PythonAI算法
从零搭建 AI 系统权限控制系统
介绍如何从零搭建 AI 系统权限控制系统。内容包括环境准备、资产分类模型设计、用户角色体系构建、基于 Casbin 的权限控制实现、配置文件编写、系统整合、自动化测试、生产部署及监控、以及性能优化和 AI 驱动的权限管理。通过实例演示了如何防止类似 Meta 的数据泄露事故,确保敏感数据的安全访问。
介绍如何从零搭建 AI 系统权限控制系统。内容包括环境准备、资产分类模型设计、用户角色体系构建、基于 Casbin 的权限控制实现、配置文件编写、系统整合、自动化测试、生产部署及监控、以及性能优化和 AI 驱动的权限管理。通过实例演示了如何防止类似 Meta 的数据泄露事故,确保敏感数据的安全访问。
2026 年 3 月 22 日,Meta AI 发生重大数据泄露事故——敏感数据'全员可见'2 小时。在开发 AI 项目时,构建完善的权限安全架构至关重要。
本教程将带你从零开始,搭建一个完整的、可实战的 AI 权限控制系统。适用于个人开发者、小团队及大型 AI 项目。
所需技能: 基础 Python、Linux 命令行、Git
# 1. 安装 Python 和相关依赖
pip install casbin flask sqlalchemy redis
# 2. 安装数据库(推荐 PostgreSQL)
sudo apt-get install postgresql
# Linux
# 或下载安装包:https://www.postgresql.org/download/
# 3. 安装 Redis(用于缓存和实时权限检查)
sudo apt-get install redis-server
# 4. 创建项目目录
mkdir ai-permission-system
cd ai-permission-system
# 创建项目目录结构
mkdir -p src/{models,controllers,utils,config}
mkdir -p tests/{unit,integration}
mkdir -p data/{logs,backups}
mkdir -p docs/{architecture,api}
# 创建基础配置文件
touch config/settings.yaml
touch config/database.yaml
touch config/permission_policy.yaml
touch src/main.py
打开 src/models/ai_assets.py:
""" AI 资产分类模型
定义了 AI 系统中的各种资源及其敏感度级别
"""
class AIAsset:
"""AI 资产基类"""
def __init__(self, asset_id, asset_type, sensitivity_level):
self.asset_id = asset_id
self.asset_type = asset_type # data, model, api, log 等
self.sensitivity_level = sensitivity_level # critical/high/medium/low
# 自动计算权限基线
self.base_permission = self._calculate_base_permission()
def _calculate_base_permission(self):
"""根据敏感度自动计算基础权限"""
if self.sensitivity_level == 'critical':
return {'read': False, 'write': False, 'delete': False}
elif self.sensitivity_level == 'high':
return {'read': True, 'write': False, 'delete': False}
elif self.sensitivity_level == 'medium':
return {'read': True, 'write': True, 'delete': False}
elif self.sensitivity_level == 'low':
return {'read': True, 'write': True, 'delete': True}
else:
return {'read': False, 'write': False, 'delete': False}
def __repr__(self):
return f"AIAsset({self.asset_id}, {self.asset_type}, {self.sensitivity_level})"
# 具体的 AI 资产类型定义
class TrainingDataAsset(AIAsset):
"""训练数据集"""
def __init__(self, asset_id, data_size, contains_personal_data=False):
sensitivity = 'critical' if contains_personal_data else 'high'
super().__init__(asset_id, 'training_data', sensitivity)
self.data_size = data_size
self.contains_personal_data = contains_personal_data
class ModelParameterAsset(AIAsset):
"""模型参数"""
def __init__(self, asset_id, model_type, training_cost):
# 根据训练成本和模型类型确定敏感度
if training_cost > 10000 or model_type == 'proprietary':
sensitivity = 'critical'
elif training_cost > 1000:
sensitivity = 'high'
else:
sensitivity = 'medium'
super().__init__(asset_id, 'model_parameters', sensitivity)
self.model_type = model_type
self.training_cost = training_cost
class InferenceAPIAsset(AIAsset):
"""推理 API"""
def __init__(self, asset_id, request_limit_per_minute):
sensitivity = 'medium' if request_limit_per_minute > 100 else 'low'
super().__init__(asset_id, 'inference_api', sensitivity)
self.request_limit = request_limit_per_minute
class TrainingLogAsset(AIAsset):
"""训练日志"""
def __init__(self, asset_id, contains_metrics=False):
sensitivity = 'medium' if contains_metrics else 'low'
super().__init__(asset_id, 'training_log', sensitivity)
self.contains_metrics = contains_metrics
# 使用示例
if __name__ == "__main__":
# 创建一些示例资产
user_data = TrainingDataAsset('user_dataset_v1', 1000000, contains_personal_data=True)
llm_model = ModelParameterAsset('llm_v2', 'llm', 50000)
api_endpoint = InferenceAPIAsset('chat_api_v1', 50)
training_log = TrainingLogAsset('training_log_2026_03_22', contains_metrics=True)
print(f"用户数据集权限:{user_data.base_permission}")
print(f"LLM 模型权限:{llm_model.base_permission}")
print(f"API 端点权限:{api_endpoint.base_permission}")
print(f"训练日志权限:{training_log.base_permission}")
打开 src/models/user_roles.py:
""" 用户角色体系设计
定义了 AI 系统中的各种角色及其权限基线
"""
class UserRole:
"""用户角色基类"""
def __init__(self, role_name, role_description):
self.role_name = role_name
self.role_description = role_description
self.permission_matrix = {} # 权限矩阵
def add_permission(self, asset_type, permissions):
"""为特定资产类型添加权限"""
self.permission_matrix[asset_type] = permissions
def get_permission_for(self, asset_type):
"""获取对特定资产类型的权限"""
if asset_type in self.permission_matrix:
return self.permission_matrix[asset_type]
else:
return {'read': False, 'write': False, 'delete': False}
def __repr__(self):
return f"UserRole({self.role_name})"
# 具体的 AI 系统角色定义
class DataEngineerRole(UserRole):
"""数据工程师"""
def __init__(self):
super().__init__('data_engineer', )
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
():
():
().__init__(, )
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
():
():
().__init__(, )
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
():
():
().__init__(, )
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
():
():
().__init__(, )
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
.add_permission(, {: , : , : })
__name__ == :
data_engineer = DataEngineerRole()
ml_engineer = MLEngineerRole()
deployment_engineer = DeploymentEngineerRole()
()
()
()
Casbin 是一个强大的开源权限控制框架。打开 src/controllers/permission_controller.py:
""" 使用 Casbin 实现 AI 系统权限控制 """
import casbin
from casbin import persist
class AIPermissionController:
"""AI 权限控制器"""
def __init__(self):
# 加载权限策略
self.enforcer = casbin.Enforcer(
"config/permission_model.conf", # 模型配置文件
"config/permission_policy.csv" # 策略配置文件
)
# 创建适配器(连接到数据库)
self.adapter = persist.Adapter()
# 初始化上下文存储
self.context_store = {}
def check_access(self, user_id, resource_id, action):
"""检查用户是否有权限执行操作"""
# 基础权限检查
result = self.enforcer.enforce(user_id, resource_id, action)
# 如果基础检查通过,进行上下文检查
if result:
context_result = self._check_context(user_id, resource_id, action)
return context_result
return False
def _check_context(self, user_id, resource_id, action):
"""上下文检查:时间、地点、系统状态等"""
context = self._get_context(user_id, resource_id)
# 检查时间限制
if context['time_restricted'] and not self._is_in_time_window():
return False
context[] ._is_in_location():
context[] != :
._has_abnormal_history(user_id):
():
(user_id, resource_id) .context_store:
.context_store[(user_id, resource_id)]
:
{: , : , : }
():
grant_record = {
: ._get_current_time(),
: user_id,
: resource_id,
: action,
: reason,
: ._current_admin()
}
._save_to_audit_log(grant_record)
.enforcer.add_policy(user_id, resource_id, action)
():
revoke_record = {
: ._get_current_time(),
: user_id,
: resource_id,
: action,
: reason,
: ._current_admin()
}
._save_to_audit_log(revoke_record)
.enforcer.remove_policy(user_id, resource_id, action)
():
()
():
datetime
datetime.datetime.now()
():
():
datetime
now = datetime.datetime.now().hour
<= now <=
():
():
__name__ == :
controller = AIPermissionController()
result = controller.check_access(, , )
()
controller.grant_permission(, , , )
controller.revoke_permission(, , , )
创建 config/permission_model.conf:
# Casbin 权限模型配置文件
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
创建 config/permission_policy.csv:
p, data_engineer, training_data, read
p, data_engineer, training_data, write
p, data_engineer, training_data, delete
p, ml_engineer, model_parameters, read
p, ml_engineer, model_parameters, write
p, deployment_engineer, inference_api, read
p, deployment_engineer, inference_api, write
p, deployment_engineer, inference_api, delete
p, product_manager, training_log, read
p, customer, inference_api, read
打开 src/main.py 创建完整的权限控制系统:
""" AI 权限控制系统主程序
整合所有组件,提供完整的权限管理功能
"""
from models.ai_assets import TrainingDataAsset, ModelParameterAsset, InferenceAPIAsset, TrainingLogAsset
from models.user_roles import DataEngineerRole, MLEngineerRole, DeploymentEngineerRole, ProductManagerRole, CustomerRole
from controllers.permission_controller import AIPermissionController
import json
class AIPermissionSystem:
"""完整的 AI 权限控制系统"""
def __init__(self):
# 初始化所有组件
self.assets = {} # AI 资产存储
self.users = {} # 用户存储
self.controller = AIPermissionController()
# 初始化角色
self.roles = {
'data_engineer': DataEngineerRole(),
'ml_engineer': MLEngineerRole(),
'deployment_engineer': DeploymentEngineerRole(),
'product_manager': ProductManagerRole(),
'customer': CustomerRole()
}
# 初始化审计日志
self.audit_log = []
def register_asset(self, asset):
"""注册 AI 资产"""
self.assets[asset.asset_id] = asset
# 自动根据资产敏感度设置基础权限
self._set_base_permissions(asset)
# 记录审计日志
self.log_audit('asset_registered', f"注册资产:{asset}")
return asset.asset_id
():
asset.sensitivity_level == :
.controller.grant_permission(, asset.asset_id, , )
.controller.grant_permission(, asset.asset_id, , )
asset.sensitivity_level == :
role_name, role .roles.items():
role.get_permission_for(asset.asset_type)[]:
.controller.grant_permission(role_name, asset.asset_id, , )
asset.sensitivity_level == :
role_name, role .roles.items():
permissions = role.get_permission_for(asset.asset_type)
action, allowed permissions.items():
allowed:
.controller.grant_permission(role_name, asset.asset_id, action, )
():
role_name .roles:
ValueError()
.users[user_id] = {
: role_name,
: ._get_current_time(),
:
}
.log_audit(, )
():
user_id .users:
.log_audit(, )
user_role = .users[user_id][]
asset_id .assets:
.log_audit(, )
result = .controller.check_access(user_role, asset_id, action)
result:
.log_audit(, )
.users[user_id][] = ._get_current_time()
:
.log_audit(, )
result
():
audit_entry = {
: ._get_current_time(),
: event_type,
: message,
: ._get_system_state()
}
.audit_log.append(audit_entry)
()
():
datetime
datetime.datetime.now().isoformat()
():
{
: (.assets),
: (.users),
: (.audit_log)
}
():
config = {
: {: (asset) , asset .assets.items()},
: .users,
: {name: (role) name, role .roles.items()},
: .audit_log[-:]
}
json.dumps(config, indent=)
():
config = json.loads(config_json)
()
__name__ == :
system = AIPermissionSystem()
user_dataset = TrainingDataAsset(, , contains_personal_data=)
llm_model = ModelParameterAsset(, , )
chat_api = InferenceAPIAsset(, )
asset_ids = [
system.register_asset(user_dataset),
system.register_asset(llm_model),
system.register_asset(chat_api)
]
()
user_ids = [
system.register_user(, ),
system.register_user(, ),
system.register_user(, )
]
()
()
result1 = system.check_user_access(, , )
()
result2 = system.check_user_access(, , )
()
result3 = system.check_user_access(, , )
()
()
config_json = system.export_configuration()
()
创建 tests/unit/test_permission_system.py:
""" AI 权限系统单元测试 """
import unittest
from src.main import AIPermissionSystem
from src.models.ai_assets import TrainingDataAsset, ModelParameterAsset
from src.models.user_roles import DataEngineerRole, MLEngineerRole
class TestAIPermissionSystem(unittest.TestCase):
"""AI 权限系统测试类"""
def setUp(self):
"""测试初始化"""
self.system = AIPermissionSystem()
# 注册测试资产
self.user_data = TrainingDataAsset('test_user_data', 1000, contains_personal_data=True)
self.model_param = ModelParameterAsset('test_model', 'classification', 500)
self.system.register_asset(self.user_data)
self.system.register_asset(self.model_param)
# 注册测试用户
self.system.register_user('test_data_engineer', 'data_engineer')
self.system.register_user('test_ml_engineer', 'ml_engineer')
def test_critical_asset_access(self):
"""测试关键资产访问"""
# 数据工程师应该不能删除包含个人数据的资产
result = self.system.check_user_access('test_data_engineer', 'test_user_data', 'delete')
.assertFalse(result, )
():
result = .system.check_user_access(, , )
.assertTrue(result, )
():
.system.check_user_access(, , )
audit_log = .system.audit_log
.assertGreater((audit_log), , )
latest_event = audit_log[-][]
.assertIn(latest_event, [, ], )
():
()
():
config_json = .system.export_configuration()
.assertIsInstance(config_json, , )
.assertGreater((config_json), , )
__name__ == :
unittest.main()
创建 docker-compose.yml 用于容器化部署:
version: '3.8'
services:
# AI 权限服务
ai-permission-service:
build: .
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql://admin:password@db:5432/ai_permission_db
- REDIS_URL=redis://redis:6379
- LOG_LEVEL=INFO
depends_on:
- db
- redis
# PostgreSQL 数据库
db:
image: postgres:14
environment:
- POSTGRES_DB=ai_permission_db
- POSTGRES_USER=admin
- POSTGRES_PASSWORD=password
volumes:
- db_data:/var/lib/postgresql/data
- ./config/database_init.sql:/docker-entrypoint-initdb.d/init.sql
# Redis 缓存
redis:
image: redis:7
ports:
- "6379:6379"
volumes:
- redis_data:/data
# 监控服务
monitor:
image: grafana/grafana:latest
创建 Dockerfile:
FROM python:3.9-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 8000
CMD ["python", "src/main.py"]
创建 config/monitoring_config.yaml:
# AI 权限系统监控配置
monitoring:
metrics:
- permission_check_count
- access_granted_count
- access_denied_count
- audit_log_size
- user_count
- asset_count
alerts:
high_risk_access:
threshold: 10 # 每小时超过 10 次高风险访问
action: email_to_admin
abnormal_pattern:
threshold: 5 # 连续 5 次异常模式
action: block_user_temporarily
system_overload:
threshold: 1000 # 每秒权限检查超过 1000 次
action: scale_up_service
dashboards:
realtime_monitoring:
panels:
- permission_heatmap
- user_activity
- asset_access_pattern
security_report:
panels:
- risk_assessment
- audit_summary
- compliance_check
performance:
panels:
创建 scripts/automated_ops.py:
""" AI 权限系统自动化运维脚本 """
import subprocess
import json
import time
from datetime import datetime
class AutomatedOps:
"""自动化运维"""
def daily_backup(self):
"""每日备份"""
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
backup_file = f"data/backups/system_backup_{timestamp}.json"
# 导出当前配置
subprocess.run(["python", "src/main.py", "--export", backup_file])
print(f"[备份] 创建备份文件:{backup_file}")
def check_system_health(self):
"""检查系统健康"""
health_report = {
'timestamp': datetime.now().isoformat(),
'database_connection': self._check_db(),
'redis_connection': self._check_redis(),
'service_response': self._check_service(),
'audit_log_rotation': self._check_log_rotation(),
'permission_policy_validity': self._check_policy()
}
# 保存健康报告
with open("data/logs/health_report.json", "w") as f:
json.dump(health_report, f, indent=2)
# 如果有问题,发送警报
(health_report.values()):
.send_alert(health_report)
():
archive_file =
subprocess.run([, , archive_file])
()
():
subprocess.run([, , , ])
subprocess.run([, ])
()
():
:
Exception e:
()
():
:
Exception e:
()
():
:
response = subprocess.run([, ], capture_output=, text=)
response.stdout.strip() ==
Exception e:
()
():
log_size = subprocess.run([, , ], capture_output=, text=)
size_str = log_size.stdout.split()[]
size_str:
size_mb = (size_str.replace(, ))
size_mb <
:
():
test_result = subprocess.run([, ], capture_output=, text=)
test_result.returncode ==
():
problem_areas = []
area, status health_report.items():
status:
problem_areas.append(area)
alert_message =
()
__name__ == :
ops = AutomatedOps()
()
ops.daily_backup()
ops.check_system_health()
ops._check_log_rotation():
ops.rotate_audit_logs()
()
创建 scripts/simulate_meta_leak.py:
""" 模拟 Meta AI 数据泄露事故
演示权限配置错误导致的敏感数据暴露
"""
import time
from src.main import AIPermissionSystem
from src.models.ai_assets import TrainingDataAsset, ModelParameterAsset
def simulate_leak_scenario():
"""模拟数据泄露场景"""
print("=== 模拟 Meta AI 数据泄露事故 ===\n")
# 创建权限系统
system = AIPermissionSystem()
# 创建一些敏感资产
sensitive_data = TrainingDataAsset('meta_sensitive_data', 5000000, contains_personal_data=True)
proprietary_model = ModelParameterAsset('meta_proprietary_model', 'llm', 100000)
system.register_asset(sensitive_data)
system.register_asset(proprietary_model)
# 注册一些用户
system.register_user('engineer_john', 'data_engineer')
system.register_user('engineer_mary', 'ml_engineer')
system.register_user('admin_tom', 'system_admin')
print("初始状态:敏感数据只有管理员可访问")
print(f"管理员访问敏感数据:{system.check_user_access('admin_tom', 'meta_sensitive_data', 'read')}")
print(f"工程师访问敏感数据:{system.check_user_access('engineer_john', 'meta_sensitive_data', 'read')}")
print("\n=== 模拟配置错误 ===\n")
# 模拟 Meta 的配置错误:将敏感数据权限设置为'全员可见'
print("模拟错误:手动将敏感数据权限设置为全员可见")
all_roles = [, , , , ]
role all_roles:
system.controller.grant_permission(role, , , )
()
()
leak_detected =
role all_roles:
access_result = system.check_user_access(, , )
access_result:
()
leak_detected =
leak_detected:
()
()
()
role all_roles:
system.controller.revoke_permission(role, , , )
()
()
()
()
()
()
()
()
()
()
()
()
():
()
system = AIPermissionSystem()
sensitive_asset = TrainingDataAsset(, )
system.register_asset(sensitive_asset)
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
__name__ == :
simulate_leak_scenario()
run_leak_prevention_demo()
创建 scripts/performance_optimization.py:
""" AI 权限系统性能优化 """
import time
from functools import lru_cache
class PermissionCache:
"""权限缓存优化"""
def __init__(self):
self.cache = {}
self.hit_count = 0
self.miss_count = 0
@lru_cache(maxsize=1000)
def cached_check(self, user_role, asset_id, action):
"""缓存权限检查"""
# 模拟权限检查
key = f"{user_role}_{asset_id}_{action}"
if key in self.cache:
self.hit_count += 1
return self.cache[key]
else:
self.miss_count += 1
result = self._actual_check(user_role, asset_id, action)
self.cache[key] = result
return result
def _actual_check(self, user_role, asset_id, action):
"""实际的权限检查"""
# 这里应该是实际的权限检查逻辑
time.sleep(0.001) # 模拟耗时
return True # 简化实现
():
{
: (.cache),
: .hit_count,
: .miss_count,
: .hit_count / (.hit_count + .miss_count) (.hit_count + .miss_count) >
}
:
():
results = []
grouped_by_role = {}
check check_list:
role = check[]
role grouped_by_role:
grouped_by_role[role] = []
grouped_by_role[role].append(check)
role, checks grouped_by_role.items():
batch_results = ._process_role_batch(role, checks)
results.extend(batch_results)
results
():
results = []
check checks:
results.append({: check, : })
results
__name__ == :
()
cache = PermissionCache()
test_checks = [
(, , ),
(, , ),
(, , ),
(, , ),
]
check test_checks:
cache.cached_check(*check)
stats = cache.get_cache_stats()
()
()
bulk_processor = BulkPermissionProcessor()
bulk_checks = [
{: , : , : },
{: , : , : },
{: , : , : },
{: , : , : },
]
results = bulk_processor.process_bulk_checks(bulk_checks)
()
创建 scripts/ai_driven_permission_optimizer.py:
""" AI 驱动的权限优化
使用机器学习优化权限配置
"""
import numpy as np
from sklearn.cluster import KMeans
from sklearn.preprocessing import StandardScaler
class PermissionPatternLearner:
"""权限模式学习器"""
def __init__(self):
self.access_patterns = []
self.user_clusters = {}
self.asset_clusters = {}
def collect_access_data(self, access_logs):
"""收集访问数据"""
for log in access_logs:
pattern = {
'user_role': log['user_role'],
'asset_type': log['asset_type'],
'action': log['action'],
'time_of_day': log['time_of_day'],
'success_rate': log['success_rate']
}
self.access_patterns.append(pattern)
def cluster_users_by_access_pattern(self):
"""根据访问模式聚类用户"""
# 准备数据
feature_matrix = []
for pattern in self.access_patterns:
# 将访问模式转换为特征向量
features = [
pattern['time_of_day'],
pattern['success_rate'],
len(pattern[]),
(pattern[]) %
]
feature_matrix.append(features)
scaler = StandardScaler()
scaled_features = scaler.fit_transform(feature_matrix)
kmeans = KMeans(n_clusters=, random_state=)
clusters = kmeans.fit_predict(scaled_features)
i, pattern (.access_patterns):
cluster_id = clusters[i]
user_role = pattern[]
user_role .user_clusters:
.user_clusters[user_role] = cluster_id
.user_clusters
():
optimized_permissions = {}
user_role, cluster_id .user_clusters.items():
cluster_patterns = []
i, pattern (.access_patterns):
pattern[] == user_role:
cluster_patterns.append(pattern)
suggested_permission = ._calculate_optimal_permission(cluster_patterns)
optimized_permissions[user_role] = suggested_permission
optimized_permissions
():
permission = {}
pattern patterns:
asset_type = pattern[]
action = pattern[]
success_rate = pattern[]
success_rate > :
permission_key =
permission[permission_key] =
:
permission[permission_key] =
permission
():
risk_score =
new_access_pattern[] > new_access_pattern[] < :
risk_score +=
new_access_pattern[] == new_access_pattern[] == :
risk_score +=
new_access_pattern[] .user_clusters:
risk_score +=
risk_score
:
():
frequently_accessed = ._analyze_frequency(access_history)
asset_action frequently_accessed:
asset_type, action = asset_action.split()
()
():
unused_permissions = ._find_unused_permissions(user_role, inactive_periods)
permission unused_permissions:
()
():
frequency_map = {}
record access_history:
key =
key frequency_map:
frequency_map[key] =
frequency_map[key] +=
[k k, v frequency_map.items() v > ]
():
unused_permissions = []
permission, last_used inactive_periods.items():
last_used > :
unused_permissions.append(permission)
unused_permissions
__name__ == :
()
learner = PermissionPatternLearner()
access_logs = [
{: , : , : , : , : },
{: , : , : , : , : },
{: , : , : , : , : },
{: , : , : , : , : },
]
learner.collect_access_data(access_logs)
user_clusters = learner.cluster_users_by_access_pattern()
()
optimized_permissions = learner.suggest_optimized_permissions()
()
new_pattern = {: , : , : , : , : }
risk_score = learner.predict_access_risk(new_pattern)
()
automation = PermissionAutomation()
user_history = [
{: , : },
{: , : },
{: , : },
{: , : },
]
automation.auto_grant_permissions(, user_history)
inactive_periods = {: , : }
automation.auto_revoke_permissions(, inactive_periods)
微信公众号「极客日志」,在微信中扫描左侧二维码关注。展示文案:极客日志 zeeklog
使用加密算法(如AES、TripleDES、Rabbit或RC4)加密和解密文本明文。 在线工具,加密/解密文本在线工具,online
生成新的随机RSA私钥和公钥pem证书。 在线工具,RSA密钥对生成器在线工具,online
基于 Mermaid.js 实时预览流程图、时序图等图表,支持源码编辑与即时渲染。 在线工具,Mermaid 预览与可视化编辑在线工具,online
解析常见 curl 参数并生成 fetch、axios、PHP curl 或 Python requests 示例代码。 在线工具,curl 转代码在线工具,online
将字符串编码和解码为其 Base64 格式表示形式即可。 在线工具,Base64 字符串编码/解码在线工具,online
将字符串、文件或图像转换为其 Base64 表示形式。 在线工具,Base64 文件转换器在线工具,online