CN114143069A - Authority management system and method applied to microservice - Google Patents
Authority management system and method applied to microservice Download PDFInfo
- Publication number
- CN114143069A CN114143069A CN202111428303.XA CN202111428303A CN114143069A CN 114143069 A CN114143069 A CN 114143069A CN 202111428303 A CN202111428303 A CN 202111428303A CN 114143069 A CN114143069 A CN 114143069A
- Authority
- CN
- China
- Prior art keywords
- resource
- application
- authority
- micro
- rights
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a permission management system and method applied to micro-service, the system comprises a super management module, an organization management module and an application management module, which respectively correspond to the authority resource permission, the application resource permission and the micro-service resource permission, and simultaneously, the public resources in the three layers are independently packaged into independent permission for management. The scheme of the invention improves the precision of authority management and realizes the unified management of public resources.
Description
Technical Field
The invention relates to the field of micro-service architecture, in particular to an authority management system and method applied to micro-service.
Background
The microservice architecture is an architectural model or architectural style. It advocates dividing a single application into a set of small services, each service running in an independent process, the services coordinating and cooperating with each other, providing the final value to the user. The services are communicated with each other by adopting a lightweight communication mechanism. Each service is built around a specific business and can be deployed independently to a production environment, a production-like environment, and the like.
The micro-service is loosely coupled, so that it is independent in either the development phase or the deployment phase; and the method can respond quickly, local modification is easy, and the whole application cannot be influenced when one service is in a problem. Therefore, the application systems of some colleges and universities gradually use the micro-service architecture to shorten the construction and delivery time of the intelligent campus and improve the reliability of the college systems.
However, just because each microservice is small, each microservice needs to authenticate access, and each microservice needs to specify the current accessing user and its rights, thereby presenting challenges to rights management of the microservice.
Disclosure of Invention
In order to solve the problem of authority management of an application system adopting a micro-service mode, the invention provides an authority management system applied to micro-services, wherein the authority management system is connected with a plurality of mechanism systems, each mechanism system comprises a plurality of application systems, each application system comprises a plurality of micro-services, and the authority management system comprises: the super management module is used for managing mechanism resource authorities of a plurality of mechanism systems and binding the mechanism resource authorities to a super manager, the super manager manages resources of the mechanism systems in the mechanism resource authorities, and the mechanism resource authorities comprise mechanism public resource authorities;
the mechanism management module is used for managing application resource authorities of the application systems belonging to the same mechanism system and binding the application resource authorities to a mechanism manager, the mechanism manager manages resources of the application systems in the application resource authorities, and the application resource authorities belong to the mechanism resource authorities;
and the application management module is used for managing micro-service resource authorities of the micro-services belonging to the same application system and binding the micro-service resource authorities to an application manager, wherein the application manager manages resources of the micro-services in the micro-service resource authorities, and the micro-service resource authorities belong to the application resource authorities.
Further, in the super management module, the authority common resource authority refers to access authority and operation authority of common resources between different authority systems.
Further, in the organization management module, the application resource authority includes an application common resource authority, where the application common resource authority refers to an access authority and an operation authority of a common resource between different application systems in the same organization system; in the application management module, the micro-service resource authority includes a micro-service public resource authority, and the micro-service public resource authority refers to an access authority and an operation authority of a public resource between different micro-services in the same application system.
Further, the application management module comprises a public management module, and the public management module is used for managing the public resource authority in the application system and binding the public resource authority to the user; the user uses the microservice within the public resource rights, which contain only read and query operations for public resources.
Further, the application system is deployed by using a kubernets architecture, the super management module is bound to the cluster-admin through the ClusterRolebinding to complete authorization for a super manager, and the organization public resource authority is encapsulated in the ClusterRole role.
In another aspect, the present invention provides a rights management method applied to a microservice, applied to a rights management system, where the rights management system is connected to a plurality of organization systems, each organization system includes a plurality of application systems, and each application system includes a plurality of microservices, the rights management method including: managing authority resource authorities of a plurality of the authority systems, and binding the authority resource authorities to a super administrator, wherein the super administrator manages resources of the authority systems in the authority resource authorities, and the authority resource authorities comprise authority public resource authorities;
managing application resource permissions of the application systems belonging to the same mechanism system, and binding the application resource permissions to a mechanism administrator, wherein the mechanism administrator manages resources of the application systems in the application resource permissions, and the application resource permissions belong to the mechanism resource permissions;
managing micro-service resource permissions of the micro-services belonging to the same application system, and binding the micro-service resource permissions to an application manager, wherein the application manager manages resources of the micro-services within the micro-service resource permissions, and the micro-service resource permissions belong to the application resource permissions.
Further, the authority common resource authority refers to access authority and operation authority of common resources between different authority systems.
Further, the application resource authority includes an application common resource authority, and the application common resource authority refers to an access authority and an operation authority of common resources between different application systems in the same mechanism system; the micro service resource authority comprises micro service public resource authority, and the micro service public resource authority refers to access authority and operation authority of public resources among different micro services in the same application system.
Further, managing the public resource authority in the application system, and binding the public resource authority to a user; the user uses the microservice within the public resource rights, which contain only read and query operations for public resources.
Further, the application system is deployed by using a kubernets architecture, and the method includes: and the authorization of the super administrator is finished by binding the ClusterRolebinding to the cluster-admin, and the authority common resource authority is encapsulated in the role of the ClusterRole.
The invention has the beneficial effects that: the authority management system and the method adopt an authority management strategy of RBAC (Role-Based Access Control), and divide resources according to three layers of an organization system, an application system and microservice, thereby realizing authority management with different fine granularities; the public resources of different levels are independently packaged into the public resource authority, so that the unified management of the public resources is facilitated, and the use of the public resources by a user is facilitated; the minimum authority is reduced to be matched with the micro-service, so that the management is more detailed and the authority management of the micro-service application development is facilitated.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a rights management system connected to a microservice system.
Fig. 2 is a schematic structural diagram of an embodiment of a rights management system.
FIG. 3 is a resource relationship diagram in an embodiment of a rights management system.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1, a plurality of microservices form an application system, and a microservice is a single functional module of the application system, and here, the microservice is a microservice application. The two application systems form an organization system, and the application systems in the two organization systems can be the same or different. The two mechanism systems form a total system which is a cluster system. Obviously, the number of the mechanism system and the application system constituting the mechanism system may be two or more. In addition, in the cluster system, the micro-services of the independent functional modules may be the same or different.
In a specific embodiment, the cluster system is a college website system, the access management system is connected with the school website system, the access management system adopts a SaaS (Software-as-a-service) mode, and all access management operations are completed at a server side. The school website system is divided into a plurality of college websites, and each college website is provided with a plurality of application systems, such as a student recruitment system, an examination system, a monitoring system, a financial system and the like. By adopting the micro-service application system, the relatively independent functional module is used as a micro-service application to realize independent development, independent maintenance and independent deployment. The right management system is responsible for right management of these micro services, including initialization, updating, maintenance, etc., and authorizing these rights to the corresponding users. And the user logs in the corresponding application system after authentication, and the operation authority of the application system corresponds to the authorization authority of the user. For the ui (user interface) arrangement of the application system, a module which only displays that the user has an operation authority may be adopted, or a module which displays the complete interface of the application system but has no authority may be adopted to be set in an inoperable state.
As shown in fig. 2, the resources are divided from small to large according to the fine granularity of the resources, and the resources are micro service resources, application resources and mechanism resources. The mechanism resource comprises an application resource, and the application resource comprises a micro service resource, which corresponds to the structural composition of the cluster system. The authority management system is provided with a super management module for managing authority resource authorities of a plurality of authority systems, namely having authority to execute all operations on any resource of the cluster system. In a specific implementation, the authority resource authority may be granted to a super administrator, and the super administrator may have authority to execute all operations on any resource of the cluster system, such as organization management, department type, user type and application information, and the organization management includes basic information maintenance of the organization and application systems owned by the organization administrator and the setting organization.
In one embodiment, the authority resource authority includes operation authority of all database resources in the school website system, and the specific operation may be all operations of creating, modifying, deleting, updating, and the like. The super manager refers to a user account with authority resource authority, the user account provides all resources for a school party to manage a website, the super management module is maintained by a website development team, and the super manager is generated by the website development team through authorization of the super management module. According to actual conditions, after the super manager successfully logs in through the school website system authentication, the deleting function of the monitoring system in a certain college can be deleted; if the school has a unified financial institution, some functions of the financial systems of the various college institutions may be masked or only the viewing and querying functions may be opened.
The access authority and the operation authority of resources which can be shared between the mechanism systems are packaged into the authority of the mechanism common resources, so that the authorization and the authority change of the common resources are facilitated. Like the hospitality system, although the requirements of the various college institutions for hospitalization may vary, they have in common; the information input function of the enrollment system can be independent to be made into the information input micro-service, the information input micro-service stores the received information in the enrollment data table, and the enrollment data table can be checked, inquired, modified and the like, so that the enrollment data table and the corresponding operation can be packaged into the institution public resource authority, and the enrollment system can be conveniently authorized to different institutions. As for the difference between different school enrollment data, it is sufficient to associate a school identification with each enrollment information.
The authority management system is provided with an organization management module for managing the resource authority of each application system in the organization system, namely managing the application resources. The application resource right only manages the application system in one organization, but cannot manage the application systems of other organizations. The application resource authority belongs to the authority resource authority, and the authority administrator refers to a user account with the application resource authority, manages the resources of the application system in the application resource authority and is authorized and generated by a super administrator.
As shown in fig. 3, the application resource authority includes an application common resource authority, where the application common resource refers to a resource shared between different application systems in the same institution system. For example, the examination system and the course management system of a college use the student information of the college, the student information data sheet at least comprises a student number and name information, and the examination system and the course management system only need to use reading and inquiring operations, the student information data sheet is an application public resource, the reading and inquiring functions of the student information data sheet are independent to be made into student information micro-service, and the application public resource authority is the operation authority of the student information micro-service. With this function, it is convenient for the administrator of the institution to uniformly manage the examination system and the course management system.
The authority management system is provided with an application management module for managing the micro-services belonging to the same application system, namely managing the authority of the micro-service resources. The microservice resource right is only to manage microservices in one application system, but not between different applications. The micro service resource authority belongs to the application resource authority, and the application administrator refers to a user account with the micro service resource authority, manages resources of the micro service in the micro service resource authority and is authorized and generated by an organization administrator.
The micro-service resource authority comprises a micro-service common resource authority, wherein the micro-service common resource refers to a resource which is common among different micro-services in the same application system, and the micro-service common resource authority does not relate to authorization among different application systems. For example, the student information management system of the software college comprises a student information query module and a class information query module, wherein the two modules need to call a student information data table stored in a software college database and are both read; the student information query module and the class information query module are independently used as micro-services for development and deployment, a student information data table of a software college serves public resources for the micro-services of the student information management system, and after the student information data table and the reading operation are packaged into micro-service public resource authority, the two micro-services can conveniently manage the authority of the function.
In the general scheme of the above embodiment, the rights management system adopts a rights management policy of RBAC (Role-Based Access Control), and divides resources according to three levels of an organization system, an application system and a microservice, thereby realizing rights management of different fine granularities; the public resources of different levels are independently packaged into the public resource authority, so that the unified management of the public resources is facilitated, and the use of the public resources by a user is facilitated; the minimum authority is reduced to be matched with the micro-service, so that the management is more detailed and the authority management of the micro-service application development is facilitated.
In another embodiment, the authority management system can adopt independent authority management for the public data, so that each micro service can conveniently call the public resources, and for the maintenance of the subsequent public resources, the corresponding data only needs to be updated, and the data can be automatically updated into the corresponding micro service. Specifically, the application management module comprises a public management module, manages the public resource authority in the application system by using the public management module, and binds the public resource authority to the user; the user uses the microservice within the open resource permissions, which contain only read and query operations for the open resource. Resources such as for some announcements, notifications, etc. can be used as public resources, and read and query rights are opened for all microservices. Obviously, a public management module can be added in the super management module or the mechanism management module, so that resources which can be opened between mechanism systems or between application systems are subjected to authority management, and the utilization rate of the resources is improved.
In a specific embodiment of the right management system, the application system adopts a kubernets architecture, and the right management system realizes authentication by using RBAC (Role-Based Access Control). The application system functions are realized at a server side, the authority of each mechanism system has a unique namespace, namely a namespace scope, and the authorities of a plurality of application systems in the same mechanism system belong to the same namespace scope. Authority resource permissions, application resource permissions and micro-service resource permissions may all be preset in different roles (Role or ClusterRole), where permission rules are defined such as corresponding resources and operations.
The access and operation authority of the specific corresponding resource is deployed in a first container (container), such as database path, account number and password, a specific data table and corresponding operations of query, viewing, creation, deletion and the like; user-operable actions for resources are deployed within a second container, encapsulating the two containers in a pod, collectively constituting a microservice. And the user operates the resources in the second container, responds to the second container by calling the first container to implement the operation on the corresponding resources, and realizes the change of data addition, deletion, change and the like.
Specifically, the super management module binds a user account to cluster-admin through cluster role binding, so that the user account becomes a super administrator, and the super administrator has the authority to execute all operations on any resource in the authority management system, that is, the management authority in the cluster action domain. If a new resource such as a new working node or a new database is added, the super administrator has all the operation rights to the new resource as long as the new resource is deployed on the system. And configuring the authority public resource authority into a single authority public role such as a ClusterRole role, and binding the authority public role to a user when the user needs the authority public resource authority to use the authority public resource to finish authorization. Users in different name space action domains can bind the public role of the organization, and public resources of the organization are shared among different organizations.
And the mechanism management module binds a user account in the name space action domain through Rolebinding, so that the user account becomes a mechanism administrator. In addition, for the case that a plurality of organization administrators are needed, the application resource management authority can be bound to a user group (group), and all users in the user group have the same authority, so that the addition of the organization administrators can be conveniently realized as long as the users are added into the user group. The application resource permissions can be encapsulated in the Role of Role for the namespace scope, or in the Role of ClusterRole, and then bound to the namespace scope when binding users. In one embodiment, where a user account binds cluster-admin in a namespace role through RoleBinding, the organization administrator may authorize control of all resources in the namespace in which RoleBinding resides, including the namespace itself. In another embodiment, where a user account binds admin in a namespace scope through RoleBinding, the facility administrator may grant read/write rights to most resources in the namespace, including the ability to create role and role bindings, but it does not allow writes to resource quotas or the namespace itself.
In addition, the application resource authority can be encapsulated in the composite ClusterRole, and new authority can be conveniently added to the composite ClusterRole only by creating the label which is the same as the composite ClusterRole, so that the authority of the organization administrator can be updated. For application common resource authority, it needs to be encapsulated in the role of the same namespace scope, and common use of application resources is realized in the namespace scope, such as common use for the same pod or the same container.
The application management module can refer to the mechanism management module, and the difference lies in that resources used by a micro-service level are controlled, the fine granularity of authority management is smaller, and the same is true for micro-service public resource authorities. Different independent functional modules of an application system are subjected to micro-service, and the operation requirements of each micro-service only need to authorize corresponding resource permission, so that misoperation of resources irrelevant to the micro-service is avoided. Because the application system adopts the micro-service mode, a plurality of micro-services belonging to the same application can be labeled with the same labels (labels), and the micro-services can be conveniently selected in the same name space action domain. Similarly, the roles with the micro-service common resource authority can be labeled, so that the roles can be bound to the users needing the resources conveniently.
For authorization of a common user, a user account can be bound to a view role of a namespace scope through an organization management module or an application management module, and the view role is associated with at least one micro-service of an application system, so that the user account has read-only right to the micro-service. For example, a specific course query module and a course registration condition check module of the course management system associate the read-only permissions of the two modules with a view role, and as long as the view role is bound with a common user, the common user is given the read permissions of the two modules. Meanwhile, a label can be set in the view role, and a new authority (or rule) is added to the view role through the label, so that the common user can obtain the new authority.
The above-mentioned embodiments are merely preferred embodiments of the present application, which are not intended to limit the present application in any way, and it will be understood by those skilled in the art that various changes and modifications can be made without departing from the spirit and scope of the present application.
Claims (10)
1. A rights management system for microservices, the rights management system being connected to a plurality of institutional systems, each institutional system comprising a plurality of application systems, each application system comprising a plurality of microservices, the rights management system comprising:
the super management module is used for managing mechanism resource authorities of a plurality of mechanism systems and binding the mechanism resource authorities to a super manager, the super manager manages resources of the mechanism systems in the mechanism resource authorities, and the mechanism resource authorities comprise mechanism public resource authorities;
the mechanism management module is used for managing application resource authorities of the application systems belonging to the same mechanism system and binding the application resource authorities to a mechanism manager, the mechanism manager manages resources of the application systems in the application resource authorities, and the application resource authorities belong to the mechanism resource authorities;
and the application management module is used for managing micro-service resource authorities of the micro-services belonging to the same application system and binding the micro-service resource authorities to an application manager, wherein the application manager manages resources of the micro-services in the micro-service resource authorities, and the micro-service resource authorities belong to the application resource authorities.
2. The rights management system applied to microservice of claim 1, wherein the organization common resource rights refer to access rights and operation rights of common resources between different organization systems in the super management module.
3. The rights management system applied to microservices according to claim 2, wherein in the institution management module, the application resource rights comprise application common resource rights, and the application common resource rights refer to access rights and operation rights of common resources between different application systems in the same institution system;
in the application management module, the micro-service resource authority includes a micro-service public resource authority, and the micro-service public resource authority refers to an access authority and an operation authority of a public resource between different micro-services in the same application system.
4. The rights management system applied to microservice of claim 1, wherein the application management module comprises a public management module for managing public resource rights in the application system and binding the public resource rights to users; the user uses the microservice within the public resource rights, which contain only read and query operations for public resources.
5. The rights management system of claim 2, wherein the application system is deployed in a kubernets architecture, the super management module is bound to cluster-admin through ClusterRolebinding to complete authorization for a super administrator, and the institutional common resource rights are encapsulated in the role of ClusterRole.
6. A rights management method applied to a microservice, wherein the rights management system is connected to a plurality of organization systems, each organization system comprises a plurality of application systems, each application system comprises a plurality of microservices, and the rights management method comprises:
managing authority resource authorities of a plurality of the authority systems, and binding the authority resource authorities to a super administrator, wherein the super administrator manages resources of the authority systems in the authority resource authorities, and the authority resource authorities comprise authority public resource authorities;
managing application resource permissions of the application systems belonging to the same mechanism system, and binding the application resource permissions to a mechanism administrator, wherein the mechanism administrator manages resources of the application systems in the application resource permissions, and the application resource permissions belong to the mechanism resource permissions;
managing micro-service resource permissions of the micro-services belonging to the same application system, and binding the micro-service resource permissions to an application manager, wherein the application manager manages resources of the micro-services within the micro-service resource permissions, and the micro-service resource permissions belong to the application resource permissions.
7. The rights management method applied to microservice of claim 6, wherein the organization common resource rights refer to access rights and operation rights of common resources between different organization systems.
8. The method of claim 7, wherein the application resource permissions include application common resource permissions, and the application common resource permissions refer to access permissions and operation permissions of common resources between different application systems in the same institution system;
the micro service resource authority comprises micro service public resource authority, and the micro service public resource authority refers to access authority and operation authority of public resources among different micro services in the same application system.
9. The rights management method applied to microservice of claim 6, wherein the public resource rights in the application system are managed and bound to a user; the user uses the microservice within the public resource rights, which contain only read and query operations for public resources.
10. The rights management method applied to microservices according to claim 7, wherein the application system is deployed in a kubernets architecture, the method comprising: and the authorization of the super administrator is finished by binding the ClusterRolebinding to the cluster-admin, and the authority common resource authority is encapsulated in the role of the ClusterRole.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111428303.XA CN114143069B (en) | 2021-11-26 | 2021-11-26 | Authority management system and method applied to microservice |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111428303.XA CN114143069B (en) | 2021-11-26 | 2021-11-26 | Authority management system and method applied to microservice |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114143069A true CN114143069A (en) | 2022-03-04 |
| CN114143069B CN114143069B (en) | 2023-03-14 |
Family
ID=80388426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111428303.XA Active CN114143069B (en) | 2021-11-26 | 2021-11-26 | Authority management system and method applied to microservice |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114143069B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208693A (en) * | 2022-09-09 | 2022-10-18 | 中国电子科技集团公司第十五研究所 | Security access control method and device based on micro-service |
| US20220342997A1 (en) * | 2021-04-22 | 2022-10-27 | International Business Machines Corporation | Assessing latent security risks in kubernetes cluster |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200053091A1 (en) * | 2018-08-13 | 2020-02-13 | Capital One Services, Llc | Systems and methods for dynamic granular access permissions |
| US10681095B1 (en) * | 2018-01-17 | 2020-06-09 | Sure Market, LLC | Distributed messaging communication system integrated with a cross-entity collaboration platform |
| CN111865943A (en) * | 2020-07-02 | 2020-10-30 | 北京同创永益科技发展有限公司 | Multi-level tenant authentication method and device based on micro-service |
| CN112989372A (en) * | 2021-03-03 | 2021-06-18 | 浪潮云信息技术股份公司 | Management authority separation method applied to business system based on micro-service |
| CN113660219A (en) * | 2021-07-27 | 2021-11-16 | 克拉玛依油城数据有限公司 | Hierarchical authorization management method based on micro-service management and control |
-
2021
- 2021-11-26 CN CN202111428303.XA patent/CN114143069B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10681095B1 (en) * | 2018-01-17 | 2020-06-09 | Sure Market, LLC | Distributed messaging communication system integrated with a cross-entity collaboration platform |
| US20200053091A1 (en) * | 2018-08-13 | 2020-02-13 | Capital One Services, Llc | Systems and methods for dynamic granular access permissions |
| CN111865943A (en) * | 2020-07-02 | 2020-10-30 | 北京同创永益科技发展有限公司 | Multi-level tenant authentication method and device based on micro-service |
| CN112989372A (en) * | 2021-03-03 | 2021-06-18 | 浪潮云信息技术股份公司 | Management authority separation method applied to business system based on micro-service |
| CN113660219A (en) * | 2021-07-27 | 2021-11-16 | 克拉玛依油城数据有限公司 | Hierarchical authorization management method based on micro-service management and control |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220342997A1 (en) * | 2021-04-22 | 2022-10-27 | International Business Machines Corporation | Assessing latent security risks in kubernetes cluster |
| US11704413B2 (en) * | 2021-04-22 | 2023-07-18 | International Business Machines Corporation | Assessing latent security risks in Kubernetes cluster |
| CN115208693A (en) * | 2022-09-09 | 2022-10-18 | 中国电子科技集团公司第十五研究所 | Security access control method and device based on micro-service |
| CN115208693B (en) * | 2022-09-09 | 2022-12-20 | 中国电子科技集团公司第十五研究所 | Security access control method and device based on micro-service |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114143069B (en) | 2023-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10749873B2 (en) | User abstracted RBAC in a multi tenant environment | |
| US11750609B2 (en) | Dynamic computing resource access authorization | |
| US9432350B2 (en) | System and method for intelligent workload management | |
| US8086710B2 (en) | Identity migration apparatus and method | |
| CN114143069B (en) | Authority management system and method applied to microservice | |
| US8850041B2 (en) | Role based delegated administration model | |
| US8843648B2 (en) | External access and partner delegation | |
| US8789132B2 (en) | Enterprise model for provisioning fine-grained access control | |
| US20080120302A1 (en) | Resource level role based access control for storage management | |
| CN113297550A (en) | Authority control method, device, equipment, storage medium and program product | |
| US20140150066A1 (en) | Client based resource isolation with domains | |
| CN110474897A (en) | A kind of file permission management system | |
| EP4158518A1 (en) | Secure resource authorization for external identities using remote principal objects | |
| US11778539B2 (en) | Role-based access control system | |
| CN112702348A (en) | System authority management method and device | |
| CN112651000A (en) | Permission configuration integrated system for modular plug-in development | |
| CN113407626B (en) | Planning management and control method based on blockchain, storage medium and terminal equipment | |
| Zou et al. | Multi-tenancy access control strategy for cloud services | |
| US10157124B1 (en) | Method, apparatus, and system for managing data storage with an application programming interface | |
| CN111935131B (en) | SaaS resource access control method based on resource authority tree | |
| CN110348184B (en) | Industrial cloud-based permission resource configuration method, system and storage medium | |
| CN102355457B (en) | Character terminal application system and calling method thereof | |
| US20230222240A1 (en) | Governed database connectivity (gdbc) through and around data catalog to registered data sources | |
| US11665167B2 (en) | Dynamically deployed limited access interface to computational resources | |
| CN116975842A (en) | User authority access control method and system based on cloud center |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |