CN102201935A - Access control method and device based on VIEW - Google Patents
Access control method and device based on VIEW Download PDFInfo
- Publication number
- CN102201935A CN102201935A CN2011101239285A CN201110123928A CN102201935A CN 102201935 A CN102201935 A CN 102201935A CN 2011101239285 A CN2011101239285 A CN 2011101239285A CN 201110123928 A CN201110123928 A CN 201110123928A CN 102201935 A CN102201935 A CN 102201935A
- Authority
- CN
- China
- Prior art keywords
- access rights
- attribute information
- user class
- mib object
- mib
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an access control method and device based on VIEW. The method comprises the following steps: receiving request messages from a manager, wherein the request messages carry user identity information and information of an MIB (management information bank) object to be accessed; determining a user level in accordance with user identity information and determining access permission attribute information corresponding to the user level as well as determining access permission attribute information of the VIEW to which the MIB object belongs; and according to the relation between the access permission attribute information corresponding to the user level and the access permission attribute information of the VIEW to which the MIB object belongs, determining whether the manager is permitted to access the MIB object to be accessed. According to the relation between the access permission attribute information corresponding to the user level and the access permission attribute information of the VIEW to which the MIB object belongs, whether the manager is permitted to access the MIB object to be accessed is determined, so the access control for the MIB object can be realized and the MIB object in the VIEW can be checked and adjusted dynamically.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of access control method and device thereof based on VIEW.
Background technology
Have now among the Internet mostly based on SNMP(Simple Network Management Protocol, Simple Network Management Protocol) architecture, the SNMP architecture is by manager (Manager), succedaneum (Agent), MIB(Management Information Base, management information bank) and protocol operation etc. partly constitute.Manager issues operational order by snmp protocol to Agent, and the operation requests of Agent response Manager is by the management maintenance of visit MIB execution to equipment.
MIB is the set of all management objects, and each variable among the MIB is webmaster object properties, has different level of securitys.From security consideration, the succedaneum need provide the access control function to MIB, is responsible for promptly checking whether the manager can operate corresponding M IB.Access control is for to be divided into different access group (being VIEW) with MIB, and to the corresponding access rights rank of each access group definition, the user side who only possesses corresponding authority is authorized to executable operations.
In the prior art,, VACM(View-based Access Control Model has been proposed in order to realize access control to MIB, the view access control model), VACM is the access control model of SNMP definition, provides the access control to MIB, with the strengthening system fail safe.
VACM requires to create VACM_VIEW group (scope that is used for regulation visit MIB) on every network equipment, the VACM_ACCESS group (is the access rights groups, be used for related between regulation VACM_GROUP group and the VACM_VIEW group), VACM_GROUP organizes (be user grouping, be used to stipulate related between user and the role).
The specific implementation process of VACM comprises: (1) sets up visit VACM_VIEW group; (2) create the VACM_GROUP group, set up the Role Management unit, be used for user and corresponding access rights thereof are managed; (3) set up VACM_ACCESS group, the right that reads or writes that is about to visit concrete VACM_VIEW group is given concrete user's group, sets up the strategy of the specific mib object of specific user's group access.
Though said method can provide the access control to MIB, it is pre-configured that the introducing of VACM requires all VIEW all to need, and can't realize dynamically adjusting according to demand, and still there is following shortcoming in prior art:
(1) VACM need define and create multiple object and table examples such as Group Table, Access Table, ViewTree Table, and by the incidence relation between the index foundation, realizes complexity, and it is more to handle level, and it is lower to carry out efficient.
(2) setting up VACM_VIEW when group, the webmaster object that each need be belonged to this VIEW is installed in the independent chained list, the VIEW that sets up when webmaster object or desire more for a long time, installation process is more loaded down with trivial details, make mistakes easily.And often be that same object is present among a plurality of VIEW simultaneously in the practical application, cause final shared memory source more.
(3) do not provide interface and the relevant MIB definition of object that object that VIEW comprises is adjusted to the manager, cause and dynamically to adjust VIEW, make right assignment dumb, adjusting if desired then needs to realize by configuration or software upgrading.
Summary of the invention
The embodiment of the invention provides a kind of access control method and device thereof based on VIEW, in order to solving the problem that can't dynamically adjust VIEW, and realizes the access control to MIB, and for this reason, the embodiment of the invention adopts following technical scheme:
A kind of access control method based on access group VIEW comprises:
Reception is carried the information of subscriber identity information and management information bank mib object to be visited from gerentocratic request message in the described request message;
Determine user class according to described subscriber identity information, determine the access rights attribute information of described user class correspondence, and determine the access rights attribute information of the affiliated VIEW of mib object to be visited;
Affiliated relation according to the access rights attribute information of VIEW under the access rights attribute information of described user class correspondence and the described mib object to be visited determines whether to allow the manager to visit described mib object to be visited.
A kind of access control apparatus based on access group VIEW comprises:
Receiver module is used for receiving from gerentocratic request message, carries the information of subscriber identity information and management information bank mib object to be visited in the described request message;
First determination module is used for determining user class according to described subscriber identity information, determines the access rights attribute information of described user class correspondence, and determines the access rights attribute information of the affiliated VIEW of mib object to be visited;
Second determination module is used for determining whether to allow the manager to visit described mib object to be visited according to the affiliated relation of the access rights attribute information of VIEW under the access rights attribute information of described user class correspondence and the described mib object to be visited.
The above embodiment of the present invention, can determine whether to allow the manager to visit mib object to be visited by the affiliated relation of the access rights attribute information of VIEW under the access rights attribute information of user class correspondence, the mib object to be visited, can realize access control, and can check and the mib object of dynamically adjusting among the VIEW MIB.
Description of drawings
The access control method schematic flow sheet that Fig. 1 provides for the embodiment of the invention based on access group VIEW;
The structural representation that Fig. 2 provides for the embodiment of the invention based on the access control terminal of access group VIEW.
Embodiment
Because the webmaster external interface opening of network element device according to user's request progressively, in batches, therefore need and dynamically to adjust VIEW, and can't realize dynamically adjusting according to demand VIEW in the existing implementation method.At the problems referred to above, the embodiment of the invention provides a kind of access control method and device thereof based on VIEW, with when realizing the MIB access control, can support the dynamic adjustment to VIEW.
Below in conjunction with accompanying drawing the embodiment of the invention is described in detail.
In the embodiment of the invention, because the setting of access rights depends on certain specific mib object, then can increase an access rights attribute item for each mib object, this access rights attribute item and other existing attribute are (as OID(Object Identifier, object identifier), value type, default value etc.) side by side, and this access rights attribute item is used to write down the access rights attribute information (as the access rights property value) of mib object.
The succedaneum is kept at the access rights property value in the internal memory, and any administration order of manager all needs the access control through access rights attribute item before execution.Therefore the access rights attribute item that only is required to be each mib object is set suitable access rights property value, then can determine that the VIEW(under the mib object has the corresponding same VIEW of mib object of identical access rights property value according to the access rights property value, and each VIEW is to there being the access rights property value), set with mib object of identical access rights property value has constituted administration view, and can determine the mib object that comprises among each VIEW based on administration view.
Further,, then can adjust VIEW under this mib object, thereby reach the purpose of dynamic adjustment VIEW by the access rights property value of revising mib object because the access rights property value of mib object has identified the mib object that comprises among each VIEW.
Based on above-mentioned feature, in the embodiment of the invention, in order to be each mib object maintenance access Authorization Attributes value, and carry out relevant treatment based on the access rights property value, then need configuration and safeguard authority genus group definition list and MIB control of authority definition list.
Concrete, authority genus group definition list is used for the corresponding relation of maintenance customer's identity information (as username and password) and user class, authority genus group definition list accessUserTable as shown in table 1; MIB control of authority definition list is used for the corresponding relation of maintenance customer's rank and access rights attribute information, MIB control of authority definition list mibAuthorizationControlTable as shown in table 2.
Table 1 authority genus group definition list
Authority genus group definition list accessUserTable is used to define user's natural quality, it is the corresponding relation of maintenance customer's name, password and user class, in table 1, user class is administrator (administrator), system user (system), operation user (operator), Guest User (guest).In the practical application, user class is not limited to above-mentioned four kinds, and other user class can also be arranged, and as domestic consumer (user), user class can add according to the actual requirements voluntarily, repeats no more in the embodiment of the invention.
It should be noted that the adjustment of user in the different stage genus group of authority genus group definition list, the manager can finish user's increase, deletion, adjustment of user class genus group etc. by configure user and authority genus group definition list.The process that authority genus group definition list is safeguarded comprises one of following or combination in any:
(1) adjusts the pairing user class of subscriber identity information in the authority genus group definition list; For example, the corresponding relation that has user 1, password 1, operation user in the current authority genus group definition list, when according to actual needs user 1 user class being adjusted into system user, then the corresponding relation with user 1, password 1, operation user in the authority genus group definition list is revised as the corresponding relation of user 1, password 1, system user.
(2) corresponding relation of interpolation subscriber identity information and user class in authority genus group definition list; For example, when increasing user 2, password 2 and Guest User's corresponding relation according to actual needs, then in current authority genus group definition list, add user 2, password 2 and Guest User's corresponding relation.
(3) corresponding relation of deletion subscriber identity information and user class in authority genus group definition list; For example, when deleting user 3, password 3 and Guest User's corresponding relation according to actual needs, then in current authority genus group definition list, delete the user 3, password 3 and the Guest User's that have write down corresponding relation.
Table 2MIB control of authority definition list
MIB control of authority definition list mibAuthorizationControlTable be used to define MIB to other access rights of different user level, it is the corresponding relation of maintenance customer's rank and access rights property value, in table 2, user class with the corresponding relation of access rights property value is: administrator MIB and corresponding access limit, system user MIB and corresponding access limit, operation user MIB and corresponding access limit, Guest User MIB and corresponding access limit thereof thereof thereof thereof.In the practical application, be not limited to the corresponding relation of above-mentioned user class and access rights property value, user class can add according to the actual requirements voluntarily, and promptly the corresponding relation of user class and access rights property value also can add, and repeats no more in the embodiment of the invention.
It should be noted that the adjustment of user class genus group authority, the manager can directly finish the authority adjustment of user class genus group by configuration MIB control of authority definition list, can specify the OID of MIB that its notice, read-write, additions and deletions authority are set; The process that MIB control of authority definition list is safeguarded comprises one of following or combination in any:
(1) the access rights property value of user class correspondence in the adjustment MIB control of authority definition list; For example, the corresponding relation that has system user and access rights property value 3 in the current MIB control of authority definition list, access rights property value with system user is adjusted at 4 o'clock according to actual needs, then the corresponding relation of system user and access rights property value 3 is revised as the corresponding relation of system user and access rights property value 4.
(2) corresponding relation of interpolation user class and access rights attribute information in MIB control of authority definition list; For example, in current MIB control of authority definition list, add the corresponding relation of domestic consumer and access rights property value 1.
(3) corresponding relation of deletion user class and access rights attribute information in MIB control of authority definition list; For example, the corresponding relation of deletion system user and access rights property value 3 in current MIB control of authority definition list.
Based on the authority genus group definition list and the MIB control of authority definition list of above-mentioned maintenance, the embodiment of the invention one provides a kind of access control method based on VIEW, and as shown in Figure 1, this method may further comprise the steps:
This request message is GET operation requests message or SET operation requests message, GET operation requests message is used for the manager and uses this operation to obtain one or more parameter values from the succedaneum, and SET operation requests message is used for one or more parameter values that the manager uses this operation setting succedaneum.
The information of mib object to be visited is carried by OID information, and mib object is stored with tree, and the node of tree is represented the mib object managed, and mib object can be discerned uniquely with a paths that begins from root, and this paths is called OID; For example, management object system can use string number the 1.3.6.1.2.1.1} unique identification, and then this string numeral be the OID of system.
The manager then can be known the pairing one or more mib objects to be visited of this OID by this request message by carry OID in request message.
After receiving request message, the succedaneum also can carry out operations such as authentication, decoding to request message, if inerrancy then enters access control and checks flow process, promptly execution in step 103.
Concrete, by the above-mentioned authority genus group definition list that comprises the corresponding relation of subscriber identity information and user class, then the succedaneum can directly determine the user class of this subscriber identity information correspondence.By the above-mentioned MIB control of authority definition list that comprises the corresponding relation of user class and access rights property value, then the succedaneum can directly determine the access rights property value of this user class correspondence.
It should be noted that when determining user class,, show that then the manager is illegal, directly refuse request message if subscriber identity information can't match corresponding user class according to subscriber identity information.
In the embodiment of the invention, owing to the access rights property value is set for each mib object, and determine that according to the access rights property value VIEW(under each mib object has the corresponding same VIEW of mib object of identical access rights property value, and each VIEW is to there being the access rights property value), then can directly determine the pairing access rights property value of VIEW that mib object to be visited is affiliated.
For example, access rights property value 3 is set, access rights property value 3 is set, access rights property value 3 is set, access rights property value 4 is set, access rights property value 4 is set, access rights property value 4 is set, access rights property value 2 is set, access rights property value 2 is set for mib object 1 for mib object 8 for mib object 7 for mib object 6 for mib object 5 for mib object 4 for mib object 3 for mib object 2.
Then same VIEW under mib object 1, mib object 2, the mib object 3, and the access rights property value of this VIEW is 3, is that VIEW3 is an example with this VIEW; Same VIEW under the mib object 4, mib object 5, mib object 6, and the access rights property value of this VIEW is 4, is that VIEW4 is an example with this VIEW; Same VIEW under the mib object 7, mib object 8, and the access rights property value of this VIEW is 2, is that VIEW2 is an example with this VIEW.
If mib object to be visited is mib object 1, mib object 4, mib object 7, then the access rights property value of VIEW is 3 under the mib object 1, the access rights property value of VIEW is 4 under the mib object 4, the access rights property value of VIEW is 2 under the mib object 7.
Concrete, if the access rights property value of user class correspondence comprises the access rights property value of the affiliated VIEW of mib object to be visited, then determine to allow the manager to visit mib object to be visited; If the access rights property value of user class correspondence does not comprise the access rights property value of VIEW under the mib object to be visited, then determine not allow the manager to visit mib object to be visited (be denied access and return relevant error).
For example, mib object to be visited is mib object 1, mib object 4, mib object 7, and the access rights property value that user class (as system user) is corresponding is 3, and the access rights property value is big more, and then access rights are big more.
At each mib object to be visited, then the succedaneum need obtain the access rights property value of the affiliated VIEW of this mib object to be visited, the access rights property value of VIEW is 3 under the mib object 1, the access rights property value 3 of user class correspondence comprises the access rights property value 3 of mib object 1 affiliated VIEW, then determines to allow the manager to visit mib object 1; The access rights property value of VIEW is 4 under the mib object 4, and the access rights property value 3 of user class correspondence does not comprise the access rights property value 4 of mib object 4 affiliated VIEW, then determines not allow the manager to visit mib object 4; The access rights property value of VIEW is 2 under the mib object 7, and the access rights property value 3 of user class correspondence comprises the access rights property value 2 of mib object 7 affiliated VIEW, then determines to allow the manager to visit mib object 7.
In the embodiment of the invention, can also be adjusted into the access rights property value that mib object is provided with according to actual needs, and redefine VIEW under the mib object according to adjusted access rights property value.For example, the access rights property value of mib object 7 was revised as 4 o'clock, the VIEW under the mib object 7 that then redefines are VIEW4.
Concrete, because the access rights property value is as the attribute of MIB, only need find corresponding MIB to locate, therefore as long as the OID and the amended access rights property value of the mib object that binding will be revised in the message of modification access rights property value, receive the message of gerentocratic modification access rights property value as the succedaneum after, can find the memory attribute memory location of purpose mib object, revise the access rights property value of this mib object and the new VIEW under this mib object, and return response to the manager, can realize dynamic adjustment to VIEW.
In the mib object correspondence behind the new VIEW, then the succedaneum will use up-to-date VIEW that gerentocratic next bar operation requests is carried out authority to check, subsequent process repeats no more.
It should be noted that in the embodiment of the invention that the higher-level user can dispose lower-level user's access rights property value, and the lower-level user cannot dispose higher-level user's access rights property value; In actual the use, can be by the user of highest weight limit and user's collocating accessing authority property value of time high authority.For example, in each user class shown in the table 1, administrator's the Guest User that is superior to who is superior to operation user, operation user who is superior to system user, system user.
Based on identical technical conceive, the embodiment of the invention also provides a kind of access control apparatus based on access group VIEW that can be applicable to above-mentioned flow process, and as shown in Figure 2, this device can comprise:
Described first determination module 22 specifically is used to dispose the authority genus group definition list of the corresponding relation that comprises subscriber identity information and user class, and determines the user class of described subscriber identity information correspondence according to described authority genus group definition list.
This device also comprises: maintenance module 24 is used for carrying out one of following or combination in any: adjust the pairing user class of described authority genus group definition list subscriber identity information;
In described authority genus group definition list, add the corresponding relation of subscriber identity information and user class;
The corresponding relation of deletion subscriber identity information and user class in described authority genus group definition list.
Described first determination module 22 specifically is used to dispose the MIB control of authority definition list of the corresponding relation that comprises user class and access rights attribute information, and determines the access rights attribute information of described user class correspondence according to described MIB control of authority definition list.
In described MIB control of authority definition list, add the corresponding relation of user class and access rights attribute information;
The corresponding relation of deletion user class and access rights attribute information in described MIB control of authority definition list.
Described access rights attribute information comprises the access rights property value,
Described first determination module 22, specifically be used to each mib object that the access rights property value is set, and determine VIEW under each mib object according to the access rights property value, have the corresponding same VIEW of mib object of identical access rights property value, and each VIEW is to there being the access rights property value;
Determine the pairing access rights property value of VIEW that mib object to be visited is affiliated.
Described second determination module 23 if specifically be used for the access rights attribute information that the access rights attribute information of described user class correspondence comprises the affiliated VIEW of described mib object to be visited, then determines to allow the manager to visit described mib object to be visited;
If the access rights attribute information of described user class correspondence does not comprise the access rights attribute information of the affiliated VIEW of described mib object to be visited, then determine not allow the manager to visit described mib object to be visited.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
Claims (16)
1. the access control method based on access group VIEW is characterized in that, comprising:
Reception is carried the information of subscriber identity information and management information bank mib object to be visited from gerentocratic request message in the described request message;
Determine user class according to described subscriber identity information, determine the access rights attribute information of described user class correspondence, and determine the access rights attribute information of the affiliated VIEW of mib object to be visited;
Affiliated relation according to the access rights attribute information of VIEW under the access rights attribute information of described user class correspondence and the described mib object to be visited determines whether to allow the manager to visit described mib object to be visited.
2. the method for claim 1 is characterized in that, determines user class according to described subscriber identity information, comprising:
Configuration comprises the authority genus group definition list of the corresponding relation of subscriber identity information and user class, and determines the user class of described subscriber identity information correspondence according to described authority genus group definition list.
3. method as claimed in claim 2 is characterized in that, this method also comprises one of following or combination in any:
Adjust the pairing user class of subscriber identity information in the described authority genus group definition list;
In described authority genus group definition list, add the corresponding relation of subscriber identity information and user class;
The corresponding relation of deletion subscriber identity information and user class in described authority genus group definition list.
4. the method for claim 1 is characterized in that, determines the access rights attribute information of described user class correspondence, comprising:
Configuration comprises the MIB control of authority definition list of the corresponding relation of user class and access rights attribute information, and determines the access rights attribute information of described user class correspondence according to described MIB control of authority definition list.
5. method as claimed in claim 4 is characterized in that, this method also comprises one of following or combination in any:
Adjust the access rights attribute information of user class correspondence in the described MIB control of authority definition list;
In described MIB control of authority definition list, add the corresponding relation of user class and access rights attribute information;
The corresponding relation of deletion user class and access rights attribute information in described MIB control of authority definition list.
6. the method for claim 1 is characterized in that, described access rights attribute information comprises the access rights property value, determines the access rights attribute information of the affiliated VIEW of mib object to be visited, comprising:
For each mib object is provided with the access rights property value, and determine VIEW under each mib object, have the corresponding same VIEW of mib object of identical access rights property value, and each VIEW is to there being the access rights property value according to the access rights property value;
Determine the pairing access rights property value of VIEW that mib object to be visited is affiliated.
7. method as claimed in claim 6 is characterized in that, this method also comprises:
Be adjusted into the access rights property value that mib object is provided with, and redefine VIEW under the mib object according to adjusted access rights property value.
8. the method for claim 1, it is characterized in that, affiliated relation according to the access rights attribute information of VIEW under the access rights attribute information of described user class correspondence and the described mib object to be visited determines whether to allow the manager to visit described mib object to be visited, comprising:
If the access rights attribute information of described user class correspondence comprises the access rights attribute information of the affiliated VIEW of described mib object to be visited, then determine to allow the manager to visit described mib object to be visited;
If the access rights attribute information of described user class correspondence does not comprise the access rights attribute information of the affiliated VIEW of described mib object to be visited, then determine not allow the manager to visit described mib object to be visited.
9. the access control apparatus based on access group VIEW is characterized in that, comprising:
Receiver module is used for receiving from gerentocratic request message, carries the information of subscriber identity information and management information bank mib object to be visited in the described request message;
First determination module is used for determining user class according to described subscriber identity information, determines the access rights attribute information of described user class correspondence, and determines the access rights attribute information of the affiliated VIEW of mib object to be visited;
Second determination module is used for determining whether to allow the manager to visit described mib object to be visited according to the affiliated relation of the access rights attribute information of VIEW under the access rights attribute information of described user class correspondence and the described mib object to be visited.
10. device as claimed in claim 9 is characterized in that,
Described first determination module specifically is used to dispose the authority genus group definition list of the corresponding relation that comprises subscriber identity information and user class, and determines the user class of described subscriber identity information correspondence according to described authority genus group definition list.
11. device as claimed in claim 10 is characterized in that, also comprises:
Maintenance module is used for carrying out one of following or combination in any: adjust the pairing user class of described authority genus group definition list subscriber identity information;
In described authority genus group definition list, add the corresponding relation of subscriber identity information and user class;
The corresponding relation of deletion subscriber identity information and user class in described authority genus group definition list.
12. device as claimed in claim 9 is characterized in that,
Described first determination module specifically is used to dispose the MIB control of authority definition list of the corresponding relation that comprises user class and access rights attribute information, and determines the access rights attribute information of described user class correspondence according to described MIB control of authority definition list.
13. device as claimed in claim 12 is characterized in that, also comprises:
Maintenance module is used for carrying out one of following or combination in any: the access rights attribute information of adjusting described MIB control of authority definition list user class correspondence;
In described MIB control of authority definition list, add the corresponding relation of user class and access rights attribute information;
The corresponding relation of deletion user class and access rights attribute information in described MIB control of authority definition list.
14. device as claimed in claim 9 is characterized in that, described access rights attribute information comprises the access rights property value,
Described first determination module, specifically be used to each mib object that the access rights property value is set, and determine VIEW under each mib object according to the access rights property value, have the corresponding same VIEW of mib object of identical access rights property value, and each VIEW is to there being the access rights property value;
Determine the pairing access rights property value of VIEW that mib object to be visited is affiliated.
15. device as claimed in claim 14 is characterized in that, also comprises:
Maintenance module is used to be adjusted into the access rights property value that mib object is provided with, and redefines VIEW under the mib object according to adjusted access rights property value.
16. device as claimed in claim 9 is characterized in that,
Described second determination module if specifically be used for the access rights attribute information that the access rights attribute information of described user class correspondence comprises the affiliated VIEW of described mib object to be visited, then determines to allow the manager to visit described mib object to be visited;
If the access rights attribute information of described user class correspondence does not comprise the access rights attribute information of the affiliated VIEW of described mib object to be visited, then determine not allow the manager to visit described mib object to be visited.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110123928 CN102201935B (en) | 2011-05-13 | 2011-05-13 | Access control method and device based on VIEW |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110123928 CN102201935B (en) | 2011-05-13 | 2011-05-13 | Access control method and device based on VIEW |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102201935A true CN102201935A (en) | 2011-09-28 |
| CN102201935B CN102201935B (en) | 2013-11-06 |
Family
ID=44662340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110123928 Active CN102201935B (en) | 2011-05-13 | 2011-05-13 | Access control method and device based on VIEW |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102201935B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023014A (en) * | 2014-06-04 | 2014-09-03 | 深圳市深信服电子科技有限公司 | Method and system of controlling data access permission |
| CN104717176A (en) * | 2013-12-11 | 2015-06-17 | 华为技术有限公司 | Access control method, access control system, and server |
| JP2016042295A (en) * | 2014-08-18 | 2016-03-31 | キヤノン株式会社 | Image processing device, information processing method, and program |
| CN107229644A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Searching method and device |
| CN110034949A (en) * | 2019-02-21 | 2019-07-19 | 国电南瑞科技股份有限公司 | A kind of Write-protection method based on snmp protocol |
| CN113411297A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Situation awareness defense method and system based on attribute access control |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1453954A (en) * | 2002-04-22 | 2003-11-05 | 华为技术有限公司 | System and method for managing access authority of network users |
| KR20050057871A (en) * | 2003-12-11 | 2005-06-16 | 한국전자통신연구원 | Customer network management service system in very high speed network and performance information advising methode thereof |
| CN101582881A (en) * | 2008-05-14 | 2009-11-18 | 华为技术有限公司 | Method and device for controlling access |
| CN101739526A (en) * | 2009-12-16 | 2010-06-16 | 北京佳讯飞鸿电气股份有限公司 | Service system-oriented and oriented object-based rights management method |
-
2011
- 2011-05-13 CN CN 201110123928 patent/CN102201935B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1453954A (en) * | 2002-04-22 | 2003-11-05 | 华为技术有限公司 | System and method for managing access authority of network users |
| KR20050057871A (en) * | 2003-12-11 | 2005-06-16 | 한국전자통신연구원 | Customer network management service system in very high speed network and performance information advising methode thereof |
| CN101582881A (en) * | 2008-05-14 | 2009-11-18 | 华为技术有限公司 | Method and device for controlling access |
| CN101739526A (en) * | 2009-12-16 | 2010-06-16 | 北京佳讯飞鸿电气股份有限公司 | Service system-oriented and oriented object-based rights management method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104717176A (en) * | 2013-12-11 | 2015-06-17 | 华为技术有限公司 | Access control method, access control system, and server |
| CN104717176B (en) * | 2013-12-11 | 2018-05-18 | 华为技术有限公司 | A kind of authority control method, system and server |
| CN104023014A (en) * | 2014-06-04 | 2014-09-03 | 深圳市深信服电子科技有限公司 | Method and system of controlling data access permission |
| CN104023014B (en) * | 2014-06-04 | 2018-05-22 | 深信服科技股份有限公司 | The control method and system of data access authority |
| JP2016042295A (en) * | 2014-08-18 | 2016-03-31 | キヤノン株式会社 | Image processing device, information processing method, and program |
| CN107229644A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Searching method and device |
| CN110034949A (en) * | 2019-02-21 | 2019-07-19 | 国电南瑞科技股份有限公司 | A kind of Write-protection method based on snmp protocol |
| CN113411297A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Situation awareness defense method and system based on attribute access control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102201935B (en) | 2013-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112615849B (en) | Micro-service access method, device, equipment and storage medium | |
| CN106506521B (en) | Resource access control method and device | |
| CN102201935B (en) | Access control method and device based on VIEW | |
| CN104769908B (en) | Identity management system in multi-tenant cloud based on LDAP | |
| US7890640B2 (en) | Access control in client-server systems | |
| US9270669B2 (en) | Managing sharing of wireless network login passwords | |
| JP5624620B2 (en) | Plug-in authority control method and system | |
| CN109670768A (en) | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain | |
| US8978122B1 (en) | Secure cross-tenancy federation in software-as-a-service system | |
| US20130218911A1 (en) | Systems and methods for enforcement of security profiles in multi-tenant database | |
| CN101594360B (en) | Local area network system and method for maintaining safety thereof | |
| CN111709046A (en) | User permission data configuration method, device, equipment and storage medium | |
| CN101217368A (en) | A network logging on system and the corresponding configuration method and methods for logging on the application system | |
| CN111163473B (en) | NRF permission level-based 5G core network data protection method | |
| CN102307114A (en) | Management method of network | |
| US8745701B2 (en) | Method and system for modeling options for opaque management data for a user and/or an owner | |
| CN107689949A (en) | Data base authority management method and system | |
| CN100539499C (en) | A kind of safe star-shape local network computer system | |
| CN106506511A (en) | A kind of address list information processing method, device | |
| CN107566375B (en) | Access control method and device | |
| CN102316122B (en) | Method for managing intranet security based on cooperative mode | |
| CN103763370B (en) | A kind of method, system and device for changing mobile terminal workspace screen-lock password | |
| CN101908967A (en) | Configuration method and system of Linux virtual server | |
| CN106487770A (en) | Method for authenticating and authentication device | |
| WO2015152894A1 (en) | Device-type based content management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |