Resource management method, device, computer system, readable medium
The resource management method using a Shadow Account on a public cloud platform reduces the cost of establishing a private cloud platform by addressing the high upfront cost of building a data center and cloud platform for private cloud solutions through efficient resource access and control.
Patent Information
- Authority / Receiving Office
- KR · KR
- Patent Type
- Patents
- Current Assignee / Owner
- BEIJING JINGDONG SHANGKE INFORMATION TECH CO LTD
- Filing Date
- 2021-11-05
- Publication Date
- 2026-07-15
Smart Images

Figure 112023049126416-PCT00009_ABST
Abstract
Description
Technology Field
[0001] This application claims priority to Chinese patent application No. 202011242896.6 filed on November 9, 2020, the contents of which are incorporated herein by reference.
[0002] The present disclosure relates to the field of internet technology, and more specifically, to resource management methods, devices, computer systems, and readable media. Background Technology
[0003] Generally, for specific industries or private clouds, private cloud platforms are adopted to inherit the capabilities of public cloud platforms in terms of scale, growth, scalability, stability, and operational maintenance, while meeting the requirements for independent management and control of operations in terms of resource isolation and security. However, privately deployed cloud solutions require significant investment to build the underlying platform, and the cost of investing substantial assets upfront to establish an independent data center and cloud platform during the growth phase of an operation is excessive. The problem to be solved
[0004] In light of this, the present disclosure provides a resource management method, apparatus, computer system, and readable medium that reduce the cost input for independently building a computer room and a base platform under the framework of a private cloud. means of solving the problem
[0005] One aspect of the present disclosure provides a resource management method comprising: creating a Shadow Account in the private cloud platform for the user in response to an action of a user entering the private cloud platform; determining a resource pool corresponding to the Shadow Account; and accessing resources within the resource pool corresponding to the Shadow Account based on a preset access policy when the user accesses the private cloud platform.
[0006] According to an embodiment of the present disclosure, the private cloud platform is installed on a public cloud platform, and the private cloud platform shares the front-end components of the public cloud platform.
[0007] According to an embodiment of the present disclosure, when the user accesses the private cloud platform, based on a preset access policy, before accessing a resource in a resource pool corresponding to the shadow account, the user obtains the login status of the currently logged-in account; determines whether the login status is a private cloud platform login status; if the login status is not a private cloud platform login status, installs a corresponding access policy for the logged-in account and transitions the login status to a private cloud platform login status; and if the login status is a private cloud platform login status, accesses the private cloud platform.
[0008] According to an embodiment of the present disclosure, determining a resource pool corresponding to the shadow account comprises: acquiring a work area that the user enters; acquiring a resource pool corresponding to the work area; and installing the resource pool corresponding to the work area as a resource pool corresponding to the shadow account.
[0009] According to an embodiment of the present disclosure, installing a corresponding access policy for the logged-in account includes creating a role for the user on the private cloud platform based on the work area the user enters; and granting access rights for each role to resources within a resource pool corresponding to the shadow account.
[0010] According to an embodiment of the present disclosure, the user has at least one administrator account and / or at least one non-administrator account; the administrator account has the authority to access all resources in the resource pool corresponding to the shadow account; and the administrator account has the authority to grant roles to the non-administrator account.
[0011] According to an embodiment of the present disclosure, when the user accesses the private cloud platform, accessing resources within a resource pool corresponding to the shadow account based on a preset access policy comprises, when the user accesses the private cloud platform as a non-administrator account, acquiring a role corresponding to the non-administrator account; acquiring access rights of said role to resources within a resource pool corresponding to the shadow account; and, based on said access rights, controlling the non-administrator account to access resources within the resource pool corresponding to the shadow account.
[0012] Another aspect of the present disclosure provides a resource management device comprising: a creation module used to create a shadow account in the private cloud platform for the user in response to the operation of the user entering the private cloud platform; a determination module used to determine a resource pool corresponding to the shadow account; and an access module used to access resources within the resource pool corresponding to the shadow account based on a preset access policy when the user accesses the private cloud platform.
[0013] Another aspect of the present disclosure provides a computer-readable medium storing computer-executable instructions for implementing the method described above when executed.
[0014] Another aspect of the present disclosure provides a computer program comprising computer-executable instructions for implementing the method described above when executed. Effects of the invention
[0015] According to an embodiment of the present disclosure, by adopting a technical means for a shadow account in a private cloud platform, the usage status of a logged-in account for resources under the shadow account in the private cloud platform can be controlled, thereby achieving a technical effect of reducing the cost input for independently building a data center and a base platform under a private cloud solution. Brief explanation of the drawing
[0016]
[01] The above and other purposes, features, and advantages of the present disclosure will become more apparent through the description of embodiments of the present disclosure with reference to the attached drawings below. Herein,
[02] FIG. 1 schematically illustrates an exemplary system architecture (100) for a resource management method according to an embodiment of the present disclosure;
[03] FIG. 2 schematically shows a flowchart of a resource management method according to an embodiment of the present disclosure;
[04] FIG. 3 schematically shows a flowchart of a login state switching method according to an embodiment of the present disclosure;
[05] FIG. 4a schematically illustrates a flowchart for determining a resource pool according to an embodiment of the present disclosure;
[06] FIG. 4b schematically illustrates a schematic diagram of account access according to an embodiment of the present disclosure;
[07] FIG. 5 schematically illustrates a flowchart for accessing resources according to an embodiment of the present disclosure;
[08] FIG. 6 schematically shows a block diagram of a resource management device (600) according to an embodiment of the present disclosure; FIG. 7 schematically shows a block diagram of a computer system (700) suitable for implementing a resource management method according to an embodiment of the present disclosure. Specific details for implementing the invention
[0017] Embodiments of the present disclosure are described below with reference to the drawings. However, it should be understood that such description is merely illustrative and is not intended to limit the scope of the present disclosure. In the detailed description below, many specific details are described to facilitate the explanation and provide an overall understanding of the embodiments of the present disclosure. However, it is obvious that one or more embodiments may be implemented without these specific details. Furthermore, to avoid unnecessary confusion regarding the concept of the present disclosure, descriptions of known structures and technologies are omitted in the description below.
[0018] The terms used herein are merely for describing specific embodiments and are not intended to limit the disclosure. Terms such as “comprehensive,” “include,” etc., used herein indicate the presence of the features, steps, actions, and / or parts, but do not exclude the presence or addition of one or more other features, steps, actions, or parts.
[0019] All terms used herein (including technical and scientific terms) have the meaning generally understood by those skilled in the art unless otherwise defined. It should be noted that terms used herein should be interpreted as having a meaning consistent with the context of this specification and should not be interpreted in an idealized or overly inflexible manner.
[0020] Where expressions similar to "at least one of A, B, and C, etc." are used, they should generally be interpreted in the sense that a person skilled in the art would generally understand them (for example, "a system having at least one of A, B, and C" includes, but is not limited to, systems having A alone, systems having B alone, systems having C alone, systems having A and B, systems having A and C, systems having B and C, and / or systems having A, B, and C). Where expressions similar to "at least one of A, B, or C, etc." are used, they should generally be interpreted in the sense that a person skilled in the art would generally understand them (for example, "a system having at least one of A, B, or C" includes, but is not limited to, systems having A alone, systems having B alone, systems having C alone, systems having A and B, systems having A and C, systems having B and C, and / or systems having A, B, and C).
[0021] An embodiment of the present disclosure provides a resource management method. The method comprises, after a user enters a private cloud platform, the private cloud platform creating a shadow account and a role for the user, determining a resource pool corresponding to the shadow account, and granting permissions corresponding to the role. After the user logs into the private cloud platform, the private cloud platform controls the user's access to resources within the resource pool corresponding to the shadow account based on the user's current role and the permissions corresponding to the role.
[0022] FIG. 1 schematically illustrates an exemplary system architecture (100) for a resource management method according to an embodiment of the present disclosure. It should be noted that FIG. 1 is merely an example of a system architecture to which an embodiment of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not imply that an embodiment of the present disclosure may not be applied to other devices, systems, environments, or scenes.
[0023] As illustrated in FIG. 1, the system architecture (100) according to the present embodiment may include terminal devices (101, 102, 103), a network (104), and a server (105). The network (104) is used to provide a medium for a communication link between the terminal devices (101, 102, 103) and the server (105). The network (104) may include various types of connections, such as wired and / or wireless communication links.
[0024] Users can interact with the server (105) through the network (104) using terminal devices (101, 102, 103) to obtain information services of various degrees and types.
[0025] The terminal device (101, 102, 103) may be various electronic devices that have a display and support web browsing, and includes but is not limited to smartphones, tablets, laptop-type portable computers, desktop computers, etc.
[0026] The server (105) is a server of a public cloud platform, and the public cloud platform may be a storage cloud platform that primarily stores data, a computing cloud platform that primarily processes data, or an integrated cloud computing platform that combines computing and data storage processing.
[0027] It should be explained that the resource management method provided in the embodiment of the present disclosure may generally be performed by a server (105). Similarly, the resource management device provided in the embodiment of the present disclosure may generally be installed on the server (105). The resource management method provided in the embodiment of the present disclosure may also be performed by a server or server cluster capable of communicating with terminal devices (101, 102, 103) and / or the server (105), unlike the server (105). Similarly, the resource management device provided in the embodiment of the present disclosure may be installed on a server or server cluster capable of communicating with terminal devices (101, 102, 103) and / or the server (105), unlike the server (105).
[0028] It should be understood that the number of terminal devices, networks, and cloud platforms in FIG. 1 is merely exemplary. Depending on the requirements of the implementation, any number of terminal devices, networks, and cloud platforms may be used.
[0029] FIG. 2 schematically shows a flowchart of a resource management method according to an embodiment of the present disclosure.
[0030] As illustrated in FIG. 2, the present method includes operations S201 to S203.
[0031] In operation S201, in response to the operation of a user entering a private cloud platform, a shadow account is created on the private cloud platform for the user.
[0032] In operation S202, a resource pool corresponding to the shadow account is determined.
[0033] In operation S203, when the user accesses the private cloud platform, the user accesses resources within the resource pool corresponding to the shadow account based on a preset access policy.
[0034] In the present disclosure, a shadow account refers to an account having the same authority as an administrator account. A private cloud platform exists within a public cloud platform, shares the front-end components of the public cloud platform, and can provide cloud computing products and data services to users. Users refer to operators, software developers, etc. It is understood that other private cloud platforms may exist within the public cloud platform and provide exclusive services to various users according to user requirements.
[0035] In the present disclosure, the access policy may be the access rights of a role in the business area to which the user belongs to for a resource, and the access rights of different roles for each resource in the resource pool corresponding to the shadow account are different.
[0036] Specifically, for example, after user A chooses to enter a private cloud platform, the private cloud platform creates a shadow account with administrator privileges for user A, allocates a resource pool to the shadow account, and obtains an access policy corresponding to user A from the private cloud platform, thereby allowing user A to access resources within the resource pool corresponding to the shadow account based on this access policy.
[0037] According to an embodiment of the present disclosure, for a user entering a private cloud platform, a shadow account is created for the user, and a resource pool corresponding to the shadow account is determined. When the user accesses the private cloud platform, the user accesses resources within the resource pool corresponding to the shadow account based on a pre-configured access policy. By establishing a shadow account to realize resource isolation and control of access rights to resources, the cost of independently building a data center and underlying platform under a private cloud solution is reduced.
[0038] In one embodiment of the present disclosure, the private cloud platform is installed on a public cloud platform, and the private cloud platform shares the front-end components of the public cloud platform. When the public cloud is upgraded, the private cloud platform can be upgraded along with the public cloud platform.
[0039] FIG. 3 schematically illustrates a flowchart of a login state switching method according to an embodiment of the present disclosure.
[0040] As shown in FIG. 3, operations S301 to S304 are also included before operation S203.
[0041] In operation S301, the login status of the currently logged-in account is obtained.
[0042] In operation S302, it is determined whether the login status is a private cloud platform login status.
[0043] If the above login state is not the private cloud platform login state, install a corresponding access policy for the logged-in account and perform operation S303 to switch the above login state to the private cloud platform login state.
[0044] If the above login status is the above private cloud platform login status, perform operation S304 to access the above private cloud platform.
[0045] In the present disclosure, a login state refers to a state where, after a user logs in using an account and password, a single encrypted token is generally generated and stored on the user side. Since the token is used whenever the user side and the service side interact, the service side can obtain relevant information about the user and does not need to use the user's account and password every time; this token is the user login state. A user can log in to a private cloud platform and a public cloud platform using a set of accounts and passwords, but the login state differs when the user logs into the private cloud platform and the public cloud platform. In the present disclosure, the login state when a user logs into a private cloud platform is the private cloud platform login state. Here, the access policy is the access policy required when the user accesses the private cloud platform.
[0046] Specifically, in operation S303, the private cloud platform redirects to a login page and sends the private cloud platform login status to the currently logged-in account. When a user transitions from a public cloud platform login state to a private cloud platform login state, the private cloud platform login status is sent to the currently logged-in account using a Single Sign-On (SSO) system, enabling the user to log in to the private cloud platform without needing to re-enter their account and password.
[0047] In one embodiment of the present disclosure, installing an access policy corresponding to the logged-in account in operation S303 includes creating a role for the user on the private cloud platform based on the work area the user enters; and granting access rights for each role to resources within a resource pool corresponding to the shadow account.
[0048] Specifically, when a user chooses to enter a private cloud platform, they provide information about themselves to the platform to obtain the desired services. This information includes, for example, the scale of the business and the business sector to which the user belongs. Business sectors include, for example, logistics and retail.
[0049] There are different roles in different areas of work. For example, roles in logistics include couriers, sorters, and merchandise planners. Roles in retail include pre-sales customer service, post-sales customer service, art designers, and operations. The above is merely an illustrative description and should not be understood as a specific limitation of the present disclosure.
[0050] FIG. 4a schematically illustrates a flowchart for determining a resource pool according to an embodiment of the present disclosure.
[0051] As shown in FIG. 4a, operation S202 includes operations S401 to S403.
[0052] In operation S401, the work area that the user enters is obtained.
[0053] In operation S402, a resource pool corresponding to the above-mentioned work area is obtained.
[0054] In operation S403, the resource pool corresponding to the above business area is installed as the resource pool corresponding to the above shadow account.
[0055] After a user chooses to enter the private cloud platform, the business domain information provided by the user is acquired, and the private cloud platform selects a resource pool corresponding to this business domain. For example, in the case of logistics operations, a resource pool corresponding to the logistics business domain is selected, and in the case of retail operations, a resource pool corresponding to the retail business domain is selected. Subsequently, this resource pool is designated as the resource pool corresponding to the shadow account.
[0056] FIG. 4b schematically illustrates a schematic diagram of account access according to an embodiment of the present disclosure. FIG. 4b illustrates an example where a user has one administrator account and one non-administrator account.
[0057] In one embodiment of the present disclosure, the user has at least one administrator account and / or at least one non-administrator account.
[0058] The above administrator account has the authority to access all resources within the resource pool corresponding to the above shadow account.
[0059] The above administrator account has the authority to grant roles to the above non-administrator account.
[0060] Specifically, a non-administrator account can have one or more roles, and an administrator account can have all roles.
[0061] For example, a user has one administrator account and three non-administrator accounts. If the user's business area is logistics and the corresponding roles under logistics are Courier, Sorter, and Product Planner, the role of Courier is assigned to the first non-administrator account, the role of Sorter is assigned to the second non-administrator account, and the role of Product Planner is assigned to the third non-administrator account. Alternatively, the roles of Courier and Sorter are assigned to the first non-administrator account, the role of Sorter is assigned to the second non-administrator account, and the roles of Sorter and Product Planner are assigned to the third non-administrator account.
[0062] FIG. 5 schematically illustrates a flowchart for accessing resources according to an embodiment of the present disclosure.
[0063] As illustrated in FIG. 5, operation S203 includes operations S501 to S503.
[0064] In operation S501, when the user accesses the private cloud platform with a non-administrator account, the user acquires a role corresponding to the non-administrator account.
[0065] In operation S502, the role obtains access rights to resources within the resource pool corresponding to the shadow account.
[0066] In operation S503, based on the access rights, the non-administrator account controls access to resources within the resource pool corresponding to the shadow account.
[0067] For example, the non-administrator account corresponds to Role 1, and the resources in the resource pool corresponding to the shadow account include Resource 1, Resource 2, and Resource 3. Role 1 can access Resource 1 and Resource 2 but not Resource 3, Role 2 can access Resource 1, Resource 2, and Resource 3, and Role 3 can access Resource 3 only. Therefore, based on these access permissions, the non-administrator account is controlled to access only Resource 1 and Resource 2.
[0068] Specifically, in operation S503, controlling access to resources within a resource pool corresponding to a shadow account by non-administrator accounts based on access rights can be implemented through Identity and Access Management (IAM).
[0069] FIG. 6 schematically shows a block diagram of a resource management device according to an embodiment of the present disclosure.
[0070] As illustrated in FIG. 6, the resource management device (600) includes a creation module (601), a decision module (602), and an access module (603).
[0071] The creation module (601) is used to create a shadow account on the private cloud platform for the user in response to the user's action of entering the private cloud platform.
[0072] The decision module (602) is used to determine the resource pool corresponding to the shadow account.
[0073] The access module (603) is used to access resources within the resource pool corresponding to the shadow account based on a preset access policy when the user accesses the private cloud platform.
[0074] In one embodiment of the present disclosure, the device comprises: an acquisition module for acquiring the login status of a currently logged-in account; a determination module for determining whether the login status is a private cloud platform login status; an installation module for installing a corresponding access policy for the logged-in account if the login status is not a private cloud platform login status; a transition module for transitioning the login status to a private cloud platform login status; and an access module for accessing the private cloud platform if the login status is a private cloud platform login status.
[0075] In one embodiment of the present disclosure, the determination module comprises: a first acquisition submodule for acquiring a work area that the user enters; a second acquisition submodule for acquiring a resource pool corresponding to the work area; and an installation submodule for installing the resource pool corresponding to the work area into a resource pool corresponding to the shadow account.
[0076] In one embodiment of the present disclosure, the installation module includes: a creation submodule for creating a role on the private cloud platform for the user based on the work area the user enters; and a grant submodule for granting access rights for each role to resources in a resource pool corresponding to the shadow account.
[0077] In one embodiment of the present disclosure, the user has at least one administrator account and / or at least one non-administrator account.
[0078] The above administrator account has the authority to access all resources within the resource pool corresponding to the above shadow account.
[0079] The above administrator account has the authority to grant roles to the above non-administrator account.
[0080] In one embodiment of the present disclosure, the access module comprises: a third acquisition submodule for acquiring a role corresponding to a non-administrator account when the user accesses the private cloud platform with a non-administrator account; a fourth acquisition submodule for acquiring access rights of said role to resources within a resource pool corresponding to said shadow account; and an access submodule for controlling access of said non-administrator account to resources within a resource pool corresponding to said shadow account based on said access rights.
[0081] In one embodiment of the present disclosure, the private cloud platform is installed on a public cloud platform, and the private cloud platform shares the front-end components of the public cloud platform.
[0082] Any plurality of modules, submodules, units, and subunits according to embodiments of the present disclosure, or at least some of the functions of any plurality thereof, may be implemented in a single module. Any one or more of modules, submodules, units, and subunits according to embodiments of the present disclosure may be implemented by dividing them into a plurality of modules. Any one or more of modules, submodules, units, and subunits according to embodiments of the present disclosure may be implemented at least partially as hardware circuits, e.g., field programmable gate arrays (FPGAs), programmable logic arrays (PLAs), system on chip, systems on boards, systems on packages, dedicated integrated circuits (ASICs), or may be implemented as hardware or firmware of any other reasonable method of integrating or packaging circuits, or may be implemented as any one or more suitable combinations of the three implementation methods of software, hardware, and firmware. Alternatively, one or more of modules, submodules, units, and submodules according to embodiments of the present disclosure may be implemented at least partially as computer program modules, and may perform the corresponding functions when the computer program module is executed.
[0083] For example, any plurality of resource management devices (600) may be implemented by being integrated into a single module / unit / sub-unit, or any single module / unit / sub-unit may be divided into multiple modules / units / sub-units. Alternatively, at least some functions of one or more of these modules / units / sub-units may be combined with at least some functions of other modules / units / sub-units and implemented in a single module / unit / sub-unit. According to an embodiment of the present disclosure, at least one of the resource management devices (600) may be implemented at least partially as a hardware circuit, for example, a field programmable gate array (FPGA), a programmable logic array (PLA), a system on a chip, a system on a board, a system on a package, or a dedicated integrated circuit (ASIC), or may be implemented as any other reasonable method of hardware or firmware that integrates or packages the circuit, or may be implemented as any one of the three implementation methods of software, hardware, and firmware, or any suitable combination of several of these. Alternatively, at least one of the resource management devices (600) may be implemented at least partially as a computer program module, and may perform the corresponding function when the computer program module is executed.
[0084] It is to be explained that the resource management device part in the embodiment of the present disclosure corresponds to the resource management method part in the embodiment of the present disclosure, and the description of the resource management device part specifically refers to the resource management method part and is not described redundantly here.
[0085] FIG. 7 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure. The computer system illustrated in FIG. 7 is merely an example and should not be given any limitations on the function and scope of use of the embodiment of the present disclosure.
[0086] As illustrated in FIG. 7, a computer system (700) according to an embodiment of the present disclosure includes a processor (701) capable of executing various suitable operations and processing based on a program stored in a read-only memory (ROM) (702) or a program loaded from a storage unit (708) into a random access memory (RAM) (703). The processor (701) may include, for example, a general-purpose microprocessor (e.g., CPU), an instruction set processor and / or related chipset and / or a dedicated microprocessor (e.g., a dedicated integrated circuit (ASIC)). The processor (701) may also include onboard memory for a cache. The processor (701) may include a single processing unit or a plurality of processing units for performing other operations of the flow of the method according to an embodiment of the present disclosure.
[0087] Various programs and data necessary for the operation of the system (700) are stored in the RAM (703). The processor (701), ROM (702), and RAM (703) are connected to each other via a bus (704). The processor (701) performs various operations of the flow of the method according to the embodiment of the present disclosure by executing a program in the ROM (702) and / or RAM (703). It should be noted that the program may be stored in one or more memories other than the ROM (702) and RAM (703). The processor (701) may perform various operations of the flow of the method according to the embodiment of the present disclosure by executing a program stored in one or more of the memories.
[0088] According to an embodiment of the present disclosure, the system (700) may include an input / output (I / O) interface (705), and the input / output (I / O) interface (705) is also connected to a bus (704). The system (700) may include one or more components such as an input unit (706) including a keyboard, mouse, etc., connected to the I / O interface (705); an output unit (707) including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and a speaker, etc.; a storage unit (708) including a hard disk, etc.; and a communication unit (709) including a network interface card such as a LAN card or a modem. The communication unit (709) performs communication processing through a network such as the Internet. A driver (710) is also connected to the I / O interface (705) as needed. A removable medium (711), such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, is mounted on a driver (710) as needed, so that a computer program read from it can be installed in a storage unit (708) as needed.
[0089] According to an embodiment of the present disclosure, the flow of the method according to an embodiment of the present disclosure may be implemented as a computer software program. For example, an embodiment of the present disclosure includes a computer program product, and the computer program product includes a computer program loaded on a computer-readable storage medium, and the computer program includes program code for executing the method illustrated in the flowchart. In such an embodiment, the computer program may be downloaded and installed from a network via a communication unit (709) and / or installed from a removable medium (711). When the computer program is executed by a processor (701), the above-described function defined in the system of an embodiment of the present disclosure is executed. According to an embodiment of the present disclosure, the above-described system, device, apparatus, module, unit, etc. may be implemented by a computer program module.
[0090] The present disclosure also provides a computer-readable storage medium. This readable storage medium may be included in the device / device / system described in the above-described embodiment. This readable storage medium may exist individually without being assembled into the device / device / system. The computer-readable storage medium carries one or more programs and implements a method according to an embodiment of the present disclosure when said one or more programs are executed.
[0091] According to embodiments of the present disclosure, a computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples include, but are not limited to, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable and programmable read-only memory (EPROM or flash memory), portable compact disk read-only memory (CD-ROM), optical memory devices, magnetic memory devices, or any suitable combination of the above. In the present disclosure, a computer-readable storage medium may be any type of medium that contains or stores a program, which may be used by or in combination with an instruction execution system, device, or device.
[0092] For example, according to an embodiment of the present disclosure, a computer-readable storage medium may include the above-described ROM (702) and / or RAM (703), and / or one or more memories other than the ROM (702) and RAM (703).
[0093] The flowcharts and block diagrams in the drawings illustrate the implementable architecture, functions, and operations of systems, methods, and computer program products according to various embodiments of the present disclosure. In this regard, each block of a flowchart or block diagram may represent a module, program segment, or part of code, said module, program segment, or part of code containing one or more executable instructions for realizing a specified logical function. It should also be noted that in some alternative implementations, the functions shown in the blocks may occur in a different order than those shown in the drawings. For example, two consecutively shown blocks may actually be executed in nearly parallel or in reverse order, which is determined by the relevant functions. It should be noted that each block of a block diagram or flowchart, and combinations of blocks of a block diagram or flowchart, may be implemented as a dedicated hardware-based system for performing a specified function or operation, or as a combination of dedicated hardware and computer instructions.
[0094] Those skilled in the art will understand that various combinations and / or combinations of the features described in each embodiment and / or claim of the present disclosure may be made, even if not explicitly stated in the present disclosure. In particular, various combinations and / or combinations of the features described in each embodiment and / or claim of the present disclosure may be made without departing from the spirit and intent of the present disclosure. All such combinations and / or combinations fall within the scope of the present disclosure.
[0095] The embodiments of the present disclosure have been described above. However, these embodiments are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although each embodiment has been described separately above, this does not mean that the means of each embodiment cannot be used in advantageous combination. The scope of the present disclosure is defined by the appended claims and their equivalents. Without departing from the scope of the present disclosure, those skilled in the art may make various substitutions and modifications, and all such substitutions and modifications must fall within the scope of the present disclosure.
Claims
Claim 1 As a resource management method, in response to a user action entering a private cloud platform, a shadow account is created for said user that has the same authority as an administrator account in said private cloud platform; a resource pool corresponding to said shadow account is determined according to the work area in which said user enters; and when said user accesses said private cloud platform, a resource within the resource pool corresponding to said shadow account is accessed based on a preset access policy; wherein the preset access policy is the access authority of a role in the work area to which said user belongs regarding the resource, and said private cloud platform is installed on a public cloud platform, and said private cloud platform shares the front-end components of said public cloud platform, and when said user accesses said private cloud platform, before accessing a resource within the resource pool corresponding to said shadow account based on the preset access policy: the login status of a currently logged-in account is obtained; and it is determined whether said login status is a private cloud platform login status; and if said login status is not a private cloud platform login status, an access policy corresponding to said logged-in account is set, and said login status is switched to a private cloud platform login status; A resource management method comprising accessing the private cloud platform if the above login state is the above private cloud platform login state. Claim 2 delete Claim 3 delete Claim 4 A resource management method according to claim 1, wherein determining a resource pool corresponding to the shadow account comprises: acquiring a business area that the user enters; acquiring a resource pool corresponding to the business area; and setting the resource pool corresponding to the business area as a resource pool corresponding to the shadow account. Claim 5 A resource management method according to claim 1, wherein setting an access policy corresponding to the logged-in account includes creating a role on the private cloud platform for the user based on the business area the user enters; and granting access rights for each role to resources within a resource pool corresponding to the shadow account. Claim 6 A resource management method according to claim 1, wherein the user has at least one administrator account and / or at least one non-administrator account; the administrator account has the authority to access all resources in the resource pool corresponding to the shadow account; and the administrator account has the authority to grant roles to the non-administrator account. Claim 7 A resource management method according to claim 6, wherein when the user accesses the private cloud platform, accessing resources within a resource pool corresponding to the shadow account based on a preset access policy comprises: when the user accesses the private cloud platform as a non-administrator account, acquiring a role corresponding to the non-administrator account; acquiring access rights of said role to resources within a resource pool corresponding to the shadow account; and controlling the non-administrator account to access resources within the resource pool corresponding to the shadow account based on said access rights. Claim 8 As a resource management device, the device comprises: a creation module configured to create a shadow account having the same authority as an administrator account in the private cloud platform for the user in response to a user action entering the private cloud platform; a determination module configured to determine a resource pool corresponding to the shadow account according to the work area the user enters; and an access module configured to access resources within the resource pool corresponding to the shadow account based on a preset access policy when the user accesses the private cloud platform; wherein the preset access policy is an access authority for a role in the work area to which the user belongs regarding the resources, the private cloud platform is installed on a public cloud platform, the private cloud platform shares the front-end components of the public cloud platform, and the access module, before accessing resources within the resource pool corresponding to the shadow account based on the preset access policy when the user accesses the private cloud platform: obtains the login status of the currently logged-in account; and determines whether the login status is a private cloud platform login status; A resource management device that, if the above login state is not the above private cloud platform login state, sets a corresponding access policy for the above logged-in account and switches the above login state to the above private cloud platform login state; and if the above login state is the above private cloud platform login state, accesses the above private cloud platform. Claim 9 A computer system comprising: one or more processors; and memory for storing one or more programs; wherein, when the one or more programs are executed by the one or more processors, the one or more processors enable the implementation of a resource management method according to any one of claims 1, 4 through 7. Claim 10 A computer-readable medium, wherein the executable instruction is stored therein, which, when executed by a processor, causes the processor to implement the resource management method of any one of claims 1, 4 through 7. Claim 11 A computer program stored on a storage medium that implements the resource management method of any one of claims 1, 4 through 7 when executed by a processor.