In a cloud data storage environment, for a user, ownership of and control rights for storage data are separated. An existing basic architecture of cloud computing includes a virtual machine and a virtual data volume, where the virtual machine controls the virtual data volume. The virtual data volume, also referred to as a logical unit or a logical volume, is a data volume obtained by logically partitioning storage space that belongs to a same user and that is in hardware storage space. An administrator may establish a correspondence between the virtual machine and the virtual data volume using a cloud operating system (Cloud OS), and each virtual machine corresponds to one user.
The administrator has operation and maintenance rights, and may mount a virtual data volume to another virtual machine using the cloud operating system. A logical unit number (LUN) is used as an example of the virtual data volume. An LUN1 originally belongs to a virtual machine VM1, and a virtual data volume LUN2 originally belongs to a virtual machine VM2. The administrator can mount the virtual data volume LUN1 to the virtual machine VM2 using the cloud operating system. As a result, a user of the virtual machine VM2 can view data of the virtual data volume LUN1. There is a data leakage risk, when the virtual machine VM1 and the virtual machine VM2 belong to different users.