CN113987462A - Permission management platform based on container cloud computing - Google Patents
Permission management platform based on container cloud computing Download PDFInfo
- Publication number
- CN113987462A CN113987462A CN202111156518.0A CN202111156518A CN113987462A CN 113987462 A CN113987462 A CN 113987462A CN 202111156518 A CN202111156518 A CN 202111156518A CN 113987462 A CN113987462 A CN 113987462A
- Authority
- CN
- China
- Prior art keywords
- role
- authority
- cloud computing
- roles
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000004048 modification Effects 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 238000007726 management method Methods 0.000 description 50
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000012035 user acceptance test Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000000034 method Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a permission management platform based on container cloud computing, which comprises a permission model system, wherein the permission model system is communicated with a role creating system, the role creating system is connected with a role inquiring list system and a role inquiring permission system, and the role creating system is also accessed to a role modifying permission system and a role deleting system; the authority model system is used for carrying out authority management on the platform system and ensuring the safety of the platform; a role creating system for creating roles and configuring and distributing role authority; the role deleting system is used for deleting the non-prefabricated roles, so that the non-prefabricated roles can be flexibly deleted conveniently; and the role authority inquiry system is used for checking the role authority and facilitating the flexible adjustment of the role authority. The authority management platform based on the container cloud computing ensures that authorized users can normally and legally use authorized functions, unauthorized illegal users are rejected, and the security of the cloud platform is ensured.
Description
Technical Field
The invention relates to the technical field of authority management of cloud computing platforms, in particular to an authority management platform based on container cloud computing.
Background
The cloud computing platform is also called a cloud platform, and is a service based on hardware resources and software resources, and provides computing, network and storage capabilities. Cloud computing platforms can be divided into 3 classes: the cloud computing platform comprises a storage type cloud platform taking data storage as a main part, a computing type cloud platform taking data processing as a main part and a comprehensive cloud computing platform taking computing and data storage processing into consideration.
In the management process of the cloud platform, the authority of management needs to be involved, authorized users can normally and legally use authorized functions, unauthorized users are rejected, and the safety of the cloud platform is guaranteed.
Disclosure of Invention
The invention aims to provide a container cloud computing-based authority management platform which ensures that authorized users can normally and legally use authorized functions, unauthorized illegal users are rejected, and the security of the cloud platform is ensured.
In order to solve the technical problem, the scheme of the invention is as follows:
a permission management platform based on container cloud computing comprises a permission model system, wherein the permission model system is communicated with a role creating system, the role creating system is connected with a role inquiring list system and a role inquiring permission system, and the role creating system is also accessed to a role modifying permission system and a role deleting system;
the authority model system is used for carrying out authority management on the platform system and ensuring the safety of the platform;
a role creating system for creating roles and configuring and distributing role authority;
the role deleting system is used for deleting the non-prefabricated roles, so that the non-prefabricated roles can be flexibly deleted conveniently;
the role authority modification system is used for modifying role authority, and is convenient for flexible adjustment of role authority;
the role list inquiring system is used for inquiring the role list so as to be convenient for checking the situation of the role list;
and the role authority inquiry system is used for checking the role authority and facilitating the flexible adjustment of the role authority.
The authority model system comprises a system management module which has all authority of the whole system; the system comprises a tenant management module, a project management module and a module, wherein the tenant management module is provided with the authority of the whole tenant except for the components under the springclosed project, and the tenant management module is provided with visible authority for the application under the springclosed project of the current tenant.
And the role distribution authority is distributed by the system management module.
The system management module supports the user-defined role of the system management module, the user-defined role supports the user-defined addition of roles by an administrator class user, supports the viewing of the existing distributable authority tree, supports the user-defined addition according to the listed authority tree, removes role authority, and supports the flexible binding of roles and authorities.
And the role deleting system is used for judging whether the role is a non-prefabricated role or not and deleting the judged non-prefabricated role.
The role list is used for displaying the basic situation information and the associated information of all the roles.
The view role authority is mainly used for viewing the authority range of the role.
Compared with the prior art, the invention has the beneficial effects that:
the authority management platform based on the container cloud computing is a security control center of a private cloud platform, and the authority management module establishes complete authority detection, so that authorized users can normally and legally use authorized functions, and unauthorized illegal users can be rejected. The authority system is developed and modified on the basis of the k8s authority mechanism, and the safety of the system is ensured.
After the continuous delivery platform pushes the project set and the projects are sent to the container cloud platform, the container cloud platform establishes relevant tenants, projects and members, pm is set as a project manager, and other members are assigned corresponding role authorities by the project manager. The roles can select the scope as a certain cluster environment, so that default cross-tenant control is realized. And require that the user-created application for a certain type of role under a certain project be invisible to the filters on the user interfaces of other roles. A user can define role functions to provide a user-defined role management solution for a client, and the user-defined role functions need to support the following functions.
And the administrator class user customizes the adding role.
And checking the existing distributable authority tree.
And the administrator adds the role rights in a self-defined manner according to the listed rights tree and removes the role rights.
And the role is flexibly bound with the authority.
Drawings
FIG. 1 is a block diagram of the present invention;
FIG. 2 is a block diagram of a rights model system in accordance with the present invention;
FIG. 3 is a flow chart of creating a character system in the present invention;
FIG. 4 is a flow chart of the delete role system of the present invention;
FIG. 5 is a flow chart of a system for modifying role permissions in the present invention;
FIG. 6 is a flow diagram of a query role list system in accordance with the present invention;
FIG. 7 is a flow chart of the system for querying role authority in the present invention.
Detailed Description
The following further describes embodiments of the present invention with reference to the drawings. It should be noted that the description of the embodiments is provided to help understanding of the present invention, but the present invention is not limited thereto. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
As shown in fig. 1, a permission management platform based on container cloud computing includes a permission model system, the permission model system is communicated with a create role system, the create role system is connected with an inquiry role list system and an inquiry role permission system, and the create role system is further connected to a modify role permission system and a delete role system;
the authority model system is used for carrying out authority management on the platform system and ensuring the safety of the platform;
a role creating system for creating roles and configuring and distributing role authority; the authority management platform based on the container cloud computing supports more flexible role management, and each role can be assigned with authority by a system management module. When a role is newly built, firstly, a role scope (development, test, UAT) of the role is selected, role main data is filled, the role is created, and role distribution authority is configured.
As shown in fig. 3, when a role needs to be created, a click is started, then a system administrator at a system management module logs in to operate, a page for filling in role master data is entered, a scope (development, test, UAT) of the role is selected when the role master data is filled in, then the role is created, and resources are allocated to the role until the end. When the local role is required to be created, clicking to start, then entering a role main data page in a filling project through a project manager login operation at a project management module, selecting a role scope (development, test and UAT) of the role in the filling project by the role main data, then creating a project role, and allocating resources (selection examples) to the role in the project until the completion.
The role deleting system is used for deleting the non-prefabricated roles, so that the non-prefabricated roles can be flexibly deleted conveniently; the authority management platform based on the container cloud computing supports more flexible role management, and an administrator can delete non-prefabricated roles. The method comprises the steps of transmitting main data of a role when the role is deleted, secondarily confirming whether the role is deleted or not through an interface, if the role is confirmed and checked to be bound by personnel, if the role is bound by the personnel, prompting that the role cannot be deleted, informing each tenant project manager by the manager, changing the role having the personnel needing to delete the role, and deleting the role under the condition that no member is bound under the role.
As shown in fig. 4, when a role is deleted, clicking is started, then logging in through a system administrator at a system management module, entering a master data page into which a role to be deleted is to be transferred, checking whether the role is bound by an administrator, deleting the role if not, if so, notifying the tenant administrator to modify the role of a member to be deleted under the role, then notifying the project administrator to modify the role of a member to be deleted under the role, checking whether the role bound member is empty, entering the master data page into which the role to be deleted is to perform circulation if not, notifying the tenant administrator to modify the role of the member to be deleted under the role, and continuing the circulation.
The role authority modification system is used for modifying role authority, and is convenient for flexible adjustment of role authority; the authority management platform based on the container cloud computing supports more flexible role management, and an administrator can modify role authority. And transferring the authority main data of the role when the role is modified, and modifying the role authority.
As shown in fig. 5, when the operation role authority is modified, a click is started, a name of a role to be modified is transmitted, modified authority master data is submitted, and the role authority is modified until the end.
The role list inquiring system is used for inquiring the role list so as to be convenient for checking the situation of the role list; the authority management platform based on the container cloud computing supports more flexible role management, and an administrator can inquire a role list.
As shown in fig. 6, when the role list is operated to query, the user starts clicking and enters the query role list until the operation is finished.
And the role authority inquiry system is used for checking the role authority and facilitating the flexible adjustment of the role authority. The authority management platform based on the container cloud computing supports more flexible role management, and an administrator can inquire role authority. And when the role is inquired, the main data of the role is transmitted, and the role authority tree is inquired.
As shown in fig. 7, when querying the operation item list, starting clicking, entering the role name, and entering the query role authority tree until the end.
The authority model system comprises a system management module which has all authority of the whole system; and the tenant management module is provided with the authority of the components of the whole tenant except the springclosed project and has a visible authority for the application of the current tenant in the springclosed project (as shown in fig. 2).
The authority management platform based on the container cloud computing has initial roles of a system management module, a tenant management module, a project management module and the like, and supports the user-defined role of a system administrator.
A system management module: and all the rights of the whole system are possessed.
A tenant management module: and the authority of the whole tenant except for the components under the springclosed project is possessed. And the application under the current tenant springclosed project has visible permission.
The project management module: the rights of the entire item are owned.
Self-defining roles: the system administrator is free to assign permissions.
And the role distribution authority is distributed by the system management module.
The system management module supports the user-defined role of the system management module, the user-defined role supports the user-defined addition of roles by an administrator class user, supports the viewing of the existing distributable authority tree, supports the user-defined addition according to the listed authority tree, removes role authority, and supports the flexible binding of roles and authorities.
And the role deleting system is used for judging whether the role is a non-prefabricated role or not and deleting the judged non-prefabricated role.
The role list is used for displaying the basic situation information and the associated information of all the roles.
The view role authority is mainly used for viewing the authority range of the role.
The authority management platform based on the container cloud computing is a security control center of a private cloud platform, and the authority management module establishes complete authority detection, so that authorized users can normally and legally use authorized functions, and unauthorized illegal users can be rejected. The authority system is developed and modified on the basis of the k8s authority mechanism, and the safety of the system is ensured.
After the continuous delivery platform pushes the project set and the projects are sent to the container cloud platform, the container cloud platform establishes relevant tenants, projects and members, pm is set as a project manager, and other members are assigned corresponding role authorities by the project manager. The roles can select the scope as a certain cluster environment, so that default cross-tenant control is realized. And require that the user-created application for a certain type of role under a certain project be invisible to the filters on the user interfaces of other roles. A user can define role functions to provide a user-defined role management solution for a client, and the user-defined role functions need to support the following functions.
And the administrator class user customizes the adding role.
And checking the existing distributable authority tree.
And the administrator adds the role rights in a self-defined manner according to the listed rights tree and removes the role rights.
And the role is flexibly bound with the authority.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the described embodiments. It will be apparent to those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, and the scope of protection is still within the scope of the invention.
Claims (7)
1. A permission management platform based on container cloud computing is characterized in that: the system comprises a permission model system, wherein the permission model system is communicated with a role creating system, the role creating system is connected with a role inquiring list system and a role inquiring permission system, and the role creating system is also accessed to a role modifying permission system and a role deleting system;
the authority model system is used for carrying out authority management on the platform system and ensuring the safety of the platform;
a role creating system for creating roles and configuring and distributing role authority;
the role deleting system is used for deleting the non-prefabricated roles, so that the non-prefabricated roles can be flexibly deleted conveniently;
the role authority modification system is used for modifying role authority, and is convenient for flexible adjustment of role authority;
the role list inquiring system is used for inquiring the role list so as to be convenient for checking the situation of the role list;
and the role authority inquiry system is used for checking the role authority and facilitating the flexible adjustment of the role authority.
2. The container cloud computing-based rights management platform of claim 1, wherein: the authority model system comprises a system management module which has all authority of the whole system; the system comprises a tenant management module, a project management module and a module, wherein the tenant management module is provided with the authority of the whole tenant except for the components under the springclosed project, and the tenant management module is provided with visible authority for the application under the springclosed project of the current tenant.
3. The container cloud computing-based rights management platform of claim 2, wherein: and the role distribution authority is distributed by the system management module.
4. The container cloud computing-based rights management platform of claim 2, wherein: the system management module supports the user-defined role of the system management module, the user-defined role supports the user-defined addition of roles by an administrator class user, supports the viewing of the existing distributable authority tree, supports the user-defined addition according to the listed authority tree, removes role authority, and supports the flexible binding of roles and authorities.
5. The container cloud computing-based rights management platform of claim 1, wherein: and the role deleting system is used for judging whether the role is a non-prefabricated role or not and deleting the judged non-prefabricated role.
6. The container cloud computing-based rights management platform of claim 1, wherein: the role list is used for displaying the basic situation information and the associated information of all the roles.
7. The container cloud computing-based rights management platform of claim 1, wherein: the view role authority is mainly used for viewing the authority range of the role.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111156518.0A CN113987462A (en) | 2021-09-30 | 2021-09-30 | Permission management platform based on container cloud computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111156518.0A CN113987462A (en) | 2021-09-30 | 2021-09-30 | Permission management platform based on container cloud computing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113987462A true CN113987462A (en) | 2022-01-28 |
Family
ID=79737318
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111156518.0A Pending CN113987462A (en) | 2021-09-30 | 2021-09-30 | Permission management platform based on container cloud computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113987462A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115378668A (en) * | 2022-08-05 | 2022-11-22 | 刘畅 | Bidirectional authority framework method and system based on scope |
-
2021
- 2021-09-30 CN CN202111156518.0A patent/CN113987462A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115378668A (en) * | 2022-08-05 | 2022-11-22 | 刘畅 | Bidirectional authority framework method and system based on scope |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102947797B (en) | The online service using directory feature extending transversely accesses and controls | |
CN104380261B (en) | The locally-supported storage based on cloud | |
CN108092945B (en) | Method and device for determining access authority and terminal | |
CN103186725B (en) | software authorization method and device | |
CN101360121B (en) | Authority control method, system and terminal in apparatus management | |
CN110990150A (en) | Tenant management method and system of container cloud platform, electronic device and storage medium | |
CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
US20020059236A1 (en) | Computer system with access control mechanism | |
CN101902494A (en) | Update service node | |
CN104395855A (en) | Cloud-based data item sharing and collaboration among groups of users | |
CN105094799A (en) | Hybrid applications operating between on-premise and cloud platforms | |
CN101729541B (en) | Method and system for accessing resources of multi-service platform | |
CN102822841A (en) | Thin-client system, access control method, and access control method in same | |
CN113220633B (en) | Unified file coding management method and system | |
CN105376198A (en) | Access control method and device | |
CN112019543A (en) | Multi-tenant permission system based on BRAC model | |
CN105453127A (en) | Method and system for document synchronization in a distributed server-client environment | |
CN114650170B (en) | Cross-cluster resource management method, device, equipment and storage medium | |
CN102760084A (en) | Management method of application data, method for partitioning application storage space, on-line application platform and application | |
CN113987462A (en) | Permission management platform based on container cloud computing | |
CN103763370B (en) | A kind of method, system and device for changing mobile terminal workspace screen-lock password | |
US10333939B2 (en) | System and method for authentication | |
CN108933760B (en) | Security service control method and system | |
CN114282210A (en) | Sandbox automatic construction method and system, computer equipment and readable storage medium | |
CN112487378A (en) | Tenant authority management system suitable for big data platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20220128 |
|
WD01 | Invention patent application deemed withdrawn after publication |