CN115208683A - Permission allocation method and permission allocation device based on space cloud service - Google Patents
Permission allocation method and permission allocation device based on space cloud service Download PDFInfo
- Publication number
- CN115208683A CN115208683A CN202210884207.4A CN202210884207A CN115208683A CN 115208683 A CN115208683 A CN 115208683A CN 202210884207 A CN202210884207 A CN 202210884207A CN 115208683 A CN115208683 A CN 115208683A
- Authority
- CN
- China
- Prior art keywords
- role
- user
- information
- permission
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- Aviation & Aerospace Engineering (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an authority distribution method and an authority distribution device based on aerospace cloud service, wherein the authority distribution method comprises the following steps: establishing a space cloud service database, wherein the database comprises user information, role information, user authority information and sub-service authority information; establishing association between the user information and the role information; distributing user authority and sub-service authority to the role according to the incidence relation established by the user information and the role information; and different role information corresponds to different user authorities and/or sub-service authorities. The permission allocation method can solve the problems that in the prior art, the permission management mode of the aerospace cloud platform is low in flexibility and low in allocation efficiency.
Description
Technical Field
The application relates to the technical field of communication, in particular to an authority distribution method and an authority distribution device based on aerospace cloud service.
Background
With the wide application of satellite technology in the technical field of wireless communication and the increasing urgency of the requirements of national security, aerospace, disaster early warning and the like, the development of satellite communication networks is rapid. The satellite communication network realizes global communication, the communication channel has the characteristic of openness, and all users near a signal sending place can receive information under the condition of having certain equipment, so that an access entity is more susceptible to entity impersonation, unauthorized access, information stealing, cross-network attack and the like. Therefore, the satellite communication network requires unified identity rights management for a plurality of nodes and a plurality of user terminals.
In the related art, when performing authority management, a user, role, authority, user-authority, authority-role table structure is generally established in a database, and dynamic expansion and contraction of user authentication can be completed by using a recursive technique in a service code. Such a management mode results in one-to-one correspondence between users and roles and authorities. However, in practical application, different roles are often needed for processing the same task plan, different authority management cannot be realized for the same account, and the problems of low flexibility and low deployment efficiency exist in the authority management mode of the existing aerospace cloud platform.
The information disclosed in this background section of the application is only for enhancement of understanding of the general background of the application and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art that is already known to a person skilled in the art.
Disclosure of Invention
The application aims to provide an authority distribution method and an authority distribution device based on a space cloud service, and the authority distribution method can solve the problems of low flexibility and low allocation efficiency of an authority management mode of a space cloud platform in the prior art.
In order to achieve the above object, the present application provides the following technical solutions:
the embodiment of the application provides an authority distribution method based on aerospace cloud service, and the method specifically comprises the following steps:
establishing a space cloud service database, wherein the database comprises user information, role information, user authority information and sub-service authority information;
establishing association between the user information and the role information;
distributing user authority and sub-service authority to the role according to the incidence relation established by the user information and the role information;
wherein different role information corresponds to different user rights and/or sub-service rights.
Further, the associating the user information with the role information specifically includes:
and establishing a mapping relation between one piece of user information and the first role and the second role.
Further, the step of assigning the user right and the sub-service right to the role according to the association relationship established between the user information and the role information specifically includes:
allocating a first user permission to the first role and allocating the sub-service permission to the second role;
the first user permission comprises account center permission, user management permission and task plan permission, and the sub-service permission comprises sub-permission of a task plan.
Further, the mission plan authority of the first role has a higher priority than the sub-authority of the mission plan of the second role.
Further, the mission plan privileges of the first role and the sub-privileges of the mission plan of the second role have different scopes.
In a second aspect, an embodiment of the present application provides an authority allocation device based on an aerospace cloud service, where the device specifically includes:
the system comprises a database establishing module, a service database establishing module and a service database establishing module, wherein the database comprises user information, role information, user permission information and sub-service permission information;
the information association module is used for establishing association between the user information and the role information;
the authority distribution module is used for distributing user authority and sub-service authority to the role according to the incidence relation established by the user information and the role information;
wherein different role information corresponds to different user rights and/or sub-service rights.
Further, the information association module is specifically configured to:
and establishing a mapping relation between the user information and the first role and the second role.
Further, the right assignment module is specifically configured to:
allocating a first user permission to the first role and allocating the sub-service permission to the second role;
the first user permission comprises account center permission, user management permission and task plan permission, and the sub-service permission comprises sub-permission of a task plan.
Further, the mission plan authority of the first role has a higher priority than the sub-authority of the mission plan of the second role.
Further, the mission plan privileges of the first role and the sub-privileges of the mission plan of the second role have different scopes.
According to the permission allocation method based on the space cloud service, a space cloud service database is established, wherein the database comprises user information, role information, user permission information and sub-service permission information;
establishing association between the user information and the role information; distributing user authority and sub-service authority to the role according to the incidence relation established by the user information and the role information; wherein different role information corresponds to different user rights and/or sub-service rights. According to the method and the device, the role is allocated to the user information, and different user authority information and sub-service authority information are allocated to different roles, so that the horizontal expansibility and the longitudinal expansibility of the service authority are improved. And establishing association between the user and the user authority, wherein when the user needs to split, add and modify the authority, the user authority and the sub-service authority are completely separated and do not influence each other. Therefore, according to the scheme provided by the application, the same user can simultaneously have different accounts, such as a main account and a sub-body account, the main account and the sub-body account correspond to different roles, the different roles have different permissions for the same task plan, when the same task plan needs multiple roles, the service permissions of the roles can be fully utilized, and the scheduling efficiency is improved.
Drawings
Fig. 1 is a flowchart of an authority allocation method based on a space cloud service according to an embodiment of the present application;
fig. 2 is a flow diagram of an authority allocation apparatus based on an aerospace cloud service according to an embodiment of the present application;
FIG. 3 is a diagram of the system architecture for rights assignment in the present application;
fig. 4 is a schematic structural diagram of an electronic device provided in the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions in the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present disclosure and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in other sequences than those illustrated or described herein.
It should be understood that, in various embodiments of the present disclosure, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the inherent logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present disclosure.
It should be understood that in the present disclosure, "including" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in the present disclosure, "plurality" means two or more. "and/or" is merely an association relationship describing an associated object, meaning that there may be three relationships, for example, and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprising a, B and C", "comprising a, B, C" means that all three of a, B, C are comprised, "comprising a, B or C" means comprising one of three of a, B, C, "comprising a, B and/or C" means comprising any 1 or any 2 or 3 of three of a, B, C.
It should be understood that in this disclosure, "B corresponding to a", "a corresponds to B", or "B corresponds to a" means that B is associated with a, from which B can be determined. Determining B from a does not mean determining B from a alone, but may be determined from a and/or other information. And the matching of A and B means that the similarity of A and B is greater than or equal to a preset threshold value.
As used herein, the term "if" may be interpreted as "at \8230; …" or "in response to a determination" or "in response to a detection" depending on the context.
The technical solution of the present disclosure is explained in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
First, the technical background of the present application is explained. The traditional satellite ground measurement and control or operation and control system is basically a special line and special network, a large center and a large measurement station, and needs to be fixed in several places to know the working state of the satellite; it is rather rare to implement operational control of on-orbit satellites, both for security and threshold, for those outside the system. With the development of the internet technology, the commercial aerospace measurement and control service management system is built by taking the internet as a platform, so that user terminals such as smart phones and computers are allowed to be accessed, the operation control of the on-orbit satellite is realized, and the convenience and the reliability of aviation information management are greatly improved.
However, since the aerospace information itself has high confidentiality and complexity, in the existing aerospace cloud service platform, information management is performed based on a single right management mode. Specifically, a primary account is established for each user, a unique ID is allocated to each primary account, the primary account is bound and stored with a corresponding authority information table, the authority information table includes a plurality of functional authorities and effective limiting conditions corresponding to each functional authority, the effective limiting conditions include an upper effective limiting condition and a lower effective limiting condition, the lower effective limiting condition must be within the range of the upper effective limiting condition, the upper effective limiting condition and the lower effective limiting condition are all composed of a time limiting condition, a position limiting condition and an identity limiting condition, and only when the lower effective limiting condition is satisfied, the corresponding functional authority is effective. However, in practical applications, there is often a task plan that requires different roles to complete, and different roles should be assigned different rights. The existing single user role authority corresponding relation cannot meet the requirements of practical application.
The embodiment of the application provides an authority distribution method based on aerospace cloud service. Please refer to fig. 1, which is a flowchart of an authority allocation method for an aerospace cloud service provided by the present application. The permission allocation method based on the space cloud service comprises the following steps:
s101, establishing a space cloud service database, wherein the database comprises user information, role information, user permission information and sub-service permission information;
it can be understood that in the process of conducting the space cloud service, a database needs to be established first. The database stores user information, role information, user authority information and sub-service authority information. In the database, a user refers to an ID (Identity document) of each account registered in the system, a role refers to a department and a position for binding the user, and a permission refers to an operable or viewable range of the user, including an operation permission and a data permission.
The user information includes user preferences, user details, user requirements, user contact information, and other basic information about the user. The user information is mainly divided into three types of description type information, behavior type information and association type information. When registering, the user puts user information into a database, and the user does not distribute a user account.
In addition, a user table, a role table, a rights table, a user-user rights mapping table, a user-role mapping table, a sub-service rights table, and a user-sub-service rights mapping table may be constructed.
The user table comprises user identification, user identification of subordinate users of the user and sub-services owned by the user; the role table comprises role identification and role names; the authority list comprises an authority identifier and an authority name; the user-user authority mapping table comprises a user identifier and a user authority identifier; the role-user mapping table comprises user identifications and role identifications; the sub-service table comprises a sub-service identifier and a sub-service name; the sub-service authority table comprises a multi-level authority identifier of the sub-service and a multi-level authority name of the sub-service; the user-sub service authority mapping table comprises a user identifier and a multi-level authority identifier of a sub service.
The dynamic expansion capacity of user authentication is completed by using a recursive technology in a service code, a user authority account and a sub-service authority account are stored in a database, a recursive algorithm is used (the recursive algorithm is to continuously decompose an original problem into a sub-problem with a reduced scale, and then a method is recursively called to express the solution of the problem, namely, a method is used to solve the problem with a different scale) is used to form the authority structure into a tree structure, and when the authority is newly added, the user account, the authority account corresponding to the user account and/or the sub-service authority account corresponding to the user account are/is indicated only when data is inserted into the database.
The services are various services provided by the service organization for the served object, such as desktop services, mail services, storage services, etc., and the service directory is a tree structure that determines the range of the services that can be provided by the service provider and classifies all the services provided by the service organization, and each service directory may include a sub-service directory and sub-services. Also called parent services, contain child services or child service directories.
The database is a relational database with a rights management function.
S102, establishing association between the user information and the role information;
generally, each user forms a user ID when registering an account in the system, and each user ID is assigned a corresponding role when registering, and each role corresponds to a corresponding right. For example, a role may have a system administrator, system user, and guest. The role of the system administrator may have the highest level of authority, such as the operation authority and the data editing and browsing authority, and the authority of the system user is relatively low, such as only the data editing and browsing authority, while the authority of the guest is the lowest, such as only the data browsing authority. However, during the process of completing a task plan, a user may need to have the authority of the system administrator and the authority of the system user at the same time, so as to know the progress of the task plan from different dimensions, and therefore, the conventional authority distribution method cannot meet the requirement.
In this embodiment, a user may have a first account and a second account. It is understood that the first account number is a primary account number and the second account number is a split-body account number. The first account may be assigned system management permissions and the second account may be assigned system usage permissions. Therefore, when one user performs task management, the primary account and the sub-body account can be switched, namely different role authorities can be switched, and thus a task plan can be completed in multiple dimensions.
Specifically, after the user information, the role information, the user authority information, and the sub-service authority information are included in the database, the user information and the role information may be associated with each other.
In this embodiment, one user ID may have a plurality of accounts, such as a first account, a second account, and a third account. And establishing association between the first account and the first role information, establishing association between the second account and the second role information, and establishing association between the third account and the third role information. One optional mode is that the first account is a primary account, and the first account is associated with a role of a system manager; the second account and the third account are divided account numbers, the second account is related to the system user role, and the third account is related to the tourist role.
S103, distributing user authority and sub-service authority to the role according to the association relationship established by the user information and the role information;
in particular, different roles have different permissions. In this way, when a task plan is performed, one user can realize multi-dimensional task plan management by switching between the primary account and the split account. For example, the system is adjusted and data managed through the primary account, and the system operation condition is known from different roles through the split account.
Optionally, a first user permission is allocated to the first role, and the sub-service permission is allocated to the second role; the first user permission comprises account center permission, user management permission and task plan permission, and the sub-service permission comprises sub-permission of a task plan. Therefore, reasonable distribution of different authorities can be realized through nested authority distribution, and the dispatching and running efficiency of the database can be improved.
Optionally, the mission plan authority of the first role has a higher priority than the sub-authority of the mission plan of the second role. It can be understood that the first role is the role of the primary account and has a higher priority for mission planning, and the second role is the role of the affiliate account and has a lower priority for controlling mission planning.
Optionally, the mission plan permissions of the first role and the sub-permissions of the mission plan of the second role have different scopes. It will be appreciated that different roles will have different responsibility for accomplishing the mission plan. For example, a first role is the role of the primary account number, which has the scope of authority of the entire mission plan, while a second role is the role of the split account number, which has authority in the mission plan that only includes a part, such as the mission plan book part, or the mission verification part. Therefore, the safety of the aerospace cloud service platform can be further improved while the scheduling efficiency is improved.
Optionally, when the user authority and/or the sub-service authority of a certain user needs to be modified or deleted, searching the sub-service authority account information and/or the user authority account information matched with the user account through the user account, and modifying the sub-service authority account information and/or the user authority account information matched with the user account;
adding a column in the user table to represent sub-services owned by the user, and storing the relationship between the sub-service authority and the user;
when the user distributes the authority to other users, the sub-service account number, the user authority account number, the sub-service authority account number and the user account number are transmitted to a back-end service, and the back-end service operates a database to bind the authority;
the method is characterized in that a single binding mode is used, a list of service identifications is added in a user table to indicate sub-services owned by the user, then a table is created, and the relation between sub-service rights contained in the sub-services and the user is saved.
Service identification: the method refers to that a column is unique in a user table to represent sub-service authority owned by a user, the column is stored by using a character string, and commas are separated among a plurality of sub-services.
Compared with the prior art, the authority distribution method has the advantages that the service identification enables the configuration of the sub-service authority for the user to be more flexible, the authority separation enhances the dynamic expansion capability of the whole authentication framework, and the authority relation of the sub-service is established to enable the sub-service authority to be more flexible.
As shown in FIG. 3, the sub-service authority A-3 is separated, and the user A is bound with the sub-service authority A-3, so that the horizontal and longitudinal expansibility of the sub-service authority A-3 is improved. The relation between the sub-service and the sub-service authority A-3 is correlated, the sub-service authority A-3-1 and the sub-service authority A-3-2 are in one-to-many relation, when a user needs to distribute, newly add or modify the authority, the user authority A and the sub-service authority A-3 are completely separated and do not affect each other, and the condition that the authority is disordered when the user authority A is too much is reduced.
Binding a user A with a role A, establishing a 1-to-many relation between the authority A and the authorities A-1 and A-2, associating the user A with the authority A, associating the user with the sub-service A-3, and associating the sub-service A-3 with the sub-service authority A-3-1 and the sub-service authority A-3-2.
In a second aspect, an embodiment of the present application further provides an authority allocation apparatus based on an aerospace cloud service, and as shown in fig. 2, the apparatus specifically includes:
a database establishing module 201, configured to establish an aerospace cloud service database, where the database includes user information, role information, user permission information, and sub-service permission information;
an information association module 202, configured to establish association between the user information and the role information;
optionally, the information associating module 202 is specifically configured to:
and establishing a mapping relation between the user information and the first role and the second role.
The authority distribution module 203 is used for distributing user authority and sub-service authority to the role according to the association relationship established by the user information and the role information;
and different role information corresponds to different user authorities and/or sub-service authorities.
Optionally, the right assignment module 203 is specifically configured to:
allocating a first user permission to the first role and allocating the sub-service permission to the second role;
the first user permission comprises account center permission, user management permission and task plan permission, and the sub-service permission comprises sub-permission of a task plan.
Optionally, the priority of the mission plan permission of the first role is higher than the priority of the sub-permission of the mission plan of the second role.
Optionally, the mission plan permission of the first role and the sub-permission of the mission plan of the second role have different scopes.
Furthermore, the present embodiment also provides a non-transitory computer-readable storage medium, which stores computer instructions, the computer instructions cause a computer to execute the method provided by the foregoing method embodiments, for example, including: establishing a space cloud service database, wherein the database comprises user information, role information, user authority information and sub-service authority information; establishing association between the user information and the role information; distributing user authority and sub-service authority to the role according to the incidence relation established by the user information and the role information; wherein different role information corresponds to different user rights and/or sub-service rights.
The present application may be methods, apparatus, systems and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for carrying out various aspects of the present application.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as a punch card or an in-groove protruding structure with instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations of the present application may be assembler instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, the electronic circuitry can execute computer-readable program instructions to implement aspects of the present application by utilizing state information of the computer-readable program instructions to personalize the electronic circuitry, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA).
Various aspects of the present application are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It is noted that, unless expressly stated otherwise, all the features disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose. Thus, unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features. Where used, further, preferably, still further and more preferably is a brief introduction to the description of the other embodiment based on the foregoing embodiment, the combination of the contents of the further, preferably, still further or more preferably back strap with the foregoing embodiment being a complete construction of the other embodiment. Several further, preferred, still further or more preferred arrangements of the belt after the same embodiment may be combined in any combination to form a further embodiment.
It will be appreciated by persons skilled in the art that the embodiments of the present application described above and illustrated in the drawings are given by way of example only and are not limiting of the present application. The objectives of the present application have been fully and effectively attained. The functional and structural principles of the present application have been shown and described in the examples, and any variations or modifications of the embodiments of the present application are possible without departing from the principles described.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present disclosure, and not for limiting the same; although the present disclosure has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.
Claims (10)
1. An authority distribution method based on aerospace cloud service is characterized by specifically comprising the following steps:
establishing a space cloud service database, wherein the database comprises user information, role information, user permission information and sub-service permission information;
establishing association between the user information and the role information;
distributing user authority and sub-service authority to the role according to the incidence relation established by the user information and the role information;
wherein different role information corresponds to different user rights and/or sub-service rights.
2. The method for assigning authority according to claim 1, wherein the associating the user information with the role information specifically comprises:
and establishing a mapping relation between one piece of user information and the first role and the second role.
3. The permission allocation method according to claim 2, wherein the allocating, for the role, the user permission and the sub-service permission according to the association relationship established between the user information and the role information specifically comprises:
allocating a first user permission to the first role and allocating the sub-service permission to the second role;
the first user permission comprises account center permission, user management permission and task plan permission, and the sub-service permission comprises sub-permission of a task plan.
4. The method of claim 3, wherein the mission plan permissions of the first role have a higher priority than the sub-permissions of the mission plan of the second role.
5. The method of claim 3, wherein the mission plan permissions of the first role and the sub-permissions of the mission plan of the second role have different scopes.
6. An authority distribution device based on aerospace cloud service is characterized in that the device specifically comprises:
the system comprises a database establishing module, a service database establishing module and a service database establishing module, wherein the database comprises user information, role information, user permission information and sub-service permission information;
the information association module is used for establishing association between the user information and the role information;
the authority distribution module is used for distributing user authority and sub-service authority to the role according to the incidence relation established by the user information and the role information;
wherein different role information corresponds to different user rights and/or sub-service rights.
7. The permission assignment device according to claim 6, wherein the information association module is specifically configured to:
and establishing a mapping relation between the user information and the first role and the second role.
8. The permission allocation device according to claim 7, wherein the permission allocation module is specifically configured to:
allocating a first user permission to the first role and allocating the sub-service permission to the second role;
the first user permission comprises account center permission, user management permission and task plan permission, and the sub-service permission comprises sub-permission of a task plan.
9. The rights assignment device of claim 8, wherein the mission plan rights of the first role have a higher priority than the sub-rights of the mission plan of the second role.
10. The rights assignment device of claim 8, wherein the mission plan rights of the first role and the sub-rights of the mission plan of the second role have different scopes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210884207.4A CN115208683B (en) | 2022-07-26 | 2022-07-26 | Authority distribution method and authority distribution device based on space cloud service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210884207.4A CN115208683B (en) | 2022-07-26 | 2022-07-26 | Authority distribution method and authority distribution device based on space cloud service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115208683A true CN115208683A (en) | 2022-10-18 |
| CN115208683B CN115208683B (en) | 2023-05-26 |
Family
ID=83584029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210884207.4A Active CN115208683B (en) | 2022-07-26 | 2022-07-26 | Authority distribution method and authority distribution device based on space cloud service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115208683B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110142234A1 (en) * | 2009-12-15 | 2011-06-16 | Michael Leonard Rogers | Multi-Factor Authentication Using a Mobile Phone |
| CN104463015A (en) * | 2014-12-15 | 2015-03-25 | 浪潮通用软件有限公司 | Authority management method and device |
| EP3151505A1 (en) * | 2014-05-29 | 2017-04-05 | Tecteco Security Systems, S.L. | Method and network element for improved access to communications networks |
| US20180083969A1 (en) * | 2016-09-16 | 2018-03-22 | Salesforce.Com, Inc. | Validating state change requests |
| CN109800593A (en) * | 2018-12-07 | 2019-05-24 | 上海益政网络科技发展有限公司 | A kind of information matching method and system |
| CN110287709A (en) * | 2019-05-22 | 2019-09-27 | 深圳壹账通智能科技有限公司 | User's operation authority control method, device, equipment and medium |
| CN111104652A (en) * | 2019-10-17 | 2020-05-05 | 贝壳技术有限公司 | Authority management method and device, computer readable storage medium and electronic equipment |
| CN111460496A (en) * | 2020-03-30 | 2020-07-28 | 招商局金融科技有限公司 | Permission configuration method based on user role, electronic device and storage medium |
| CN111935073A (en) * | 2020-06-19 | 2020-11-13 | 中国市政工程华北设计研究总院有限公司 | Authority management method and system of cloud platform based on multi-organization architecture |
| CN112532632A (en) * | 2020-11-30 | 2021-03-19 | 数字广东网络建设有限公司 | Resource allocation method and device for multi-level cloud platform and computer equipment |
| CN113836176A (en) * | 2021-08-19 | 2021-12-24 | 重庆恩谷信息科技有限公司 | Information integration service system of cloud data |
-
2022
- 2022-07-26 CN CN202210884207.4A patent/CN115208683B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110142234A1 (en) * | 2009-12-15 | 2011-06-16 | Michael Leonard Rogers | Multi-Factor Authentication Using a Mobile Phone |
| EP3151505A1 (en) * | 2014-05-29 | 2017-04-05 | Tecteco Security Systems, S.L. | Method and network element for improved access to communications networks |
| CN104463015A (en) * | 2014-12-15 | 2015-03-25 | 浪潮通用软件有限公司 | Authority management method and device |
| US20180083969A1 (en) * | 2016-09-16 | 2018-03-22 | Salesforce.Com, Inc. | Validating state change requests |
| CN109800593A (en) * | 2018-12-07 | 2019-05-24 | 上海益政网络科技发展有限公司 | A kind of information matching method and system |
| CN110287709A (en) * | 2019-05-22 | 2019-09-27 | 深圳壹账通智能科技有限公司 | User's operation authority control method, device, equipment and medium |
| CN111104652A (en) * | 2019-10-17 | 2020-05-05 | 贝壳技术有限公司 | Authority management method and device, computer readable storage medium and electronic equipment |
| CN111460496A (en) * | 2020-03-30 | 2020-07-28 | 招商局金融科技有限公司 | Permission configuration method based on user role, electronic device and storage medium |
| CN111935073A (en) * | 2020-06-19 | 2020-11-13 | 中国市政工程华北设计研究总院有限公司 | Authority management method and system of cloud platform based on multi-organization architecture |
| CN112532632A (en) * | 2020-11-30 | 2021-03-19 | 数字广东网络建设有限公司 | Resource allocation method and device for multi-level cloud platform and computer equipment |
| CN113836176A (en) * | 2021-08-19 | 2021-12-24 | 重庆恩谷信息科技有限公司 | Information integration service system of cloud data |
Non-Patent Citations (2)
| Title |
|---|
| CHUNLEI WU; ZHONGWEI LI;: "An access control method of cloud computing resources based on quantified-role" * |
| 郝世博: "数字资源互操作及服务融合中的信任管理机制研究" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115208683B (en) | 2023-05-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111580977B (en) | Resource adjustment method and related equipment | |
| CN113495921B (en) | Routing method and device for database cluster | |
| US9558344B2 (en) | Proximity based authentication for striped data | |
| CN111246397B (en) | Cluster system, service access method, device and server | |
| CN111201763A (en) | Security based on file system content | |
| US20210337452A1 (en) | Sharing geographically concentrated workload among neighboring mec hosts of multiple carriers | |
| US20180005467A1 (en) | Multi-user hotel tracking and check-in | |
| CN110780912A (en) | Hierarchical spanning tree software patch with segmentation support | |
| US20180091477A1 (en) | Reducing data connections for transmitting secured data | |
| CN111950724A (en) | Separating public and private knowledge in AI | |
| CN110704833A (en) | Data permission configuration method, device, electronic device and storage medium | |
| CN105224541A (en) | The uniqueness control method of data, information storage means and device | |
| US20220182233A1 (en) | Multi-phase protection for data-centric objects | |
| CN115208683A (en) | Permission allocation method and permission allocation device based on space cloud service | |
| US9800557B2 (en) | Processing of restricted data | |
| US20200401447A1 (en) | Application building in a distributed computing environment | |
| CN115438333A (en) | Authority distribution method and device | |
| US9824113B2 (en) | Selective content storage with device synchronization | |
| US20190158455A1 (en) | Automatic dns updates using dns compliant container names | |
| CN111191256B (en) | Method and device for configuring user permission | |
| US20140201349A1 (en) | Applying a client policy to a group of channels | |
| CN114666125A (en) | Resource management method and device and server | |
| US20210250806A1 (en) | Location-based telecommunication prioritization | |
| US11085785B2 (en) | Navigation board | |
| CN112965821A (en) | Service request processing method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |