The invention discloses an operation authority control method based on an APT attack intention. The method comprises the steps: 1, obtaining a network and system log, and recognizing an APT attack behavior; 2, carrying out attack check on APT attack behaviors, obtaining APT attack contents and sending alarm information; 3, establishing an attack intention logic relationship for the attacked targetfile, the target operation and the target operation authority according to the acquired APT attack content, and predicting the attack intention of the next step according to the attack intention logic relationship and the alarm information; and 4, generating an operation guidance knowledge graph for the attack intention based on a knowledge graph technology, displaying the operation guidance knowledge graph on an operation interface, and enabling an administrator to perform operation according to the operation guidance knowledge graph to avoid APT attack threats. Compared with the prior art,the method has higher controllability, the attack intention is more accurately recognized, too high manual workload cannot be caused, the working difficulty is reduced, and the safety and convenienceof operation are realized.