CN117668784A - Account authority control method and device - Google Patents

Account authority control method and device Download PDF

Info

Publication number
CN117668784A
CN117668784A CN202311610011.7A CN202311610011A CN117668784A CN 117668784 A CN117668784 A CN 117668784A CN 202311610011 A CN202311610011 A CN 202311610011A CN 117668784 A CN117668784 A CN 117668784A
Authority
CN
China
Prior art keywords
target
type
item
starting
indication information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311610011.7A
Other languages
Chinese (zh)
Inventor
李仕辉
李道童
张炳会
姚藩益
孙秀强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Metabrain Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Metabrain Intelligent Technology Co Ltd filed Critical Suzhou Metabrain Intelligent Technology Co Ltd
Priority to CN202311610011.7A priority Critical patent/CN117668784A/en
Publication of CN117668784A publication Critical patent/CN117668784A/en
Pending legal-status Critical Current

Links

Abstract

The embodiment of the application provides a method and a device for controlling account rights, wherein the method comprises the following steps: acquiring first permission indication information in the BMC in the starting process of the server; when the type of the first starting item indicated by the first authority indication information is inconsistent with the type of the second starting item indicated by the second authority indication information in the BIOS, the second authority indication information in the BIOS is replaced by the first authority indication information; when the type of the account number of the current login server is a non-administrator account number type, starting a starting item of the starting item type indicated by the target authority indication information on the server, wherein the authority indication information is used for indicating the starting item type of the starting item allowed to be started on the server, the target authority indication information is first authority indication information, and the starting item type is first starting item type. By the method and the device, the problem that the account authority setting flow is complex in the account authority control mode in the related technology is solved.

Description

Account authority control method and device
Technical Field
The embodiment of the application relates to the field of computers, in particular to a method and a device for controlling account rights.
Background
Administrator users and general users are two different types of user accounts in the server. The Administrator user is an Administrator account and has the highest authority. An Administrator user may perform various system-level tasks including installing and uninstalling software, modifying system settings, managing user accounts, and the like. This account is typically used for system management and configuration.
The distinction between an Administrator user and a normal user is the difference in rights. In order to avoid that the common user performs misoperation or malicious modification on the system, accesses important data and the like without knowing or being familiar with the system, the common user often needs to be limited. Although many restrictions have been made on some functions for the general user, there is currently no good way to make restrictions on different startup rights for the general user according to the needs of different users.
Therefore, the control mode of the account rights in the related art has the problem of complex setting flow of the account rights.
Disclosure of Invention
The embodiment of the application provides a method and a device for controlling account rights, which are used for at least solving the problem that the account rights are complicated in the account rights setting flow in the control mode of the account rights in the related technology.
According to one embodiment of the present application, there is provided a method for controlling account rights, including: in the starting process of a target server, acquiring first permission indication information stored in a Baseboard Management Controller (BMC), wherein the first permission indication information is used for indicating a first starting item type of a starting item allowed to be started on the target server; replacing second permission indication information stored in a Basic Input Output System (BIOS) with the first permission indication information under the condition that a first start-up item type indicated by the first permission indication information is inconsistent with a second start-up item type indicated by second permission indication information stored in the BIOS, wherein the second permission indication information is used for indicating the second start-up item type of a start-up item allowed to be started up on the target server; and under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by target authority indicating information on the target server, wherein the target authority indicating information is used for indicating the target starting item type of the starting item allowed to be started on the target server, and under the condition that the second authority indicating information stored in the BIOS is replaced by the first authority indicating information, the target authority indicating information is the first authority indicating information, and the target starting item type is the first starting item type.
In an exemplary embodiment, in a case where the first boot item type indicated by the first permission indication information is identical to the second boot item type indicated by the second permission indication information stored in the BIOS, the method further includes: maintaining the second permission indication information stored in the BIOS unchanged; and under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by target authority indication information on the target server, wherein the starting item comprises the following components: and under the condition that the account type of the target account is the non-administrator account type, starting a starting item of the target starting item type indicated by the target authority indication information on the target server, wherein the target authority indication information is the second authority indication information under the condition that the second authority indication information stored in the BIOS is kept unchanged, and the target starting item type is the second starting item type.
In an exemplary embodiment, in a case that an account type of a target account currently logged into the target server is a non-administrator account type, the method for starting a start item of a target start item type indicated by the target authority indication information on the target server includes: creating a group of starting items on the target server under the condition that the account type of the target account currently logged in the target server is the non-administrator account type, and recording the identification of each starting item in the group of starting items in a first starting item list; acquiring the target authority indication information; deleting the starting item with the type which is not the target starting item type indicated by the target authority indication information from the first starting item list to obtain an updated first starting item list; and starting the first target starting item on the target server according to the identifier of the first target starting item recorded in the updated first starting item list, wherein the first target starting item is a starting item of a target starting item type indicated by the target authority indication information.
In an exemplary embodiment, the deleting a startup item of which the type is not the target startup item type indicated by the target authority indication information in the first startup item list includes: acquiring the identification of each starting item recorded in the first starting item list; and determining whether the type of each startup item is the target startup item type according to the identification of each startup item, and deleting startup items with types which are not the target startup item type indicated by the target authority indication information from the first startup item list.
In an exemplary embodiment, the determining, according to the identification of each startup item, whether the type of each startup item is the target startup item type includes: and inputting the identifier of each starting item and the type of the target starting item into a first type judging function preset in the server to obtain a type judging result of each starting item in the group of starting items, wherein the type judging result of one starting item in the group of starting items is used for indicating whether the type of the one starting item is the type of the target starting item.
In an exemplary embodiment, in a case that an account type of a target account currently logged into the target server is a non-administrator account type, the method for starting a start item of a target start item type indicated by the target authority indication information on the target server includes: determining a group of hardware devices in the target server, wherein the starting item is created in the case that the account type of the target account currently logged in the target server is the non-administrator account type; determining a target hardware device, corresponding to the starting item, in the group of hardware devices, the type of which is consistent with the type of the starting item corresponding to the target authority indication information, and recording the starting item corresponding to the target hardware device in a second starting item list; and starting the second target starting item on the target server according to the identification of the second target starting item recorded in the second starting item list, wherein the second target starting item is a starting item of the target starting item type indicated by the target authority indication information.
In an exemplary embodiment, the determining, in the set of hardware devices, a target hardware device whose type of a corresponding boot item is consistent with the type of the boot item corresponding to the target authority indication information includes: and inputting the identifier of the starting item corresponding to each hardware device in the group of hardware devices and the type of the target starting item into a second type judging function preset in the server to obtain a type judging result of the starting item corresponding to each hardware device in the group of hardware devices, wherein the type judging result of the starting item corresponding to one hardware device in the group of hardware devices is used for indicating whether the type of the starting item corresponding to the one hardware device is the type of the target starting item.
According to another embodiment of the present application, there is provided a control device for account rights, including: the system comprises an acquisition module, a control module and a control module, wherein the acquisition module is used for acquiring first permission indication information stored in a Baseboard Management Controller (BMC) in the starting process of a target server, wherein the first permission indication information is used for indicating a first starting item type of a starting item allowed to be started on the target server; a replacing module, configured to replace, when a first startup item type indicated by the first permission indication information is inconsistent with a second startup item type indicated by second permission indication information stored in a BIOS of a basic input output system, the second permission indication information stored in the BIOS being used to indicate the second startup item type of a startup item allowed to be started on the target server; the starting module is used for starting a starting item of a target starting item type indicated by target authority indicating information on the target server under the condition that the account type of a target account currently logged in the target server is a non-administrator account type, wherein the target authority indicating information is used for indicating the target starting item type of the starting item allowed to be started on the target server, and the target authority indicating information is the first authority indicating information under the condition that the second authority indicating information stored in the BIOS is replaced by the first authority indicating information, and the target starting item type is the first starting item type.
According to a further embodiment of the present application, there is also provided a computer readable storage medium having stored therein a computer program, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
According to a further embodiment of the present application, there is also provided an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
According to the method and the device, the preset permission indication information is adopted to determine the starting item which can be started according to the user type on the current server in the starting process of the server, because the preset permission indication information can be permission indication setting of the non-administrator account, different permission indication information can be preset for the server according to actual requirements of different users, when the non-administrator account logs in the server, the starting item which allows the non-administrator account to start and prohibits the starting item which does not allow the non-administrator account to start can be started according to the requirements of the user, when the administrator account logs in the server, the preset permission indication information can be ignored, all the starting items which can be started on the current server are started, and the permission indication information recorded in the basic input and output system can be synchronized in real time based on the permission indication information stored in the baseboard management controller. Therefore, the problem that the account authority setting flow is complex in the account authority control mode in the related technology can be solved.
Drawings
FIG. 1 is a schematic diagram of a hardware environment of an alternative method for controlling account rights according to an embodiment of the present application;
FIG. 2 is a flow chart of an alternative method of controlling account rights in accordance with an embodiment of the present application;
FIG. 3 is a flow chart of another alternative method of controlling account rights in accordance with an embodiment of the present application;
FIG. 4 is a flow chart of yet another alternative method of controlling account rights in accordance with an embodiment of the present application;
FIG. 5 is a flow chart of yet another alternative method of controlling account rights in accordance with an embodiment of the present application;
FIG. 6 is a flow chart of yet another alternative method of controlling account rights in accordance with an embodiment of the present application;
FIG. 7 is a flow chart of yet another alternative method of controlling account rights in accordance with an embodiment of the present application;
fig. 8 is a block diagram of an alternative account authority control device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application will be described in detail below with reference to the accompanying drawings in conjunction with the embodiments.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the embodiments of the present application may be performed in a server device or similar computing device. Taking the operation on the server device as an example, fig. 1 is a block diagram of a hardware structure of the server device of a control method of account rights in an embodiment of the present application. As shown in fig. 1, the server device may include one or more (only one is shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a microprocessor MCU, a programmable logic device FPGA, or the like processing means) and a memory 104 for storing data, wherein the server device may further include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those of ordinary skill in the art that the architecture shown in fig. 1 is merely illustrative and is not intended to limit the architecture of the server apparatus described above. For example, the server device may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to a method for controlling account rights in the embodiment of the present application, and the processor 102 executes the computer program stored in the memory 104, thereby performing various functional applications and data processing, that is, implementing the method described above. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located with respect to the processor 102, which may be connected to the server device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of a server device. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is configured to communicate with the internet wirelessly.
In this embodiment, a method for controlling account rights is provided, and fig. 2 is a flowchart of an alternative method for controlling account rights according to an embodiment of the present application, as shown in fig. 2, where the flowchart includes the following steps:
step S202, acquiring first permission indication information stored in a Baseboard Management Controller (BMC) in a starting process of a target server, wherein the first permission indication information is used for indicating a first starting item type of a starting item allowed to be started on the target server;
step S204, when the type of the first startup item indicated by the first permission indication information is inconsistent with the type of the second startup item indicated by the second permission indication information stored in the BIOS of the basic input output system, replacing the second permission indication information stored in the BIOS with the first permission indication information, wherein the second permission indication information is used for indicating the type of the second startup item of the startup item allowed to be started on the target server;
In step S206, in the case that the account type of the target account currently logged in to the target server is the non-administrator account type, the start-up item of the target start-up item type indicated by the target permission indication information is started on the target server, where the target permission indication information is used to indicate the target start-up item type of the start-up item allowed to be started up on the target server, and in the case that the second permission indication information stored in the BIOS is replaced with the first permission indication information, the target permission indication information is the first permission indication information, and the target start-up item type is the first start-up item type.
The control method of account rights in the embodiment can be applied to a scene that the starting item in the server is limited. Here, the limitation of the startup item may refer to limitation of startup of the startup item, that is, permission of startup item startup or prohibition of startup item startup. The startup item may refer to a program or service that is automatically loaded when a device such as a server is started. These programs typically run automatically at operating system start-up to provide various functions or services.
Administrator users and general users (also referred to as Users) are two different types of User accounts in a server. The Administrator user is an Administrator account and has the highest authority. An Administrator user may perform various system-level tasks including installing and uninstalling software, modifying system settings, managing user accounts, and the like. This account is typically used for system management and configuration. The Administrator is a person with uncontrolled authority in the server, has all management authorities of the server, can freely change system files, change system settings, and endow subordinate administrators with a series of authorities such as authorities. The authority range of the server Administrator user is very wide, and various aspects of the system can be controlled and managed. This also means that the account of the user of the Administrator is very important and needs to be properly protected, and the general customer is dedicated to use the account.
The distinction between an Administrator user and a normal user is the difference in rights. The common user is a limited user account and has lower authority. The Administrator user has higher authority, can perform more operations on the system, and the authority of the common user is limited, so that only some basic operations can be performed. Taking the BIOS (basic Input/Output System) Setup option as an example, many options and functions are not visible to the User.
Although many restrictions have been made on users in some functions, there is a scenario that there is no good restriction on the usage rights of the boot item, and if each OS (Operating System), PXE (Preboot Execution Environment, pre-boot execution environment), CD (Compact Disc)/DVD (Digital Versatile Disc ) and other important systems on the server can be accessed, there is no good management System, and in order to protect the security of the System or environment, there is a need to make a certain restriction on users, for example: only the User is allowed to have the boot permission of an HDD (Hard Disk Drive), other classified boot items are not allowed to be accessed, or only the client is allowed to access a PXE system to perform information query, and the installed OS is not allowed to be used.
In this embodiment, the permission indication information may be used to implement limitation of the startup item in the startup process of the server. Here, the permission indication information may refer to indication information recorded in the BIOS. It should be noted that, the authority indication information recorded in the BIOS is updated with the current value of the authority indication information stored in the BMC during the startup process of the server, so as to implement the modification of the authority limit of the startup item.
Optionally, for the BMC side, an option "User Boot Type" (i.e., an option of "User start Type") may be newly added, which is used to control a start item Type supporting User account start, and ALL start items may be supported by default, i.e., the default value of "User Boot Type" is "ALL". Specific option values for "User Boot Type" may include "HDD", "PXE", "CD/DVD", "OTHER" in addition to "ALL".
Optionally, the option value of "User Boot Type" at the BMC may be modified by modifying the option at the BMC using a related command (e.g., redfish (an open standard server management protocol), IPMI (Intelligent Platform Management Interface, a hardware management interface)).
Among the above option values, "ALL" is an option default, indicating that ALL types of startup are supported; "HDD" means a system that supports boot item booting of HDD type, typically installed in a disk such as a solid state disk, a mechanical hard disk, a hybrid hard disk, etc., but does not include a USB-switched hard disk; "PXE" means that the start-up item of the PXE type is supported, the type is the start-up item of the network card start-up, every network port will have a start-up item to start up in default; "CD/DVD" means a startup item that supports a DC/DVD type, which is a CD, DVD startup item; "OTHER" means support for OTHER types of startup item startup, such as: USB flash disk.
Optionally, the "User Boot Type" option that is the same as the BMC may be added to the BIOS, and the option may be added under the BIOS setup directory "Miscellaneous Configuration" (configured for miscellaneous items on the BIOS interface). Since the BIOS is responsible for system startup and hardware initialization, in the server startup process, under the condition that it is determined that the account on the current server belongs to a non-administrator account (i.e., the aforementioned User), startup of various startup items can be limited according to the current value of "User Boot Type" in the BIOS. The current value here may refer to an option value that the BIOS synchronizes from the "User Boot Type" of the BMC.
Alternatively, the current value of "User Boot Type" in BIOS may be stored in NVRAM (Non-Volatile Random Access Memory, nonvolatile random access memory) on BIOS. When it is determined that the current value of "User Boot Type" in the BMC is inconsistent with BIOS save, the option value of BIOS may be modified and re-written to NVRAM. In addition, the account type of the target account currently logged into the target server may be obtained from NVRAM on the BIOS.
It should be noted that, because the administtrator User is the User with the maximum authority, as the super Administrator owns all the management authorities of the server, the system file can be freely changed, the system setting is changed, a series of authorities such as authority given to the lower Administrator can set the authority of the client according to different User levels, in the starting process of the server, under the condition that the account number on the current server is determined to belong to the Administrator account number (i.e. the aforementioned administtrator User), the current value of "User Boot Type" in the BIOS can be ignored, and all the startup items that can be started currently on the server can be started.
In addition, under the condition that the account number on the current server belongs to the administrator account number, the modification of the current value of the User Boot Type stored at the BMC end can be supported. And then the current value of the User Boot Type stored in the BIOS can be modified by synchronizing the information in the BMC by the subsequent BIOS.
Through the steps, in the starting process of the target server, first permission indication information stored in the BMC is obtained, wherein the first permission indication information is used for indicating a first starting item type of a starting item allowed to be started on the target server; when the type of the first starting item indicated by the first authority indication information is inconsistent with the type of the second starting item indicated by the second authority indication information stored in the BIOS of the basic input output system, replacing the second authority indication information stored in the BIOS with the first authority indication information, wherein the second authority indication information is used for indicating the type of the second starting item of the starting item allowed to be started on the target server; under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by target authority indication information on the target server, wherein the target authority indication information is used for indicating the target starting item type of the starting item allowed to be started on the target server, under the condition that second authority indication information stored in the BIOS is replaced by first authority indication information, the target authority indication information is the first authority indication information, the target starting item type is the first starting item type, the problem that an account authority setting flow is complex in a control mode of account authorities in the related technology is solved, and the complexity of the user authority setting flow is reduced.
The main execution body of the above steps may be a server, a terminal, or the like, but is not limited thereto.
In an exemplary embodiment, in a case where the first boot item type indicated by the first permission indication information is consistent with the second boot item type indicated by the second permission indication information stored in the BIOS, the method further includes: keeping the second authority indication information stored in the BIOS unchanged;
and under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by the target authority indication information on the target server, wherein the starting item comprises the following components: and under the condition that the account type of the target account is a non-administrator account type, starting a starting item of a target starting item type indicated by the target authority indication information on the target server, wherein the target authority indication information is second authority indication information under the condition that second authority indication information stored in the BIOS is kept unchanged, and the target starting item type is the second starting item type.
It should be noted that, when the current value of "User Boot Type" stored in the BMC is consistent with the current value stored in the BIOS, the current value in the BIOS does not need to be modified, and the current value does not need to be rewritten into the NVRAM of the BIOS. In the starting process of the target server, the current value in the BIOS can be directly used as the permission indication information for controlling the starting item on the current server to start or prohibit.
According to the embodiment, when the authority indication information stored in the BMC is the same as the authority indication information stored in the BIOS, the acquired authority indication information stored in the BMC is not used for modifying the authority indication information stored in the BIOS, so that the utilization rate of resources can be improved.
In an exemplary embodiment, in a case that an account type of a target account currently logged in to a target server is a non-administrator account type, starting a start item of a target start item type indicated by target authority indication information on the target server includes:
s11, under the condition that the account type of a target account currently logged in a target server is a non-administrator account type, creating a group of starting items on the target server, and recording the identification of each starting item in the group of starting items in a first starting item list;
s12, acquiring target authority indication information;
s13, deleting the starting item with the type which is not the target starting item type indicated by the target authority indication information from the first starting item list to obtain an updated first starting item list;
s14, starting the first target starting item on the target server according to the identifier of the first target starting item recorded in the updated first starting item list, wherein the first target starting item is a starting item of the target starting item type indicated by the target authority indication information.
It should be noted that, the startup of the startup item in the startup process of the server may be performed according to startup item information recorded in the startup item list, that is, the startup item list is used as an indication list for startup of the startup item, and the startup item recorded in the startup item list may be started. The successful start of the start item in this embodiment may refer to that an operation interface corresponding to the start item is displayed on a display interface of the server.
When the account type of the target account currently logged in to the target server is a non-administrator account type, a group of startup items may be created on the target server, an identifier of each startup item in the group of startup items is recorded in a first startup item list, and then startup items which are not allowed to be started are deleted in the startup item list according to permission indication information.
The creation of the startup item may refer to creating a startup profile of the startup item, and the startup profile to be created may be determined according to a device installed or connected to a current server. If the network card is detected to exist in the starting process of the server, a starting configuration file of a starting item of a PXE type can be created according to the network card, relevant information of the starting item corresponding to the network card is recorded in a starting item list, the relevant information of the starting item corresponding to the network card recorded in the starting item list is deleted when the authority indication information indicates that the starting item of the PXE type is not allowed to start, the relevant information of the starting item corresponding to the network card recorded in the starting item list is reserved when the authority indication information indicates that the starting item of the PXE type is not allowed to start, and the starting item corresponding to the network card is started according to the information (the identification of the starting item or other information related to the starting of the starting item) recorded in the starting item list.
According to the embodiment, the starting item list is firstly generated in the starting process of the server, and then the starting item which is recorded in the list and is not allowed to be started is deleted according to the acquired current user information and the authority limit indication information corresponding to the user information, so that the missing of the starting item which is not allowed to be started can be avoided, and the accuracy of controlling the account authority is improved.
In one exemplary embodiment, deleting a startup item of which the type is not the target startup item type indicated by the target authority indication information in the first startup item list includes:
s21, obtaining the identification of each starting item recorded in the first starting item list;
s22, determining whether the type of each startup item is a target startup item type according to the identification of each startup item, and deleting startup items with types which are not the target startup item type indicated by the target authority indication information from the first startup item list.
It should be noted that, when deleting a startup item in the first startup item list that is not the type of the target startup item indicated by the target permission indication information according to the target permission indication information, the type of each startup item may be determined according to the identifier of each startup item recorded in the first startup item list.
The identifier may be a symbol or other indication value (for example, the identifier of the HDD type of the initiator may be the HDD) that directly indicates the type of the initiator, or may be a character or other indication value (for example, a device or system identifier corresponding to the initiator) that indirectly indicates the type of the initiator, and the type of the initiator may be indirectly determined according to the device or system identifier.
Alternatively, when deleting a startup item whose type in the first startup list is not the target startup item type indicated by the target permission indication information, a manner of acquiring the identity of one startup item in the first startup list and judging whether the type thereof is the target startup item type indicated by the target permission indication information each time may be adopted. As shown in fig. 3, according to the order of the starting items recorded in the first starting item list, the identifier of each starting item is sequentially obtained, then based on the identifier, it is determined whether the type of the starting item is the target starting item type indicated by the target authority indication information, if yes, the information of the starting item recorded in the first starting item list is deleted, otherwise, the starting item is reserved, and the next starting item identifier in the first starting item list is obtained, and the operation is repeated in the foregoing manner.
According to the embodiment, whether the type of each startup item is the type indicated by the target authority indication information is determined according to the identifier of the startup item recorded in the startup item list, so that the efficiency of determining the type of the startup item can be improved, and the efficiency of limiting the startup item is improved.
In one exemplary embodiment, determining whether the type of each launch item is the target launch item type based on the identification of each launch item includes:
s31, inputting the identification of each starting item and the type of the target starting item into a first type judging function preset in the server to obtain a type judging result of each starting item in a group of starting items, wherein the type judging result of one starting item in the group of starting items is used for indicating whether the type of one starting item is the type of the target starting item.
It should be noted that, the first type of determining function may be a Filter function, the transfer parameter of the first type of determining function may be a type of a start item indicated by the target authority indicating information (for example, the type of the start item indicated by the target authority indicating information is an HDD type, the transfer parameter may be an HDD), and the type determining result of each start item may be determined according to the result output by the first type of determining function.
Alternatively, the result of the output of the first type judging function may be "FALSE" or "TRUE", that is, when "FALSE" is output, it may indicate that the type of the current startup item is the startup item type indicated by the target authority indicating information, and when "TRUE" is output, it may indicate that the type of the current startup item is not the startup item type indicated by the target authority indicating information.
Alternatively, deleting the startup item in the first startup list may be accomplished by invoking a delete function (e.g., delete Boot Device).
The control manner of the startup item on the server in the startup of the server may be as shown in fig. 4:
step 1, synchronizing the current value of the User Boot Type from the BMC and keeping consistent with the BMC in the starting process of the server.
If the option value is inconsistent with the BIOS save, the option value of the BIOS is modified and the NVRAM is rewritten.
And 2, creating all starting items in the starting process.
And step 3, acquiring current user information from the NVRAM.
And step 4, judging whether the User is of the User type. If the User is of the User type, jumping to step 5; otherwise, directly ending.
And 5, acquiring the current value of the option of the User Boot Type from the NVRAM.
Step 6, judging whether the current value is ALL. If the current value is not "ALL", step 7 is skipped; otherwise, directly ending.
And 7, acquiring the starting item information in the starting item list.
And 8, judging whether the starting item exists. If the start item exists, jumping to step 9; otherwise, directly ending.
And 9, adding a Filter function to judge which starting items need to be deleted.
By calling a function Filter ("User Boot Type" current value).
And step 10, judging which starting items need to be reserved through the transfer parameters, returning ASLSE to be reserved, and returning TRUE to be deleted.
If the transfer parameter is HDD, judging whether the current starting item is HDD type starting item, if yes, returning to FALSE, otherwise, returning to TRUE; if the transfer parameter is PXE, judging whether the start item is a network card type start item, if so, returning to FALSE, otherwise, returning to TRUE; if the transfer parameter is "CD/DVD", judging whether the start item is a CD/DVD type start item, if so, returning to FALSE, otherwise, returning to TRUE; if the transfer parameter is "OTHER", it is determined whether the start-up item is a start-up item OTHER than HDD, PXE, CD/DVD type, if so, return FALSE, otherwise return TRUE.
Step 11, it is determined whether the return value is TRUE. If yes, the process proceeds to step 12, otherwise, the process proceeds to step 13.
In step 12, if the Filter function return value is TRUE, the call Delete Boot Device function deletes the initiator from the list of initiators.
Step 13, obtaining the next starting item in the starting item list, if the starting item exists, entering step 10, otherwise, ending.
According to the embodiment, by calling the function with the parameters being the type of the starting item indicated by the target authority indication information and determining whether the type of each starting item in the first starting item list is the type of the starting item indicated by the target authority indication information according to the result output by the function, the accuracy and the efficiency of judging the type of the starting item can be improved.
In an exemplary embodiment, in a case that an account type of a target account currently logged in to a target server is a non-administrator account type, starting a start item of a target start item type indicated by target authority indication information on the target server includes:
s41, determining a group of hardware devices in the target server, wherein the starting item is created in the case that the account type of the target account currently logged in the target server is a non-administrator account type;
S42, determining a target hardware device, corresponding to the type of the starting item, in the group of hardware devices, consistent with the type of the starting item corresponding to the target authority indication information, and recording the starting item corresponding to the target hardware device in a second starting item list;
s43, starting a second target starting item on the target server according to the identification of the second target starting item recorded in the second starting item list, wherein the second target starting item is a starting item of the target starting item type indicated by the target authority indication information.
It should be noted that, when the account type of the target account currently logged in the target server is the non-administrator account type, the startup item which is consistent with the startup item type indicated by the permission indication information in the created startup item may be directly recorded in the startup item list according to the permission indication information, and then the startup item on the target server may be started according to the startup item recorded in the startup item list.
The created startup item may be a startup item generated according to the detected hardware device in the startup of the server. In this embodiment, a set of hardware devices in the target server that have created the boot item may refer to that a boot item configuration file of a set of hardware devices has been created successfully. The hardware device may be the aforementioned usb disk, network card, or other solid state disk, mechanical hard disk, and hybrid hard disk.
Optionally, under the condition that the account type of the target account of the current login target server is the administrator account type, all the conditions of a group of starting items corresponding to a group of hardware devices can be directly added into the starting item list, so that all the starting items can be started according to the information recorded in the starting item list. Here, the recording of the startup item in the second startup item list may be achieved by calling an Add function (Add Boot Device function).
Under the condition that the account type of the target account of the current login target server is the non-administrator account type, determining whether each hardware device in a group of hardware devices has a starting item with the same starting item type as the starting item type corresponding to the target authority indication information or not sequentially, if yes, recording the starting item corresponding to the hardware device in a second starting item list, and if no, not recording. As shown in fig. 5, the type of the start-up item corresponding to the current hardware device may be determined according to the detection sequence of a set of hardware devices, when the types of the start-up items corresponding to the start-up item types target authority of the current hardware device indicate that the types of the start-up items corresponding to the wash-up items are consistent, the start-up item identifier corresponding to the current hardware device is recorded in the start-up item list (otherwise, the start-up item corresponding to the current hardware device is ignored), and the type of the start-up item corresponding to the next hardware device in the set of hardware devices is determined.
According to the method and the device, under the condition that the type of the starting item is consistent with the type of the starting item indicated by the target authority indication information, the starting item is added to the starting item list, the starting item which is not allowed to be started is prevented from being existed in the starting item list, and therefore accuracy of account authority limitation is improved.
In one exemplary embodiment, determining a target hardware device in a group of hardware devices, where the type of the corresponding boot item is consistent with the type of the boot item corresponding to the target authority indication information, includes:
s51, inputting the identifier of the starting item corresponding to each hardware device in the group of hardware devices and the type of the target starting item into a second type judging function preset in the server to obtain a type judging result of the starting item corresponding to each hardware device in the group of hardware devices, wherein the type judging result of the starting item corresponding to one hardware device in the group of hardware devices is used for indicating whether the type of the starting item corresponding to the one hardware device is the type of the target starting item.
It should be noted that, the second type of judging function may be a Filter function, the transfer parameter may also be a type of a start item corresponding to the target authority indication information, and the type judging result of the start item corresponding to each hardware device may be determined according to the output result of the second type of judging function. Here, the output result of the second type judgment function may be similar to the output result of the aforementioned first type judgment function, that is, "FALSE" or "TRUE". However, when the second type judging function outputs "FALSE", it indicates that the type of the starting item corresponding to the current hardware device is consistent with the type of the starting item corresponding to the target authority indicating information. When the second type judging function outputs TRUE, the type of the starting item corresponding to the current hardware equipment is inconsistent with the type of the starting item corresponding to the target authority indicating information.
The control manner of the startup item on the server in the startup of the server may also be as shown in fig. 6:
step 1, synchronizing the current value of the User Boot Type from the BMC and keeping consistent with the BMC in the starting process of the server.
If the option value is inconsistent with the BIOS save, the option value of the BIOS is modified and the NVRAM is rewritten.
And 2, polling all device information of the existing startup items. If the device exists, jumping to the step 3; otherwise, directly ending.
And step 3, acquiring current user information from the NVRAM.
And step 4, judging whether the User is of the User type. If the User is of the User type, jumping to step 5; otherwise, calling the Add Boot Device function to Add the startup item to the startup item list, and jumping to the step 10.
And 5, acquiring the current value of the option of the User Boot Type from the NVRAM.
Step 6, judging whether the current value is ALL. If the current value is not "ALL", step 7 is skipped; otherwise, the Add Boot Device function appends the startup item to the startup item list, and jumps to step 10.
And 7, newly adding a Filter function to judge which starting items need to be started.
By calling a function Filter ("User Boot Type" current value).
And 8, judging which starting items are allowed to start through the transfer parameters, returning TRUE if the starting items are allowed to start, and otherwise, returning ASLSE.
If the transfer parameter is HDD, judging whether the current equipment has HDD startup item, if so, returning TRUE, otherwise, returning FALSE; if the transfer parameter is PXE, judging whether the current equipment has a network card type starting item, if so, returning TRUE, otherwise, returning FALSE; if the transfer parameter is "CD/DVD", judging whether the current equipment has a CD/DVD type starting item, if so, returning to TRUE, otherwise, returning to FALSE; if the transfer parameter is "OTHER", it is determined whether the current device has a startup option OTHER than HDD, PXE, CD/DVD type, if so, TRUE is returned, otherwise FALSE is returned.
And 9, if the return value of the Filter function is TRUE, calling the Add Boot Device function to generate a starting item and adding the starting item to a starting item list.
Step 10, polling the next device to create the start item, if the device is present, jumping to step 7, otherwise, ending.
According to the embodiment, by calling the function with the parameter being the type of the starting item indicated by the target authority indication information and determining whether the type of the starting item corresponding to each piece of hardware equipment is the type of the starting item indicated by the target authority indication information according to the result output by the function, the accuracy and the efficiency of judging the type of the starting item can be improved.
The following explains the control method of account rights in the embodiment of the present application with reference to an alternative example.
In this optional example, a solution for generating a fixed classification startup according to User rights is provided, where the startup rights of non-administrator accounts are controlled by adding an option "User Boot Type" to the BMC end and the BIOS end. Different account authority control can be realized by setting and modifying the current value of the User Boot Type, and classification management of the starting items can be realized by the starting item Type indicated by the User Boot Type.
The flow of the method for controlling account rights in this alternative example may be as shown in fig. 7, and may include the following steps:
in step S702, the current value of "User Boot Type" is synchronized from the BMC during the startup process of the server.
In step S704, when it is determined that the current account on the server is a non-administrator account, the startup identifier recorded in the startup list is adjusted based on the current value.
Step S706, starting the currently allowed starting item according to the starting item identification recorded in the starting item list.
By the alternative example, the authority of the starting item is classified and managed, so that the security and confidentiality of the system are improved, and meanwhile, the efficiency of authority control is improved.
It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of the embodiments of the present application.
The embodiment also provides a device for controlling account rights, which is used for implementing the foregoing embodiments and preferred embodiments, and is not described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 8 is a block diagram of a control device for account rights according to an embodiment of the present application, as shown in fig. 8, including:
the obtaining module 802 is configured to obtain, during a boot process of the target server, first permission indication information stored in the baseboard management controller BMC, where the first permission indication information is used to indicate a first boot item type of a boot item that is allowed to be booted on the target server;
a replacing module 804, coupled to the obtaining module 802, configured to replace, when the type of the first startup item indicated by the first permission indication information is inconsistent with the type of the second startup item indicated by the second permission indication information stored in the BIOS, the second permission indication information being used to indicate the type of the second startup item that is allowed to be started on the target server;
The startup module 806 is connected to the replacement module 804, and is configured to, when the account type of the target account currently logged in to the target server is a non-administrator account type, startup items of a target startup item type indicated by the target permission indication information on the target server, where the target permission indication information is used to indicate a target startup item type of a startup item permitted to be started on the target server, and when the second permission indication information stored in the BIOS is replaced with the first permission indication information, the target permission indication information is the first permission indication information, and the target startup item type is the first startup item type.
According to the embodiment of the application, in the starting process of the target server, first permission indication information stored in the BMC is obtained, wherein the first permission indication information is used for indicating a first starting item type of a starting item allowed to be started on the target server; when the type of the first starting item indicated by the first authority indication information is inconsistent with the type of the second starting item indicated by the second authority indication information stored in the BIOS of the basic input output system, replacing the second authority indication information stored in the BIOS with the first authority indication information, wherein the second authority indication information is used for indicating the type of the second starting item of the starting item allowed to be started on the target server; and under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by target authority indication information on the target server, wherein the target authority indication information is used for indicating the target starting item type of the starting item allowed to be started on the target server, and under the condition that second authority indication information stored in the BIOS is replaced by first authority indication information, the target authority indication information is the first authority indication information, and the target starting item type is the first starting item type.
In an exemplary embodiment, the above apparatus further includes: the maintaining module is used for maintaining the second permission indication information stored in the BIOS unchanged under the condition that the type of the first start-up item indicated by the first permission indication information is consistent with the type of the second start-up item indicated by the second permission indication information stored in the BIOS;
the starting module comprises: the first sub-module is configured to start, on the target server, a start item of a target start item type indicated by the target permission indication information when the account type of the target account is a non-administrator account type, where the target permission indication information is second permission indication information when second permission indication information stored in the BIOS is kept unchanged, and the target start item type is the second start item type.
In one exemplary embodiment, the start-up module includes:
the execution sub-module is used for creating a group of starting items on the target server and recording the identification of each starting item in the group of starting items in the first starting item list under the condition that the account type of the target account of the current login target server is a non-administrator account type;
the acquisition sub-module is used for acquiring target authority indication information;
The deleting sub-module is used for deleting the starting item with the type which is not the target starting item type indicated by the target authority indication information from the first starting item list to obtain an updated first starting item list;
and the second promoter module is used for starting the first target starting item on the target server according to the identifier of the first target starting item recorded in the updated first starting item list, wherein the first target starting item is the starting item of the target starting item type indicated by the target authority indication information.
In one exemplary embodiment, the delete submodule includes:
the acquisition unit is used for acquiring the identification of each starting item recorded in the first starting item list;
and the execution unit is used for determining whether the type of each startup item is the target startup item type according to the identification of each startup item, and deleting the startup item with the type which is not the target startup item type indicated by the target authority indication information from the first startup item list.
In one exemplary embodiment, an execution unit includes:
the input subunit is configured to input the identifier of each start item and the type of the target start item to a first type judgment function preset in the server, so as to obtain a type judgment result of each start item in a group of start items, where the type judgment result of one start item in the group of start items is used to indicate whether the type of one start item is the type of the target start item.
In one exemplary embodiment, the start-up module includes:
the first determining submodule is used for determining a group of hardware devices with starting items established in the target server under the condition that the account type of the target account currently logged in the target server is a non-administrator account type;
the second determining submodule is used for determining target hardware equipment, corresponding to the type of the starting item, in the group of hardware equipment, consistent with the type of the starting item corresponding to the target authority indication information, and recording the starting item corresponding to the target hardware equipment in a second starting item list;
and the third promoter module is used for starting the second target starting item on the target server according to the identification of the second target starting item recorded in the second starting item list, wherein the second target starting item is the starting item of the target starting item type indicated by the target authority indication information.
In one exemplary embodiment, the second determination submodule includes:
the input unit is used for inputting the identifier of the starting item corresponding to each hardware device in the group of hardware devices and the type of the target starting item into a second type judging function preset in the server to obtain a type judging result of the starting item corresponding to each hardware device in the group of hardware devices, wherein the type judging result of the starting item corresponding to one hardware device in the group of hardware devices is used for indicating whether the type of the starting item corresponding to the one hardware device is the type of the target starting item.
It should be noted that each of the above modules may be implemented by software or hardware, and for the latter, it may be implemented by, but not limited to: the modules are all located in the same processor; alternatively, the above modules may be located in different processors in any combination.
Embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
In one exemplary embodiment, the computer readable storage medium may include, but is not limited to: a usb disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing a computer program.
Embodiments of the present application also provide an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
In an exemplary embodiment, the electronic device may further include a transmission device connected to the processor, and an input/output device connected to the processor.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, the present application is not limited to any specific combination of hardware and software.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the principles of the present application should be included in the protection scope of the present application.

Claims (10)

1. A control method of account rights is characterized in that,
comprising the following steps:
in the starting process of a target server, acquiring first permission indication information stored in a baseboard management controller (BM C), wherein the first permission indication information is used for indicating a first starting item type of a starting item allowed to be started on the target server; replacing second permission indication information stored in a Basic Input Output System (BIOS) with the first permission indication information under the condition that a first start-up item type indicated by the first permission indication information is inconsistent with a second start-up item type indicated by second permission indication information stored in the BIOS, wherein the second permission indication information is used for indicating the second start-up item type of a start-up item allowed to be started up on the target server;
and under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by target authority indicating information on the target server, wherein the target authority indicating information is used for indicating the target starting item type of the starting item allowed to be started on the target server, and under the condition that the second authority indicating information stored in the BIOS is replaced by the first authority indicating information, the target authority indicating information is the first authority indicating information, and the target starting item type is the first starting item type.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
in the case that the first boot item type indicated by the first permission indication information is consistent with the second boot item type indicated by the second permission indication information stored in the BIOS, the method further includes: maintaining the second permission indication information stored in the BIOS unchanged;
and under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by target authority indication information on the target server, wherein the starting item comprises the following components: and under the condition that the account type of the target account is the non-administrator account type, starting a starting item of the target starting item type indicated by the target authority indication information on the target server, wherein the target authority indication information is the second authority indication information under the condition that the second authority indication information stored in the BIOS is kept unchanged, and the target starting item type is the second starting item type.
3. The method of claim 1, wherein the step of determining the position of the substrate comprises,
And under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by target authority indication information on the target server, wherein the starting item comprises the following components:
creating a group of starting items on the target server under the condition that the account type of the target account currently logged in the target server is the non-administrator account type, and recording the identification of each starting item in the group of starting items in a first starting item list;
acquiring the target authority indication information;
deleting the starting item with the type which is not the target starting item type indicated by the target authority indication information from the first starting item list to obtain an updated first starting item list;
and starting the first target starting item on the target server according to the identifier of the first target starting item recorded in the updated first starting item list, wherein the first target starting item is a starting item of a target starting item type indicated by the target authority indication information.
4. The method of claim 3, wherein the step of,
The deleting, in the first startup list, a startup whose type is not the target startup type indicated by the target authority indication information, includes:
acquiring the identification of each starting item recorded in the first starting item list;
and determining whether the type of each startup item is the target startup item type according to the identification of each startup item, and deleting startup items with types which are not the target startup item type indicated by the target authority indication information from the first startup item list.
5. The method of claim 4, wherein the step of determining the position of the first electrode is performed,
and determining whether the type of each starting item is the target starting item type according to the identification of each starting item, wherein the method comprises the following steps:
and inputting the identifier of each starting item and the type of the target starting item into a first type judging function preset in the server to obtain a type judging result of each starting item in the group of starting items, wherein the type judging result of one starting item in the group of starting items is used for indicating whether the type of the one starting item is the type of the target starting item.
6. The method of claim 1, wherein the step of determining the position of the substrate comprises,
And under the condition that the account type of the target account currently logged in the target server is a non-administrator account type, starting a starting item of a target starting item type indicated by target authority indication information on the target server, wherein the starting item comprises the following components:
determining a group of hardware devices in the target server, wherein the starting item is created in the case that the account type of the target account currently logged in the target server is the non-administrator account type;
determining a target hardware device, corresponding to the starting item, in the group of hardware devices, the type of which is consistent with the type of the starting item corresponding to the target authority indication information, and recording the starting item corresponding to the target hardware device in a second starting item list; and starting the second target starting item on the target server according to the identification of the second target starting item recorded in the second starting item list, wherein the second target starting item is a starting item of the target starting item type indicated by the target authority indication information.
7. The method of claim 6, wherein the step of providing the first layer comprises,
the determining the target hardware device, of the group of hardware devices, of which the type of the corresponding start item is consistent with the type of the start item corresponding to the target authority indication information, includes:
And inputting the identifier of the starting item corresponding to each hardware device in the group of hardware devices and the type of the target starting item into a second type judging function preset in the server to obtain a type judging result of the starting item corresponding to each hardware device in the group of hardware devices, wherein the type judging result of the starting item corresponding to one hardware device in the group of hardware devices is used for indicating whether the type of the starting item corresponding to the one hardware device is the type of the target starting item.
8. A control device for account rights is characterized in that,
comprising the following steps:
the system comprises an acquisition module, a control module and a control module, wherein the acquisition module is used for acquiring first permission indication information stored in a Baseboard Management Controller (BMC) in the starting process of a target server, wherein the first permission indication information is used for indicating a first starting item type of a starting item allowed to be started on the target server;
a replacing module, configured to replace, when a first startup item type indicated by the first permission indication information is inconsistent with a second startup item type indicated by second permission indication information stored in a BIOS of a basic input output system, the second permission indication information stored in the BIOS being used to indicate the second startup item type of a startup item allowed to be started on the target server;
The starting module is used for starting a starting item of a target starting item type indicated by target authority indicating information on the target server under the condition that the account type of a target account currently logged in the target server is a non-administrator account type, wherein the target authority indicating information is used for indicating the target starting item type of the starting item allowed to be started on the target server, and the target authority indicating information is the first authority indicating information under the condition that the second authority indicating information stored in the BIOS is replaced by the first authority indicating information, and the target starting item type is the first starting item type.
9. A computer-readable storage medium comprising,
the computer readable storage medium has stored therein a computer program, wherein the computer program when executed by a processor realizes the steps of the method as claimed in any of claims 1 to 7.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that,
the processor, when executing the computer program, implements the steps of the method as claimed in any one of claims 1 to 7.
CN202311610011.7A 2023-11-28 2023-11-28 Account authority control method and device Pending CN117668784A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311610011.7A CN117668784A (en) 2023-11-28 2023-11-28 Account authority control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311610011.7A CN117668784A (en) 2023-11-28 2023-11-28 Account authority control method and device

Publications (1)

Publication Number Publication Date
CN117668784A true CN117668784A (en) 2024-03-08

Family

ID=90080007

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311610011.7A Pending CN117668784A (en) 2023-11-28 2023-11-28 Account authority control method and device

Country Status (1)

Country Link
CN (1) CN117668784A (en)

Similar Documents

Publication Publication Date Title
US10423572B2 (en) Performing live updates to file system volumes
US11086692B2 (en) Multiplatform management system and method for mobile devices
US20170331862A1 (en) Method for accessing cloud service and access device
US20180203719A1 (en) Image file conversion method and apparatus
EP2989543B1 (en) Method and device for updating client
US11269655B2 (en) Bare metal device management
EP3618352A1 (en) Virtual machine management
US9158734B1 (en) Method and apparatus for elastic provisioning
US11317276B2 (en) Methods and/or systems for activation and/or configuration of an electronic subscriber identity module (eSIM)
CN114428951B (en) Method and device for controlling access authority of network file system
US11714659B2 (en) Device provisioning with manufacturer boot environment
CN109783196B (en) Virtual machine migration method and device
US11431795B2 (en) Method, apparatus and storage medium for resource configuration
US9059919B1 (en) Systems and methods for preserving network settings for use in a pre-boot environment
CN108170482B (en) Information processing method and computer equipment
CN117668784A (en) Account authority control method and device
US11757976B2 (en) Unified application management for heterogeneous application delivery
US11385919B1 (en) Machine image launch system
US20220231916A1 (en) Network time parameter configuration based on logical host group
CN115208671A (en) Firewall configuration method and device, electronic equipment and storage medium
CN109101253B (en) Management method and device for host in cloud computing system
US10230787B2 (en) System and method for managing distributed cluster identity
US10110624B2 (en) Discovering and provisioning computing devices in a security enhanced environment
US20240129294A1 (en) Automatically generating task-based and limited-privilege user security credentials
CN114499946B (en) Login management method, device, equipment and machine-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination