CN114139128A - System resource access method, device and medium - Google Patents
System resource access method, device and medium Download PDFInfo
- Publication number
- CN114139128A CN114139128A CN202111306334.8A CN202111306334A CN114139128A CN 114139128 A CN114139128 A CN 114139128A CN 202111306334 A CN202111306334 A CN 202111306334A CN 114139128 A CN114139128 A CN 114139128A
- Authority
- CN
- China
- Prior art keywords
- authority
- certificate
- access
- user
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 230000000694 effects Effects 0.000 abstract description 3
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a system resource access method, after a system receives an authority certificate, the authority certificate is analyzed to obtain authority information of specific resources in the authority certificate, the authority of the specific resources is opened to a user according to the authority information, the authority of the specific resources can be opened to the user only, and the problems that the user has the access authority of the specific resources and also has access authority of additional other resources due to the fact that the role of the user is modified, resource information is leaked, and safety is low are solved. In addition, the application also provides a system resource access device and a computer readable storage medium, which correspond to the method and have the same effects.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, and a medium for accessing system resources.
Background
With the development of internet technology, Access Control methods Based on user, Role and resource permissions become mainstream system permission management methods, for example, system permission management Based on Role-Based Access Control (RBAC), that is, a user is associated with permissions through roles. That is, a user has several roles, each with several permissions. In this model, there is typically a many-to-many relationship between users and roles, and between roles and permissions. The system realizes the authority division of users through different roles of administrators, operators, viewers and the like. The system gives different system access authorities according to different roles of login users, and the authorities of the roles are distributed when created along with the roles. When a user needs to temporarily access a resource without access right in a specific period, usually, an administrator makes the user have the access right of the resource by modifying the role of the user, and after the user access is completed, the administrator needs to modify the role of the user.
Because of the user-to-role, and role-to-authority, there is usually a many-to-many relationship. Once a user is assigned with a role, the user has all the operation permissions of the role, so that the user has access permissions to specific resources and also has access permissions to additional other resources by modifying the role of the user, which easily causes leakage of resource information and has low security.
Therefore, how to solve the problem of low security when opening the usage right of a specific resource to a user is a technical problem to be solved urgently by those skilled in the art.
Disclosure of Invention
The application aims to provide a system resource access method for solving the problem of low security when the use right of a specific resource is opened to a user.
In order to solve the above technical problem, the present application provides a system resource access method, including:
receiving an authority certificate, wherein the authority certificate is uniquely corresponding to account information of a user and contains authority information which is set for the user and has a temporary access specific resource authority;
analyzing the authority certificate to obtain the authority information of the specific resource in the authority certificate;
and opening the authority of the specific resource to the user according to the authority information.
Preferably, in the above method for accessing system resources, generating the authority certificate includes the following steps:
when an administrator logs in, receiving a request for generating the authority certificate;
receiving the account information of the user and the authority information of the specific resource;
and generating the authority certificate according to the account information and the authority information of the specific resource.
Preferably, in the above method for accessing system resources, after receiving the request for generating the permission certificate, the method further includes:
receiving access starting time and access ending time;
correspondingly, the generating the permission certificate according to the account information and the permission information of the specific resource includes:
and generating the authority certificate according to the account information, the authority information of the specific resource, the access starting time and the access ending time.
Preferably, in the above method for accessing system resources, after receiving the account information of the user and the authority information of the specific resource, the method further includes:
judging whether the user has the access right of the specific resource;
if not, entering the step of generating the authority certificate according to the account information and the authority information of the specific resource;
otherwise, the process is ended.
Preferably, in the above method for accessing system resources, after the step of receiving the authority certificate, and before the step of parsing the authority certificate to obtain the authority information of the specific resource in the authority certificate, the method further includes:
judging whether the authority certificate is issued by an administrator of the system, whether the current use time is between the access start time and the access time of the authority certificate, and whether the user account information of the authority certificate is consistent with the login account information of the current system;
if yes, the step of analyzing the authority certificate to obtain the authority information of the specific resource in the authority certificate is carried out.
Preferably, in the above method for accessing system resources, after the opening the right of the specific resource to the user, the method further includes:
and when the access connection is disconnected, closing the access authority of the user to the specific resource.
Preferably, in the above method for accessing system resources, after determining whether the authority certificate is issued by an administrator of the system, whether a current usage time is between the access start time and the access time of the authority certificate, and whether the user account information of the authority certificate is consistent with the login account information of the current system, the method further includes:
if not, sending out a prompt that the permission certificate has errors.
The present application further provides a system resource access device, including:
the receiving module is used for receiving an authority certificate, wherein the authority certificate is uniquely corresponding to account information of a user and contains authority information which is set for the user and has the authority for temporarily accessing a specific resource;
the analysis module is used for analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate;
the opening authority module is used for opening the authority of the specific resource to the user according to the authority information;
the receiving request module is used for receiving a request for generating an authority certificate when an administrator logs in;
the receiving information module is used for receiving account information of a user and authority information of specific resources;
the generating module is used for generating an authority certificate according to the account information and the authority information of the specific resource;
the receiving time module is used for receiving the access starting time and the access ending time after the receiving request module receives the request for generating the authority certificate;
the judging module is used for receiving the account information of the user from the information receiving module, judging whether the user has the access authority of the specific resource after the authority information of the specific resource is received, and if not, triggering the generating module;
the security check module is used for judging whether the authority certificate is issued by an administrator of the system after the receiving module 21 receives the authority certificate, whether the current use time is between the access start time and the access time of the authority certificate, and whether the user account information of the authority certificate is consistent with the login account information of the current system, if so, triggering the analysis module, and if not, triggering the prompt module;
the prompting module is used for sending out a prompt that the permission certificate has errors;
and the closing module is used for closing the access authority of the user to the specific resource after the access connection is disconnected.
The present application further provides a system resource access device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the system resource access method when executing the computer program.
The present application also provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, performs the steps of the above system resource access.
According to the system resource access method, after the authority certificate is received, the authority certificate is analyzed to obtain the authority information of the specific resource in the authority certificate, the authority of the specific resource is opened to the user according to the authority information, wherein the authority certificate is uniquely corresponding to the account information of the user and contains the authority information which is set for the user and has the authority of temporarily accessing the specific resource.
In addition, the application also provides a system resource access device and a computer readable storage medium, which correspond to the method and have the same effects.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a system resource access method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a system resource access device according to an embodiment of the present application;
fig. 3 is a block diagram of a system resource access device according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The core of the application is to provide a system resource access method, which solves the problem of low security caused by changing the role of a user to enable the user to have the access right of a specific resource.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
Fig. 1 is a flowchart of a system resource access method according to an embodiment of the present application. As shown in fig. 1, a system resource access method includes:
s11: receiving an authority certificate, wherein the authority certificate is uniquely corresponding to the account information of the user and contains authority information which is set for the user and has the authority for temporarily accessing the specific resource;
s12: analyzing the authority certificate to obtain authority information of the specific resource in the authority certificate;
s13: and opening the authority of the specific resource to the user according to the authority information.
In an existing system authority management system, authority division of users is usually realized through different roles of an administrator, an operator, a viewer and the like, and an authority certificate mentioned in this embodiment refers to a certificate which is issued by the system administrator by means of a root certificate installed in the system and contains user account information and specific resource authority information. When the system analyzes the authority certificate, the authority certificate can be judged whether to be issued by an administrator of the system or not by verifying the signature of an issuer of the certificate by the public key of the root certificate, otherwise, the system cannot access the analysis.
The specific resource mentioned in this embodiment refers to resource information that a user does not have access right but needs to temporarily open a right to the user, the embodiment does not limit the specific type of the specific resource, and may be a file, a website, a video, and the like, and the embodiment does not limit the expression form of the specific resource in the right certificate, for example, the specific resource may be a file name, an access path, a storage address, and the like, and the specific resource is designed according to actual needs. In addition, the number of the specific resources is not limited in this embodiment, and for example, the number of the specific resources may be one or more, and the number of the specific resources may be designed according to actual needs.
The embodiment does not limit whether the permission certificate further includes other content, for example, the access start time and the access end time, the access permission is only a viewing permission, the access permission is an editable permission, the access permission is a downloadable permission, and the like, and the embodiment is designed according to specific actual requirements and is not specifically limited.
The user account information in the authority certificate mentioned in this embodiment is unique, which means that the current authority certificate only opens the access authority of a specific resource to the current user.
Specifically, the user uploads the authority certificate, the system analyzes the authority information of the specific resource in the authority certificate, and the authority of the specific resource is opened to the user according to the authority information recorded in the authority certificate.
According to the system resource access method provided by the embodiment, after the system receives the authority certificate uploaded by the user, the authority certificate is analyzed to obtain the authority information of the specific resource in the authority certificate, and the authority of the specific resource is opened to the user according to the authority information. Therefore, by the system resource access method provided by the application, the permission of the specific resource can be opened only to the user, and the problems that the user has the access permission of the specific resource and also has the access permission of additional other resources due to the fact that the role of the user is modified, resource information is leaked, and the safety is low are solved.
According to the foregoing embodiment, as to the method for generating an authority certificate, this embodiment provides a preferable scheme, and generating an authority certificate includes the following steps:
receiving a request for generating an authority certificate when an administrator logs in;
receiving account information of a user and authority information of a specific resource;
and generating an authority certificate according to the account information and the specific resource authority information of the user.
Specifically, when an administrator of the system logs in, a request for generating the authority certificate is received, account information of a user uploaded by the administrator and authority information of a specific resource are received, and the system generates the authority certificate by combining the account information of the user and the authority information of the specific resource through the root certificate.
In addition, the embodiment does not limit whether the permission certificate includes other information, for example, the access start time, the access end time, the access permission being only a viewing permission, the access permission being an editable permission, the access permission being a downloadable permission, and the like, and the embodiment is designed according to specific actual requirements and is not specifically limited.
The embodiment provides a preferred scheme for generating the authority certificate, so as to ensure that the authority certificate is issued by an administrator of the system and ensure the security of the authority certificate.
According to the foregoing embodiment, when the access right of a specific resource is temporarily opened to a user, and when the time is over, the user does not have the access right of the specific resource any more, an administrator may log out the right certificate so that the user cannot obtain the access right of the specific resource through the right certificate any more, but since the log-out needs to be managed each time, manpower and time are wasted, this embodiment provides a preferred scheme, in the step of generating the right certificate, after receiving a request for generating the right certificate, the method further includes:
receiving access starting time and access ending time;
correspondingly, generating the authority certificate according to the account information and the authority information of the specific resource comprises the following steps:
and generating the authority certificate according to the account information, the authority information of the specific resource, the access starting time and the access ending time.
Between the access start time and the access end time mentioned in the present embodiment, the access start time and the access end time are set by a system administrator for the effective time during which the user can access a specific resource. When the access end time is exceeded or before the access start time, the permission certificate does not open valid information of the specific resource to the user.
It should be noted that, if the right to open a specific resource to a user is permanent, the access start time and the access end time may not be set.
According to the scheme provided by the embodiment, by setting the access starting time and the access ending time, the problem that after the use of the user is finished, the administrator logs off the authority certificate so that the user cannot obtain the access authority of the specific resource through the authority certificate any more is avoided, and the waste of labor and time is avoided.
According to the foregoing embodiment, in order to avoid that the user already has the access right of the specific resource, and generates the invalid right certificate, this embodiment provides a preferable scheme, where in the step of generating the right certificate, after receiving the account information of the user and the specific resource right information, the method further includes:
judging whether the user has the access right of the specific resource;
if not, entering a step of generating an authority certificate according to the account information and the specific resource authority information;
otherwise, the process is ended.
After receiving account information of a user and specific resource authority information, judging whether the user has access authority of specific resources, if the user originally has the authority of the specific resources, generating an authority certificate is not needed, and when the user does not have the authority of the specific resources, entering a step of generating the authority certificate.
By the scheme provided by the embodiment, the problem that resources are wasted due to the fact that the authority certificate is generated for the specific resource authority owned by the user is avoided.
According to the foregoing embodiment, in order to improve security when the system opens the authority of the specific resource to the user, this embodiment provides a preferable scheme, in the system resource access method, after the step of receiving the authority certificate, before the step of parsing the authority certificate to obtain the authority information of the specific resource in the authority certificate, the method further includes:
judging whether the authority certificate is issued by an administrator of the system, whether the current use time is between the access start time and the access time of the authority certificate, and whether the user account information of the authority certificate is consistent with the login account information of the current system;
if so, the step of analyzing the authority certificate to obtain the authority information of the specific resource in the authority certificate is carried out.
In the embodiment, it is determined whether the authority certificate is issued by an administrator of the system, and since the authority certificate is issued by the root certificate, the authority certificate is signed by the administrator of the system; in addition, whether the current user use time is valid time or not is judged, namely the access start time and the access end time set in the authority certificate; whether the user account information of the authority certificate is consistent with the login account information of the current system or not is judged, and the problem that other non-authority certificates allow a user to steal the authority certificate to obtain the authority of a specific resource and cause resource leakage is avoided.
And if and only if the authority certificate is issued by an administrator of the system and the current use time is between the access start time and the access time of the authority certificate and the user account information of the authority certificate is consistent with the login account information of the current system, the step of analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate can be carried out. If any of the rights certificates is negative, the step of parsing the rights certificate to obtain the rights information for the particular resource in the rights certificate cannot be entered.
By the scheme provided by the embodiment, the authority certificate is issued by an administrator of the system, the current use time is the access valid time of the authority certificate, the user account information of the authority certificate is consistent with the login account information of the current system, and the safety is improved.
According to the foregoing embodiment, in order to avoid that a user obtains an access right of a specific resource through a right certificate and then has the right of the specific resource for an unlimited number of times, this embodiment provides a preferable solution, and the system resource access method, after opening the right of the specific resource to the user, further includes:
and when the access connection is disconnected, closing the access authority of the user to the specific resource.
In this embodiment, after the current access connection is disconnected, closing the access right of the user to the specific resource means that the access right of the specific resource only takes effect for the current access connection of the user, when the current access connection is disconnected, the system closes the right of the user to the specific resource, and if the user logs in again by using the account and does not import the right certificate, the user does not have the access right of the specific resource.
Therefore, when a user logs in each time and needs to acquire the access right of the specific resource, the user needs to import the right certificate, and after the system is checked, the access right of the specific resource is opened.
According to the foregoing embodiment, this embodiment provides a preferable scheme, after determining whether the authority certificate is issued by an administrator of the system, whether the current usage time is between the access start time and the access time of the authority certificate, and whether the user account information of the authority certificate is consistent with the login account information of the current system, the method further includes:
if not, sending a prompt that the permission certificate has errors.
And when the authority certificate is not issued by an administrator of the system, or the current use time is not between the access start time and the access time of the authority certificate, or the user account information of the authority certificate is inconsistent with the login account information of the current system, judging that the authority certificate is wrong, and sending a prompt that the authority certificate is wrong. The user is reminded to check whether the authority certificate is not the certificate issued by the administrator, whether the authority certificate exceeds the access time or not, or whether the account information of the current login account is inconsistent with the account information of the user of the authority certificate.
In the foregoing embodiments, detailed descriptions are given to a system resource access method, and the present application also provides embodiments corresponding to a system resource access device. It should be noted that the present application describes the embodiments of the apparatus portion from two perspectives, one from the perspective of the function module and the other from the perspective of the hardware.
Fig. 2 is a schematic diagram of a system resource access device according to an embodiment of the present application. As shown in fig. 2, a system resource access apparatus includes:
the receiving module 21 is configured to receive an authority certificate, where the authority certificate uniquely corresponds to account information of a user and includes authority information that is set for the user and has a temporary access right to a specific resource;
the analysis module 22 is used for analyzing the authority certificate to obtain authority information of the specific resource in the authority certificate;
and the opening authority module 23 is configured to open the authority of the specific resource to the user according to the authority information.
The receiving module 21 receives the authority certificate, the authority certificate uniquely corresponds to the account information of the user and includes authority information which is set for the user and has authority for temporarily accessing the specific resource, the analyzing module 22 analyzes the authority certificate to obtain authority information of the specific resource in the authority certificate, and the opening authority module 23 opens the authority of the specific resource to the user according to the authority information of the specific resource obtained by the analyzing module 22.
In addition, this embodiment further includes:
the receiving request module is used for receiving a request for generating an authority certificate when an administrator logs in;
the receiving information module is used for receiving account information of a user and authority information of specific resources;
the generating module is used for generating an authority certificate according to the account information and the authority information of the specific resource;
the receiving time module is used for receiving the access starting time and the access ending time after the receiving request module receives the request for generating the authority certificate;
the judging module is used for receiving the account information of the user from the information receiving module, judging whether the user has the access authority of the specific resource after the authority information of the specific resource is received, and if not, triggering the generating module;
the security check module is used for judging whether the authority certificate is issued by an administrator of the system after the receiving module 21 receives the authority certificate, whether the current use time is between the access start time and the access time of the authority certificate, and whether the user account information of the authority certificate is consistent with the login account information of the current system, if so, triggering the analysis module, and if not, triggering the prompt module;
the prompting module is used for sending out a prompt that the permission certificate has errors;
and the closing module is used for closing the access authority of the user to the specific resource after the access connection is disconnected.
Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.
Fig. 3 is a block diagram of a system resource access device according to another embodiment of the present application, and as shown in fig. 3, the system resource access device includes: a memory 30 for storing a computer program;
a processor 31, configured to execute the computer program to implement the steps of the system resource access method according to the above embodiment.
The system resource access device provided by the embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, or a desktop computer.
The processor 31 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 31 may be implemented in at least one hardware form of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 31 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 31 may be integrated with a Graphics Processing Unit (GPU) which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 31 may further include an Artificial Intelligence (AI) processor for processing computational operations related to machine learning.
Memory 30 may include one or more computer-readable storage media, which may be non-transitory. Memory 30 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 30 is at least used for storing the following computer program 301, wherein after being loaded and executed by the processor 31, the computer program can implement the relevant steps of the system resource access method disclosed in any of the foregoing embodiments. In addition, the resources stored by the memory 30 may also include an operating system 302, data 303, and the like, and the storage may be transient storage or permanent storage. Operating system 302 may include Windows, Unix, Linux, etc. Data 303 may include, but is not limited to, data involved in implementing system resource access methods, and the like.
In some embodiments, the system resource access device may further include a display screen 32, an input/output interface 33, a communication interface 34, a power source 35, and a communication bus 36.
Those skilled in the art will appreciate that the architecture shown in FIG. 3 does not constitute a limitation on the system resource access mechanism and may include more or fewer components than those shown.
The system resource access device provided by the embodiment of the application comprises a memory and a processor, and when the processor executes a program stored in the memory, the following method can be realized: a system resource access method. After the system receives the authority certificate uploaded by the user, the authority certificate is analyzed to obtain the authority information of the specific resource in the authority certificate, and the authority of the specific resource is opened to the user according to the authority information. Because only the authority of the specific resource is opened to the user, the problem that the user has the access authority of the specific resource and also has the access authority of the additional other resources because the role of the user is modified, so that resource information is leaked, and the safety is low is solved.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps recited in the above-described system resource access method embodiments.
It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
A computer-readable storage medium is provided, on which a computer program is stored, which program, when executed by a processor, is capable of implementing the method of: and when the system receives the authority certificate uploaded by the user, the authority certificate is analyzed to obtain the authority information of the specific resource in the authority certificate, and the authority of the specific resource is opened to the user according to the authority information. Because the authority certificate is uniquely corresponding to the account information of the user and contains the authority information which is set for the user and has the authority for temporarily accessing the specific resource, the additional resource information can not be leaked. Because only the authority of the specific resource is opened to the user, the problem that the user has the access authority of the specific resource and also has the access authority of the additional other resources because the role of the user is modified, so that resource information is leaked, and the safety is low is solved.
The foregoing describes a method, apparatus, and medium for accessing system resources provided by the present application in detail. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method for accessing system resources, comprising:
receiving an authority certificate, wherein the authority certificate is uniquely corresponding to account information of a user and contains authority information which is set for the user and has a temporary access specific resource authority;
analyzing the authority certificate to obtain the authority information of the specific resource in the authority certificate;
and opening the authority of the specific resource to the user according to the authority information.
2. The system resource access method according to claim 1, wherein generating the permission certificate comprises the steps of:
when an administrator logs in, receiving a request for generating the authority certificate;
receiving the account information of the user and the authority information of the specific resource;
and generating the authority certificate according to the account information and the authority information of the specific resource.
3. The system resource access method of claim 2, wherein after receiving the request to generate the permission certificate, further comprising:
receiving access starting time and access ending time;
correspondingly, the generating the permission certificate according to the account information and the permission information of the specific resource includes:
and generating the authority certificate according to the account information, the authority information of the specific resource, the access starting time and the access ending time.
4. The method according to claim 2, wherein the receiving the account information of the user and the right information of the specific resource further comprises:
judging whether the user has the access right of the specific resource;
if not, entering the step of generating the authority certificate according to the account information and the authority information of the specific resource;
otherwise, the process is ended.
5. The method according to claim 3, wherein after the step of receiving the permission certificate and before the step of parsing the permission certificate to obtain the permission information of the specific resource in the permission certificate, the method further comprises:
judging whether the authority certificate is issued by an administrator of the system, whether the current use time is between the access start time and the access time of the authority certificate, and whether the user account information of the authority certificate is consistent with the login account information of the current system;
if yes, the step of analyzing the authority certificate to obtain the authority information of the specific resource in the authority certificate is carried out.
6. The method according to claim 1, further comprising, after opening the right of the specific resource to the user:
and when the access connection is disconnected, closing the access authority of the user to the specific resource.
7. The method according to claim 5, wherein after determining whether the permission certificate is issued by an administrator of the system, whether a current usage time is between the access start time and the access time of the permission certificate, and whether the user account information of the permission certificate is consistent with login account information of the current system, the method further comprises:
if not, sending out a prompt that the permission certificate has errors.
8. A system resource access apparatus, comprising:
the receiving module is used for receiving an authority certificate, wherein the authority certificate is uniquely corresponding to account information of a user and contains authority information which is set for the user and has the authority for temporarily accessing a specific resource;
the analysis module is used for analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate;
and the permission opening module is used for opening the permission of the specific resource to the user according to the permission information.
9. A system resource access apparatus, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the system resource access method of any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, performs the steps of system resource access of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111306334.8A CN114139128B (en) | 2021-11-05 | 2021-11-05 | System resource access method, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111306334.8A CN114139128B (en) | 2021-11-05 | 2021-11-05 | System resource access method, device and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114139128A true CN114139128A (en) | 2022-03-04 |
| CN114139128B CN114139128B (en) | 2024-03-08 |
Family
ID=80392255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111306334.8A Active CN114139128B (en) | 2021-11-05 | 2021-11-05 | System resource access method, device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114139128B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090222901A1 (en) * | 2008-02-28 | 2009-09-03 | Schneider James P | Collecting Account Access Statistics from Information Provided by Presence of Client Certificates |
| CN101640687A (en) * | 2009-08-31 | 2010-02-03 | 国家信息中心 | Privilege management system and method |
| CN103973637A (en) * | 2013-01-28 | 2014-08-06 | 华为终端有限公司 | Method for configuring permission, agent equipment and server |
| CN109657429A (en) * | 2018-09-27 | 2019-04-19 | 深圳壹账通智能科技有限公司 | Video resource management method, equipment, system and computer readable storage medium |
| CN111800440A (en) * | 2020-09-08 | 2020-10-20 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
| CN112118237A (en) * | 2020-09-04 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Resource access management method |
-
2021
- 2021-11-05 CN CN202111306334.8A patent/CN114139128B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090222901A1 (en) * | 2008-02-28 | 2009-09-03 | Schneider James P | Collecting Account Access Statistics from Information Provided by Presence of Client Certificates |
| CN101640687A (en) * | 2009-08-31 | 2010-02-03 | 国家信息中心 | Privilege management system and method |
| CN103973637A (en) * | 2013-01-28 | 2014-08-06 | 华为终端有限公司 | Method for configuring permission, agent equipment and server |
| CN109657429A (en) * | 2018-09-27 | 2019-04-19 | 深圳壹账通智能科技有限公司 | Video resource management method, equipment, system and computer readable storage medium |
| CN112118237A (en) * | 2020-09-04 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Resource access management method |
| CN111800440A (en) * | 2020-09-08 | 2020-10-20 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114139128B (en) | 2024-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA3113673C (en) | Systems and methods for consistent enforcement policy across different saas applications via embedded browser | |
| KR102527949B1 (en) | Secure Run Guest Owner Environment Control | |
| CN112313652A (en) | System and method for providing data loss protection via an embedded browser | |
| CN104854561A (en) | Application wrapping for application management framework | |
| US11531929B2 (en) | Systems and methods for machine generated training and imitation learning | |
| CN104572263A (en) | Page data interaction method, related device and system | |
| US9684788B2 (en) | Self-repair and distributed-repair of applications | |
| CN111414612B (en) | Security protection method and device for operating system mirror image and electronic equipment | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| US10984108B2 (en) | Trusted computing attestation of system validation state | |
| WO2022078366A1 (en) | Application protection method and apparatus, device and medium | |
| CN110990798B (en) | Application program permission configuration method and device, electronic equipment and storage medium | |
| CN110581863B (en) | Single sign-on method, device, equipment and medium for cloud platform | |
| CN111314355B (en) | Authentication method, device, equipment and medium of VPN (virtual private network) server | |
| CN114139128A (en) | System resource access method, device and medium | |
| CN113761478B (en) | Authorization method and device for software product | |
| CN115509587A (en) | Firmware upgrading method and device, electronic equipment and computer readable storage medium | |
| CN115344889A (en) | Console access method, device, equipment and medium for virtual machine | |
| CN115238248A (en) | SDK (software development kit) offline authorization method, device, equipment and medium | |
| CN113553271A (en) | Method for generating and testing internal test program of application program | |
| CN114662090A (en) | File processing method, device, storage medium and system | |
| CN114091112A (en) | Application authority control method and device and electronic equipment | |
| CN110362983B (en) | Method and device for ensuring consistency of dual-domain system and electronic equipment | |
| CN110046493B (en) | Data processing method, device, equipment and machine-readable medium | |
| CN111859378B (en) | Processing method and device for protecting data model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |