[go: up one dir, main page]

CN119254534A - Multi-tenant permission configuration method, system, device and medium based on SaaS platform - Google Patents

Multi-tenant permission configuration method, system, device and medium based on SaaS platform Download PDF

Info

Publication number
CN119254534A
CN119254534A CN202411762763.XA CN202411762763A CN119254534A CN 119254534 A CN119254534 A CN 119254534A CN 202411762763 A CN202411762763 A CN 202411762763A CN 119254534 A CN119254534 A CN 119254534A
Authority
CN
China
Prior art keywords
tenant
permission
weight
type
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202411762763.XA
Other languages
Chinese (zh)
Other versions
CN119254534B (en
Inventor
王�华
袁朝喜
刘智超
史俊
韩祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Caizisoft Information Network Co ltd
Original Assignee
Sichuan Caizisoft Information Network Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Caizisoft Information Network Co ltd filed Critical Sichuan Caizisoft Information Network Co ltd
Priority to CN202411762763.XA priority Critical patent/CN119254534B/en
Publication of CN119254534A publication Critical patent/CN119254534A/en
Application granted granted Critical
Publication of CN119254534B publication Critical patent/CN119254534B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于SaaS平台的多租户权限配置方法、系统、设备及介质,涉及数据处理技术领域,包括:基于SaaS平台获取多租户信息层,获取第一权限集合,第一权限集合包括一个或多个不同的权限类型;定义权重指标,并生成第一标识符和第一权重值;基于SaaS平台获取新增租户,匹配角色类型并完成权限配置;设定校验时间周期,每间隔一个校验时间周期实时获取新增租户的第二权限集合,生成第一租户对应的第二权重值;判断第二权重值与第一权重值是否相同,若不相同则收回租户权限配置,若相同则生成第一租户对应的第二标识符;判断第二标识符与第一标识符是否相同,若不相同则收回租户权限配置。本发明具有配置精准、动态校验和安全性强的优点。

The present invention discloses a multi-tenant permission configuration method, system, device and medium based on a SaaS platform, which relates to the field of data processing technology, including: obtaining a multi-tenant information layer based on a SaaS platform, obtaining a first permission set, the first permission set including one or more different permission types; defining a weight index, and generating a first identifier and a first weight value; obtaining a newly added tenant based on the SaaS platform, matching the role type and completing the permission configuration; setting a verification time period, obtaining a second permission set of the newly added tenant in real time at intervals of a verification time period, and generating a second weight value corresponding to the first tenant; judging whether the second weight value is the same as the first weight value, if not the same, reclaiming the tenant permission configuration, if the same, generating a second identifier corresponding to the first tenant; judging whether the second identifier is the same as the first identifier, if not the same, reclaiming the tenant permission configuration. The present invention has the advantages of accurate configuration, dynamic verification and strong security.

Description

Multi-tenant authority configuration method, system, equipment and medium based on SaaS platform
Technical Field
The invention relates to the technical field of data processing, in particular to a multi-tenant permission configuration method, system, equipment and medium based on a SaaS platform.
Background
With the vigorous development of cloud computing technology, a Software as a service (SaaS) mode has become the preferred scheme for informationized construction of a plurality of enterprises due to flexibility and cost effectiveness. The SaaS platform provides software services through the cloud, so that a user can rent application functions as required, and the complicated and cost of purchasing, installing and maintaining the software is not needed. Under the multi-tenant architecture, the SaaS platform can efficiently serve multiple tenants, and high sharing and utilization of resources are achieved, however, this mode also brings about unprecedented rights management challenges. In a multi-tenant environment of the SaaS platform, rights management is not only the key of ensuring data security and correct execution of business logic, but also the basis of maintaining platform stability and trust among tenants. However, existing rights configurations often face a number of challenges.
Because of numerous tenants and different service demands, the configuration authority efficiency of each tenant is low, errors are easy to occur, rapid changes of tenant demands are difficult to adapt, so that the fact that the actual authorities of the tenants are inconsistent with the configuration authorities frequently occurs, the inconsistency affects normal use of the tenants, serious consequences such as data leakage or service logic errors can be caused, meanwhile, the traditional authority management mode often lacks an effective monitoring and checking mechanism, so that the tenants possibly tamper with own authority configuration, and the authorities of some tenants can be increased or modified without permission due to personal gain or misoperation, so that the authorities are abused or hidden in safety hazards. The permission tampering behavior not only violates the use regulation of the SaaS platform, but also can threaten the data security and business operation of other tenants.
Therefore, a new authority configuration method needs to be studied, and the purpose is to optimize and perfect the authority configuration of the SaaS platform in the multi-tenant environment, especially in the aspects of checking and monitoring the tenant authority configuration, preventing authority abuse and the like.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a multi-tenant permission configuration method, a system, equipment and a medium based on a SaaS platform.
A multi-tenant authority configuration method based on a SaaS platform comprises the steps of obtaining a multi-tenant information layer based on the SaaS platform, obtaining a plurality of different role types and first authority sets corresponding to the role types according to the multi-tenant information layer, defining weight indexes corresponding to the different authority types, generating a first identifier corresponding to the role types and a first weight value according to the weight indexes of the authority types in the first authority sets corresponding to the role types, obtaining a new tenant based on the SaaS platform, completing authority configuration according to the new tenant, matching the role types according to the new tenant, and completing authority configuration according to the first authority sets corresponding to the matched role types, setting a verification time period, obtaining a second authority set configured by the new tenant in real time every one verification time period, wherein the second authority set comprises one or more different authority types, generating a second weight value corresponding to the first tenant weight according to the indexes of the type in the second authority set corresponding to the new tenant, judging whether the second weight value is the same as the first tenant, if the second weight value is matched with the first tenant, and if the second weight value is different from the first tenant identifier is the second tenant identifier, and if the second tenant identifier is different from the second tenant identifier is the same.
Optionally, generating the first identifier and the first weight value corresponding to the role type according to the weight index of the role type in the first right set corresponding to the role type comprises generating the first identifier corresponding to the role type based on the hash calculation model and the weight index of the role type in the first right set corresponding to the role type, and generating the first weight value corresponding to the role type based on the weight calculation model and the weight index of the role type in the first right set corresponding to the role type.
Optionally, generating the second weight value corresponding to the first tenant according to the weight index of the right type in the second right set corresponding to the newly added tenant comprises generating the second weight value corresponding to the first tenant based on the weight calculation model and the weight index of the right type in the second right set corresponding to the newly added tenant.
Optionally, if the first identifier and the second identifier are the same, generating the second identifier corresponding to the first tenant according to the weight index of the right type in the second right set corresponding to the newly added tenant comprises generating the second identifier corresponding to the first tenant based on the hash calculation model and the weight index of the right type in the second right set corresponding to the newly added tenant.
Optionally, generating the hash calculation model in the first identifier corresponding to the role type based on the hash calculation model and the weight index of the role type in the first authority set corresponding to the role type is expressed as: Wherein, the method comprises the steps of, For the first identifier corresponding to the jth character type,For the number of rights types within the first set of rights,Is the coefficient of the salt value, and the salt value is the coefficient of the salt value,For the weight index of the ith permission type in the first permission set,Limiting the prime number.
Optionally, generating the weight calculation model in the first weight value corresponding to the role type based on the weight calculation model and the weight index of the role type in the first authority set corresponding to the role type is expressed as: Wherein, the method comprises the steps of, And the first weight value corresponding to the jth role type.
Optionally, defining the weight index corresponding to each authority type comprises obtaining the business decision influence degree and the security risk index of the authority type, and obtaining the weight index according to the business decision influence degree and the security risk index.
The system comprises an acquisition module, a right configuration module, a verification computation module, a first right set and a second right set, wherein the acquisition module is used for acquiring a multi-tenant information layer based on the SaaS platform, acquiring a plurality of different role types and first right sets corresponding to each role type according to the multi-tenant information layer, the first right sets comprise one or more different right types, the definition and computation module is used for defining weight indexes corresponding to each right type and generating a first identifier and a first weight value corresponding to the role type according to the weight index of the right type in the first right set corresponding to the role type, the right configuration module is used for acquiring a new added tenant based on the SaaS platform, completing right configuration according to the new added tenant matched role type and the first right set corresponding to the matched role type, the verification computation module is used for setting a verification time period, each second right set configured by the new tenant comprises one or more different right types, generating a first identifier and a first weight value corresponding to the role type according to the weight index in the first right set corresponding to the role type, judging whether the first right set is recovered from the first right set corresponding to the first right identifier and the second right set corresponding to the first right set corresponding to the new role type, and judging whether the first right set is recovered from the first right set corresponding to the first right identifier corresponding to the new tenant type.
The electronic equipment further provides the electronic equipment, which comprises a memory and a processor, wherein the memory is used for storing the computer program, and the processor is used for executing the computer program in the memory so as to realize the multi-tenant permission configuration method based on the SaaS platform.
There is also provided a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the multi-tenant entitlement configuration method based on the SaaS platform described above.
The beneficial effects of the invention are as follows:
The multi-tenant authority configuration method based on the SaaS platform comprises the steps of subdividing role types according to a tenant information layer, defining a corresponding first authority set, laying a clear basic framework for authority management, setting weight indexes for all the authority types, generating a first weight value and a first identifier, providing quantification standards and reliable bases for verification of authority configuration, further, intelligently matching the role types and automatically configuring the authorities when a tenant is newly added, greatly improving configuration efficiency, further, through periodic weight value and identifier double verification, timely finding and correcting abnormality in authority configuration, effectively preventing security problems caused by unauthorized authority tampering or configuration errors of the tenant, thereby ensuring correctness of the tenant authority, safety of data and stability of platform service, providing firm and reliable authority management guarantee for a multi-tenant environment of the SaaS platform, and further, in the verification process, firstly verifying the first weight value, designing the cost-based authority verification based on the weight value is less and faster than consideration of the required force and speed of identifier verification. By means of the strategy, data which do not meet requirements or are low in weight can be rapidly screened out in an early stage, and therefore unnecessary follow-up verification overhead is avoided. The verification sequence of the identifier after the weight greatly improves the efficiency of the whole verification process and reduces the waste of computing resources.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will make brief description of the drawings used in the description of the embodiments or the prior art. Like elements or portions are generally identified by like reference numerals throughout the several figures. In the drawings, elements or portions thereof are not necessarily drawn to scale.
Fig. 1 is a schematic step diagram of a multi-tenant authority configuration method based on a SaaS platform;
Fig. 2 is a schematic diagram of a part of steps of S2 in the multi-tenant permission configuration method based on the SaaS platform according to the present invention;
Fig. 3 is a schematic diagram of a part of steps of S4 in the multi-tenant permission configuration method based on the SaaS platform according to the present invention;
Fig. 4 is a schematic diagram of a part of steps of S5 in the multi-tenant permission configuration method based on the SaaS platform according to the present invention;
Fig. 5 is a schematic diagram of another part of steps of S2 in the multi-tenant permission configuration method based on the SaaS platform according to the present invention;
fig. 6 is a block diagram of an electronic device according to an embodiment of the invention.
Reference numerals:
700-electronic device, 701-processor, 702-memory, 703-multimedia component, 704-input/output (I/O) interface, 705-communication component.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that like reference numerals and letters refer to like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Furthermore, the terms "first," "second," and the like, are used merely to distinguish between descriptions and should not be construed as indicating or implying relative importance.
As shown in fig. 1, a multi-tenant authority configuration method based on a SaaS platform is provided, which includes:
S1, acquiring a multi-tenant information layer based on a SaaS platform, and acquiring a plurality of different role types and first authority sets corresponding to the role types according to the multi-tenant information layer, wherein the first authority sets comprise one or more different authority types;
S2, defining weight indexes corresponding to all the authority types, and generating a first identifier and a first weight value corresponding to the role type according to the weight indexes of the authority types in the first authority set corresponding to the role type;
S3, acquiring a new tenant based on the SaaS platform, matching role types according to the new tenant, and completing authority configuration according to a first authority set corresponding to the matched role types;
S4, setting a verification time period, and acquiring a second right set configured by the newly added tenant in real time every one verification time period, wherein the second right set comprises one or more different right types, and generating a second weight value corresponding to the first tenant according to a weight index of the right type in the second right set corresponding to the newly added tenant;
S5, judging whether the second weight value is the same as the first weight value, if not, recovering tenant authority configuration, and if so, generating a second identifier corresponding to the first tenant according to the weight index of the authority type in the second authority set corresponding to the newly added tenant;
s6, judging whether the second identifier is the same as the first identifier, and if so, recovering tenant permission configuration.
In this embodiment, it should be noted that, in S1, the core is to extract the multi-tenant information layer through the SaaS platform, further, to sub-divide different role types, and define a specific set of permissions, i.e. the first set of permissions, for each role type. The SaaS platform firstly extracts a multi-tenant information layer which is responsible for management and configuration of tenants and comprises creation, deletion, modification, personalized setting and the like of the tenants, then acquires different role types including 'ordinary users', 'administrators', 'advanced administrators' and the like which reflect different identities and responsibilities of different tenants on the platform through the multi-tenant information layer, and then allocates a corresponding first permission set for each role type, wherein the permission set is composed of a series of specific permission types such as 'view data', 'edit data', 'delete data', 'manage users' and the like, and the permission types refine the operation permissions of the roles on the platform. For example, for a "normal user" role, the first set of permissions may only contain permissions for "view data", while for an "administrator" role, the first set of permissions may contain multiple permissions for "view data", "edit data", and "manage user". These sets of rights are the basis for subsequent rights configuration, verification and monitoring.
Assume that one SaaS platform serves a plurality of objects, each as a tenant, such as a sales role (responsible for sales management related transactions), a financial role (responsible for financial related operations), and a digestion role (responsible for digestion business needs), etc. Then, the platform respectively defines a first permission set for the roles, wherein the sales department roles may have permission to view sales data, edit sales orders and the like, the financial roles may have permission to view financial reports, conduct financial auditing and the like, and the digestion roles have permission to view digestion orders, edit digestion orders, upload demand files and the like. Thus, each role has an explicit authority range, and a clear basic framework is provided for subsequent authority configuration and management.
In S2, the core is to set specific weight indexes for each authority type, and generate a unique first identifier and a corresponding first weight value for each role type based on the weight indexes. Specifically, the weight of each rights type is first defined in detail, and is generally determined according to the importance, sensitivity and influence degree of the rights on the business logic. For example, rights that enable direct access to or modification of core data, such as "edit financial data," may be given higher weight, while rights that are only used to view non-sensitive information, such as "view company news," may be given lower weight. Then, a weight sum of all right types in the first right set corresponding to each role type is calculated, and the weight sum is a first weight value of the role type. Meanwhile, a unique first identifier is generated according to the weights of the authority types and a specific algorithm (such as a hash algorithm), and the identifier is equivalent to a fingerprint of the authority configuration of the role type and is used for quickly and accurately checking the correctness of the authority configuration.
Taking an actual SaaS platform as an example, weight indexes of three authority types are defined as ' viewing data ' (weight 1) ', ' editing data ' (weight 5) ' managing users ' (weight 10). For the "normal user" role, its first set of permissions contains only the permission to view data, so its first weight value is 1, and the first identifier generated from this set of permissions will also be unique, assuming "id_pu_1". For the "administrator" role, the first authority set includes three authorities of "view data", "edit data" and "manage user", and then the first weight value is the sum of the three authority weights, i.e. 1+5+10=16, and similarly, a specific algorithm (such as a hash algorithm) generates a unique first identifier, typically a unique character string.
In S3, the core is to match the newly added tenant with a predefined role type, and automatically configure a corresponding permission set for the tenant according to the matching result. Specifically, when the SaaS platform comes up with a new tenant, basic information of the tenant is collected first, including but not limited to industry attributes, service scale, purpose of use, and the like of the tenant. Then, based on the information and the character type definition existing in the platform, the added tenant is classified into the most suitable character type through an intelligent matching algorithm. This matching process may involve multi-dimensional considerations such as determining which specific operational rights are required by the tenant based on its business needs, or evaluating its requirements for data sensitivity based on its industry characteristics, etc. Once matching is completed, corresponding rights are automatically configured for the newly added tenant according to the first right set corresponding to the selected character type, so that the tenant can be ensured to quickly and accurately obtain all rights required for developing the service.
Taking an actual SaaS platform as an example, assume that a tenant is newly added to the platform, and the tenant is a company focusing on electronic commerce, and the main business is online commodity sales. In step S3, the basic information of the company, such as the company scale, the camping service, the purpose of the expected use platform, etc., is collected first. This information is then analyzed and compared to predefined character types within the platform. In this process, the company may be found to be most compliant with the definition of "sales role" because this role type typically contains rights related to sales of goods, such as viewing sales data, managing goods information, and so forth. Thus, a first set of permissions corresponding to the "sales role" is automatically configured for the new tenant, including permissions such as viewing sales data, editing sales orders, and the like. Thus, the new tenant can be quickly integrated into the platform to start the online sales service without manually configuring complex authority settings.
In S4, the core is to ensure that the right configuration of the newly added tenant is kept consistent with the preset role type right set by periodically checking the right configuration of the newly added tenant. Specifically, a verification time period is set, and the period can be flexibly adjusted according to the actual requirement of the platform, such as daily, weekly or monthly. When the verification time point is reached, the verification process is automatically triggered, and the second right set currently configured by the newly added tenant is firstly obtained in real time, wherein the set comprises all right types owned by the tenant in the actual use process. Then, according to the predefined authority type weight index, calculating the weight sum of the second authority set of the newly added tenant, and generating a corresponding second weight value. The purpose of this step is to preliminarily judge whether the authority configuration of the tenant is abnormal or not, namely whether the authority configuration is inconsistent with the due authority set of the role type of the tenant or not through comparison of the weight values.
Assume that the check time period set by the SaaS platform is once per week. And when a certain verification period comes, starting to execute the step S4, and performing authority verification on the tenant of the newly-added household appliance sub-business company. Firstly, a second permission set currently configured by the tenant is obtained, for example, the tenant is found to have permissions of viewing sales data, editing sales orders, viewing news of a company and the like. Then, according to preset rights type weight indexes, such as "view data" (weight 1) and "edit data" (weight 5), a second weight value of the tenant second rights set is calculated. Assuming that the weight of "view company news" is 1, the second weight value of the tenant is 1 (view sales data) +5 (edit sales order) +1 (view company news) =7. Next, in S5, the second weight value is compared with the first weight value corresponding to the "sales role" to determine whether the authority configuration of the tenant is correct.
In S5, the core is to determine whether the authority configuration of the tenant is correct by comparing the second weight value of the newly added tenant with the first weight value of the corresponding role type. Specifically, after step S4 is completed, that is, after the second weight value of the newly added tenant is calculated, the second weight value is compared with the first weight value of the role type matched with the tenant. If the two weight values are the same, it is indicated that the authority configuration of the tenant may be consistent with the preset authority type, no abnormality occurs, but there may be different authority types with the same weight index, so after confirming that the second weight value is the same as the first weight value, a second identifier is generated according to the authority type and the weight index thereof in the second authority set currently configured by the newly added tenant by using the same algorithm (such as a hash algorithm) as that used for generating the first identifier, the second identifier is the unique "fingerprint" of the current authority configuration of the tenant, and then the second identifier is compared with the first identifier of the role type matched by the tenant. If the two weight values are different, this means that there may be a problem in the authority configuration of the tenant, that is, the tenant may have modified the authority configuration without permission, or an error occurs in the authority configuration, in this case, the authority configuration of the tenant may be immediately recovered, that is, all the authorities currently owned by the tenant may be revoked, and the authority configuration may be performed again as required, so as to ensure the correctness and security of the authority of the tenant.
Assume that in a certain verification period, authority verification is performed on a tenant of a home electronics and commerce company. In S4, the second weight value of the tenant has been calculated to be 7. Next, in S5, this second weight value is compared with the first weight value corresponding to "sales role". The first weight value of "sales role" is calculated from the preset rights type weight index and the set of rights that "sales role" should have, say 6 (since "sales role" typically does not contain rights to "view company news"). Since the second weight value 7 of the tenant is inconsistent with the first weight value 6 of the sales role, it is judged that the authority configuration of the tenant has a problem. Therefore, the authority configuration of the tenant can be immediately recovered, namely, the authorities of viewing sales data, editing sales orders, viewing news of companies and the like are cancelled, and the authorities are reconfigured for the tenant according to the authority set of the sales role, so that the correctness and the safety of the authority configuration are ensured.
In S6, the core is to finally confirm whether the authority configuration of the tenant is correct and not tampered by comparing the second identifier of the newly added tenant with the first identifier of the corresponding role type. In step S5, although it has been preliminarily determined whether there is an abnormality in the authority configuration of the tenant through comparison of the weight values, the same weight values cannot fully ensure the consistency of the authority configuration, because there may be different authority combinations having the same weight sum. Thus, S6 provides a more accurate and reliable verification means by comparing the first identifier with the second identifier. If the second identifier is the same as the first identifier, the authority configuration of the tenant is completely consistent with the preset role type authority set in the aspects of authority type, weight and combination, and no tampering or abnormality occurs. At this time, the tenant is allowed to keep the current authority configuration, so as to ensure that the tenant can normally develop the service. If the second identifier is different from the first identifier, it means that the authority configuration of the tenant is tampered to a certain extent, whether the tampering is for personal gain or misoperation of the tenant, the authority configuration of the tenant is immediately recovered, that is, all the authorities currently owned by the tenant are revoked, and the authority configuration is carried out again as required, so that the stability of the platform and the foundation of trust among the tenants are not destroyed. In this way, the correctness and the safety of the authority configuration of the tenant can be ensured more accurately through the double checking mechanism.
In summary, in the multi-tenant authority configuration method based on the SaaS platform, role types are subdivided according to the tenant information layer and corresponding first authority sets are defined, a clear basic framework is laid for authority management, then a weight index is set for each authority type, a first weight value and a first identifier are generated, quantization standard and reliable basis are provided for verification of authority configuration, further, when a tenant is newly added, the role types can be intelligently matched, the authorities are automatically configured, the configuration efficiency is greatly improved, further, abnormality in authority configuration can be timely found and corrected through double verification of the periodic weight values and the identifiers, safety problems caused by the authority or configuration errors of the tenant, accuracy of the tenant authority, safety of data and stability of platform service are effectively prevented, firm and reliable authority management guarantee is provided for the multi-tenant environment of the SaaS platform, and further, in the verification process, the first weight value is verified firstly, the design based on the weight value verification is less and faster than the verification of the identifier. By means of the strategy, data which do not meet requirements or are low in weight can be rapidly screened out in an early stage, and therefore unnecessary follow-up verification overhead is avoided. The verification sequence of the identifier after the weight greatly improves the efficiency of the whole verification process and reduces the waste of computing resources.
As shown in fig. 2, in one embodiment, generating, in S2, a first identifier and a first weight value corresponding to a role type according to a weight indicator of a right type in a first right set corresponding to the role type includes:
S23, generating a first identifier corresponding to the role type based on the hash calculation model and a weight index of the role type in the first authority set corresponding to the role type;
s24, generating a first weight value corresponding to the role type based on the weight calculation model and the weight index of the right type in the first right set corresponding to the role type.
In the present embodiment, in S23, the first identifier corresponding to the role type is generated based on the hash calculation model and the weight index of the role type in the first authority set corresponding to the role type, and this process involves first performing a depth analysis on the first authority set of the role type. Each rights type is assigned a specific weight index based on factors such as its importance, frequency of use, or security level. These weight indicators are then fed into the hash calculation model as input information. The hash computation model is an algorithm capable of converting input data of arbitrary length into output of fixed length (i.e., identifier). In this scenario, the model may comprehensively consider the weights of the authority types, and generate a unique first identifier through a complex computing process, such as bit operation, iterative processing, and the like, where the first identifier represents the unique identity of the role type and also implies the feature information of the authority set.
In S24, a first weight value corresponding to the role type is generated according to the weight index of the role type in the first authority set corresponding to the role type by using the weight calculation model. The core of this step is to quantitatively evaluate the weight index of the rights set. The weight calculation model may adopt a weighted average, an analytic hierarchy process or other mathematical statistical methods to comprehensively consider the weight of each authority type and the influence degree of the weight on the whole authority set. Specifically, the model traverses each authority in the first authority set, performs weighting processing according to the weight index, and finally gathers to obtain a comprehensive weight value. The weight value not only reflects the relative importance of the role type in the authority system, but also provides a quantized basis for subsequent decisions such as authority management, access control and the like. By the processing mode, the authority differences of different role types can be described and managed more precisely and accurately.
As shown in fig. 3, in one embodiment, generating, in S4, a second weight value corresponding to the first tenant according to the weight index of the rights type in the second rights set corresponding to the newly added tenant includes:
S41, generating a second weight value corresponding to the first tenant based on the weight calculation model and the weight index of the right type in the second right set corresponding to the newly added tenant.
In the present embodiment, in S41, the generation of the second weight value corresponding to the first tenant based on the weight calculation model and the weight index of the authority type in the second authority set corresponding to the newly added tenant is described in detail. The process firstly needs to comprehensively comb the right set owned by the newly added tenant, wherein each right type corresponds to the weight index defined in S2. These weight indicators are then fed into the weight calculation model as input data. The model may adopt complex algorithms, such as a weighted average method, a analytic hierarchy process, a fuzzy comprehensive evaluation method, etc., to perform deep analysis and quantization processing on the input weight index. The model comprehensively considers the weight of each authority type and the relation between the weight and each authority type, and finally outputs a comprehensive weight value, namely a second weight value corresponding to the first tenant through a series of mathematical operations. The second weight value not only accurately reflects the relative position and importance of the newly added tenant in the authority system, but also provides scientific basis for subsequent decisions such as authority allocation, access control and the like.
As shown in fig. 4, in one embodiment, if the same is adopted in S5, generating the second identifier corresponding to the first tenant according to the weight index of the authority type in the second authority set corresponding to the newly added tenant includes:
And S51, if the hash calculation model and the weight index of the authority type in the second authority set corresponding to the newly added tenant are the same, generating a second identifier corresponding to the first tenant.
In the present embodiment, in S51, it is described in detail that when it is confirmed that the first weight value of the newly added tenant is the same as the first weight value of the existing tenant, the second identifier corresponding to the first tenant is generated based on the hash calculation model and the weight index of the authority type in the second authority set corresponding to the newly added tenant. First, a second set of permissions of the newly added tenant is checked, and each permission type in the set corresponds to the weight index defined in S2. These weight indicators are then fed into the hash computation model as input data. The hash calculation model is a mathematical algorithm that is capable of converting input data of arbitrary length (here, a weight index of the rights type) into a fixed-length, unique output value, i.e., a hash value or identifier. And finally generating a second identifier corresponding to the newly added tenant permission set characteristic. The identifier not only uniquely identifies the newly added tenant, but also implies specific information of the authority set thereof, and provides guidance for subsequent management, authority control and the like.
In one embodiment, the generating, in S23, the hash calculation model in the first identifier corresponding to the role type based on the hash calculation model and the weight index of the role type in the first right set corresponding to the role type is expressed as:
Wherein, the method comprises the steps of,
For the first identifier corresponding to the jth character type,For the number of rights types within the first set of rights,Is the coefficient of the salt value, and the salt value is the coefficient of the salt value,For the weight index of the ith permission type in the first permission set,Limiting the prime number.
In the present embodiment, the present invention is also directed to a method for manufacturing a semiconductor device,The identifier is unique and is used for distinguishing different role types and implying the characteristic information of the authority set.The weight indicators representing the 1 st to nth permission types will all be taken into account, which ensures that the contribution of each permission type to the final identifier is calculated.The salt value coefficient is a random or preset numerical value, is directly related to the authority types and is irrelevant to the weight index, so that identifiers generated by different authority types can be ensured to be completely different, meanwhile, the salt value coefficient can also be used for increasing the complexity and unpredictability of the hash value, improving the safety, preventing rainbow table attacks and the like.This is the square of the weight index of the i-th privilege type within the first privilege set, and the square of the weight index can amplify its difference, making the contribution of the more heavily weighted privilege types in the final identifier more pronounced, which helps to distinguish the privilege sets of different role types even if their privilege types partially overlap.Is a modulo operation, which represents dividing the previous summation result by a constraint prime number M and taking the remainder, is a common hash function construction method that ensures that the length of the output value (i.e., the identifier) is fixed and is limited between 0 and M-1, and prime number M is chosen as the modulus to reduce the likelihood of hash collisions because prime numbers have unique properties in the theory of numbers that can make the hash value distribution more uniform.
In one embodiment, the step S24 of generating the weight calculation model in the first weight value corresponding to the role type based on the weight calculation model and the weight index of the role type in the first authority set corresponding to the role type is expressed as:
Wherein, the method comprises the steps of,
And the first weight value corresponding to the jth role type.
In the present embodiment, the present invention is also directed to a method for manufacturing a semiconductor device,And the first weight value corresponding to the jth role type is represented.Weights representing the type of rights from 1 st to nth are accumulated.The weight index of the ith authority type directly reflects the importance of the authority type in the role type.
In summary, a first weight value for the role type is generated by directly accumulating the weight indicators for the role type. The method has the beneficial effects of high calculation efficiency, easy understanding, flexibility, accuracy and the like, and is suitable for scenes needing to generate weight values quickly and accurately.
As shown in fig. 5, in one embodiment, defining the weight index corresponding to each authority type in S2 includes:
S21, acquiring business decision influence degree and security risk index of the authority type;
S22, acquiring a weight index according to the business decision influence degree and the security risk index.
In the present embodiment, in S21, the business decision influence level and the security risk index of each authority type need to be acquired first. The business decision influence degree refers to the influence degree of the authority type on the business decision process and result. For example, in enterprise management, modifying the rights type of financial data may have a high degree of business decision impact because it is directly related to the financial condition and decisions of the enterprise. The security risk index refers to the security risk that the rights type may bring if abused or misused. This includes potential risks of data leakage, unauthorized access, crashes, etc. To obtain these metrics, it may be necessary to refer to industry standards, historical data, expert opinion, and the like from a variety of sources, and to perform comprehensive analysis and evaluation.
In S22, after the business decision influence level and the security risk index of each authority type are acquired, the weight index needs to be calculated next according to these indexes. The weight index is a quantized value that reflects the relative importance of each rights type in the overall rights hierarchy. In calculating the weight index, it may be considered to weight sum the business decision impact and the security risk index or to use other suitable algorithms. For example, business decision impact may be given a higher weight because it is directly related to the business and operation of the enterprise, while security risk indicators may be given a corresponding weight based on the severity of their potential risks. Through such a calculation process, an accurate weight index can be generated for each authority type, and powerful support is provided for subsequent authority allocation and access control.
The system for configuring the multi-tenant permission based on the SaaS platform comprises:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring a multi-tenant information layer based on a SaaS platform and acquiring a plurality of different role types and first authority sets corresponding to the role types according to the multi-tenant information layer, wherein the first authority sets comprise one or more different authority types;
The definition and calculation module is used for defining weight indexes corresponding to all the authority types and generating a first identifier and a first weight value corresponding to the role type according to the weight indexes of the authority types in the first authority set corresponding to the role type;
The permission configuration module is used for acquiring a new tenant based on the SaaS platform, matching the role type according to the new tenant and completing permission configuration according to a first permission set corresponding to the matched role type;
The verification computing module is used for setting a verification time period, acquiring a second authority set configured by the newly added tenant in real time every one verification time period, wherein the second authority set comprises one or more different authority types, and generating a second weight value corresponding to the first tenant according to a weight index of the authority type in the second authority set corresponding to the newly added tenant;
The first comparison module is used for judging whether the second weight value is the same as the first weight value, if not, recovering tenant permission configuration, and if so, generating a second identifier corresponding to the first tenant according to the weight index of the permission type in the second permission set corresponding to the newly added tenant;
And the second comparison module is used for judging whether the second identifier is the same as the first identifier, and if the second identifier is not the same as the first identifier, recovering tenant permission configuration.
In this embodiment, it should be noted that, regarding the multi-tenant permission configuration system based on the SaaS platform, a specific manner of performing the operation has been described in detail in the embodiment regarding the multi-tenant permission configuration method based on the SaaS platform, and will not be described in detail herein.
Fig. 6 is a block diagram of an electronic device illustrating a multi-tenant permission configuration method based on a SaaS platform according to an example embodiment. As shown in fig. 6, the electronic device 700 may include a processor 701, a memory 702. The electronic device 700 may also include one or more of a multimedia component 703, an input/output (I/O) interface 704, and a communication component 705.
The processor 701 is configured to control the overall operation of the electronic device 700, so as to complete all or part of the steps in the multi-tenant permission configuration method based on the SaaS platform. The memory 702 is used to store various types of data to support operation on the electronic device 700, which may include, for example, instructions for any application or method operating on the electronic device 700, as well as application-related data, such as contact data, messages sent and received, pictures, audio, video, and so forth. The Memory 702 may be implemented by any type or combination of volatile or non-volatile Memory devices, such as static random access Memory (Static Random Access Memory, SRAM for short), electrically erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM for short), erasable programmable Read-Only Memory (Erasable Programmable Read-Only Memory, EPROM for short), programmable Read-Only Memory (Programmable Read-Only Memory, PROM for short), read-Only Memory (ROM for short), magnetic Memory, flash Memory, magnetic disk, or optical disk. The multimedia component 703 can include a screen and an audio component. Wherein the screen may be, for example, a touch screen, the audio component being for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signals may be further stored in the memory 702 or transmitted through the communication component 705. The audio assembly further comprises at least one speaker for outputting audio signals. The I/O interface 704 provides an interface between the processor 701 and other interface modules, which may be a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 705 is for wired or wireless communication between the electronic device 700 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, near Field Communication (NFC) for short, 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or one or a combination of several thereof, is not limited herein. The communication component 705 accordingly may comprise a Wi-Fi module, a bluetooth module, an NFC module, etc.
In an exemplary embodiment, the electronic device 700 may be implemented by one or more Application-specific integrated circuits (ASIC), digital signal Processor (DIGITAL SIGNAL Processor, DSP), digital signal processing device (DIGITAL SIGNAL Processing Device, DSPD), programmable logic device (Programmable Logic Device, PLD), field programmable gate array (Field Programmable GATE ARRAY, FPGA), controller, microcontroller, microprocessor, or other electronic components for performing the SaaS platform-based multi-tenant entitlement configuration method described above.
In another exemplary embodiment, a computer readable storage medium is also provided, comprising program instructions which, when executed by a processor, implement the steps of the SaaS platform based multi-tenant entitlement configuration method described above. For example, the computer readable storage medium may be the memory 702 including program instructions described above, which are executable by the processor 701 of the electronic device 700 to perform the multi-tenant permission configuration method based on the SaaS platform described above.
In another exemplary embodiment, a computer program product is also provided, comprising a computer program executable by a programmable apparatus, the computer program having code portions for performing the SaaS platform based multi-tenant entitlement configuration method described above when executed by the programmable apparatus.
The preferred embodiments of the present disclosure have been described in detail above with reference to the accompanying drawings, but the present disclosure is not limited to the specific details of the embodiments described above, and various simple modifications may be made to the technical solutions of the present disclosure within the scope of the technical concept of the present disclosure, and all the simple modifications belong to the protection scope of the present disclosure.
In addition, the specific features described in the above embodiments may be combined in any suitable manner without contradiction. The various possible combinations are not described further in this disclosure in order to avoid unnecessary repetition.
Moreover, any combination between the various embodiments of the present disclosure is possible as long as it does not depart from the spirit of the present disclosure, which should also be construed as the disclosure of the present disclosure.
It should be noted that the foregoing embodiments are merely illustrative of the technical solutions of the present invention and not limiting, and although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that the technical solutions described in the foregoing embodiments may be modified or some or all of the technical features may be replaced equally, and these modifications or substitutions do not make the essence of the corresponding technical solutions deviate from the scope of the technical solutions of the embodiments of the present invention, and all the modifications or substitutions are included in the scope of the claims and the specification of the present invention.

Claims (10)

1.一种基于SaaS平台的多租户权限配置方法,其特征在于,包括:1. A multi-tenant permission configuration method based on a SaaS platform, characterized by comprising: 基于SaaS平台获取多租户信息层,并根据多租户信息层获取多个不同的角色类型和各个角色类型对应的第一权限集合,所述第一权限集合包括一个或多个不同的权限类型;Acquire a multi-tenant information layer based on the SaaS platform, and acquire a plurality of different role types and a first permission set corresponding to each role type according to the multi-tenant information layer, wherein the first permission set includes one or more different permission types; 定义各个权限类型对应的权重指标,并根据角色类型对应的第一权限集合内的权限类型的权重指标生成角色类型对应的第一标识符和第一权重值;Defining weight indicators corresponding to each permission type, and generating a first identifier and a first weight value corresponding to the role type according to the weight indicators of the permission types in the first permission set corresponding to the role type; 基于SaaS平台获取新增租户,并根据新增租户匹配角色类型并根据所匹配到的角色类型对应的第一权限集合完成权限配置;Acquire a new tenant based on the SaaS platform, match the role type according to the new tenant, and complete the permission configuration according to the first permission set corresponding to the matched role type; 设定校验时间周期,每间隔一个校验时间周期实时获取新增租户所配置的第二权限集合,所述第二权限集合包括一个或多个不同的权限类型,并根据新增租户对应的第二权限集合内的权限类型的权重指标生成第一租户对应的第二权重值;A verification time period is set, and a second permission set configured by the newly added tenant is obtained in real time at each verification time period, where the second permission set includes one or more different permission types, and a second weight value corresponding to the first tenant is generated according to a weight index of the permission type in the second permission set corresponding to the newly added tenant; 判断第二权重值与第一权重值是否相同,若不相同则收回租户权限配置,若相同则根据新增租户对应的第二权限集合内的权限类型的权重指标生成第一租户对应的第二标识符;Determine whether the second weight value is the same as the first weight value, if not, revoke the tenant's permission configuration; if they are the same, generate a second identifier corresponding to the first tenant according to the weight index of the permission type in the second permission set corresponding to the newly added tenant; 判断第二标识符与第一标识符是否相同,若不相同则收回租户权限配置。Determine whether the second identifier is the same as the first identifier, and if not, revoke the tenant permission configuration. 2.根据权利要求1所述的基于SaaS平台的多租户权限配置方法,其特征在于,所述根据角色类型对应的第一权限集合内的权限类型的权重指标生成角色类型对应的第一标识符和第一权重值包括:2. The multi-tenant permission configuration method based on the SaaS platform according to claim 1, characterized in that the step of generating the first identifier and the first weight value corresponding to the role type according to the weight index of the permission type in the first permission set corresponding to the role type comprises: 基于哈希计算模型和角色类型对应的第一权限集合内的权限类型的权重指标生成角色类型对应的第一标识符;Generate a first identifier corresponding to the role type based on the hash calculation model and the weight index of the permission type in the first permission set corresponding to the role type; 基于权重计算模型和角色类型对应的第一权限集合内的权限类型的权重指标生成角色类型对应的第一权重值。A first weight value corresponding to the role type is generated based on the weight calculation model and the weight index of the permission type in the first permission set corresponding to the role type. 3.根据权利要求2所述的基于SaaS平台的多租户权限配置方法,其特征在于,所述根据新增租户对应的第二权限集合内的权限类型的权重指标生成第一租户对应的第二权重值包括:3. The multi-tenant permission configuration method based on the SaaS platform according to claim 2 is characterized in that the step of generating the second weight value corresponding to the first tenant according to the weight index of the permission type in the second permission set corresponding to the newly added tenant comprises: 基于权重计算模型和新增租户对应的第二权限集合内的权限类型的权重指标生成第一租户对应的第二权重值。A second weight value corresponding to the first tenant is generated based on the weight calculation model and the weight index of the permission type in the second permission set corresponding to the newly added tenant. 4.根据权利要求2所述的基于SaaS平台的多租户权限配置方法,其特征在于,所述若相同则根据新增租户对应的第二权限集合内的权限类型的权重指标生成第一租户对应的第二标识符包括:4. The multi-tenant permission configuration method based on the SaaS platform according to claim 2, characterized in that the generating the second identifier corresponding to the first tenant according to the weight index of the permission type in the second permission set corresponding to the newly added tenant if the two are the same comprises: 若相同,则基于哈希计算模型和新增租户对应的第二权限集合内的权限类型的权重指标生成第一租户对应的第二标识符。If they are the same, a second identifier corresponding to the first tenant is generated based on the hash calculation model and the weight index of the permission type in the second permission set corresponding to the newly added tenant. 5.根据权利要求2所述的基于SaaS平台的多租户权限配置方法,其特征在于,所述基于哈希计算模型和角色类型对应的第一权限集合内的权限类型的权重指标生成角色类型对应的第一标识符中的哈希计算模型表示为:5. According to the multi-tenant permission configuration method based on the SaaS platform in claim 2, it is characterized in that the hash calculation model in the first identifier corresponding to the role type generated based on the hash calculation model and the weight index of the permission type in the first permission set corresponding to the role type is represented as: ;其中, ;in, 为第j个角色类型对应的第一标识符,为第一权限集合内权限类型的数量,为盐值系数,为第一权限集合内第i个权限类型的权重指标,为限制素数。 is the first identifier corresponding to the j-th role type, is the number of permission types in the first permission set, is the salt value coefficient, is the weight index of the i-th permission type in the first permission set, To restrict prime numbers. 6.根据权利要求5所述的基于SaaS平台的多租户权限配置方法,其特征在于,所述基于权重计算模型和角色类型对应的第一权限集合内的权限类型的权重指标生成角色类型对应的第一权重值中的权重计算模型表示为:6. The multi-tenant permission configuration method based on the SaaS platform according to claim 5 is characterized in that the weight calculation model in generating the first weight value corresponding to the role type based on the weight calculation model and the weight index of the permission type in the first permission set corresponding to the role type is expressed as: ;其中, ;in, 为第j个角色类型对应的第一权重值。 is the first weight value corresponding to the j-th role type. 7.根据权利要求1所述的基于SaaS平台的多租户权限配置方法,其特征在于,所述定义各个权限类型对应的权重指标包括:7. The multi-tenant permission configuration method based on the SaaS platform according to claim 1, characterized in that the weight index corresponding to each permission type is defined as follows: 获取权限类型的业务决策影响度和安全风险指标;The business decision impact and security risk indicators of the access permission type; 根据业务决策影响度和安全风险指标获取权重指标。Obtain weight indicators based on business decision impact and security risk indicators. 8.一种基于SaaS平台的多租户权限配置系统,其特征在于,所述系统包括:8. A multi-tenant permission configuration system based on a SaaS platform, characterized in that the system comprises: 获取模块,用于基于SaaS平台获取多租户信息层,并根据多租户信息层获取多个不同的角色类型和各个角色类型对应的第一权限集合,所述第一权限集合包括一个或多个不同的权限类型;An acquisition module, configured to acquire a multi-tenant information layer based on a SaaS platform, and acquire a plurality of different role types and a first permission set corresponding to each role type according to the multi-tenant information layer, wherein the first permission set includes one or more different permission types; 定义与计算模块,用于定义各个权限类型对应的权重指标,并根据角色类型对应的第一权限集合内的权限类型的权重指标生成角色类型对应的第一标识符和第一权重值;A definition and calculation module, used to define weight indicators corresponding to each permission type, and generate a first identifier and a first weight value corresponding to the role type according to the weight indicators of the permission types in the first permission set corresponding to the role type; 权限配置模块,用于基于SaaS平台获取新增租户,并根据新增租户匹配角色类型并根据所匹配到的角色类型对应的第一权限集合完成权限配置;The permission configuration module is used to obtain a new tenant based on the SaaS platform, match the role type according to the new tenant, and complete the permission configuration according to the first permission set corresponding to the matched role type; 校验计算模块,用于设定校验时间周期,每间隔一个校验时间周期实时获取新增租户所配置的第二权限集合,所述第二权限集合包括一个或多个不同的权限类型,并根据新增租户对应的第二权限集合内的权限类型的权重指标生成第一租户对应的第二权重值;A verification calculation module, used to set a verification time period, obtain a second permission set configured by the newly added tenant in real time at each verification time period, wherein the second permission set includes one or more different permission types, and generate a second weight value corresponding to the first tenant according to a weight index of the permission type in the second permission set corresponding to the newly added tenant; 第一比对模块,用于判断第二权重值与第一权重值是否相同,若不相同则收回租户权限配置,若相同则根据新增租户对应的第二权限集合内的权限类型的权重指标生成第一租户对应的第二标识符;A first comparison module is used to determine whether the second weight value is the same as the first weight value, and if not, to revoke the tenant's permission configuration; if they are the same, to generate a second identifier corresponding to the first tenant according to the weight index of the permission type in the second permission set corresponding to the newly added tenant; 第二比对模块,用于判断第二标识符与第一标识符是否相同,若不相同则收回租户权限配置。The second comparison module is used to determine whether the second identifier is the same as the first identifier, and if they are not the same, the tenant authority configuration is revoked. 9.一种电子设备,其特征在于,包括:9. An electronic device, comprising: 存储器,其上存储有计算机程序;a memory having a computer program stored thereon; 处理器,用于执行所述存储器中的所述计算机程序,以实现权利要求1至权利要求7中任意一项所述的基于SaaS平台的多租户权限配置方法。A processor, configured to execute the computer program in the memory to implement the multi-tenant permission configuration method based on the SaaS platform as described in any one of claims 1 to 7. 10.一种非临时性计算机可读存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现权利要求1至权利要求7中任意一项所述的基于SaaS平台的多租户权限配置方法。10. A non-temporary computer-readable storage medium having a computer program stored thereon, characterized in that when the program is executed by a processor, the multi-tenant permission configuration method based on the SaaS platform as described in any one of claims 1 to 7 is implemented.
CN202411762763.XA 2024-12-03 2024-12-03 Multi-tenant authority configuration method, system, equipment and medium based on SaaS platform Active CN119254534B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411762763.XA CN119254534B (en) 2024-12-03 2024-12-03 Multi-tenant authority configuration method, system, equipment and medium based on SaaS platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411762763.XA CN119254534B (en) 2024-12-03 2024-12-03 Multi-tenant authority configuration method, system, equipment and medium based on SaaS platform

Publications (2)

Publication Number Publication Date
CN119254534A true CN119254534A (en) 2025-01-03
CN119254534B CN119254534B (en) 2025-02-28

Family

ID=94026344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411762763.XA Active CN119254534B (en) 2024-12-03 2024-12-03 Multi-tenant authority configuration method, system, equipment and medium based on SaaS platform

Country Status (1)

Country Link
CN (1) CN119254534B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119883136A (en) * 2025-03-20 2025-04-25 苏州元脑智能科技有限公司 Multi-tenant implementation method of disk array system, electronic equipment and storage medium
CN120069789A (en) * 2025-02-06 2025-05-30 广西壮族自治区自然资源信息中心 Real estate registration service system construction method based on multi-tenant cloud architecture mode

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018121445A1 (en) * 2016-12-29 2018-07-05 中兴通讯股份有限公司 Multi-tenant access control method and apparatus
US20190295050A1 (en) * 2018-03-22 2019-09-26 R3 Ltd. Weighted multiple authorizations
CN114301714A (en) * 2022-01-20 2022-04-08 杭萧钢构股份有限公司 Multi-tenant permission control method and system
US20230319055A1 (en) * 2022-04-01 2023-10-05 Royal Bank Of Canada System and method for electronic identity and access management
CN117134944A (en) * 2023-07-23 2023-11-28 哈尔滨理工大学 Cloud authorization code generation method based on AI and SaaS user permissions
CN118035985A (en) * 2024-04-11 2024-05-14 深圳市中壬银兴信息技术有限公司 A MIS system based on data modularization
CN118714522A (en) * 2024-08-27 2024-09-27 江西掌中无限网络科技股份有限公司 A system and method for improving multi-tenant 5G message push efficiency
CN118842651A (en) * 2024-09-20 2024-10-25 杭州今元标矩科技有限公司 Access permission method, system and medium based on cloud computing
CN118916920A (en) * 2024-10-11 2024-11-08 辽宁华盾安全技术有限责任公司 User data isolation access control method and system based on HDFS

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018121445A1 (en) * 2016-12-29 2018-07-05 中兴通讯股份有限公司 Multi-tenant access control method and apparatus
US20190295050A1 (en) * 2018-03-22 2019-09-26 R3 Ltd. Weighted multiple authorizations
CN114301714A (en) * 2022-01-20 2022-04-08 杭萧钢构股份有限公司 Multi-tenant permission control method and system
US20230319055A1 (en) * 2022-04-01 2023-10-05 Royal Bank Of Canada System and method for electronic identity and access management
CN117134944A (en) * 2023-07-23 2023-11-28 哈尔滨理工大学 Cloud authorization code generation method based on AI and SaaS user permissions
CN118035985A (en) * 2024-04-11 2024-05-14 深圳市中壬银兴信息技术有限公司 A MIS system based on data modularization
CN118714522A (en) * 2024-08-27 2024-09-27 江西掌中无限网络科技股份有限公司 A system and method for improving multi-tenant 5G message push efficiency
CN118842651A (en) * 2024-09-20 2024-10-25 杭州今元标矩科技有限公司 Access permission method, system and medium based on cloud computing
CN118916920A (en) * 2024-10-11 2024-11-08 辽宁华盾安全技术有限责任公司 User data isolation access control method and system based on HDFS

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
文珠穆;卢正鼎;唐卓;辜希武;: "基于RBAC的P2P网络环境信任模型研究", 计算机科学, no. 06, 25 June 2008 (2008-06-25) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120069789A (en) * 2025-02-06 2025-05-30 广西壮族自治区自然资源信息中心 Real estate registration service system construction method based on multi-tenant cloud architecture mode
CN119883136A (en) * 2025-03-20 2025-04-25 苏州元脑智能科技有限公司 Multi-tenant implementation method of disk array system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN119254534B (en) 2025-02-28

Similar Documents

Publication Publication Date Title
CN119254534B (en) Multi-tenant authority configuration method, system, equipment and medium based on SaaS platform
US8239925B2 (en) Evaluating removal of access permissions
US10609087B2 (en) Systems and methods for generation and selection of access rules
CN110704873B (en) Method and system for preventing sensitive data from being leaked
CN118916920B (en) User data isolation access control method and system based on HDFS
CA3228130A1 (en) Methods, systems, apparatuses, and devices for facilitating controlling and managing cloud usage costs for using cloud resources
CN113392426A (en) Method and system for enhancing data privacy of an industrial or electrical power system
CN119652551A (en) A user information management method and system based on application information
CN119127793A (en) A housing provident fund archive management method, system, device, medium and product
CN120030515B (en) A blockchain-based e-commerce operation data security protection system and method
CN119130366B (en) Engine-based process approval method, device, computer equipment and storage medium
CN118921200B (en) A trust access control method based on user behavior profile
US20210344717A1 (en) Exchanging and acting on security events at an enterprise using permissioned blockchain
US20170149831A1 (en) Apparatus and method for verifying detection rule
CN113498592A (en) Digital property authentication and management system
CN116414818A (en) Distributed security data cleaning system based on visual management
CN117354420A (en) Mining method and device for easy-to-visit user, terminal equipment and storage medium
CN116956332A (en) BIM data processing method, BIM data processing equipment and computer readable storage medium
CN115941199B (en) Identity information verification method, apparatus, device, storage medium and program product
CN118473903B (en) Cloud business management system
CN119250536B (en) Renovation contract risk assessment and encryption management method and system based on blockchain
US20250209191A1 (en) Rules based policy driven engine and methods of use
CN121030802A (en) A file management method, apparatus, server, and storage medium
CN119990860A (en) A system and method for automatically generating a report for performance indicator scoring
CN119692999A (en) Intelligent payment method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant