CN116070294A

CN116070294A - Authority management method, system, device, server and storage medium

Info

Publication number: CN116070294A
Application number: CN202310208939.6A
Authority: CN
Inventors: 陶帝豪
Original assignee: Inspur Electronic Information Industry Co Ltd
Current assignee: Inspur Electronic Information Industry Co Ltd
Priority date: 2023-03-07
Filing date: 2023-03-07
Publication date: 2023-05-05
Anticipated expiration: 2043-03-07
Also published as: CN116070294B

Abstract

The invention discloses a permission management method, a system, a device, a server and a storage medium, which relate to the field of access management of storage systems, and acquire first request information sent by a client in a first preset protocol format based on a preset protocol identification-identity information-configured permission corresponding relation which is designed and stored in advance, wherein the first request information comprises first access identity information and first access permission information corresponding to a target processing action, and judge whether the first access identity information corresponding to the first preset protocol format has qualification of executing the target processing action or not based on the first request information and the preset protocol identification-identity information-configured permission corresponding relation; if yes, controlling to execute the target processing action on the storage file corresponding to the corresponding relation between the preset protocol identification-identity information-configured permission. The method and the device realize rights management under the background of accessing the same storage file by multiple protocols and multiple users, and are beneficial to safe reading and writing of the storage file.

Description

Authority management method, system, device, server and storage medium

Technical Field

The present invention relates to the field of storage system access management technologies, and in particular, to a method, a system, an apparatus, a server, and a storage medium for rights management.

Background

With the expansion of the market of storage service, the application scenario of the storage system is more and more complex, in the prior art, the storage system is not only required to be in butt joint with a fixed file protocol, but is required to meet the butt joint with a plurality of different file protocols, specifically, a certain file in the storage system may need to be accessed by two or more protocols at the same time, the data format standards corresponding to different protocols are different, and in the process of accessing, in order to ensure the security of file data, the access rights possessed by the same user of different protocols are also different, for example, when the file data is processed, the user of the NFS protocol has read-write rights, and when the file data is checked, the user of the SMB protocol is only allowed to read rights; for another example, after a specific user using a certain protocol processes user data and generates a result file, the specific user of the protocol needs to set a right of the specific user to the protocol for reading the result file, that is, only the specific user under the protocol is allowed to read the result file. Therefore, the safe reading and writing of the file can be realized only on the basis of reasonably managing the user authority under the protocol.

Therefore, how to provide a technical solution to the problem of rights management in the context of multi-protocol access to the same file is a problem that needs to be solved by those skilled in the art.

Disclosure of Invention

The invention aims to provide a rights management method, a system, a device, a server and a storage medium, which realize rights management under the background of accessing the same storage file by multiple protocols and multiple users, meet the scene requirement of adapting the same storage file to the multi-protocol rights management, and are favorable for realizing safe reading and writing of the storage file and practical application.

In order to solve the technical problems, the invention provides a rights management method, which comprises the following steps:

acquiring first request information sent by a client in a first preset protocol format, wherein the first request information comprises first access identity information and first access right information corresponding to a target processing action;

judging whether the first access identity information corresponding to the first preset protocol format is qualified for executing the target processing action or not based on the first request information and a preset protocol identification-identity information-configured authority corresponding relation;

if yes, controlling to execute the target processing action on the storage file corresponding to the corresponding relation between the preset protocol identification, the identity information and the configured authority.

Preferably, determining that the first access identity information corresponding to the first preset protocol format qualifies for performing the target processing action includes:

performing format analysis on the first request information to determine a first preset protocol format corresponding to the first request information;

determining a first target protocol identifier corresponding to the first preset protocol format based on the first preset protocol format and a preset format-identifier correspondence;

searching in a preset protocol identification-identity information-configured permission corresponding relation by taking the first target protocol identification and the first access identity information as first search identifications so as to obtain first target configured permissions corresponding to the first search identifications;

judging whether the first access right information is included in the first target configured right or not;

if yes, judging that the first access identity information is qualified for executing the target processing action under the first preset protocol format.

a protocol layer is called, and a first target protocol identification corresponding to the first request information is determined based on the first request information;

Determining the first target protocol identifier and the first access identity information as a first search identifier;

the first search identifier and the first access right information are issued to a DFS layer so as to call the DFS layer;

judging whether a first successful signal which is fed back by the DFS layer and is used for successfully verifying the characterization permission is received; the first successful signal is generated when the DFS layer calls an MDS layer based on the first search identifier to acquire a first target configured permission fed back by the MDS layer based on the first search identifier and a preset protocol identifier-identity information-configured permission corresponding relation, and the first target configured permission is determined to comprise the first access permission information;

Preferably, the identity information in the preset protocol identifier-identity information-configured authority corresponding relationship comprises a UID identifier and/or a GID identifier of the user.

Preferably, when it is determined that the first access identity information corresponding to the first preset protocol format is not qualified to perform the target processing action, the method includes:

And sending a first feedback signal to the client, wherein the first feedback signal characterizes that the authority verification corresponding to the first access identity information under the first preset protocol format fails.

Preferably, when it is determined that the first access identity information corresponding to the first preset protocol format is not qualified to perform the target processing action, the method further includes:

recording an event corresponding to the failure of the authority verification of the first access identity information under the first preset protocol format in a log mode.

Preferably, the method further comprises:

acquiring second access identity information which is sent by the client in a second preset protocol format and characterizes permission to view;

judging whether a second target configured permission corresponding to the second access identity information under the second preset protocol format exists or not based on the second access identity information and the preset protocol identification-identity information-configured corresponding relation;

if yes, feeding back the second target configured permission to the client.

Preferably, determining that there is a second target configured right corresponding to the second access identity information in the second preset protocol format includes:

A protocol layer is called, and a second target protocol identifier corresponding to the second access identity information is determined based on the second access identity information;

issuing the second target protocol identifier and the second access identity information to a DFS layer as a second search identifier so as to call the DFS layer;

judging whether query configuration information fed back by the DFS layer is received or not, wherein the query configuration information is determined by the MDS layer based on the second search identifier and the result fed back by the preset protocol identifier-identity information-configured authority correspondence;

if yes, determining that the query configuration information is the second target configured permission, and judging that the second target configured permission corresponding to the second access identity information under the second preset protocol format exists.

Preferably, determining that there is no second target configured right corresponding to the second access identity information in the second preset protocol format includes:

a protocol layer is called, whether a second feedback signal of the check failure of the characterization authority fed back by the DFS layer is received or not is judged, the second feedback signal is generated by the MDS layer based on the second search identifier, and the search failure signal fed back when query configuration information corresponding to the second search identifier does not exist is determined according to the MDS layer based on the preset protocol identifier-identity information-configured authority corresponding relation;

If yes, judging that the second target configured permission corresponding to the second access identity information under the second preset protocol format does not exist.

Preferably, feeding back the second target configured permission to the client includes:

performing format conversion processing on the second target configuration permission based on a conversion component corresponding to the second preset protocol format so as to obtain the target format configuration permission;

and sending the target format configuration permission to the client.

Preferably, after determining that there is no second target configured permission corresponding to the second access identity information in the second preset protocol format, the method further includes:

and feeding back a third feedback signal representing permission checking failure to the client.

Acquiring second request information sent by the client in a third preset protocol format, wherein the second request information comprises third access identity information and second access right information representing right setting;

and updating the third target configured permission corresponding to the third preset protocol format and the third access identity information to the second access permission information based on the second request information and the preset protocol identification-identity information-configured permission corresponding relation.

Preferably, the updating the third target configured permission corresponding to the third preset protocol format and the third access identity information to the second access permission information includes:

a protocol layer is called, and a third target configured permission corresponding to the third preset protocol format and the third access identity information is determined based on the second request information and the preset protocol identification-identity information-configured permission corresponding relation;

determining configuration rights to be updated based on the second access rights information and the third target configured rights;

and issuing a third target protocol identifier, namely the third access identity information, corresponding to the third preset protocol format and the configuration permission to be updated to a DFS layer as a corresponding relation to be updated so as to call the DFS layer, so that the DFS layer calls an MDS layer based on the corresponding relation to be updated so as to update the third target configured permission to the second access permission information.

Preferably, determining the configuration right to be updated based on the second access right information and the third target configured right includes:

invoking the protocol layer, and determining a current authority setting action and a corresponding set target authority based on the second access authority information and the third target configured authority;

Determining an action identifier corresponding to the current authority setting action based on a preset action-action identifier corresponding relation;

and generating configuration rights to be updated according to the action identifier, the set target rights and the third target configured rights.

Preferably, the DFS layer invokes an MDS layer based on the correspondence to be updated to update the third target configured permission to the second access permission information, including:

and the DFS layer performs redundancy check processing based on the corresponding relation to be updated and the acquired third target configured permission to determine a final configuration corresponding relation, and issues the final configuration corresponding relation to an MDS layer so that the MDS layer updates the stored third target configured permission to the second access permission information.

Preferably, the method further comprises:

judging whether the third target configured permission is successfully updated to the second access permission information;

if not, a fourth feedback signal representing the failure of authority setting is sent to the client.

In order to solve the technical problem, the present invention further provides a rights management system, including:

the first acquisition unit is used for acquiring first request information sent by the client in a first preset protocol format, wherein the first request information comprises first access identity information and first access right information corresponding to a target processing action;

A first judging unit, configured to judge whether the first access identity information corresponding to the first preset protocol format is qualified to execute the target processing action based on the first request information and a preset protocol identifier-identity information-configured authority correspondence; if yes, triggering an action execution unit;

the action executing unit is used for controlling the target processing action to be executed on the storage file corresponding to the preset protocol identification-identity information-configured permission corresponding relation.

In order to solve the technical problem, the present invention further provides a rights management device, including:

a memory for storing a computer program;

a processor for implementing the steps of the rights management method as described above when executing the computer program.

In order to solve the technical problems, the invention also provides a server, which comprises the right management device.

To solve the above technical problem, the present invention further provides a computer readable storage medium, including:

the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the rights management method as described above.

The beneficial effects of this application are as follows: the application provides a permission management method, a system, a device, a server and a storage medium, wherein the same storage file is used for designing and storing preset protocol identification-identity information-configured permission corresponding relation aiming at the same user under different protocols or aiming at the permission information of different users under the same protocols, acquiring first request information sent by a client in a first preset protocol format, wherein the first request information comprises first access identity information and first access permission information corresponding to a target processing action, and judging whether the first access identity information corresponding to the first preset protocol format has the qualification of executing the target processing action or not based on the first request information and the preset protocol identification-identity information-configured permission corresponding relation; if so, controlling the storage file corresponding to the preset protocol identification-identity information-configured authority corresponding relation to execute the target processing action, and thus, the application realizes the authority management under the background of accessing the same storage file by multiple protocols and multiple users, meets the scene requirement of adapting the same storage file to the multiple protocol authority management, is beneficial to realizing the safe reading and writing of the storage file and is beneficial to practical application.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required in the prior art and the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a rights management method provided by the present invention;

fig. 2 is a schematic structural diagram of a preset protocol identifier-identity information-configured authority correspondence provided by the present invention;

FIG. 3 is a schematic diagram of hierarchical information interaction corresponding to authority verification according to the present invention;

FIG. 4 is a schematic diagram of hierarchical information interaction corresponding to rights viewing;

FIG. 5 is a schematic diagram of hierarchical information interaction corresponding to rights setting according to the present invention;

FIG. 6 is a schematic diagram of a rights management system according to the present invention;

FIG. 7 is a schematic diagram of a rights management unit according to the present invention;

fig. 8 is a schematic structural diagram of a computer readable storage medium according to the present invention.

Detailed Description

The core of the invention is to provide a rights management method and related components, which realize rights management on the background of accessing the same storage file by multiple protocols and multiple users, meet the scene requirement of adapting the same storage file to the multi-protocol rights management, and are favorable for realizing safe reading and writing of the storage file and practical application.

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

Referring to fig. 1, fig. 1 is a flowchart of a rights management method according to the present invention.

In this embodiment, considering that the storage system is not only required to be docked with a fixed file protocol, but is required to be docked with multiple different file protocols, that is, a certain file in the storage system may need to be accessed by two or more protocols at the same time, data transmission standards corresponding to different protocols are different, and in the process of access, access rights possessed by the same user of different protocols are likely to be different, secure reading and writing of the file can be realized only on the basis of reasonably managing the rights of the user under the protocols, so that a technical scheme for solving the rights management problem in the context of accessing the same file by multiple protocols is required. In order to solve the technical problems, the application provides a rights management method, which meets the scene requirement of adapting the same storage file to multi-protocol rights management and is beneficial to practical application.

The authority management method comprises the following steps:

s11: acquiring first request information sent by a client in a first preset protocol format, wherein the first request information comprises first access identity information and first access right information corresponding to a target processing action;

in particular, the method includes, but is not limited to, application to a server having a storage system disposed thereon, the storage system including a plurality of storage files; the server side is in communication connection with the client side, the number of the client sides is not particularly limited, and a user can input own identity information on a man-machine interaction interface of the client side to log in, so that communication with the server is realized through a preset protocol. The first preset protocol format may be an NFS protocol (Network File System ) or an SMB protocol (Server Message Block), which is mainly used as a communication protocol of a Microsoft network, and of course may be other types of communication protocols, which are not limited in particular herein; the first request information accords with a communication data transmission rule of a first preset protocol format.

It may be understood that the first access identity information is identity information of a user conforming to a first preset protocol format, and the target processing action may be data reading, data writing, or data readable and writable, which is not limited herein, and depends on an actual operation action for storing the file.

S12: judging whether the first access identity information corresponding to the first preset protocol format is qualified for executing the target processing action or not based on the first request information and the corresponding relation between the preset protocol identification, the identity information and the configured authority; if yes, enter S13;

s13: and controlling to execute target processing actions on the storage files corresponding to the preset protocol identification-identity information-configured permission correspondence.

Specifically, preset protocol identification-identity information-configured authority corresponding relation corresponding to each storage file is designed and stored in advance, and the corresponding relation can be stored in a database form to realize the authority information batch management of multiple protocols and multiple users. It should be noted that, the protocol identifier is essentially a protocol flag bit, which is used to distinguish different communication protocols, different protocol formats correspond to unique protocol identifiers, under the same protocol format, the same user only has unique corresponding configured rights (of course, the configured rights are configurations related to read-write rights, and the specific number of the configured rights is not limited), but under different protocol formats, the same user may have different configured rights, that is, there is a case that: NFS protocol identification-user 1 identity information-configured rights 1, smb protocol identification-user 1 identity information-configured rights 2, so as to implement different rights given to the same user under different protocol formats, so as to better fit the application requirements of the storage system. Referring to fig. 2, fig. 2 is a schematic structural diagram of a preset protocol identifier-identity information-configured authority corresponding relationship provided by the present invention, wherein the corresponding relationship is stored in a database, and the configured authority is actually stored in the form of an authority information structure in fig. 2; the protocol identification corresponding to the NFS protocol format is NFS, and the protocol identification corresponding to the SMB protocol format is SMB; here, the emphasis is limited to the display, and the identity information of different users is distinguished in the form of user 1, user 2, user N, user M, and the like.

It should be noted that, the setting in step S12 is essentially to perform authority verification, and only if the first access identity information in the first preset protocol format has the qualification of executing the target processing action, the step S13 can be entered, and the target processing action that the storage file wants to execute is executed, otherwise, a signal indicating that execution of the target processing action is prohibited can be fed back to the client.

In summary, the present application provides a rights management method, where the same storage file is different for the same user under different protocols, or for rights information of different users under the same protocol, a preset protocol identifier-identity information-configured rights correspondence is designed and stored, first request information sent by a client in a first preset protocol format is obtained, the first request information includes first access identity information and first access rights information corresponding to a target processing action, and based on the first request information and the preset protocol identifier-identity information-configured rights correspondence, whether the first access identity information corresponding to the first preset protocol format has qualification of executing the target processing action is judged; if so, controlling the storage file corresponding to the preset protocol identification-identity information-configured authority corresponding relation to execute the target processing action, and thus, the application realizes the authority management under the background of accessing the same storage file by multiple protocols and multiple users, meets the scene requirement of adapting the same storage file to the multiple protocol authority management, is beneficial to realizing the safe reading and writing of the storage file and is beneficial to practical application.

Based on the above embodiments:

as a preferred embodiment, determining that the first access identity information corresponding to the first preset protocol format qualifies for performing the target processing action includes:

carrying out format analysis on the first request information to determine a first preset protocol format corresponding to the first request information;

determining a first target protocol identifier corresponding to a first preset protocol format based on the first preset protocol format and a preset format-identifier correspondence;

searching in a preset protocol identification-identity information-configured permission corresponding relation by taking a first target protocol identification and first access identity information as a first search identification so as to obtain a first target configured permission corresponding to the first search identification;

judging whether the first target configured permission comprises first access permission information or not;

if yes, the first access identity information is judged to be qualified for executing the target processing action under the first preset protocol format.

In this embodiment, an execution step of determining that the first access identity information corresponding to the first preset protocol format qualifies for execution of the target processing action is given. See in particular the above; it should be noted that, the first request information is information conforming to a first preset protocol format, so that format analysis is performed on the first request information, and it can be determined which protocol format the first request information is corresponding to, where the protocol format is substantially the first preset protocol format; a preset format-identifier correspondence is preset, and the correspondence can be understood as: for example, setting a protocol identifier corresponding to an NFS protocol format as NFS, setting a protocol identifier corresponding to an SMB protocol format as SMB, and the like, and further determining a first target protocol identifier corresponding to a first preset protocol format.

Then searching in the corresponding relation between the preset protocol identification, the identity information and the configured permission based on the first search identification, so that the first target configured permission corresponding to the first search identification can be obtained; judging whether the first target configured permission includes the first access permission information or not, wherein the judging step can be understood that the first access permission information is assumed to be the read permission, and the first target configured permission is determined to include the first access permission information if the first target configured permission is the readable and writable permission. It can be seen that qualification determination can be simply and reliably achieved through the above steps.

calling a protocol layer, and determining a first target protocol identifier corresponding to the first request information based on the first request information;

determining a first target protocol identifier and first access identity information as a first search identifier;

the first search identification and the first access right information are issued to the DFS layer so as to call the DFS layer;

judging whether a first successful signal which is fed back by the DFS layer and is used for successfully verifying the characterization authority is received; the first successful signal is generated when the DFS layer calls the MDS layer based on the first search identifier to acquire a first target configured permission fed back by the MDS layer based on the first search identifier and a preset protocol identifier-identity information-configured permission corresponding relation and the first target configured permission is determined to comprise first access permission information;

In this embodiment, further consideration is given to the fact that the actual data processing step of the storage system in the server needs to pass through a protocol layer, a DFS layer and an MDS layer, where the protocol layer is a hierarchy including docking procedures related to multiple communication protocols such as an NFS protocol and an SMB protocol, so as to achieve docking with the client according to multiple protocols such as the NFS protocol and the SMB protocol; the MDS layer (Meta Data) is a metadata layer; the DFS layer (Distributed file system ) is an interface call layer between the protocol layer and the MDS layer. In the above embodiment, the call and data trend relationships between the various levels are given, specifically, the protocol layer may communicate with the client or with the DFS layer, the DFS layer may communicate with the protocol layer and the MDS layer respectively as a communication medium, the MDS layer may only communicate with the DFS layer, the MDS layer is a level that actually stores the preset protocol identifier-identity information-configured authority correspondence relationship, and may store the correspondence relationship in the metadata pool, and the MDS opens an update interface and a query interface to the DFS layer.

Firstly, calling a protocol layer, wherein the protocol layer determines a first target protocol identifier corresponding to the first request information based on the first request information, and more specifically, the protocol layer can analyze the format of the first request information to determine a first preset protocol format corresponding to the first request information; determining a first target protocol identifier corresponding to a first preset protocol format based on a preset format-identifier correspondence; the method comprises the steps that a first search identifier and first access right information are issued to a DFS layer so as to call the DFS layer, the DFS layer calls an MDS layer based on the first search identifier, namely the first search identifier is issued to the MDS layer through a query interface of the MDS layer, the MDS layer searches a first target configured right based on the first search identifier and a preset protocol identifier-identity information-configured right corresponding relation, the first target configured right is fed back to the DFS layer, the DFS layer carries out next verification, namely the DFS layer judges whether the first target configured right comprises the first access right information or not, if yes, the DFS layer feeds back a first successful signal representing that the right verification is successful to a protocol layer, and at the moment, after the protocol layer receives the first successful signal, a prompt signal representing that the right verification is passed can be fed back to a client so as to keep processing a subsequent request of the client; it may be understood that if the request is not included, the DFS layer may feed back a failure signal indicating that the permission verification fails to the protocol layer, at this time, when the protocol layer receives the failure signal, the protocol layer refuses the access request of the client, stops processing the subsequent request, specifically, the protocol layer may feed back a prompt signal indicating that the permission verification fails to the client, and the client parses the received prompt signal to know that the permission verification fails.

Referring to fig. 3, fig. 3 is a schematic diagram of hierarchical information interaction corresponding to authority verification, in which a first search identifier is denoted by A1, first access authority information is denoted by A2, a first target configured authority is denoted by B1, and a first successful signal is denoted by C1.

It should be noted that, the data formats that can be identified and processed at different levels are different, taking feedback information from the MDS layer to the DFS layer as an example, the information needs to be converted into a format that can be identified by the DFS and then fed back, and the information feedback of the DFS layer and the protocol layer are the same.

Therefore, different processing logics are arranged in the protocol layer, the DFS layer and the MDS layer, so that the authority checking function is simply and reliably realized, and the practical application is facilitated.

As a preferred embodiment, the identity information in the preset protocol identifier-identity information-configured authority correspondence relationship includes a UID identifier and/or a GID identifier of the user.

In this embodiment, the identity information may specifically include a UID identifier and/or a GID identifier of a user, where the UID identifier (User Identification, user identity identifier) of the user is a unique identity identifier of the user; considering that the users may be further grouped in some application scenarios, the users also have corresponding group identifications, i.e. GID identifications (Group Identification, group identifications), and of course, other identity information may be added according to actual situations to uniquely identify a certain user, which is not limited herein.

As a preferred embodiment, when it is determined that the first access identity information corresponding to the first preset protocol format is not qualified to perform the target processing action, the method includes:

and sending a first feedback signal to the client, wherein the first feedback signal represents that the authority verification corresponding to the first access identity information under the first preset protocol format fails.

In this embodiment, a result that the client analyzes the first feedback signal after receiving the first feedback signal to know that the authority verification corresponding to the first access identity information under the first preset protocol format fails is given when the determination does not qualify to execute the target processing action.

As a preferred embodiment, when it is determined that the first access identity information corresponding to the first preset protocol format is not qualified for performing the target processing action, the method further includes:

recording an event corresponding to the failure of the authority verification of the first access identity information under a first preset protocol format in a log form.

In this embodiment, in order to facilitate the subsequent technician to check, when it is determined that the first access identity information corresponding to the first preset protocol format does not qualify for executing the target processing action, the permission verification failure event may also be recorded in the form of a log, or of course, may be uploaded to the upper management module for reporting, etc., which is not limited in particular herein, and depends on the actual requirements.

As a preferred embodiment, further comprising:

acquiring second access identity information which is sent by the client in a second preset protocol format and characterizes the permission to view;

judging whether a second target configured permission corresponding to the second access identity information under a second preset protocol format exists or not based on the second access identity information and a preset protocol identification-identity information-configured corresponding relation;

if yes, feeding back the second target configured permission to the client.

In this embodiment, further consideration is given to the fact that there may be a requirement for permission to view with respect to the preset protocol identifier-identity information-configured correspondence that is already stored. Then, obtaining second access identity information, which is sent by the client in a second preset protocol format and characterizes permission to view, wherein the second preset protocol format can be an NFS protocol or an SMB protocol, and is not particularly limited herein; the second access identity information is identity information of a user conforming to a second preset protocol format.

Judging whether a second target configured permission corresponding to the second access identity information under a second preset protocol format exists or not based on the second access identity information and a preset protocol identification-identity information-configured corresponding relation; if yes, feeding back the second target configured permission to the client. It may be understood that the correspondence corresponds to the storage file, the second target configured permission includes permission related to data reading, and the second target configured permission may be obtained and fed back to the client, and the verification of the second access identity information including permission related to data reading may be set according to an actual requirement, or may be set by referring to the above permission verification manner, which is not particularly limited herein.

As a preferred embodiment, determining that there is a second target configured right corresponding to the second access identity information in the second preset protocol format includes:

calling a protocol layer, and determining a second target protocol identifier corresponding to the second access identity information based on the second access identity information;

issuing a second target protocol identifier and second access identity information to the DFS layer as a second search identifier so as to call the DFS layer;

judging whether query configuration information fed back by the DFS layer is received or not, wherein the query configuration information is determined by the DFS layer based on a second search identifier, the MDS layer and a result fed back by the MDS layer based on the second search identifier and a preset protocol identifier-identity information-configured authority corresponding relation;

In this embodiment, a step of calling between the protocol layer, the DFS layer and the MDS layer to implement permission checking is provided, specifically, the protocol layer is called, the protocol layer determines a second target protocol identifier corresponding to the second access identity information based on the second access identity information, more specifically, the protocol layer may perform format analysis on the second access identity information to determine a second preset protocol format corresponding to the second access identity information; determining a second target protocol identifier corresponding to a second preset protocol format based on the preset format-identifier correspondence; the second search identification is issued to the DFS layer so as to call the DFS layer, the DFS layer calls the MDS layer based on the second search identification, namely the second search identification is issued to the MDS layer through a query interface of the MDS layer, the MDS layer searches based on the second search identification and a preset protocol identification-identity information-configured permission corresponding relation, at the moment, a search result possibly is query configuration information corresponding to the second search identification, the query configuration information is fed back to the DFS layer, the query configuration information is fed back to the protocol layer by the DFS layer, and the protocol layer determines that the query configuration information is second target configured permission when receiving the query configuration information so as to determine that second target configured permission corresponding to second access identity information under a second preset protocol format exists; referring to fig. 4, fig. 4 is a schematic diagram of hierarchical information interaction corresponding to authority viewing, where a second search identifier is denoted by A3, and query configuration information is denoted by B2.

Of course, the result of the MDS layer search may also be null, for example, if the corresponding query configuration information is just lost for some reason, the MDS layer may feed back a search failure signal to the DFS layer, where the search failure signal may include a failure error code, and the DFS layer may feed back a second feedback signal to the protocol layer based on the search failure signal, so as to characterize permission checking failure. In fig. 4, the seek failure signal is denoted by B3, the second feedback signal is denoted by C2, or the relationship.

In addition, it can be understood that, the manager of the server may also directly call the protocol layer to view the configured authority information corresponding to all users in a certain protocol format, at this time, the protocol identifier corresponding to the protocol format is issued to the DFS layer as a search identifier, so that the DFS layer calls the MDS layer based on the search identifier, so as to obtain all the user-configured authority data corresponding to the protocol identifier, and feed back the data to the protocol layer, and finally display, where, without special limitation, various authority viewing logics can be flexibly implemented according to actual requirements.

As a preferred embodiment, determining that there is no second target configured right corresponding to the second access identity information in the second preset protocol format includes:

The protocol layer is called, whether a second feedback signal which is fed back by the DFS layer and used for representing checking failure of authority is received or not is judged, the second feedback signal is generated by the MDS layer based on a second search identifier, and the feedback checking failure signal is generated when the MDS layer determines that query configuration information corresponding to the second search identifier does not exist according to the preset protocol identifier-identity information-configured authority corresponding relation;

if so, judging that the second target configured permission corresponding to the second access identity information under the second preset protocol format does not exist.

In this embodiment, an execution step of determining that there is no second target configured permission corresponding to the second access identity information in the second preset protocol format is provided, and for a specific explanation of this case, details of the relevant explanation of the above-mentioned embodiment that the result of the MDS layer lookup is null are described in detail, which is not described herein.

As a preferred embodiment, feeding back the second target configured rights to the client comprises:

and sending the target format configuration permission to the client.

In this embodiment, considering that the client sends the second access identity information in the second preset protocol format, the information feedback should also follow the second preset protocol format, so that the format conversion process is performed on the second target configuration permission based on the conversion component to obtain the target format configuration permission, and the step essentially is to perform protocol format matching, and then send the target format configuration permission to the client as feedback information.

As a preferred embodiment, after determining that there is no second target configured right corresponding to the second access identity information in the second preset protocol format, the method further includes:

In this embodiment, further considering that after it is determined that there is no second target configured permission corresponding to the second access identity information in the second preset protocol format, the request is directly ended, the third feedback signal may be fed back to the client, so that the client parses the third feedback signal, and timely knows the result of the permission checking failure.

As a preferred embodiment, further comprising:

acquiring second request information sent by the client in a third preset protocol format, wherein the second request information comprises third access identity information and second access right information for representing right setting;

And updating the third target configured permission corresponding to the third preset protocol format and the third access identity information to the second access permission information based on the second request information and the corresponding relation between the preset protocol identification, the identity information and the configured permission.

In this embodiment, further consideration is given to the requirement that there may be permission setting for the stored preset protocol identifier-identity information-configured correspondence, where the permission setting includes adding permission, modifying permission, deleting permission, and the like, so as to obtain second request information sent by the client in a third preset protocol format, where the third preset protocol format may be an NFS protocol or an SMB protocol, and the third preset protocol format is not limited in particular herein; the third access identity information is identity information of a user conforming to a third preset protocol format. And updating the corresponding relation between the preset protocol identification, the identity information and the configured permission, namely updating the third target configured permission corresponding to the third preset protocol format and the third access identity information in the corresponding relation to the second access permission information so as to realize permission setting.

It can be understood that if the new configuration permission of the new user is completely added in the fourth preset protocol format, third request information sent by the client in the fourth preset protocol format is directly received, where the third request information includes fourth access identity information representing identity information of the new user and third access permission information representing permission configuration condition corresponding to the new user; and updating a preset protocol identification-identity information-configured authority corresponding relation based on the third request information, namely adding the protocol identification-fourth access identity information-third access authority information corresponding to a fourth preset protocol format as a new item into the corresponding relation so as to realize the addition of new user authority information.

As a preferred embodiment, updating the third target configured right corresponding to the third preset protocol format and the third access identity information to the second access right information includes:

invoking a protocol layer, and determining a third target configured permission corresponding to a third preset protocol format and third access identity information based on the second request information and a preset protocol identification-identity information-configured permission corresponding relation;

determining the configuration permission to be updated based on the second access permission information and the third target configured permission;

and issuing a fifth protocol identifier-third access identity information-to-be-updated configuration permission corresponding to the third preset protocol format to the DFS layer as a to-be-updated corresponding relation so as to call the DFS layer, so that the DFS layer calls the MDS layer based on the to-be-updated corresponding relation so as to update the third target configured permission to the second access permission information.

In this embodiment, a step of invoking the protocol layer to determine that the third target has been configured with the rights is provided, and more specifically, the determining step herein is: the protocol layer analyzes the format of the second request information to determine a third preset protocol format corresponding to the second request information; determining a third target protocol identifier corresponding to a third preset protocol format based on the preset format-identifier correspondence; and issuing a third target protocol identifier and third access identity information to the DFS layer as a third search identifier so as to call the DFS layer, calling the MDS layer by the DFS layer based on the third search identifier, namely issuing the third search identifier to the MDS layer through a query interface of the MDS layer, searching by the MDS layer based on the third search identifier and a preset protocol identifier-identity information-configured permission corresponding relation, wherein a result of searching is a third target configured permission corresponding to the third search identifier, feeding the third target configured permission back to the DFS layer, and feeding the third target configured permission back to the protocol layer by the DFS layer (format conversion can be performed before feedback so as to convert the third target configured permission into a format which can be recognized by the protocol layer). Referring to fig. 5, fig. 5 is a schematic diagram of hierarchical information interaction corresponding to authority setting provided by the present invention, wherein a third search identifier is denoted by A4, and a third target configured authority is denoted by B4.

Because the corresponding relation between the preset protocol identifier, the identity information and the configured permission is stored in the MDS layer, the protocol layer determines the configuration permission to be updated, and combines the third target protocol identifier, the third access identity information and the configuration permission to be updated, which are corresponding to the third preset protocol format, into the corresponding relation to be updated, and the corresponding relation is issued to the DFS layer so as to call the DFS layer, and the MDS layer is called based on the corresponding relation to be updated so that the MDS layer updates the third target configured permission to the second access permission information. Therefore, the determining process of the configuration permission to be updated can be carried out in the protocol layer through the steps, so that the workload of the DFS layer is reduced, and the working performances of the DFS layer and the MDS layer are more beneficial to optimization in practical application.

As a preferred embodiment, determining the configuration right to be updated based on the second access right information and the third target configured right includes:

invoking a protocol layer, and determining a current authority setting action and a corresponding set target authority based on the second access authority information and the third target configured authority;

And generating the configuration permission to be updated according to the action identifier, the set target permission and the third target configured permission.

In this embodiment, an execution step of determining the configuration permission to be updated is provided, specifically, a protocol layer is invoked, and the protocol layer compares information based on the second access permission information and the third target configured permission to determine a current permission setting action and a corresponding setting target permission thereof, where the current permission setting action may be newly added or modified, and is not limited herein; the method comprises the steps of determining an action identifier based on a preset action-action identifier correspondence, and generating configuration rights to be updated according to the action identifier, the set target rights and the third target configured rights, wherein it is understood that only the set target rights have the action identifier and the other configured rights have no action identifier.

As an example, assume that the third target has configured rights [ rights 1, rights 2, rights 3]; the second access right information is [ right 1, right 2, right 3, right 4], at this time, the information comparison of the third target configured right and the second access right information shows that the right 4 is a newly added right, the current right is set as a newly added right, the target right is set as the right 4, and the corresponding action identifier of the newly added right is assumed to be ADD, the generated configuration right to be updated is [ right 1, right 2, right 3, right 4-ADD ], and the corresponding relation to be updated is as follows: the third target protocol identifies-third access identity information- [ rights 1, rights 2, rights 3, rights 4-ADD ].

For another example, assume that the third target has been configured with rights [ rights 1, rights 2, rights 3]]The method comprises the steps of carrying out a first treatment on the surface of the The second access authority information is [ authority 1, authority 2 and authority 3] ^* ]At this time, the information comparison of the third target configured right and the second access right information shows that the right 3 is modified into the right 3 ^* The current authority setting action is modified, and the target authority is set as authority 3 ^* Assuming that the action identifier corresponding to modification is modified, the generated configuration permission to be updated is [ permission 1, permission 2 and permission 3] ^* -MODIFY]The corresponding relation to be updated is as follows: third target protocol identification-third access identity information- [ rights 1, rights 2, rights 3] ^* -MODIFY]。

When determining that the current authority setting action is newly added or modified, preferably, the action identifier can be added according to the steps so as to quickly process and make redundancy judgment for a subsequent DFS layer; when determining that the current authority setting action is deleting, determining that the deleting action corresponds to the deleting identification according to the steps, and generating configuration authorities to be updated according to the deleting identification, the set target authority and the third target configured authority (for example, assuming that the third target configured authority is [ authority 1, authority 2 and authority 3]; the second access authority information is [ authority 1 and authority 2], and comparing the information of the third target configured authority and the second access authority information to know that the authority 3 is deleted, setting the current authority setting action as deleting, setting the target authority as authority 3, and assuming that the action identification corresponding to modification is DELETE, generating configuration authorities to be updated as [ authority 1, authority 2 and authority 3-DELETE ], wherein the correspondence to be updated is third target protocol identification-third access identity information- [ authority 1, authority 2 and authority 3-DELETE ]); of course, the deletion identifier is not added, the set target authority corresponding to the deletion action in the third target configured authority is directly removed, the obtained removal result is used as the configuration authority to be updated, the corresponding relationship to be updated is finally determined and issued to the DFS layer, and redundant traversal comparison is carried out by the DFS layer; it can be understood that the second access right information is essentially the configuration right to be updated at this time, but the current right setting action and the corresponding setting target right step thereof still need to be determined in the execution program (for example, still taking the above example as an example, if the right 3 is deleted, the current right setting action is deleted, and if the target right is set as the right 3, the configuration right to be updated is [ right 1, right 2], and the correspondence relationship to be updated is that the third target protocol identifier-third access identity information- [ right 1, right 2 ]).

As a preferred embodiment, the DFS layer invokes the MDS layer to update the third target configured permissions to the second access permission information based on the correspondence to be updated, including:

and the DFS layer performs redundancy check processing based on the corresponding relation to be updated and the acquired third target configured permission to determine a final configuration corresponding relation, and issues the final configuration corresponding relation to the MDS layer so that the MDS layer updates the stored third target configured permission to the second access permission information.

In this embodiment, it is provided how the DFS layer further invokes the execution step of the MDS layer to implement permission setting in the case that the MDS layer stores the preset protocol identifier-identity information-configured permission correspondence. Specifically, the DFS layer has acquired the third target configured permission, and in combination with the corresponding relationship to be updated issued by the protocol layer, redundancy check processing may be performed to determine a final configuration corresponding relationship, and the final configuration corresponding relationship is issued to the MDS layer, so as to invoke an update interface of the MDS layer, so as to update the third target configured permission to the second access permission information. In fig. 5, the correspondence to be updated is denoted by A5, and the final configuration correspondence is denoted by A6.

Specifically, whether the action identifier ADD corresponding to the newly added action exists may be firstly determined based on the correspondence to be updated, if yes, the authority linked by the ADD is directly used as the newly added authority and added to the third target configured authority, for example, corresponding to the above embodiment, it is assumed that the third target configured authority is [ authority 1, authority 2, authority 3], and the correspondence to be updated is: third target protocol identification-third access identity information- [ authority 1, authority 2, authority 3 and authority 4-ADD ], judging that an ADD identification exists, and directly adding the authority 4 into the third target configured authority if the ADD identification links the authority 4, so as to obtain a final configuration corresponding relation: the third target protocol identifies-third access identity information- [ rights 1, rights 2, rights 3, rights 4].

If the action identifier ADD corresponding to the newly added action does not exist, performing traversal comparison based on the corresponding relationship to be updated and the third target configured permission to perform redundancy check, so as to ensure that the permissions of the modification and deletion are correct, for example, assume that the corresponding relationship to be updated is: third target protocol identification-third access identity information- [ rights 1, rights 2, rights 3] ^* -MODIFY]The third target is configured with rights [ rights 1, rights 2, rights 3] ]By comparison, it was found that rights 3 need to be modified to rights 3 ^* The same as the processing logic of the modification identifier, the final configuration corresponding relation is generated as follows: third target protocol identification-third access identity information- [ rights 1, rights 2, rights 3 ] ^* ]. The deletion is performed through the traversal and redundancy check as described above, and will not be described here.

Through the steps, the accuracy of authority setting in the preset protocol identification-identity information-configured authority corresponding relation can be ensured simply and reliably.

As a preferred embodiment, further comprising:

if not, a fourth feedback signal representing the authority setting failure is sent to the client.

In this embodiment, a feedback step of the permission setting result is given, specifically, a protocol layer is invoked, when the protocol layer receives a success signal indicating that the third target configured permission is successfully updated to the second access permission information sent by the DFS layer, the success signal is determined to be updated successfully, and the DFS layer generates a change success signal when receiving the change success signal sent by the MDS layer, which needs to be described, by taking a newly added permission as an example, the MDS layer feeds back the change success signal to the DFS layer when memory allocation is successful and updating is completed, if the memory allocation fails, the MDS layer feeds back a change failure signal to the DFS layer, at this time, the DFS layer sends a failure signal indicating that the third target configured permission is not updated successfully to the second access permission information to the protocol layer, the protocol layer determines that updating is not successful, and sends a fourth feedback signal to the client, and the client parses the fourth feedback signal to know the result of the permission setting failure.

Referring to fig. 6, fig. 6 is a schematic structural diagram of a rights management system according to the present invention.

The rights management system includes:

a first obtaining unit 21, configured to obtain first request information sent by a client in a first preset protocol format, where the first request information includes first access identity information and first access right information corresponding to a target processing action;

a first judging unit 22, configured to judge whether the first access identity information corresponding to the first preset protocol format is qualified to execute the target processing action based on the first request information and the preset protocol identifier-identity information-configured authority correspondence; if yes, triggering the action execution unit 23;

the action execution unit 23 is configured to control execution of a target processing action on a storage file corresponding to a preset protocol identifier-identity information-configured authority correspondence.

For the description of the rights management system provided in the present invention, reference is made to the embodiment of the rights management method described above, and details thereof are not repeated here.

As a preferred embodiment, the first judging unit 22 includes:

the analyzing unit is used for carrying out format analysis on the first request information so as to determine a first preset protocol format corresponding to the first request information;

A first protocol identifier determining unit, configured to determine a first target protocol identifier corresponding to the first preset protocol format based on the first preset protocol format and a preset format-identifier correspondence;

the first search unit is used for searching in a preset protocol identification-identity information-configured permission corresponding relation by taking the first target protocol identification and the first access identity information as first search identifications so as to obtain first target configured permissions corresponding to the first search identifications;

a second judging unit, configured to judge whether the first access right information is included in the first target configured right; if yes, triggering a first determining unit;

the first determining unit is configured to determine that, in the first preset protocol format, the first access identity information qualifies for executing the target processing action.

As a preferred embodiment, the first judging unit 22 includes:

the first calling unit is used for calling a protocol layer and determining a first target protocol identifier corresponding to the first request information based on the first request information;

the first search identification determining unit is used for determining the first target protocol identification and the first access identity information as first search identifications;

The first issuing unit is used for issuing the first search identifier and the first access right information to a DFS layer so as to call the DFS layer;

the third judging unit is used for judging whether a first successful signal which is fed back by the DFS layer and is used for successfully verifying the characterization permission is received; the first successful signal is generated when the DFS layer calls an MDS layer based on the first search identifier to acquire a first target configured permission fed back by the MDS layer based on the first search identifier and a preset protocol identifier-identity information-configured permission corresponding relation, and the first target configured permission is determined to comprise the first access permission information; if yes, triggering the first determining unit.

As a preferred embodiment, the first determining unit 22 is configured to trigger a first feedback unit when it is determined that the first access identity information corresponding to the first preset protocol format is not qualified to perform the target processing action;

the first feedback unit is configured to send a first feedback signal to the client, where the first feedback signal characterizes that the permission verification corresponding to the first access identity information under the first preset protocol format fails.

As a preferred embodiment, the rights management system further includes:

and a log recording unit, configured to record, in a log form, an event corresponding to the first access identity information under the first preset protocol format when the first judging unit 22 judges that the first access identity information corresponding to the first preset protocol format does not qualify for executing the target processing action.

As a preferred embodiment, the rights management system further includes:

the second acquisition unit is used for acquiring second access identity information which is sent by the client in a second preset protocol format and used for representing authority viewing;

a fourth judging unit, configured to judge whether a second target configured permission corresponding to the second access identity information in the second preset protocol format exists based on the second access identity information and the preset protocol identifier-identity information-configured correspondence; if yes, triggering a second feedback unit;

the second feedback unit is configured to feed back the second target configured permission to the client.

As a preferred embodiment, the fourth judging unit includes:

The second calling unit is used for calling a protocol layer and determining a second target protocol identifier corresponding to the second access identity information based on the second access identity information;

the second issuing unit is used for issuing the second target protocol identifier and the second access identity information to the DFS layer as a second search identifier so as to call the DFS layer;

a fifth judging unit, configured to judge whether query configuration information fed back by the DFS layer is received, where the query configuration information is determined by the DFS layer by calling an MDS layer based on the second search identifier and according to a result fed back by the MDS layer based on the second search identifier and the preset protocol identifier-identity information-configured permission correspondence; if yes, triggering a third determining unit;

the third determining unit is configured to determine that the query configuration information is a second target configured permission, so as to determine that there is a second target configured permission corresponding to the second access identity information in the second preset protocol format.

As a preferred embodiment, the fourth judging unit includes:

a sixth judging unit, configured to invoke a protocol layer, and judge whether a second feedback signal indicating that the checking of the right fails, which is fed back by the DFS layer, is received, where the second feedback signal is generated by the DFS layer invoking the MDS layer based on the second search identifier, and determining, according to the MDS layer, that the searching failure signal fed back when no query configuration information corresponding to the second search identifier exists based on the preset protocol identifier-identity information-configured right correspondence; if yes, triggering a fourth determining unit;

The fourth determining unit is configured to determine that there is no second target configured permission corresponding to the second access identity information in the second preset protocol format.

As a preferred embodiment, the second feedback unit includes:

the format conversion unit is used for carrying out format conversion processing on the second target configuration permission based on a conversion component corresponding to the second preset protocol format so as to obtain the target format configuration permission;

and the actual sending unit is used for sending the target format configuration permission to the client.

As a preferred embodiment, the rights management system further includes:

and the third feedback unit is used for feeding back a third feedback signal representing authority check failure to the client after the fourth determining unit.

As a preferred embodiment, the rights management system further includes:

the third acquisition unit is used for acquiring second request information sent by the client in a third preset protocol format, wherein the second request information comprises third access identity information and second access right information representing right setting;

and the first updating unit is used for updating the third target configured permission corresponding to the third preset protocol format and the third access identity information to the second access permission information based on the second request information and the preset protocol identification-identity information-configured permission corresponding relation.

As a preferred embodiment, the first updating unit includes:

the third calling unit is used for calling a protocol layer and determining a third target configured permission corresponding to the third preset protocol format and the third access identity information based on the second request information and the preset protocol identification-identity information-configured permission corresponding relation;

a fifth determining unit, configured to determine a configuration right to be updated based on the second access right information and the third target configured right;

and the third issuing unit is used for issuing a third target protocol identifier, the third access identity information and the configuration permission to be updated, which correspond to the third preset protocol format, to a DFS layer as a corresponding relation to be updated so as to call the DFS layer, so that the DFS layer calls an MDS layer based on the corresponding relation to be updated so as to update the third target configured permission to the second access permission information.

As a preferred embodiment, the fifth determining unit includes:

a sixth determining unit, configured to invoke the protocol layer, and determine a current permission setting action and a corresponding setting target permission thereof based on the second access permission information and the third target configured permission;

The action identification determining unit is used for determining an action identification corresponding to the current authority setting action based on a preset setting action-action identification corresponding relation;

the generating unit is used for generating the configuration permission to be updated according to the action identifier, the set target permission and the third target configured permission.

As a preferred embodiment, the rights management system further includes:

a seventh judging unit, configured to judge whether the third target configured permission has been successfully updated to the second access permission information; if not, triggering a fourth feedback unit;

the fourth feedback unit is configured to send a fourth feedback signal indicating that authority setting fails to the client.

Referring to fig. 7, fig. 7 is a schematic structural diagram of a rights management apparatus according to the present invention.

The rights management apparatus includes:

a memory 31 for storing a computer program;

a processor 32 for implementing the steps of the rights management method as described above when executing the computer program.

For the description of the rights management apparatus provided in the present invention, reference is made to the embodiment of the rights management method described above, and details thereof are not repeated here.

The invention also provides a server comprising the rights management device.

For the description of the server provided in the present invention, reference is made to the embodiment of the rights management method described above, and details thereof are not repeated here.

Referring to fig. 8, fig. 8 is a schematic structural diagram of a computer readable storage medium according to the present invention.

The computer-readable storage medium 4 includes:

the computer-readable storage medium 4 has stored thereon a computer program 41, which when executed by a processor implements the steps of the rights management method as described above.

For the description of the computer-readable storage medium 4 provided in the present invention, reference is made to the above-mentioned embodiments of the rights management method, and details thereof are omitted herein.

In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. Relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention.

Claims

1. A rights management method, comprising:

2. The rights management method of claim 1, wherein determining that the first access identity information corresponding to the first preset protocol format qualifies for execution of the target processing action comprises:

3. The rights management method of claim 1, wherein determining that the first access identity information corresponding to the first preset protocol format qualifies for execution of the target processing action comprises:

4. The rights management method of claim 1, wherein the identity information in the preset protocol identification-identity information-configured rights correspondence includes a UID identification and/or a GID identification of a user.

5. The rights management method of claim 1, wherein upon determining that the first access identity information corresponding to the first preset protocol format is not eligible to perform the target processing action, comprising:

6. The rights management method of claim 5, wherein upon determining that the first access identity information corresponding to the first preset protocol format is not eligible to perform the target processing action, further comprising:

7. The rights management method of claim 1, further comprising:

if yes, feeding back the second target configured permission to the client.

8. The rights management method of claim 7, wherein determining that there is a second target configured right corresponding to the second access identity information in the second preset protocol format comprises:

9. The rights management method of claim 8, wherein determining that there is no second target configured right corresponding to the second access identity information in the second preset protocol format comprises:

10. The rights management method of claim 7, wherein feeding back the second target configured rights to the client comprises:

and sending the target format configuration permission to the client.

11. The rights management method of claim 7, wherein after determining that there is no second target configured right corresponding to the second access identity information in the second preset protocol format, further comprising:

12. A rights management method as claimed in any one of claims 1 to 11, further comprising:

13. The rights management method of claim 12, wherein updating the third target configured rights corresponding to the third preset protocol format and the third access identity information to the second access rights information comprises:

14. The rights management method of claim 13, wherein determining a configuration right to be updated based on the second access right information and the third target configured right comprises:

15. The rights management method of claim 14, wherein the DFS layer invoking an MDS layer based on the correspondence to be updated to update the third target configured rights to the second access rights information, comprising:

16. The rights management method of claim 12, further comprising:

17. A rights management system, comprising:

18. A rights management unit, comprising:

a memory for storing a computer program;

a processor for implementing the steps of the rights management method of any one of claims 1 to 16 when executing the computer program.

19. A server comprising the rights management unit of claim 18.

20. A computer-readable storage medium, comprising:

stored on the computer readable storage medium is a computer program which, when executed by a processor, implements the steps of the rights management method of any one of claims 1 to 16.