Fine-grained access control method and system based on strategy grammar

An access control, fine-grained technology, applied in the direction of instruments, electrical digital data processing, digital data protection, etc., to achieve the effect of wide coverage of requirements, flexible management, and reduce the risk of misoperation

Inactive Publication Date: 2019-10-08
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical task of the present invention is to provide a fine-grained access control method and system based on policy syntax to solve t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fine-grained access control method and system based on strategy grammar
  • Fine-grained access control method and system based on strategy grammar
  • Fine-grained access control method and system based on strategy grammar

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] as attached figure 1 As shown, the fine-grained access control method based on policy syntax of the present invention, the steps of the method are as follows:

[0066] S1. Production strategy: Inspur cloud account strategy is preset for access control in public scenarios; for example, the main account needs to have access rights to the resources under its own account, and the sub-accounts have access rights to the resources it belongs to. Users can customize and create the required policies according to their needs; the specific steps are as follows:

[0067] S101. The created strategy includes resource (referring to resources in cloud services, including information such as services, regions, accounts, etc., which can be specific to resource instance granularity), action (specific operations on resources or resource instances) or condition (custom data filtering Conditions, more precise authorization); among them, resource represents one or a kind of resource, and sup...

Embodiment 2

[0092] The policy syntax-based fine-grained access control system of the present invention includes:

[0093] Inspur cloud account is used to create users and user groups, specify policies according to conditions, and then authorize the policies to sub-users and user groups, so that all users under the user tools and user groups have the functional permissions specified by the policies;

[0094] The strategy production module is used for users to customize and create the required strategies according to their needs;

[0095] The authorization module is used to bind the created policy to the entity. The entity is a user or user group, which abandons the concept of role and makes the process of access control more direct and efficient;

[0096] The authentication module is configured to assemble authentication request information according to the user request after receiving the user request. The authentication module adopts the authentication component ladon.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a fine-grained access control method and system based on strategy grammar. The invention discloses an access control method based on a wave cloud account strategy, belongs to the field of strategy access control, and aims to solve the technical problem of how to effectively protect system resources from being stolen and damaged and realize access control service with finerstrength, and the method comprises the following steps: S1, production strategy: presetting the wave cloud account strategy for access control of a public scene; the user creates a required strategy in a user-defined manner according to requirements; S2, authorization: binding the created strategy with an entity, wherein the entity is a user or a user group; and S3, authentication: after receivinga user request, assembling authentication request information according to the user request. The system comprises a wave cloud account, a strategy production module and an authentication module; andthe wave cloud account is used for creating a user and a user group, specifying a strategy according to conditions, and authorizing the strategy to the sub-users and the user group, so that the userhas the function permission specified by the strategy and all the users in the user group.

Description

technical field [0001] The invention relates to the field of access control based on policy syntax, in particular to a fine-grained access control method and system based on policy syntax. Background technique [0002] The implementation of access control technology is mainly based on the expression, analysis and implementation of access control policies. Among them, the access control policy defines the goal of system security protection, the access control model abstracts and describes the application and implementation of the access control policy, and the access control framework describes the specific implementation, composition architecture and interaction process between components of the access control system . [0003] Inspur Cloud provides many services for users, and provides basic access control services to restrict operations such as user menu permissions, but this kind of coarse-grained control can no longer meet more refined and deeper security requirements. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/60
CPCG06F21/604
Inventor 刘可新高传集蔡卫卫唐晓东黄启庆
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products