CN117610058A - RBAC-based multi-tenant supporting data authority management device and method - Google Patents
RBAC-based multi-tenant supporting data authority management device and method Download PDFInfo
- Publication number
- CN117610058A CN117610058A CN202311742153.9A CN202311742153A CN117610058A CN 117610058 A CN117610058 A CN 117610058A CN 202311742153 A CN202311742153 A CN 202311742153A CN 117610058 A CN117610058 A CN 117610058A
- Authority
- CN
- China
- Prior art keywords
- tenant
- role
- information
- user
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000013507 mapping Methods 0.000 claims abstract description 4
- 238000007726 management method Methods 0.000 claims description 70
- 238000012986 modification Methods 0.000 claims description 8
- 230000004048 modification Effects 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 238000012550 audit Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 238000002955 isolation Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a RBAC-based data authority management device and method supporting multi-tenancy, wherein the device comprises: the tenant information manager is used for storing basic information of tenants; the role authority manager is used for storing the mapping relation between roles and authorities; the user role manager is used for storing role information of the user under different tenants, correlating the user ID with the role ID and realizing RBAC-based user role authority management; the tenant resource manager is used for associating tenant resources with role rights; the request analyzer is used for analyzing database requests of tenants and extracting information related to the requests; the permission checker is used for checking whether the tenant request has proper permission or not through the tenant information manager and the role permission manager according to the information extracted by the request analyzer; the invention can realize fine, efficient and safe management of the data access authority in the multi-tenant environment, thereby protecting the safety and privacy of the user data to the maximum extent.
Description
[ technical field ]
The invention relates to the technical field of big data processing, in particular to a RBAC-based multi-tenant supporting data authority management device and method.
[ background Art ]
Currently, in existing solutions, multi-tenant support is typically achieved by the following ways:
(1) Independent deployment: in this mode, independent hardware and software environments are provided for each tenant, which is the earliest multi-tenant implementation, and has the advantages of high independence, complete isolation, low resource utilization and high operation and maintenance cost.
(2) Shared database, independent schema: in this mode, all tenants share one database instance, but each tenant has its own independent database mode, which increases the sharing degree of resources, but there is still a certain challenge in terms of data rights management.
(3) Shared database, shared schema: in this mode, all tenants share not only database instances, but also database schemas. In order to distinguish data of different tenants, a field for representing tenant identification needs to be added in a database table; this mode further increases the degree of resource sharing, but places higher demands on data rights management.
In summary, in the above mode, data rights management is mainly implemented by an application program, and data rights are enforced by adding data access rights control logic to the application program, which increases complexity and maintenance cost of the application program to a certain extent, and data rights control at the application program level may have a certain security risk.
[ summary of the invention ]
The invention aims to solve the defects and provide the RBAC-based multi-tenant supporting data authority management device which can realize fine, efficient and safe management of data access authorities in a multi-tenant environment, thereby protecting the safety and privacy of user data to the maximum extent and providing higher data security guarantee.
In one aspect of the present invention, there is provided a RBAC-based data right management apparatus supporting multi-tenants, including:
the tenant information manager is used for storing basic information of tenants;
the role authority manager is used for storing the mapping relation between roles and authorities;
the user role manager is used for storing role information of the user under different tenants, correlating the user ID with the role ID and realizing RBAC-based user role authority management;
the tenant resource manager is used for associating tenant resources with role authorities, wherein the tenant resources comprise, but are not limited to, files, pictures and data resources under a certain tenant;
the request analyzer is used for analyzing the database request of the tenant and extracting tenant ID, operation type, data table, data row and data column information related to the request;
and the permission checker is used for checking whether the tenant request has proper permission or not through the tenant information manager and the role permission manager according to the information extracted by the request analyzer.
As an embodiment, the management of the tenant information by the tenant information manager includes, but is not limited to, tenant application, creation, modification and cancellation, and the tenant information manager assigns a unique tenant ID after the client applies for the tenant and passes the application.
As an embodiment, the role authority manager manages the role authority, including but not limited to assigning roles, setting role authorities and assigning data authorities, and all authority information is indexed by tenant IDs and stored in a database.
In one embodiment, in the permission checker, when a user initiates a data access request, information such as a tenant ID, a current user ID, a requested content and the like extracted by a request analyzer is authenticated according to a role owned by the user and a permission owned by the role, and a request passing the permission verification can be executed.
In another aspect of the present invention, there is provided a RBAC-based data right management method supporting multi-tenants, including the steps of:
tenant information management: storing tenant basic information through a tenant table, and managing configuration information of a tenant through a tenant configuration table;
role rights management: configuring role information through a role table, configuring authority information through an authority table, and isolating the role information and the authority of each tenant by taking a tenant ID as an index;
user role management: storing user basic information through a user table, wherein one user can have rights under a plurality of tenants, and associating the user with one or a plurality of tenants through a user role table and configuring role information under the tenant, so as to realize RBAC-based user role rights management;
tenant resource management: storing a resource ID, a resource content and resource storage path information through a resource table, and associating the tenant ID with the corresponding authorized resource ID through a tenant resource table;
request analysis: analyzing a database request of a tenant, and extracting tenant ID, operation type, data table, data row and data column information related to the request;
checking authority: according to the information extracted by request analysis, checking whether the tenant request has proper authority through tenant information management and role authority management, and carrying out authentication judgment of the user role and the tenant resource authority through user role management and tenant resource management.
As one embodiment, when managing tenant information, management on tenant information includes, but is not limited to, tenant application, creation, modification, and logout, and the tenant information manager assigns a unique tenant ID after a customer applies for a tenant and passes the application.
As one embodiment, in role authority management, management of role authority includes, but is not limited to, assigning roles, setting role authority, and assigning data authority, and all authority information is indexed by tenant ID and stored in a database.
As one embodiment, when checking the authority, a user initiates a data access request, the information such as the tenant ID, the current user ID, the requested content and the like extracted by the request analyzer are authenticated according to the role owned by the user and the authority owned by the role, and the request of the authority verification can be executed.
As an embodiment, the data right management method further includes the steps of:
1) Firstly, creating a database, wherein the database corresponds to a plurality of tenants, and each tenant has a unique identifier, namely a tenant ID;
2) The tenant identification module firstly receives an access request from a tenant, and then the identification module determines the identity of the tenant initiating the request according to credentials in the request or a request source to acquire the tenant ID;
3) After acquiring the tenant ID, the data authority management module acquires a role corresponding to the tenant where the user is located from the database, and further acquires all database authorities corresponding to the role;
4) Then, based on tenant resource information, the data access control module decides whether to allow the tenant to access the requested file, and if the permission check passes, the data access control module executes the request and returns the result.
In a third aspect of the present invention, a computer-readable storage medium is presented, the computer-readable storage medium comprising a stored program, the program performing the above-described method.
Compared with the prior art, the invention has the following advantages:
(1) Data isolation: by creating independent data storage space for each tenant, the isolation of data among different tenants is ensured, and accidental leakage and abuse of the data are effectively prevented.
(2) Fine authority control: by means of a refined authority control scheme, such as role-based authority management, data access can be refined and managed, such as control to the levels of a data table, a data row, a data column and the like.
(3) Dynamic rights change: for a multi-tenant environment, the data authority is required to be dynamically changed according to the service requirement, and the system can support dynamic authority change, such as adding and deleting of role authorities, allocation and recovery of the data authorities and the like.
(4) Security audit: audit functions including log records, access monitoring, such as all data manipulation, user behavior, etc. are recorded, and tracking queries can be performed to provide security auditors who need to conduct data security audits.
(5) Ease of use: through visual interfaces and operation modes, the management of the user and the manager on the data authority is simplified, and the operation complexity is reduced.
In summary, the invention can realize fine, efficient and safe management of the data access rights in the multi-tenant environment, thereby maximally protecting the security and privacy of user data and providing higher data security guarantee; meanwhile, the invention can reduce the complexity of the application program and reduce the workload of development and maintenance, thereby providing high-efficiency, accurate and safe data access service even in the environment of multi-tenant, high concurrency and large data volume, and being worthy of popularization and application.
[ description of the drawings ]
FIG. 1 is a diagram of a multi-tenant management entity association model of the present invention;
FIG. 2 is a flow chart of the data request according to the present invention;
FIG. 3 is a schematic view of the structure of the device of the present invention;
FIG. 4 is a schematic flow chart of the method of the present invention.
Detailed description of the preferred embodiments
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the invention. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described below with reference to the accompanying drawings and specific embodiments:
in some embodiments, as shown in FIG. 3, the present invention provides a RBAC (Role-Based Access Control based access control) based data rights management arrangement that provides a standardized, unified data rights management scheme based on a shared database Schema, shared Schema, and no longer dependent on specific applications. The method comprises the following steps:
the tenant information manager is used for storing basic information of tenants; tenant information management, including tenant application, creation, modification, logout, etc.; the client applies for the tenant, and distributes a unique tenant ID after the application passes; the tenant manager can manage the tenant under the tenant with the authority, create the user, configure the role and the like.
The role authority manager is used for storing the mapping relation between roles and authorities; the method comprises the steps of assigning roles, setting role rights, assigning data rights and the like; all the authority information is stored in the database by taking the tenant ID as an index.
And the user role manager is used for storing role information and the like of the user under different tenants, correlating the user ID with the role ID and realizing RBAC-based user role authority management.
Tenant resource manager, including but not limited to, resources such as files, pictures, etc. under a tenant, is used to associate resources (data, pictures, files, etc.) with role permissions.
And the request analyzer is used for analyzing the database request of the tenant and extracting the information such as tenant ID, operation type, data table, data row, data column and the like related to the request.
The permission checker is used for checking whether the tenant request has proper permission or not through the tenant information manager and the role permission manager according to the information extracted by the request analyzer; when a user initiates a data access request, the information such as the tenant ID, the current user ID, the requested content and the like extracted by the request analyzer is authenticated and verified according to the role owned by the user and the authority owned by the role, and the request through the authority verification can be executed.
The invention can carry out refined authority control on tenant level, role level, data table level, data row level and data column level based on the combination of the modules, and provides higher data security guarantee; meanwhile, as the rights management logic is extracted into the independent data rights management device, the complexity of an application program can be reduced, and the workload of development and maintenance is reduced, so that the efficient, accurate and safe data access service can be provided even under the environment of multi-tenant, high concurrency and large data volume. The device provides information inquiry and authentication functions of tenants, authorities and the like in the form of API or SDK, and has low coupling degree with services.
In other embodiments, as shown in fig. 4, the present invention provides a method for managing data rights supporting multiple tenants based on RBAC, including the following steps:
tenant information management: storing tenant basic information through a tenant table, and managing configuration information of a tenant through a tenant configuration table;
role rights management: configuring role information through a role table, configuring authority information through an authority table, and isolating the role information and the authority of each tenant by taking a tenant ID as an index;
user role management: storing user basic information through a user table, wherein one user can have rights under a plurality of tenants, and associating the user with one or a plurality of tenants through a user role table and configuring role information under the tenant, so as to realize RBAC-based user role rights management;
tenant resource management: storing a resource ID, a resource content and resource storage path information through a resource table, and associating the tenant ID with the corresponding authorized resource ID through a tenant resource table;
request analysis: analyzing a database request of a tenant, and extracting tenant ID, operation type, data table, data row and data column information related to the request;
checking authority: according to the information extracted by request analysis, checking whether the tenant request has proper authority through tenant information management and role authority management, and carrying out authentication judgment of the user role and the tenant resource authority through user role management and tenant resource management.
As a further embodiment, management of tenant information includes, but is not limited to, tenant application, creation, modification, and cancellation, and the tenant information manager assigns a unique tenant ID after a customer applies for a tenant and the application passes; when the role rights are managed, the management of the role rights includes, but is not limited to, role assignment, role rights setting and data rights assignment, and all rights information takes tenant IDs as indexes and is stored in a database; when the authority is checked, a user initiates a data access request, and the information such as the tenant ID, the current user ID, the requested content and the like extracted by the request analyzer is authenticated according to the role owned by the user and the authority owned by the role, so that the request passing the authority verification can be executed.
In other embodiments, as shown in fig. 1, a multi-tenant management entity association model diagram of the present invention is shown, in which:
(1) Tenant information management: the tenant table is used for storing tenant basic information, and one tenant can be a company, an organization or a team; the tenant configuration table may manage some configurations of tenants, a tenant available license upper limit, a tenant provisioning system function list configuration, and so on.
(2) Role rights management: the role table is used for configuring role information, and the role information of each tenant is isolated by taking the tenant ID as an index; the permission table is used for configuring permission information, the permissions of each tenant are isolated by taking the tenant ID as an index, and the permissions comprise menu permissions, viewing, modifying, deleting permissions and the like.
(3) User role management: the user table is used for storing user basic information, and one user can have rights under a plurality of tenants, so that the user basic table has no tenant ID information. The user role table is used for associating a user with one or more tenants, configuring role information under the tenant, and the authority checker carries out authentication judgment of the user role based on the table information.
(4) Tenant resource management: the resource table is used for storing information such as resource ID, resource content, resource storage path and the like, and the resources can be data, article content, pictures, documents and the like; the tenant resource table is used for associating the tenant ID with the corresponding authorized resource ID, and the authorization checker carries out authentication judgment of the tenant resource authorization based on the table information.
The invention is further described with reference to the following specific examples:
for example, a knowledge base system wants to interface with the device of the present invention, the following are specific implementation examples:
1) First, a database is created, which corresponds to multiple tenants, each tenant has its own unique identifier, such as tenant ID, and some public information, such as rights corresponding to different roles, etc., are stored in the database.
2) The tenant identification module will first receive an access request from the tenant (e.g., information that wants to query a certain knowledge base file), and then the identification module relies on credentials in the request (e.g., a user name and password or token) or the source of the request (e.g., an IP address) to determine the identity of the tenant that originated the request, obtaining the tenant ID.
3) After the tenant ID is obtained, the data authority management module obtains the role corresponding to the tenant where the user is located from the database, and further obtains all database authorities corresponding to the role, and at this time, the authorities can be accurate to not only the table level, but also the data row and the data column.
4) Then, based on tenant resource information, the data access control module decides whether to allow the tenant to access the requested file; if the entitlement check passes, the data access control module will execute the request and return the result.
In the whole process, all data access activities are recorded by a log audit module to generate an electronic document, wherein the electronic document comprises key information such as identity information of a tenant, executed operation, execution time and the like.
In addition, the invention also provides a computer readable storage medium, which comprises a stored program, and the program executes the RBAC-based data authority management method supporting multiple tenants.
Further, the invention also provides a computer device, which comprises a processor, a memory and a bus; the processor is connected with the memory through a bus, the memory is used for storing a program, and the processor is used for running the program, and the RBAC-based data authority management method for supporting multiple tenants is executed when the program runs.
The functions of the methods of the embodiments of the present invention, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer device readable storage medium. Based on such understanding, a part of the present invention that contributes to the prior art or a part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a mobile computing device or a network device, etc.) to perform all or part of the steps of the method described in the various embodiments of the present invention; the storage medium includes various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory, a random access memory, a magnetic disk, or an optical disk.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limited thereto; the technical features of the above embodiments or in different embodiments may also be combined under the idea of the invention, the steps may be implemented in any order, and many other variations exist in different aspects of the invention as described above; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
The present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principles of the invention should be made in the equivalent manner and are included in the scope of the invention.
Claims (10)
1. An RBAC-based data rights management apparatus supporting multiple tenants, comprising:
the tenant information manager is used for storing basic information of tenants;
the role authority manager is used for storing the mapping relation between roles and authorities;
the user role manager is used for storing role information of the user under different tenants, correlating the user ID with the role ID and realizing RBAC-based user role authority management;
the tenant resource manager is used for associating tenant resources with role authorities, wherein the tenant resources comprise, but are not limited to, files, pictures and data resources under a certain tenant;
the request analyzer is used for analyzing the database request of the tenant and extracting tenant ID, operation type, data table, data row and data column information related to the request;
and the permission checker is used for checking whether the tenant request has proper permission or not through the tenant information manager and the role permission manager according to the information extracted by the request analyzer.
2. The apparatus of claim 1, wherein: the management of the tenant information by the tenant information manager includes, but is not limited to, tenant application, creation, modification and cancellation, and the tenant information manager assigns a unique tenant ID after the client applies for the tenant and passes the application.
3. The apparatus of claim 1, wherein: the role authority manager manages the role authority including, but not limited to, assigning roles, setting role authority and assigning data authority, and all authority information is indexed by tenant ID and stored in a database.
4. The apparatus of claim 1, wherein: in the right checker, when a user initiates a data access request, the information such as tenant ID, current user ID, requested content and the like extracted by the request analyzer is authenticated and verified according to the role owned by the user and the right owned by the role, and the request of right verification can be executed.
5. A RBAC-based data authority management method supporting multi-tenancy is characterized by comprising the following steps,
tenant information management: storing tenant basic information through a tenant table, and managing configuration information of a tenant through a tenant configuration table;
role rights management: configuring role information through a role table, configuring authority information through an authority table, and isolating the role information and the authority of each tenant by taking a tenant ID as an index;
user role management: storing user basic information through a user table, wherein one user can have rights under a plurality of tenants, and associating the user with one or a plurality of tenants through a user role table and configuring role information under the tenant, so as to realize RBAC-based user role rights management;
tenant resource management: storing a resource ID, a resource content and resource storage path information through a resource table, and associating the tenant ID with the corresponding authorized resource ID through a tenant resource table;
request analysis: analyzing a database request of a tenant, and extracting tenant ID, operation type, data table, data row and data column information related to the request;
checking authority: according to the information extracted by request analysis, checking whether the tenant request has proper authority through tenant information management and role authority management, and carrying out authentication judgment of the user role and the tenant resource authority through user role management and tenant resource management.
6. The method of claim 5, wherein: when managing tenant information, the management of the tenant information includes but is not limited to tenant application, creation, modification and cancellation, and the tenant information manager allocates a unique tenant ID after the client applies for the tenant and passes the application.
7. The method of claim 5, wherein: when the role rights are managed, the management of the role rights includes, but is not limited to, assigning roles, setting role rights and assigning data rights, and all rights information is indexed by tenant IDs and stored in a database.
8. The method of claim 5, wherein: when the authority is checked, a user initiates a data access request, and the information such as the tenant ID, the current user ID, the requested content and the like extracted by the request analyzer is authenticated according to the role owned by the user and the authority owned by the role, so that the request passing the authority verification can be executed.
9. The method of claim 5, further comprising the step of:
1) Firstly, creating a database, wherein the database corresponds to a plurality of tenants, and each tenant has a unique identifier, namely a tenant ID;
2) The tenant identification module firstly receives an access request from a tenant, and then the identification module determines the identity of the tenant initiating the request according to credentials in the request or a request source to acquire the tenant ID;
3) After acquiring the tenant ID, the data authority management module acquires a role corresponding to the tenant where the user is located from the database, and further acquires all database authorities corresponding to the role;
4) Then, based on tenant resource information, the data access control module decides whether to allow the tenant to access the requested file, and if the permission check passes, the data access control module executes the request and returns the result.
10. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored program that performs the method of any one of claims 5 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311742153.9A CN117610058A (en) | 2023-12-18 | 2023-12-18 | RBAC-based multi-tenant supporting data authority management device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311742153.9A CN117610058A (en) | 2023-12-18 | 2023-12-18 | RBAC-based multi-tenant supporting data authority management device and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117610058A true CN117610058A (en) | 2024-02-27 |
Family
ID=89957911
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311742153.9A Pending CN117610058A (en) | 2023-12-18 | 2023-12-18 | RBAC-based multi-tenant supporting data authority management device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117610058A (en) |
-
2023
- 2023-12-18 CN CN202311742153.9A patent/CN117610058A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107342992B (en) | System authority management method and device and computer readable storage medium | |
| CN109643242B (en) | Security design and architecture for multi-tenant HADOOP clusters | |
| US10650156B2 (en) | Environmental security controls to prevent unauthorized access to files, programs, and objects | |
| EP2405607B1 (en) | Privilege management system and method based on object | |
| US7571473B1 (en) | Identity management system and method | |
| JP5787640B2 (en) | Authentication system, authentication method and program | |
| US8869250B2 (en) | Providing secure dynamic role selection and managing privileged user access from a client device | |
| US20140310769A1 (en) | Techniques for delegation of access privileges | |
| JP6932175B2 (en) | Personal number management device, personal number management method, and personal number management program | |
| US11888856B2 (en) | Secure resource authorization for external identities using remote principal objects | |
| US11552956B2 (en) | Secure resource authorization for external identities using remote principal objects | |
| KR20050014678A (en) | Zoned based security administration for data items | |
| CN111695108B (en) | Unified account identification system for multi-source accounts in heterogeneous computing environment | |
| CN116415217A (en) | Instant authorization system based on zero trust architecture | |
| US20240007458A1 (en) | Computer user credentialing and verification system | |
| CN111723401A (en) | Data access authority control method, device, system, storage medium and equipment | |
| KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment | |
| CN117610058A (en) | RBAC-based multi-tenant supporting data authority management device and method | |
| KR101304452B1 (en) | A cloud system for document management using location | |
| CN115422526B (en) | Role authority management method, device and storage medium | |
| CN118170493A (en) | Cloud desktop system and cloud desktop creation, reservation, authorization and pre-authorization method | |
| CN115001729A (en) | User authority control method, device, equipment and medium | |
| CN117193940A (en) | Data access method, device, electronic equipment and computer readable medium | |
| CN117195184A (en) | Method and system for unified authority management | |
| WO2023044279A1 (en) | Application programming interface (api) automation framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |