Field of the Disclosure
The present disclosure generally relates to authorization management in computer systems, and in particular, relates to systems and methods for facilitating the authentication of users.
Description of Related Art
In general, “authorization management” refers to how users may access authorized resources, and only authorized resources, in accordance with the security rules or policies defined by a system. Authorization management technology manages the permissions of subjects to access objects in application systems, and may be applied to any application system after a user logs into the system (e.g., using a user account and a password).
In the related art, subjects may be a variety of users, and the access objects may be resources controlled or used by the system, including, without limitation, resources utilized by each module of the system such as server resources, data services, database resources, or the like. Application systems generally map permission information to individual users in advance and store these mappings using, for example, an ID of the user. In this manner, during the process of system authentication, the permission information of a user is identified according to the logged in user's ID. The identified permissions may then be used to control access to resources for the logged in user, thereby implementing a basic authorization management system.
In some specialized application systems (e.g., big data platforms), subjects may comprise other entities, such as tenants, projects, and the like, depending on the needs of the application system. In systems that include a variety of subjects, users are often assigned to one or more projects or tenants in order to implement authorization management. Additionally, permissions to access system resources are also different with respect to the different projects or tenants. Thus the current technology of authorization management in application systems including a variety of subjects is still deficient.