and the maintenance relation of the sub-account.
4. The method of resource group authorization management according to claim 1, wherein: when the policy is deleted, the binding relationship between the current policy and the resource group and the sub-account is also deleted.
5. The method for resource group authorization management according to claim 4, wherein the deletion policy is executed by:
s401, checking whether the strategy exists, if so, continuing to execute the step S402; if not, ending;
s402, deleting the strategy, and inquiring the relation of the strategy bound resource group;
s403, checking whether the binding relationship is null; if yes, ending; otherwise, continue to execute step S404;
s404, deleting the bound relation with the resource group.
CN202011587235.7A 2020-12-28 2020-12-28 Resource group authorization management method Pending CN112688955A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011587235.7A CN112688955A (en) 2020-12-28 2020-12-28 Resource group authorization management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011587235.7A CN112688955A (en) 2020-12-28 2020-12-28 Resource group authorization management method

Publications (1)

Publication Number Publication Date
CN112688955A true CN112688955A (en) 2021-04-20

Family

ID=75454844

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011587235.7A Pending CN112688955A (en) 2020-12-28 2020-12-28 Resource group authorization management method

Country Status (1)

Country Link
CN (1) CN112688955A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688409A (en) * 2021-08-05 2021-11-23 浪潮云信息技术股份公司 Fine-grained distribution method based on container mirror image authority

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254459A (en) * 2016-05-13 2016-12-21 江苏云途腾科技有限责任公司 A kind of resource elasticity allocation strategy for cloud platform user and device
CN107465633A (en) * 2016-06-06 2017-12-12 中兴通讯股份有限公司 Method for managing resource and device based on software defined network
CN109032799A (en) * 2018-07-25 2018-12-18 郑州云海信息技术有限公司 Storage resource management method, apparatus, equipment and readable storage medium storing program for executing
CN109308422A (en) * 2018-08-29 2019-02-05 北京航天云路有限公司 Build the sub- account system of enterprise-oriented multistage and method
CN110309666A (en) * 2019-07-10 2019-10-08 浪潮云信息技术有限公司 A kind of fine-grained access control method and system based on tactful grammer
CN110730153A (en) * 2018-07-16 2020-01-24 阿里巴巴集团控股有限公司 Account configuration method, device and system of cloud equipment and data processing method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254459A (en) * 2016-05-13 2016-12-21 江苏云途腾科技有限责任公司 A kind of resource elasticity allocation strategy for cloud platform user and device
CN107465633A (en) * 2016-06-06 2017-12-12 中兴通讯股份有限公司 Method for managing resource and device based on software defined network
CN110730153A (en) * 2018-07-16 2020-01-24 阿里巴巴集团控股有限公司 Account configuration method, device and system of cloud equipment and data processing method
CN109032799A (en) * 2018-07-25 2018-12-18 郑州云海信息技术有限公司 Storage resource management method, apparatus, equipment and readable storage medium storing program for executing
CN109308422A (en) * 2018-08-29 2019-02-05 北京航天云路有限公司 Build the sub- account system of enterprise-oriented multistage and method
CN110309666A (en) * 2019-07-10 2019-10-08 浪潮云信息技术有限公司 A kind of fine-grained access control method and system based on tactful grammer

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688409A (en) * 2021-08-05 2021-11-23 浪潮云信息技术股份公司 Fine-grained distribution method based on container mirror image authority

Similar Documents

Publication Publication Date Title
JP6100712B2 (en) Storage-side storage request management
US9497139B2 (en) Client-allocatable bandwidth pools
US9154589B1 (en) Bandwidth-optimized cloud resource placement service
KR102375129B1 (en) System and method for providing a work manager in a multitenant application server environment
RU2598324C2 (en) Means of controlling access to online service using conventional catalogue features
US8832246B2 (en) Service level mapping method
CN109597853B (en) Business scene element serial number generation method, device, medium and computer equipment
US8990952B2 (en) Licensing platform
JP2008015984A (en) Data migration device, method and program
CN102217256A (en) Queue scheduling method and apparatus
US20020103904A1 (en) Method and apparatus for controlling access to files associated with a virtual server
CN107341056A (en) A kind of method and device of the thread distribution based on NFS
CN108376214A (en) Right management method, device and vehicle-mounted background system
CN112688955A (en) Resource group authorization management method
CN109032799A (en) Storage resource management method, apparatus, equipment and readable storage medium storing program for executing
CN114661419A (en) Service quality control system and method
CN106533961A (en) Flow control method and device
US8473466B1 (en) Systems and methods for storing data, such as storing data based on storage classes
CN117648682A (en) Authority management method, device, terminal and storage medium
CN113014408B (en) Distributed system and management method thereof
CN100391160C (en) Method for setting user's power in communication system
CN103095833A (en) Updating method of cloud service system and device
CN103841200A (en) Method and device for controlling software licensing
CN112667399A (en) Method for resource management of cloud platform main and sub account numbers
CN107766001A (en) A kind of storage quota method based on groups of users

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210420

RJ01 Rejection of invention patent application after publication