CN113761552A - Access control method, device, system, server and storage medium - Google Patents

Access control method, device, system, server and storage medium Download PDF

Info

Publication number
CN113761552A
CN113761552A CN202110007728.7A CN202110007728A CN113761552A CN 113761552 A CN113761552 A CN 113761552A CN 202110007728 A CN202110007728 A CN 202110007728A CN 113761552 A CN113761552 A CN 113761552A
Authority
CN
China
Prior art keywords
target
information
level authority
preset
role
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110007728.7A
Other languages
Chinese (zh)
Inventor
田士铄
刘志刚
唐大崴
陈洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN202110007728.7A priority Critical patent/CN113761552A/en
Publication of CN113761552A publication Critical patent/CN113761552A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses an access control method, a device, a system, a server and a storage medium, wherein the method is applied to a control server and comprises the following steps: receiving target user information sent by a current service server; determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset mixed access control mode and the target user information, wherein the preset mixed access control mode is formed by fusing a role-based access control mode and an attribute-based access control mode; and sending the target function level authority information and the target data level authority information to the current service server so that the current service server responds and processes the data access request based on the target function level authority information and the target data level authority information. By the technical scheme of the embodiment of the invention, uniform access control of all the service servers can be realized, and the accuracy of the access control is improved.

Description

Access control method, device, system, server and storage medium
Technical Field
Embodiments of the present invention relate to computer technologies, and in particular, to an access control method, apparatus, system, server, and storage medium.
Background
With the rapid development of computer technology, data security becomes a key point of concern when more and more enterprises set up business servers.
Currently, each business server of an enterprise has its own access control module to protect its data security, and different access control modules are usually used to handle different security problems.
However, in the process of implementing the present invention, the inventor finds that at least the following problems exist in the prior art:
with the self-scale expansion of enterprises and the continuous integration of services, the management of the authority by using different access control modes has many disadvantages, such as difficult authorization, confusion and the like, and the security of service data cannot be effectively ensured.
Disclosure of Invention
The embodiment of the invention provides an access control method, device, system, server and storage medium, which are used for realizing the uniform access control of all service servers and improving the accuracy of the access control.
In a first aspect, an embodiment of the present invention provides an access control method, which is applied to a control server, and includes:
receiving target user information sent by a current service server, wherein the target user information is obtained by the current service server based on a received data access request;
determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset mixed access control mode and the target user information, wherein the preset mixed access control mode is formed by fusing a role-based access control mode and an attribute-based access control mode;
and sending the target function level authority information and the target data level authority information to the current service server so that the current service server responds to the data access request based on the target function level authority information and the target data level authority information.
In a second aspect, an embodiment of the present invention further provides an access control device, integrated in a control server, including:
the system comprises a target user information receiving module, a data access request sending module and a data access request receiving module, wherein the target user information receiving module is used for receiving target user information sent by a current service server, and the target user information is obtained by the current service server based on a received data access request;
the authority information determining module is used for determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset mixed access control mode and the target user information, wherein the preset mixed access control mode is formed by fusing a role-based access control mode and an attribute-based access control mode;
and the authority information sending module is used for sending the target function level authority information and the target data level authority information to the current service server so that the current service server responds and processes the data access request based on the target function level authority information and the target data level authority information.
In a third aspect, an embodiment of the present invention further provides an access control system, where the system includes: the system comprises a control server, a plurality of service clients and a service server corresponding to each service client;
each service client is used for sending a data access request to a corresponding service server;
each service server is used for obtaining target user information based on the received data access request and sending the target user information to the control server;
the control server is used for realizing the access control method provided by any embodiment of the invention.
In a fourth aspect, an embodiment of the present invention further provides a server, where the server includes:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement an access control method as provided by any of the embodiments of the invention.
In a fifth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the access control method provided in any embodiment of the present invention.
The embodiment of the invention has the following advantages or beneficial effects:
by utilizing the separately deployed control servers, unified access control can be performed on each service server, unified authority management of the service servers is realized, the problems of difficult authorization, confusion and the like during service integration are avoided, and the safety of service data is effectively ensured. Moreover, by utilizing a preset mixed access control mode formed by fusing a role-based access control mode and an attribute-based access control mode and target user information sent by the current service server, target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information can be determined, so that the current service server can respond to a received data access request based on the target function level authority information and the target data level authority information, the control granularity of authority management is finer, and the accuracy of access control is improved.
Drawings
Fig. 1 is a flowchart of an access control method according to an embodiment of the present invention;
fig. 2 is an example of a preset hybrid access control manner according to an embodiment of the present invention;
fig. 3 is a flowchart of an access control method according to a second embodiment of the present invention;
fig. 4 is an example of table relationships in a control database according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of an access control apparatus according to a third embodiment of the present invention;
fig. 6 is a schematic structural diagram of an access control system according to a fourth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a server according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of an access control method according to an embodiment of the present invention, where the embodiment is applicable to a case of performing access control on service data in a service server. The method may be performed by an access control device, which may be implemented in software and/or hardware, integrated in a control server. As shown in fig. 1, the method specifically includes the following steps:
s110, receiving target user information sent by the current service server, wherein the target user information is obtained by the current service server based on the received data access request.
The service server may refer to a server having a certain service processing function. The service server can be a plurality of servers. Each business server is in communication connection with the control server so as to perform data interaction, so that the control server can perform unified access control on each business server, unified authority management of the business servers is realized, the problems of difficult authorization, confusion and the like during business integration are avoided, and the safety of business data is effectively ensured. The current service server may refer to any service server that needs to perform access control at the current time. The data access request may refer to a request sent by a service client for accessing service data in a service server. The target user information may refer to user information logged in on the service client.
Specifically, when detecting a user trigger operation, such as a click operation, a touch operation, and the like, the current service client may generate a data access request corresponding to the trigger operation according to the currently logged target user information, and send the data access request to the current service server, where the current service server receives the data access request, and may parse the data access request to obtain target user information in the data access request, and send the target user information to the control server, so that the control server may perform access control on service data accessed by the data access request based on the received target user information.
And S120, determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset mixed access control mode and the target user information, wherein the preset mixed access control mode is formed by fusing a role-based access control mode and an attribute-based access control mode.
The role-based access control mode is a control mode for associating the user with the authority through the role, so that when the authority is distributed to the user, only the role corresponding to the user needs to be distributed, and the authority management of the user is simplified. The attribute-based access control method is a control method for setting data attribute information accessible to a user so that the user can only access service data with specific data attribute information, thereby making the granularity of control over the authority finer. The preset hybrid access control mode may be a hybrid access control mode centered on a role and assisted by an attribute, so that the authority has definite certainty and visibility, and a more accurate access control purpose is achieved.
Fig. 2 shows an example of a preset hybrid access control scheme. As shown in fig. 2, the operation authority of the service client to the service server may be divided into function-level authority information and data-level authority information. The function level authority information may be expressed as a specific operation performed on the service data resource in the service server. Usually, the service data resource exists in the form of a data entity object, so that the function level authority information can also be expressed as a corresponding relationship between the data entity object and a specific operation. For example, the function level privilege information may refer to an item object or a menu bar object, etc. accessible by the user. In this embodiment, the function level authority information is bound to the role. The target function level permission information may refer to a data entity object to which the target user has access permission. The data level authority information may refer to data attribute information that a user has access authority in the data entity object, so that entity data corresponding to the data attribute information in the data entity object can be accessed, thereby controlling the amount of resource data accessible by the user. For example, the data-level permission information may refer to specific item information accessible by a user in an item object, or specific menu data items accessible by a user in a menu bar. The data attribute information may include, but is not limited to, at least one of object data attribute information, action attribute information, and environment attribute information corresponding to the service server. The object data attribute information may be used to characterize each entity data contained in each data entity object in the service server. The action attribute information may be used to characterize user actions allowed on each entity's data, such as delete, modify, add, etc. actions. The environment attribute information may be used to characterize a presentation environment of each entity data, for example, only a part of the service servers present some entity data, and other service servers do not present the entity data.
Specifically, as shown in fig. 2, based on a role-based access control manner in a preset hybrid access control manner, target function-level authority information corresponding to target user information may be determined by using a role as an intermediate bridge, and based on an attribute-based access control manner, target data-level authority information corresponding to target function-level authority information may be determined by using an attribute policy set in advance, so that authority information with finer access control granularity may be obtained.
S130, sending the target function level authority information and the target data level authority information to the current service server so that the current service server can respond to the data access request based on the target function level authority information and the target data level authority information.
Specifically, the control server sends both the target function level authority information and the target data level authority information to the current service server, and the current service server can obtain more accurate response data matched with the target function level authority information and the target data level authority information when processing a data access request, and send the response data to the current service client, so that a target user can perform related operations based on granted authority in the current service client. By responding and processing the data access request based on the target data level authority information, the target user can be prevented from accessing all entity data corresponding to the target function level authority information, so that the control granularity of authority management is finer, and the accuracy of access control is improved.
According to the technical scheme, the control server which is deployed independently is utilized, unified access control can be performed on each service server, unified authority management of the service servers is achieved, the problems of difficult authorization, confusion and the like in service integration are avoided, and the safety of service data is effectively guaranteed. Moreover, by utilizing a preset mixed access control mode formed by fusing a role-based access control mode and an attribute-based access control mode and target user information sent by the current service server, target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information can be determined, so that the current service server can respond to a received data access request based on the target function level authority information and the target data level authority information, the control granularity of authority management is finer, and the accuracy of access control is improved.
On the basis of the foregoing technical solution, the "responding, by the current service server, to the data access request based on the target function level authority information and the target data level authority information" in S130 may include: based on the target function level authority information, response processing is carried out on the data access request, and an accessible entity object in the current service server is obtained; and acquiring accessible entity data matched with the target data level authority information in the accessible entity object, and sending the accessible entity data serving as response data to the current service client.
Specifically, when the current service server performs response processing on the data access request, all accessible entity objects corresponding to the target function level permission information can be obtained, all entity data in the accessible entity objects are screened based on the target data level permission information, accessible entity data matched with the target data level permission information are obtained, and all accessible entity data are sent to the current service client as response data. The current service client can display the response data, so that the target user can perform related operation on the displayed response data based on the granted permission, thereby completing the control process of data access and ensuring the safety of the service data.
Example two
Fig. 3 is a flowchart of an access control method according to a second embodiment of the present invention, and this embodiment describes in detail an access control process of a preset hybrid access control mode on the basis of the foregoing embodiments. Wherein explanations of the same or corresponding terms as those of the above embodiments are omitted.
Referring to fig. 3, the access control method provided in this embodiment specifically includes the following steps:
s310, receiving target user information sent by the current service server, wherein the target user information is obtained by the current service server based on the received data access request.
S320, determining a target role identification and a target user role association identification corresponding to the target user information according to the preset user table and the preset user role association table in the control database and the target user information.
The control database may refer to a database used by the control server. The preset user table may be pre-configured based on personnel information of the business system. The service system is a system consisting of a service client and a service server. Fig. 4 gives an example of the table relationships in the control database. As shown in fig. 4, the preset User table (i.e., User in fig. 4) may be used to store information of each User logging in the service system, such as an assigned identifier (Id), a User original identifier (UserID), a User name (UserName), a Password (Password), a User account number (UserNumber), and the like. The users in the preset user table are only operation objects and do not have the right of logging in the control system. The control system is a system composed of a control client and a control server. In this embodiment, the staff information of each service system may be stored in a corresponding preset user table, or the staff information of each service system may be stored in the same preset user table, so that each service system may share one preset user table, and the repeated storage of the information of the same user is avoided, thereby reducing the memory space occupancy rate.
The preset user role association table may be configured in advance based on the service requirement, the preset user table and the preset role table. The preset user role association table may be used to store the correspondence between users and roles, i.e. the roles granted by each user. As shown in fig. 4, the preset user role association table (i.e., UserRole in fig. 4) may establish a correspondence between a user and a role by using a user assigned identifier (userld) and a role identifier (RoleId). Each user may correspond to one or more roles. The preset Role table (i.e., Role in fig. 4) can be used to store information of each Role pre-created based on service requirements and scenes, so as to indirectly connect the user with the function-level authority through the Role. The target role identification may refer to an identification of a role granted by the target user, such as a RoleId in the preset user role association table UserRole of fig. 4. The target user role association identifier may refer to an identifier assigned to each group of user-role correspondence, such as an Id in a preset user role association table UserRole in fig. 4.
Specifically, the target User information may be matched in the preset User table, and a target User allocation identifier corresponding to the target User information, that is, the Id of the preset User table User in fig. 4, is determined. And matching the target user distribution identification UserId in a preset user role association table, and determining a target role identification RoleId and a target user role association identification UserRoleId corresponding to the target user distribution identification UserId.
S330, determining target function level authority information corresponding to the target user information according to a preset role authority association table, a preset function level authority table and a target role identifier in a control database.
The preset function level authority table may include each operation authority of the service client to the service server. As shown in fig. 4, a preset Function-level authority table (i.e., Function in fig. 4) can be used to store specific operation information for each service data resource, i.e., data entity object, in the service server. The preset role authority association table may be preconfigured based on the service requirements, the preset role table, and the preset function level authority table. The preset role authority association table may be used to store the correspondence between roles and function-level authorities, that is, the function-level authorities granted to each role. As shown in fig. 4, the preset role authority association table (i.e. the role function in fig. 4) may utilize the role identifier (rolleid) and the function level authority identifier (function id) to establish a corresponding relationship between the role and the function level authority. Each role may correspond to one or more function level permissions.
It should be noted that a respective preset role authority association table and a preset function level authority table may be established for each service server, or a common preset role authority association table and a common preset function level authority table may be established for all service servers, so as to save memory space.
Exemplarily, S330 may include: matching the target role identification in a preset role authority association table in a control database, and determining a target function level authority identification corresponding to the target role identification; and matching the target function level authority identification in a preset function level authority table in a control database, and determining target function level authority information corresponding to the target user information.
Specifically, the target role identifier rolleid may be matched in a preset role authority association table rolle function, so as to obtain a target function level authority identifier functional id corresponding to the target role identifier rolle id. If each service server corresponds to a preset function level authority table, the target function level authority identification can be matched in the current preset function level authority table corresponding to the current service server, and target function level authority information corresponding to the target function level authority identification is obtained, so that the target function level authority information of the target user is determined.
For example, in a case that the preset function level authority table in the control database includes function level authority information corresponding to each service server, that is, each service server shares one preset function level authority table, "identifying a target function level authority in the preset function level authority table in the control database to match, and determining target function level authority information corresponding to target user information" may include: matching the target function level authority identification in a preset function level authority table in a control database to obtain each candidate function level authority information corresponding to the target user information; and determining target function level authority information corresponding to the target user information from each candidate function level authority information according to the current service server identification corresponding to the current service server and the service server identification corresponding to each candidate function level authority information.
Specifically, when each service server shares a preset function level authority table, each function level authority information in the preset function level authority table includes: a service server identification to which the function level permissions are applicable. All candidate function level authority information corresponding to the target user information can be obtained by matching the target function level authority identification in the preset function level authority table, all candidate function level authority information is screened based on the current service server identification corresponding to the current service server and the service server identification corresponding to each candidate function level authority information, each target function level authority information applicable to the current service server is obtained, and therefore the target function level authority information of the target user can be obtained.
S340, determining target data level authority information corresponding to the target function level authority information according to a preset attribute strategy table and the target user role association identification in the control database.
The preset attribute policy table may be pre-configured based on the service requirement and each data attribute information in the service server. The preset attribute policy table may be used to store data attribute information accessible to each user. As shown in fig. 4, the preset attribute policy table (i.e., Parameter in fig. 4) may establish a correspondence between the user and the data attribute information by using the attribute type (ParameterType) and the user role association identifier (UserRoleId) in the data attribute information. The method can effectively control the amount of resource data accessible by the user by adding the attribute strategy to the user, and avoids the user from accessing all accessible entity data corresponding to the role, thereby enabling the granularity of authority management to be finer and improving the accuracy of authority control.
Exemplarily, S340 may include: matching the target user role association identifier in a preset attribute policy table in a control database, determining target data attribute information corresponding to the target user role association identifier, and taking the target data attribute information as target data level authority information corresponding to the target function level authority information; the target data attribute information may include, but is not limited to, at least one of object data attribute information, action attribute information, and environment attribute information corresponding to the service server.
Specifically, by matching the target user role association identifier UserRoleId in the Parameter of the preset attribute policy table, the target data attribute information ParameterType corresponding to the target user role association identifier UserRoleId can be obtained, and the target data attribute information is used as the target data level authority information corresponding to the target function level authority information, so that the target user can only access the specific service data corresponding to the target data attribute information, the resource data amount accessible by the target user can be controlled, and the accuracy of authority control is improved.
And S350, sending the target function level authority information and the target data level authority information to the current service server so that the current service server can respond to the data access request based on the target function level authority information and the target data level authority information.
According to the technical scheme of the embodiment, the control server determines a target role identifier and a target user role association identifier corresponding to target user information according to a preset user table and a preset user role association table in a control database and the target user information, and determines target function level authority information corresponding to the target user information according to a preset role authority association table and a preset function level authority table in the control database and the target role identifier; and determining target data level authority information corresponding to the target function level authority information according to a preset attribute strategy table and a target user role association identifier in the control database, so that a hybrid access control mode taking roles as centers and attributes as assistants can be realized by utilizing all tables in the control database, the control granularity of authority management is finer, and the accuracy of access control is improved.
On the basis of the scheme, a preset user table, a preset role table, a preset function level authority table, a preset user role association table, a preset role authority association table and a preset attribute strategy table in the control database are all generated by the configuration of management personnel on the control client side based on business requirements in advance. In authorization management, a manager needs to be responsible for giving corresponding roles to users, giving corresponding function level authorities to roles, and narrowing down user authorities by using data attribute information, and also needs to maintain analysis and formatting of the user information, the role information, and the data attribute information transmitted by the service server to ensure data accuracy. In the rule management, the manager needs to maintain the interaction information between the control server and each service server to ensure the data interaction between the two servers, and also needs to be responsible for the communication negotiation with the developer of the service server to establish the function level authority information matched with the functions of the service server.
For example, for configuration of a preset user table, a preset role table and a preset function level authority table, a manager can create corresponding tables on a control client in a manner of inputting each user information, inputting each created role information and inputting each function level authority of a service server, and can also create corresponding tables at one time in a manner of importing user data, role data, resource links and other data, thereby improving configuration efficiency.
Exemplarily, before S320, the method may further include: receiving user role distribution information sent by a control client, wherein the user role distribution information is generated by configuration of a manager in the control client based on a preset user table and a preset role table in a control database; mapping the user role distribution information to a first data transmission object, and storing the user role distribution information to a preset user role association table in a control database through the first data transmission object.
Specifically, for configuration of the preset user role association table, a manager may allocate a corresponding role identifier to each user identifier in the control client based on a service requirement, a user identifier in the preset user table, and a role identifier in the preset role table, so as to configure a role identifier corresponding to each user identifier and obtain user role allocation information. The control client can send user role distribution information configured by a manager to the control server, the control server maps the received user role distribution information to a first Data Transfer Object (DTO), the user role distribution information is verified through the first DTO to ensure the validity of the user role distribution information, and the user role distribution information which is successfully verified is stored in a preset user role association table, so that the distribution of user roles is completed.
Exemplarily, before S320, the method may further include: receiving role authority distribution information sent by a control client, wherein the role authority distribution information is generated by configuration of a manager based on a preset role table and a preset function level authority table in a control database; and mapping the role authority distribution information to a second data transmission object, and storing the role authority distribution information to a preset role authority association table in a control database through the second data transmission object.
Specifically, for configuration of the preset role authority association table, a manager can allocate a corresponding function level authority identifier to each role identifier in the control client based on a service requirement, the role identifier in the preset role table, and the function level authority identifier in the preset function level authority table, so as to configure the function level authority identifier corresponding to each role identifier and obtain role authority allocation information. The control client can send role authority distribution information configured by management personnel to the control server, the control server maps the received role authority distribution information to a second data transmission object DTO, the role authority distribution information is verified through the second data transmission object to ensure the validity of the role authority distribution information, and the role authority distribution information which is verified successfully is stored in a preset role authority association table, so that the role authority distribution is completed.
Illustratively, as shown in fig. 4, the control database may further include a preset interface table (major api) of the service server. The interface table may be used to store an interface between the service server and the control server, so that the control server may obtain data attribute information of the service server through the interface. The service server in this embodiment may further obtain, through the corresponding interface, the target function level authority information and the target data level authority information determined by the control server.
Exemplarily, before S320, the method may further include: acquiring each data attribute information in the current service server through a preset interface, and displaying each data attribute information on a control client; receiving role attribute distribution information sent by a control client, wherein the role attribute distribution information is generated by configuration of management personnel based on a preset user role association table in a control database and displayed data attribute information; and storing the role attribute distribution information into a preset attribute policy table in a control database.
Specifically, for configuration of the preset attribute policy table, a preset interface corresponding to the current service server may be obtained from a preset interface table major api, and each piece of data attribute information in the current service server may be obtained through the preset interface, and each piece of data attribute information may be displayed on the control client, so that the administrator may select, based on service requirements, required data attribute information from each piece of data attribute information for each user role, and the control client may generate corresponding role attribute distribution information based on an attribute type corresponding to the selected data attribute information and a user role association identifier in a preset user role association table. The control client can send the role attribute distribution information configured by the administrator to the control server, and the control server can store the received role attribute distribution information in the preset attribute policy table, so that the configuration of the attribute policy is completed.
The following is an embodiment of an access control apparatus provided in an embodiment of the present invention, and the apparatus and the access control method in each of the above embodiments belong to the same inventive concept, and details that are not described in detail in the embodiment of the access control apparatus may refer to the above embodiment of the access control method.
EXAMPLE III
Fig. 5 is a schematic structural diagram of an access control device according to a third embodiment of the present invention, where the present embodiment is applicable to access control of service data in a service server, and the access control device is integrated in a control server. As shown in fig. 5, the apparatus specifically includes: a target user information receiving module 510, a rights information determining module 520, and a rights information transmitting module 530.
The target user information receiving module 510 is configured to receive target user information sent by a current service server, where the target user information is obtained by the current service server based on a received data access request; an authority information determining module 520, configured to determine, according to a preset hybrid access control manner and target user information, target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information, where the preset hybrid access control manner is formed by fusing a role-based access control manner and an attribute-based access control manner; the permission information sending module 530 is configured to send the target function level permission information and the target data level permission information to the current service server, so that the current service server responds to the data access request based on the target function level permission information and the target data level permission information.
Optionally, the permission information determining module 520 includes:
the identification determining unit is used for determining a target role identification and a target user role association identification corresponding to the target user information according to a preset user table and a preset user role association table in the control database and the target user information;
the target function level authority information determining unit is used for determining target function level authority information corresponding to the target user information according to a preset role authority association table, a preset function level authority table and a target role identifier in the control database;
and the target data level authority information determining unit is used for determining target data level authority information corresponding to the target function level authority information according to a preset attribute strategy table and the target user role association identifier in the control database.
Optionally, the target function level authority information determining unit is specifically configured to: matching the target role identification in a preset role authority association table in a control database, and determining a target function level authority identification corresponding to the target role identification; and matching the target function level authority identification in a preset function level authority table in a control database, and determining target function level authority information corresponding to the target user information.
Optionally, a preset function level authority table in the control database includes function level authority information corresponding to each service server;
the target function level authority information determining unit is further specifically configured to: matching the target function level authority identification in a preset function level authority table in a control database to obtain each candidate function level authority information corresponding to the target user information; and determining target function level authority information corresponding to the target user information from each candidate function level authority information according to the current service server identification corresponding to the current service server and the service server identification corresponding to each candidate function level authority information.
Optionally, the target data level authority information determining unit is specifically configured to: matching the target user role association identifier in a preset attribute policy table in a control database, determining target data attribute information corresponding to the target user role association identifier, and taking the target data attribute information as target data level authority information corresponding to the target function level authority information; the target data attribute information includes at least one of object data attribute information, action attribute information and environment attribute information corresponding to the service server.
Optionally, the apparatus further comprises:
a preset user role association table configuration module, configured to: receiving user role distribution information sent by a control client before determining a target role identifier and a target user role association identifier corresponding to the target user information according to a preset user table and a preset user role association table in a control database and the target user information, wherein the user role distribution information is generated by configuration of a manager in the control client based on the preset user table and the preset role table in the control database; mapping the user role distribution information to a first data transmission object, and storing the user role distribution information to a preset user role association table in a control database through the first data transmission object.
Optionally, the apparatus further comprises:
a preset attribute policy table configuration module, configured to: before determining a target role identifier and a target user role association identifier corresponding to the target user information according to a preset user table and a preset user role association table in a control database and the target user information, acquiring each data attribute information in a current service server through a preset interface, and displaying each data attribute information on a control client; receiving role attribute distribution information sent by a control client, wherein the role attribute distribution information is generated by configuration of management personnel based on a preset user role association table in a control database and displayed data attribute information; and storing the role attribute distribution information into a preset attribute policy table in a control database.
Optionally, the current service server is specifically configured to: based on the target function level authority information, response processing is carried out on the data access request, and an accessible entity object in the current service server is obtained; and acquiring accessible entity data matched with the target data level authority information in the accessible entity object, and sending the accessible entity data serving as response data to the current service client.
The access control device provided by the embodiment of the invention can execute the access control method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects for executing the access control method.
It should be noted that, in the above embodiment of the access control device, the included units and modules are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
Example four
Fig. 6 is a schematic structural diagram of an access control system according to a fourth embodiment of the present invention. Referring to fig. 6, the system includes: a control server 610, a plurality of service clients 620 and a service server 630 corresponding to each service client.
Wherein, each service client 620 is configured to send a data access request to a corresponding service server 630; each service server 630 is configured to obtain target user information based on the received data access request, and send the target user information to the control server 610; the control server 610 is used to implement an access control method as provided by any of the embodiments of the present invention.
In the present embodiment, each service server 630 is communicatively connected to the control server 610, so as to implement information interaction.
The working process of the access control system provided by the embodiment is as follows:
for each service client and the corresponding service server, the current service client 620 may generate a data access request corresponding to the user trigger operation according to the currently logged target user information, and send the data access request to the current service server 630. The current service server 630 may parse the received data access request, obtain target user information in the data access request, and send the target user information to the control server 610. The control server 610 determines target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset hybrid access control mode, and sends the target function level authority information and the target data level authority information to the current service server 630. The current service server 630 may obtain more accurate response data matched with the target function level permission information and the target data level permission information when processing the data access request, and send the response data to the current service client 620, so that the target user may perform a related operation based on the granted permission in the current service client 620, so that the control granularity of the permission management is finer, thereby improving the accuracy of the access control.
The access control system in this embodiment can perform unified access control on each service server by using the separately deployed control servers, thereby implementing unified authority management of the service servers, avoiding the problems of difficult authorization, confusion and the like during service integration, and effectively ensuring the security of service data. Moreover, by utilizing a preset mixed access control mode formed by fusing a role-based access control mode and an attribute-based access control mode and target user information sent by the current service server, target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information can be determined, so that the current service server can respond to a received data access request based on the target function level authority information and the target data level authority information, the control granularity of authority management is finer, and the accuracy of access control is improved.
EXAMPLE five
Fig. 7 is a schematic structural diagram of a server according to a fifth embodiment of the present invention. FIG. 7 illustrates a block diagram of an exemplary server 12 suitable for use in implementing embodiments of the present invention. The server 12 shown in fig. 7 is only an example, and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in FIG. 7, the server 12 is in the form of a general purpose computing device. The components of the server 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
The server 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by server 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. The server 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 7, and commonly referred to as a "hard drive"). Although not shown in FIG. 7, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. System memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in system memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
The server 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with the server 12, and/or with any devices (e.g., network card, modem, etc.) that enable the server 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the server 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via the network adapter 20. As shown, the network adapter 20 communicates with the other modules of the server 12 via the bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the server 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing by executing programs stored in the system memory 28, for example, to implement an access control method provided by the embodiment of the present invention, the method including:
receiving target user information sent by a current service server, wherein the target user information is obtained by the current service server based on a received data access request;
determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset mixed access control mode and the target user information, wherein the preset mixed access control mode is formed by fusing a role-based access control mode and an attribute-based access control mode;
and sending the target function level authority information and the target data level authority information to the current service server so that the current service server responds and processes the data access request based on the target function level authority information and the target data level authority information.
Of course, those skilled in the art can understand that the processor can also implement the technical solution of the access control method provided by any embodiment of the present invention.
EXAMPLE six
The present embodiment provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of an access control method as provided in any of the embodiments of the invention, the method comprising:
receiving target user information sent by a current service server, wherein the target user information is obtained by the current service server based on a received data access request;
determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset mixed access control mode and the target user information, wherein the preset mixed access control mode is formed by fusing a role-based access control mode and an attribute-based access control mode;
and sending the target function level authority information and the target data level authority information to the current service server so that the current service server responds and processes the data access request based on the target function level authority information and the target data level authority information.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer-readable storage medium may be, for example but not limited to: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It will be understood by those skilled in the art that the modules or steps of the invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of computing devices, and optionally they may be implemented by program code executable by a computing device, such that it may be stored in a memory device and executed by a computing device, or it may be separately fabricated into various integrated circuit modules, or it may be fabricated by fabricating a plurality of modules or steps thereof into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments illustrated herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (12)

1. An access control method applied to a control server includes:
receiving target user information sent by a current service server, wherein the target user information is obtained by the current service server based on a received data access request;
determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset mixed access control mode and the target user information, wherein the preset mixed access control mode is formed by fusing a role-based access control mode and an attribute-based access control mode;
and sending the target function level authority information and the target data level authority information to the current service server so that the current service server responds to the data access request based on the target function level authority information and the target data level authority information.
2. The method of claim 1, wherein determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset hybrid access control mode and the target user information comprises:
determining a target role identifier and a target user role association identifier corresponding to the target user information according to a preset user table and a preset user role association table in a control database and the target user information;
determining target function level authority information corresponding to the target user information according to a preset role authority association table, a preset function level authority table and the target role identification in the control database;
and determining target data level authority information corresponding to the target function level authority information according to a preset attribute strategy table in the control database and the target user role association identifier.
3. The method of claim 2, wherein determining target function level authority information corresponding to the target user information according to a preset role authority association table and a preset function level authority table in the control database and the target role identifier comprises:
matching the target role identification in a preset role authority association table in the control database, and determining a target function level authority identification corresponding to the target role identification;
and matching the target function level authority identification in a preset function level authority table in the control database, and determining target function level authority information corresponding to the target user information.
4. The method of claim 3, wherein the preset function level authority table in the control database comprises function level authority information corresponding to each service server;
the matching the target function level authority identifier in a preset function level authority table in the control database, and determining target function level authority information corresponding to the target user information includes:
matching the target function level authority identification in a preset function level authority table in the control database to obtain each candidate function level authority information corresponding to the target user information;
and determining target function level authority information corresponding to the target user information from each candidate function level authority information according to the current service server identification corresponding to the current service server and the service server identification corresponding to each candidate function level authority information.
5. The method of claim 2, wherein determining target data-level permission information corresponding to the target function-level permission information according to a preset attribute policy table in the control database and the target user role association identifier comprises:
matching the target user role association identifier in a preset attribute policy table in the control database, determining target data attribute information corresponding to the target user role association identifier, and taking the target data attribute information as target data level authority information corresponding to the target function level authority information;
the target data attribute information includes at least one of object data attribute information, action attribute information and environment attribute information corresponding to the service server.
6. The method of claim 2, wherein before determining the target role identifier and the target user role association identifier corresponding to the target user information according to a preset user table and a preset user role association table in a control database and the target user information, the method further comprises:
receiving user role distribution information sent by a control client, wherein the user role distribution information is generated by configuration of a manager in the control client based on a preset user table and a preset role table in the control database;
mapping the user role distribution information to a first data transmission object, and storing the user role distribution information to a preset user role association table in the control database through the first data transmission object.
7. The method of claim 2, wherein before determining the target role identifier and the target user role association identifier corresponding to the target user information according to a preset user table and a preset user role association table in a control database and the target user information, the method further comprises:
acquiring each data attribute information in the current service server through a preset interface, and displaying each data attribute information on the control client;
receiving role attribute distribution information sent by the control client, wherein the role attribute distribution information is generated by configuration of management personnel based on a preset user role association table in the control database and displayed data attribute information;
and storing the role attribute distribution information into a preset attribute policy table in the control database.
8. The method of any of claims 1-7, wherein the current service server performs response processing on the data access request based on the target function-level permission information and the target data-level permission information, and comprises:
based on the target function level authority information, responding and processing the data access request to obtain an accessible entity object in the current service server;
and acquiring accessible entity data matched with the target data level authority information in the accessible entity object, and sending the accessible entity data serving as response data to the current service client.
9. An access control device, integrated in a control server, comprising:
the system comprises a target user information receiving module, a data access request sending module and a data access request receiving module, wherein the target user information receiving module is used for receiving target user information sent by a current service server, and the target user information is obtained by the current service server based on a received data access request;
the authority information determining module is used for determining target function level authority information corresponding to the target user information and target data level authority information corresponding to the target function level authority information according to a preset mixed access control mode and the target user information, wherein the preset mixed access control mode is formed by fusing a role-based access control mode and an attribute-based access control mode;
and the authority information sending module is used for sending the target function level authority information and the target data level authority information to the current service server so that the current service server responds and processes the data access request based on the target function level authority information and the target data level authority information.
10. An access control system, the system comprising: the system comprises a control server, a plurality of service clients and a service server corresponding to each service client;
each service client is used for sending a data access request to a corresponding service server;
each service server is used for obtaining target user information based on the received data access request and sending the target user information to the control server;
the control server is used for implementing the access control method of any one of claims 1 to 8.
11. A server, characterized in that the server comprises:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the access control method of any one of claims 1-8.
12. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the access control method according to any one of claims 1 to 8.
CN202110007728.7A 2021-01-05 2021-01-05 Access control method, device, system, server and storage medium Pending CN113761552A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110007728.7A CN113761552A (en) 2021-01-05 2021-01-05 Access control method, device, system, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110007728.7A CN113761552A (en) 2021-01-05 2021-01-05 Access control method, device, system, server and storage medium

Publications (1)

Publication Number Publication Date
CN113761552A true CN113761552A (en) 2021-12-07

Family

ID=78786328

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110007728.7A Pending CN113761552A (en) 2021-01-05 2021-01-05 Access control method, device, system, server and storage medium

Country Status (1)

Country Link
CN (1) CN113761552A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001862A (en) * 2022-07-25 2022-09-02 阿里巴巴达摩院(杭州)科技有限公司 Data communication method, storage medium, and electronic device
CN115017484A (en) * 2022-08-04 2022-09-06 北京航天驭星科技有限公司 Access control method and device
CN115296880A (en) * 2022-07-27 2022-11-04 北京快乐茄信息技术有限公司 Data permission determination method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478536A (en) * 2008-12-08 2009-07-08 山东浪潮齐鲁软件产业股份有限公司 Method for solving access control in authority management
CN105187365A (en) * 2015-06-04 2015-12-23 北京邮电大学 Method and device for access control based on roles and data items
US20160098572A1 (en) * 2014-10-01 2016-04-07 Viktor Povalyayev Providing Integrated Role-based Access Control
WO2019007292A1 (en) * 2017-07-01 2019-01-10 成都牵牛草信息技术有限公司 Role-based form operation authority granting method
CN110311899A (en) * 2019-06-17 2019-10-08 平安医疗健康管理股份有限公司 Multiservice system access method, device and server
CN111191210A (en) * 2019-12-10 2020-05-22 未鲲(上海)科技服务有限公司 Data access right control method and device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478536A (en) * 2008-12-08 2009-07-08 山东浪潮齐鲁软件产业股份有限公司 Method for solving access control in authority management
US20160098572A1 (en) * 2014-10-01 2016-04-07 Viktor Povalyayev Providing Integrated Role-based Access Control
CN105187365A (en) * 2015-06-04 2015-12-23 北京邮电大学 Method and device for access control based on roles and data items
WO2019007292A1 (en) * 2017-07-01 2019-01-10 成都牵牛草信息技术有限公司 Role-based form operation authority granting method
CN110311899A (en) * 2019-06-17 2019-10-08 平安医疗健康管理股份有限公司 Multiservice system access method, device and server
CN111191210A (en) * 2019-12-10 2020-05-22 未鲲(上海)科技服务有限公司 Data access right control method and device, computer equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001862A (en) * 2022-07-25 2022-09-02 阿里巴巴达摩院(杭州)科技有限公司 Data communication method, storage medium, and electronic device
CN115296880A (en) * 2022-07-27 2022-11-04 北京快乐茄信息技术有限公司 Data permission determination method and device, electronic equipment and storage medium
CN115017484A (en) * 2022-08-04 2022-09-06 北京航天驭星科技有限公司 Access control method and device

Similar Documents

Publication Publication Date Title
EP2039111B1 (en) System and method for tracking the security enforcement in a grid system
US11909742B2 (en) Managing admin controlled access of external resources to group-based communication interfaces via a group-based communication system
CN113711536A (en) Extracting data from a blockchain network
CN105324750B (en) Develop environmental system, exploitation environmental device and exploitation environment providing method
CN113761552A (en) Access control method, device, system, server and storage medium
US7703667B2 (en) Management and application of entitlements
US8271528B1 (en) Database for access control center
WO2016010777A1 (en) Network-based real-time distributed data compliance broker
US11113126B2 (en) Verifying transfer of detected sensitive data
JPH10240690A (en) Client/server system, server and client terminals
CN109670297A (en) Activating method, device, storage medium and the electronic equipment of service authority
US8365261B2 (en) Implementing organization-specific policy during establishment of an autonomous connection between computer resources
CN105516368A (en) Cloud desktop client, server and method and system for implementing cloud desktop
EP3714388B1 (en) Authentication token in manifest files of recurring processes
US10891357B2 (en) Managing the display of hidden proprietary software code to authorized licensed users
US8819231B2 (en) Domain based management of partitions and resource groups
CN111586177B (en) Cluster session loss prevention method and system
US9998498B2 (en) Cognitive authentication with employee onboarding
CN116569519A (en) Universal resource identification
US11558390B2 (en) System to control access to web resources based on an internet of things authorization mechanism
US20220060470A1 (en) Expedited Authorization and Access Management
CN113282890B (en) Resource authorization method, device, electronic equipment and storage medium
CN115022021B (en) Method, system, equipment and computer readable storage medium for accessing k8s
CN114676093B (en) File management method and device, electronic equipment and storage medium
US20220253542A1 (en) Orchestration of administrative unit management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination