CN103500314A - Authorization control system construction method and device - Google Patents
Authorization control system construction method and device Download PDFInfo
- Publication number
- CN103500314A CN103500314A CN201310468353.XA CN201310468353A CN103500314A CN 103500314 A CN103500314 A CN 103500314A CN 201310468353 A CN201310468353 A CN 201310468353A CN 103500314 A CN103500314 A CN 103500314A
- Authority
- CN
- China
- Prior art keywords
- model
- business
- current business
- control system
- template
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an authorization control system construction method and device, wherein the authorization control system construction method and device are applied to an extended RBAC model. The extended RBAC model is generated by adding user type items, group items and group type items to a prebuilt RBAC model. Each information item in the extended RBAC model corresponds to one standard service model and one standard service template. The method includes the steps that current service data are acquired; at least one standard service model and at least one standard service template which correspond to the current service data are called; a current serve model and a current service template are generated according to the current service data, the standard service model and the standard service template; the current service model and the current service template are combined to generate an authorization control system.
Description
Technical field
The application relates to the control of authority technical field, particularly a kind of authority control system construction method and device.
Background technology
The enterprise application system construction all relates to rights management, comprises feature operation rights management and data manipulation rights management.
At present, to authority control system, now all based on RBAC(Role-Based Access Control, role access is controlled) the model construction authority control system.In Fig. 1, be the kernel model schematic diagram of RBAC, the RBAC model comprises the items of information such as user's item, role's item, authority (license) item.In the RBAC model, authority (license) is associated with the role, and the user obtains corresponding role's authority by the member who is set to suitable role, simplify thus rights management.In a tissue, the role is created in order to complete various work, and the user is designated as corresponding role according to its responsibility and qualification, and the user also can be designated as another role by a role.For example, in a certain enterprise, comprise a plurality of branch officies, each branch office comprises a plurality of departments, and each department is provided with the roles such as general manager (GM), deputy general manager, Manager Assistant.
But in the authority control system based on the RBAC model construction, can not reflect its affiliated institutional framework separately between each role, for example, while for a certain user, being set as general manager (GM) role, can not reflect department and branch office's character that this user is affiliated, therefore, for the user, more enterprise can't be suitable in applying.
Summary of the invention
The application's technical matters to be solved is to provide a kind of authority control system construction method and device, in order to solve in prior art in the authority control system based on the RBAC model construction, can not reflect its affiliated institutional framework separately between each role, can't be suitable for the technical matters that validity reduces in more application for the user.
The application provides a kind of authority control system construction method, be applied in the RBAC model of expansion, the RBAC model of described expansion is for setting up middle increase user type item, group item and the generation of set type item of RBAC model in advance, the all corresponding benchmark service model of each item of information in the RBAC model of described expansion and a benchmark service template, described method comprises:
Obtain the current business data;
Call at least one benchmark service model and the benchmark service template corresponding with described current business data;
According to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template;
Described current business model and current business template are combined, generated authority control system.
Said method, preferred, according to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template, comprising:
Described current business data are write to described benchmark service model, generate the current business model;
Revise described benchmark service template according to described current business model, generate the current business template.
Said method, preferred, after described generation authority control system, described method also comprises:
Obtain more new data of business corresponding to described current business data;
The described business of foundation is new data more, revises the current business model in described authority control system;
According to amended current business model, revise the current business template in described authority control system.
Said method, preferred, the described business of described foundation is new data more, revises the current business model in described authority control system, comprising:
Determine in described authority control system and the described business corresponding objective business model of new data more;
The described business of foundation is new data more, revises the described objective business model in described authority control system;
Obtain and described the business corresponding and newly-increased master pattern that be different from described objective business model of new data more;
The described business of foundation is new data more, generates the Added Business model corresponding with described newly-increased master pattern;
Described Added Business model is added in described authority control system.
Said method, preferred, also comprise:
Current business template in described authority control system is resolved, generated the display interface corresponding with described current business data of described authority control system;
Described display interface is shown.
The application also provides a kind of authority control system construction device, be applied in the RBAC model of expansion, the RBAC model of described expansion generates for increase user type item, group item and set type item in setting up in advance the RBAC model, the all corresponding benchmark service model of each item of information in the RBAC model of described expansion and a benchmark service template, described device comprises:
Data capture unit, for obtaining the current business data;
The standard calls unit, for calling at least one benchmark service model and the benchmark service template corresponding with described current business data;
Current generation unit, for according to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template;
The system generation unit, for described current business model and current business template are combined, generate authority control system.
Said apparatus, preferred, described current generation unit comprises:
"current" model generates subelement, for described current business data are write to described benchmark service model, generates the current business model;
When front template generates subelement, for according to described current business model, revise described benchmark service template, generate the current business template.
Said apparatus, preferred, also comprise:
Upgrade acquiring unit, for obtaining more new data of business corresponding to described current business data;
The model modification unit, for according to described business new data more, revise the current business model in described authority control system;
Template is revised unit, for according to amended current business model, revises the current business template in described authority control system.
Said apparatus, preferred, described model modification unit comprises:
The first model is determined subelement, for determining the more corresponding objective business model of new data of described authority control system and described business;
Object module is revised subelement, for according to described business new data more, revises the described objective business model in described authority control system;
The second model obtains subelement, for obtaining and described the business corresponding and newly-increased master pattern that be different from described objective business model of new data more;
Newly-increased model generation subelement, for according to described business new data more, generate the Added Business model corresponding with described newly-increased master pattern;
Newly-increased model adds subelement, for described Added Business model is added into to described authority control system.
Said apparatus, preferred, also comprise:
The interface generation unit, for after described system generation unit generates described authority control system, the current business template in described authority control system is resolved to the display interface corresponding with described current business data that generates described authority control system;
The interface display unit, for being shown described display interface.
From such scheme, a kind of authority control system construction method and device that the application provides, by will increasing the user type item in the RBAC model of setting up in advance, the RBAC model that group item and set type item are expanded, in the RBAC model of this expansion, each item of information is as user's item, the user type item, group item and set type item etc. are a corresponding benchmark service model and benchmark service template all, wherein, this business model definition business correspondence, described service template definition display interface, when needs carry out the structure of a certain authority control system, at first obtain the current business data, and by calling benchmark service model and the benchmark service template corresponding with the current business data, user as corresponding as the current business data, user type, group and set type each self-corresponding benchmark service model and benchmark service template, and then according to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template, finally described current business model and current business template are combined, generate authority control system, realize the application's purpose.The application by increasing the user type item in the RBAC model, group, set type item and benchmark service model and benchmark service template separately, thereby in the authority control system obtained when the RBAC of extension-based model construction authority control system, each role is not only had to its corresponding user type, also there is its each self-corresponding group and set type, thus, can between each role, reflect its affiliated institutional framework separately, for example, while for a certain user, being set as general manager (GM) role, this user also has its user type as high-level executive, sane level general manager (GM) etc., group as department or branch office etc. and set type as department or branch office's character etc., can reflect department and branch office's character that this user is affiliated, therefore, no matter to the user, more or less enterprise all is suitable in applying the application, there is higher validity.
The accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present application, in below describing embodiment, the accompanying drawing of required use is briefly described, apparently, accompanying drawing in the following describes is only some embodiment of the application, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The schematic diagram that Fig. 1 is RBAC model in prior art;
The process flow diagram of a kind of authority control system construction method embodiment mono-that Fig. 2 provides for the application;
The schematic diagram that Fig. 3 is the RBAC model of expansion in the embodiment of the present application one;
The part process flow diagram of a kind of authority control system construction method embodiment bis-that Fig. 4 provides for the application;
The part process flow diagram of a kind of authority control system construction method embodiment tri-that Fig. 5 provides for the application;
The part process flow diagram that Fig. 6 is the embodiment of the present application three;
The process flow diagram of a kind of authority control system construction method embodiment tetra-that Fig. 7 provides for the application;
The application example figure that Fig. 8 is the embodiment of the present application four;
The structural representation of a kind of authority control system construction device embodiment five that Fig. 9 provides for the application;
The part-structure schematic diagram of a kind of authority control system construction device embodiment six that Figure 10 provides for the application;
The part-structure schematic diagram of a kind of authority control system construction device embodiment seven that Figure 11 provides for the application;
Another part structural representation that Figure 12 is the embodiment of the present application seven;
The structural representation of a kind of authority control system construction method embodiment eight that Figure 13 provides for the application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is clearly and completely described, obviously, described embodiment is only the application's part embodiment, rather than whole embodiment.Embodiment based in the application, those of ordinary skills are not making under the creative work prerequisite the every other embodiment obtained, and all belong to the scope of the application's protection.
With reference to figure 2, the process flow diagram of a kind of authority control system construction method embodiment mono-provided for the application, described method can be applied in the RBAC model of expansion, the RBAC model of described expansion is to increase user type item, group item and set type item to generate afterwards in the RBAC model of setting up in advance, shown in the RBAC model schematic diagram of expansion as shown in Figure 3.In the RBAC model of described expansion, each item of information is as an all corresponding benchmark service model and benchmark service templates such as user's item, user type item, group item and set type items, wherein, described benchmark service model definition benchmark service object, described benchmark service template definition standard display page, be the standard information that does not comprise any customized information, described method can comprise the following steps:
Step 201: obtain the current business data.
Wherein, described current business data refer to the business demand data of the corresponding enterprise of authority control system to be built or mechanism, essential information as a certain user in school: login name, login password, Real Name etc., and user's customized information, as academic title, role's numbering, affiliated institute etc.
Step 202: call at least one benchmark service model and the benchmark service template corresponding with described current business data.
For example, in the application example of school, described current business data comprise user's login name, login password, Real Name etc. and user type as common teachers, administrative personnel, rear service personnel etc., group as affiliated universities and colleges and set type as computing machine institute.Thus, in described step 202, call user basic information item corresponding benchmark service model and the benchmark service template corresponding with the login name of user in this current business datum, login password, Real Name etc., and call benchmark service type and the benchmark service template corresponding with the user type item, and call and organize corresponding benchmark service model and a benchmark service template, and call benchmark service type and the benchmark service template corresponding with the set type item, etc.
It should be noted that, if can't call the benchmark service model corresponding with described current business data and benchmark service template in the RBAC of described expansion model, described method can also comprise:
Generate corresponding benchmark service model and benchmark service template according to described current business data edition, and the benchmark service model of generation and benchmark service template are placed in to the RBAC model of described expansion.
Step 203: according to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template.
Wherein, described step 203 refers to, respectively according to described current business data and corresponding benchmark service model and the benchmark service template of each item of information, generates current business model and current business template.For example, according to user basic information item in described current business data with and corresponding benchmark service model and benchmark service template, generate current business model and the current business template of this user basic information item; According to user type item in described current business data with and corresponding benchmark service model and benchmark service template, generate current business model and the current business template of this user type item; According to group in described current business data with and corresponding benchmark service model and benchmark service template, generate current business model and the current business template of this group item; According to set type item in described current business data with and corresponding benchmark service model and benchmark service template, generate current business model and the current business template of this set type item; Etc..
Step 204: described current business model and current business template are combined, generate authority control system.
Wherein, described step 204 can realize in the following manner:
According to the related information between each item of information corresponding to described current business data, by described current business model with read service template and combined, generate authority control system.
In addition, in actual applications, the method in the embodiment of the present application can also comprise:
Described current business data are saved in database;
Concrete, the information of user basic information item correspondence in described current business data is placed in to default Basic Information Table, other items of information except the user basic information item in described current business data are placed in to default customized information table as the information of user type item, group and the correspondences such as set type item.
From such scheme, a kind of authority control system construction method embodiment mono-that the application provides, by will increasing the user type item in the RBAC model of setting up in advance, the RBAC model that group item and set type item are expanded, in the RBAC model of this expansion, each item of information is as user's item, the user type item, group item and set type item etc. are a corresponding benchmark service model and benchmark service template all, wherein, this business model definition business correspondence, described service template definition display interface, when needs carry out the structure of a certain authority control system, at first obtain the current business data, and by calling benchmark service model and the benchmark service template corresponding with the current business data, user as corresponding as the current business data, user type, group and set type each self-corresponding benchmark service model and benchmark service template, and then according to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template, finally described current business model and current business template are combined, generate authority control system, realize the embodiment of the present application purpose.The embodiment of the present application by increasing the user type item in the RBAC model, group, set type item and benchmark service model and benchmark service template separately, thereby in the authority control system obtained when the RBAC of extension-based model construction authority control system, each role is not only had to its corresponding user type, also there is its each self-corresponding group and set type, thus, can between each role, reflect its affiliated institutional framework separately, for example, while for a certain user, being set as general manager (GM) role, this user also has its user type as high-level executive, sane level general manager (GM) etc., group as department or branch office etc. and set type as department or branch office's character etc., can reflect department and branch office's character that this user is affiliated, therefore, no matter to the user, more or less enterprise all is suitable in applying the embodiment of the present application, there is higher validity.
With reference to figure 4, the process flow diagram of step 203 described in a kind of authority control system construction method embodiment bis-provided for the application, described step 203 can comprise the following steps:
Step 401: described current business data are write in described benchmark service model, generate the current business model.
Wherein, described step 401 refers to, each item of information in described current business data, as each self-corresponding data such as user basic information item, user type item, group and set type item write to respectively in its each self-corresponding benchmark service model, is obtained to each self-corresponding current business model of each item of information.
It should be noted that, this current business model defines the business object with the relative drink of described current business data, has its distinctive personalized nature.
Step 402: revise described benchmark service template according to described current business model, generate the current business template.
It should be noted that, the business model of each item of information and its service template separately with respect to, and there is hierarchical relationship, be, in described step 402, revise its each self-corresponding benchmark service template according to the corresponding current business model of each item of information, generate the current business template, by these current service template definition current business data the display interface of corresponding authority control system.
In addition, in the authority control system built at present, the information of each user, Role and privilege is customized by concrete business datum, be quantity and the content that business datum determines the item of information that each user has, for example, be applicable to comprise the information such as officer's identity card number, Years Of Service according to user profile in right Rights Management System, corresponding different enterprise application systems, the quantity of item of information and content thereof all have certain otherness.Thus, for specific Enterprise Project application, need the developer to write and build specific authority control system, when some variation occurs the business datum of this system, the developer needs again according to the new authority control system of data construct after changing.
Therefore, at present the scheme based on RBAC model construction authority control system makes that rights management is dumb, the code redundancy amount is large, and the application limitation of this system is larger, in the time of in being applied to the application that business datum constantly changes, the structure speed of authority control system is slower, and efficiency is lower.
Thus, with reference to figure 5, the part process flow diagram of a kind of authority control system construction method embodiment tri-provided for the application, wherein, after described step 204, described method can also comprise the following steps:
Step 205: obtain more new data of business corresponding to described current business data.
Wherein, described business more new data refers to, the data of the item of information changed in described current business data, and the data of the item of information increased on the basis of described current business data.
Step 206: the described business of foundation is new data more, revises the current business model in described authority control system.
With reference to figure 6, be the process flow diagram of step 206 described in the embodiment of the present application three, described step 206 can realize in the following manner:
Step 601: determine in described authority control system and the described business corresponding objective business model of new data more.
Wherein, described objective business model, refer to, the current business model that the item of information changed in described current business data is corresponding.
Step 602: the described business of foundation is new data more, revises the described objective business model in described authority control system.
Wherein, described step 602 can realize in the following manner:
According to described business more in new data based on the described item of information changed of current business data, set up the replacement business model of its correspondence, described replacement business model is replaced objective business model corresponding with this replacement business model in described authority control system.
Described step 602 also can realize in the following manner:
According to described business more in new data based on the described item of information changed of current business data, the corresponding objective business model of the item of information changed with this in described authority control system is modified, and obtains the objective business model upgraded.
Step 603: obtain and described the business corresponding and newly-increased master pattern that be different from described objective business model of new data more.
Wherein, described newly-increased master pattern, refer to, described business more in new data based on the described current and corresponding benchmark service model of item of information that business datum newly increases.
It should be noted that, described step 603 can be synchronizeed with described step 601 execution, also can in described step 601, carry out in the past, is, and described step 601 is not subject to the front and back sequence limit in accompanying drawing 6 with the execution sequence of described step 603.
Step 604: the described business of foundation is new data more, generates the Added Business model corresponding with described newly-increased master pattern.
Wherein, described step 604 refers to, the data of the item of information that described business is more newly increased based on described current business data in new data write in described newly-increased master pattern, obtain the corresponding Added Business model of the item of information newly-increased with this.
Step 605: described Added Business model is added in described authority control system.
Wherein, described step 605 can be understood as: described Added Business model is added in the business model of described authority control system, and sets up associated between this Added Business model and other business models.
Step 207: according to amended current business model, revise the current business template in described authority control system.
It should be noted that mentioned amended current business model in described step 207 includes the business model based on having existed in described authority control system and revises or replace the current business model obtained and the current business model newly increased.The current business model obtained is revised or replaced to each business model based on having existed all has a current business template corresponding, and the current business model that each newly increases all has a benchmark service model corresponding.Implementation based in Fig. 6 thus, described step 207 can realize in the following manner:
Revise or replace the current business model obtained according to the business model based on having existed in described authority control system, revising its each self-corresponding current business template; According to the current business model newly increased in described authority control system, revise its corresponding benchmark service template, obtain the current business template that this current business model newly increased is corresponding.
In addition, in the embodiment of the present application three, described method can also comprise:
By described business more new data be saved in database;
Concrete, by described business more in new data the data corresponding with the user basic information item be saved in described Basic Information Table, by described business more in new data the data corresponding with user type item except the user basic information item, group and set type item etc. be saved in the customized information table.
Known in such scheme, in a kind of authority control system construction method embodiment tri-that the application provides, after occurring to upgrade variation in business information, only need according to the service data updating of upgrading or increase corresponding business model and service template in existing authority control system to get final product, again write code without the developer, reduce the amount of redundancy of code, in the time of in being applied to the continuous application changed of business datum, the structure speed of authority control system, efficiency is higher.
With reference to figure 7, the process flow diagram of a kind of authority control system construction method embodiment tetra-provided for the application, described method can also comprise:
Step 208: the current business template in described authority control system is resolved to the display interface that generates described authority control system.
Wherein, described step 208 can realize in the following manner:
The invoking page render engine reads described current business data, according to described current business data, described current business template is resolved and is played up, and obtains the display interface of this authority control system.
Step 209: described display interface is shown.
From such scheme, a kind of authority control system construction method embodiment tetra-that the application provides, by current business template in authority control system is resolved and played up, obtain the display interface of this system, and shown, thereby present to the user.
Based on aforementioned each embodiment, the application also provides a kind of stencil design device, this stencil design device can the visual design device, for carrying out the deployment task such as Pages Design and attributes edit, obtain business model and service template, for example, corresponding benchmark service model and benchmark service template etc. according to user's current business design data in advance.As Fig. 8, for the embodiment of the present application realizes the structure of authority control system the schematic diagram of demonstration, wherein:
According to user's business demand (comprise the current business data and upgrade after business datum), utilize in advance the visual design device, design the Page Template corresponding with business demand, or revise the Page Template existed, described Page Template refers to the standard page face die plate of definition display interface, the application calls the benchmark service model corresponding with business demand and benchmark service template by corresponding template data storage management interface in the data management module that calls design in advance thus, and then generation current business model and the current business template corresponding with business demand, thereby obtain authority control system.
After completing the structure design, the user is when checking newly-generated display interface, and the application calls current business template and current business data by also render engine, and utilizes the current business data to be played up template file, finally obtain display interface, represent to the user.
And, after the user has revised business datum, the application can call by the data management module as in Fig. 8 corresponding business datum access management interface amended business datum is saved in database.
In addition, the embodiment of the present application, when carrying out page rendering, can be played up mode and server end with client and play up mode and carry out the realization of page rendering by service interface and service server processor.
Take the user as example, and when application the embodiment of the present application builds the authority control system of school, described current business data, except user basic information, also comprise user type etc., and user type can comprise: common teachers, administrative personnel, rear service personnel.Like this in its authority control system, these three kinds of user profile templates may most information be identical, such as user basic information as login username, login password, Real Name, sex etc. these.Fraction message difference, for example common teachers has the academic title; The administrative personnel has position etc.So when building authority control system, at first according to business demand, set up three kinds of user types, be common teachers, administrative personnel, rear service personnel, now, provide an information services model, in this model, defined user basic information, as: user name, password, Real Name, sex; A benchmark service template is provided, the showing interface of this template definition user basic information, as: user name be one read-only, can not revise, password is text box, can revise etc.But because the information of these three kinds of user types is not quite similar, so need to call the stencil design device on the basis in benchmark service model and benchmark service template, for every kind of user type design business model and service template separately, be every kind of user type and generate a business model file, a service template file.Business model is for defining business object, specific definition the essential information of this kind of user type in standard form, also customized those peculiar information.When increasing a kind of user of the type, read the service template file and show the operation user.After the user revises, then the value of the item of information of user's input is saved in database.Wherein, essential information is to be saved in Basic Information Table, and the information of customization is saved in unified a kind of table, and this table only has four row: i.e. ID, Type, attributeName, attributeValue.ID is in this user's only table, with Basic Information Table, is associated, and type identifies this user's user type, the information name of attributeName representative customization, and attributeValue represents the customized information value.For example: 0000001, common teachers, academic title, professor.
It should be noted that, business model above and the difference of service template are, in service template, defined appearance and the item of information that this kind of user type be illustrated in front page layout put in order, whether read-only, be textview field, combobox or a checkbox etc., be the page of presenting to the system user.Business object in this service template all derives from business model.
With reference to figure 9, the structural representation of a kind of authority control system construction device embodiment five provided for the application, described application of installation is in the RBAC model of expansion, the RBAC model of described expansion is to increase user type item, group item and set type item to generate afterwards in the RBAC model of setting up in advance, shown in the RBAC model schematic diagram of expansion as shown in Figure 2.In the RBAC model of described expansion, each item of information is as an all corresponding benchmark service model and benchmark service templates such as user's item, user type item, group item and set type items, wherein, described benchmark service model definition benchmark service object, described benchmark service template definition standard display page, be the standard information that does not comprise any customized information, described device can comprise:
Data capture unit 901, for obtaining the current business data.
Wherein, described current business data refer to the business demand data of the corresponding enterprise of authority control system to be built or mechanism, essential information as a certain user in school: login name, login password, Real Name etc., and user's customized information, as academic title, role's numbering, affiliated institute etc.
Standard calls unit 902, for calling at least one benchmark service model and the benchmark service template corresponding with described current business data.
For example, in the application example of school, described current business data comprise user's login name, login password, Real Name etc. and user type as common teachers, administrative personnel, rear service personnel etc., group as affiliated universities and colleges and set type as computing machine institute.Thus, in described standard calls unit 902, call user basic information item corresponding benchmark service model and the benchmark service template corresponding with the login name of user in this current business datum, login password, Real Name etc., and call benchmark service type and the benchmark service template corresponding with the user type item, and call and organize corresponding benchmark service model and a benchmark service template, and call benchmark service type and the benchmark service template corresponding with the set type item, etc.
It should be noted that, if can't call the benchmark service model corresponding with described current business data and benchmark service template in the RBAC of described expansion model, described device can also for:
Generate corresponding benchmark service model and benchmark service template according to described current business data edition, and the benchmark service model of generation and benchmark service template are placed in to the RBAC model of described expansion.
Wherein, described current generation unit 903 refers to, respectively according to described current business data and corresponding benchmark service model and the benchmark service template of each item of information, generates current business model and current business template.For example, according to user basic information item in described current business data with and corresponding benchmark service model and benchmark service template, generate current business model and the current business template of this user basic information item; According to user type item in described current business data with and corresponding benchmark service model and benchmark service template, generate current business model and the current business template of this user type item; According to group in described current business data with and corresponding benchmark service model and benchmark service template, generate current business model and the current business template of this group item; According to set type item in described current business data with and corresponding benchmark service model and benchmark service template, generate current business model and the current business template of this set type item; Etc..
System generation unit 904, for described current business model and current business template are combined, generate authority control system.
Wherein, described system generation unit 904 can be realized in the following manner:
According to the related information between each item of information corresponding to described current business data, by described current business model with read service template and combined, generate authority control system.
In addition, in actual applications, the device in the embodiment of the present application can also for:
Described current business data are saved in database;
Concrete, the information of user basic information item correspondence in described current business data is placed in to default Basic Information Table, other items of information except the user basic information item in described current business data are placed in to default customized information table as the information of user type item, group and the correspondences such as set type item.
From such scheme, a kind of authority control system construction device embodiment five that the application provides, by will increasing the user type item in the RBAC model of setting up in advance, the RBAC model that group item and set type item are expanded, in the RBAC model of this expansion, each item of information is as user's item, the user type item, group item and set type item etc. are a corresponding benchmark service model and benchmark service template all, wherein, this business model definition business correspondence, described service template definition display interface, when needs carry out the structure of a certain authority control system, at first obtain the current business data, and by calling benchmark service model and the benchmark service template corresponding with the current business data, user as corresponding as the current business data, user type, group and set type each self-corresponding benchmark service model and benchmark service template, and then according to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template, finally described current business model and current business template are combined, generate authority control system, realize the embodiment of the present application purpose.The embodiment of the present application by increasing the user type item in the RBAC model, group, set type item and benchmark service model and benchmark service template separately, thereby in the authority control system obtained when the RBAC of extension-based model construction authority control system, each role is not only had to its corresponding user type, also there is its each self-corresponding group and set type, thus, can between each role, reflect its affiliated institutional framework separately, for example, while for a certain user, being set as general manager (GM) role, this user also has its user type as high-level executive, sane level general manager (GM) etc., group as department or branch office etc. and set type as department or branch office's character etc., can reflect department and branch office's character that this user is affiliated, therefore, no matter to the user, more or less enterprise all is suitable in applying the embodiment of the present application, there is higher validity.
With reference to Figure 10, the structural representation of current generation unit 903 described in a kind of authority control system construction device embodiment six provided for the application, described current generation unit 903 can comprise:
"current" model generates subelement 931, for described current business data are write to described benchmark service model, generates the current business model.
Wherein, described "current" model generation unit 931 refers to, each item of information in described current business data, as each self-corresponding data such as user basic information item, user type item, group and set type item write to respectively in its each self-corresponding benchmark service model, is obtained to each self-corresponding current business model of each item of information.
It should be noted that, this current business model defines the business object with the relative drink of described current business data, has its distinctive personalized nature.
When front template generates subelement 932, for according to described current business model, revise described benchmark service template, generate the current business template.
It should be noted that, the business model of each item of information and its service template separately with respect to, and there is hierarchical relationship, be, described in the front template generation unit 932, revise its each self-corresponding benchmark service template according to the corresponding current business model of each item of information, generate the current business template, by these current service template definition current business data the display interface of corresponding authority control system.
In addition, in the authority control system built at present, the information of each user, Role and privilege is customized by concrete business datum, be quantity and the content that business datum determines the item of information that each user has, for example, be applicable to comprise the information such as officer's identity card number, Years Of Service according to user profile in right Rights Management System, corresponding different enterprise application systems, the quantity of item of information and content thereof all have certain otherness.Thus, for specific Enterprise Project application, need the developer to write and build specific authority control system, when some variation occurs the business datum of this system, the developer needs again according to the new authority control system of data construct after changing.
Therefore, at present the scheme based on RBAC model construction authority control system makes that rights management is dumb, the code redundancy amount is large, and the application limitation of this system is larger, in the time of in being applied to the application that business datum constantly changes, the structure speed of authority control system is slower, and efficiency is lower.
Thus, with reference to Figure 11, the part-structure schematic diagram of a kind of authority control system construction device embodiment seven provided for the application, described device can also comprise:
Upgrade acquiring unit 905, for obtaining more new data of business corresponding to described current business data.
Wherein, described business more new data refers to, the data of the item of information changed in described current business data, and the data of the item of information increased on the basis of described current business data.
With reference to Figure 12, be the structural representation of model modification unit 906 described in the embodiment of the present application seven, described model modification unit 906 can comprise:
The first model is determined subelement 961, for determining the more corresponding objective business model of new data of described authority control system and described business.
Wherein, described objective business model, refer to, the current business model that the item of information changed in described current business data is corresponding.
Object module is revised subelement 962, for according to described business new data more, revises the described objective business model in described authority control system.
Wherein, described object module modification subelement 962 can be realized in the following manner:
According to described business more in new data based on the described item of information changed of current business data, set up the replacement business model of its correspondence, described replacement business model is replaced objective business model corresponding with this replacement business model in described authority control system.
Described object module is revised subelement 962 and also can be realized in the following manner:
According to described business more in new data based on the described item of information changed of current business data, the corresponding objective business model of the item of information changed with this in described authority control system is modified, and obtains the objective business model upgraded.
The second model obtains subelement 963, for obtaining and described the business corresponding and newly-increased master pattern that be different from described objective business model of new data more.
Wherein, described newly-increased master pattern, refer to, described business more in new data based on the described current and corresponding benchmark service model of item of information that business datum newly increases.
It should be noted that, described the second model obtains the operation order that is triggered of subelement 963 can determine that subelement 961 is identical with described the first model, also can determine subelement 961 operations in described the first model in the past.
Newly-increased model generation subelement 964, for according to described business new data more, generate the Added Business model corresponding with described newly-increased master pattern.
Wherein, described newly-increased model generation subelement 964 refers to, the data of the item of information that described business is more newly increased based on described current business data in new data write in described newly-increased master pattern, obtain the corresponding Added Business model of the item of information newly-increased with this.
Newly-increased model adds subelement 965, for described Added Business model is added into to described authority control system.
Wherein, described newly-increased model adds subelement 965 and can be understood as: described Added Business model is added in the business model of described authority control system, and sets up associated between this Added Business model and other business models.
Template is revised unit 907, for according to amended current business model, revises the current business template in described authority control system.
It should be noted that, described template is revised mentioned amended current business model in unit 907, includes the business model based on having existed in described authority control system and revises or replace the current business model obtained and the current business model newly increased.The current business model obtained is revised or replaced to each business model based on having existed all has a current business template corresponding, and the current business model that each newly increases all has a benchmark service model corresponding.Implementation based in Figure 12 thus, described template is revised unit 907 and can be realized in the following manner:
Revise or replace the current business model obtained according to the business model based on having existed in described authority control system, revising its each self-corresponding current business template; According to the current business model newly increased in described authority control system, revise its corresponding benchmark service template, obtain the current business template that this current business model newly increased is corresponding.
In addition, in the embodiment of the present application seven, described device can also for:
By described business more new data be saved in database;
Concrete, by described business more in new data the data corresponding with the user basic information item be saved in described Basic Information Table, by described business more in new data the data corresponding with user type item except the user basic information item, group and set type item etc. be saved in the customized information table.
Known in such scheme, in a kind of authority control system construction device embodiment seven that the application provides, after occurring to upgrade variation in business information, only need according to the service data updating of upgrading or increase corresponding business model and service template in existing authority control system to get final product, again write code without the developer, reduce the amount of redundancy of code, in the time of in being applied to the continuous application changed of business datum, the structure speed of authority control system, efficiency is higher.
With reference to Figure 13, the structural representation of a kind of authority control system construction method embodiment eight provided for the application, described device can also comprise:
Interface generation unit 908, for after described system generation unit 904 generates described authority control system, resolve the display interface that generates described authority control system to the current business template in described authority control system.
Wherein, described interface generation unit 908 can be realized in the following manner:
The invoking page render engine reads described current business data, according to described current business data, described current business template is resolved and is played up, and obtains the display interface of this authority control system.
Interface display unit 909, for being shown described display interface.
From such scheme, a kind of authority control system construction device embodiment eight that the application provides, by current business template in authority control system is resolved and played up, obtain the display interface of this system, and shown, thereby present to the user.
It should be noted that, each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is and the difference of other embodiment that between each embodiment, identical similar part is mutually referring to getting final product.
Finally, also it should be noted that, in this article, relational terms such as the first and second grades only is used for an entity or operation are separated with another entity or operational zone, and not necessarily requires or imply between these entities or operation the relation of any this reality or sequentially of existing.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby make the process, method, article or the equipment that comprise a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or also be included as the intrinsic key element of this process, method, article or equipment.In the situation that not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.
Above a kind of authority control system construction method provided by the present invention and device are described in detail, applied specific case herein principle of the present invention and embodiment are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as the restriction to the application simultaneously.
Claims (10)
1. an authority control system construction method, it is characterized in that, be applied in the RBAC model of expansion, the RBAC model of described expansion is for setting up middle increase user type item, group item and the generation of set type item of RBAC model in advance, the all corresponding benchmark service model of each item of information in the RBAC model of described expansion and a benchmark service template, described method comprises:
Obtain the current business data;
Call at least one benchmark service model and the benchmark service template corresponding with described current business data;
According to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template;
Described current business model and current business template are combined, generated authority control system.
2. method according to claim 1, is characterized in that, according to described current business data and described benchmark service model and benchmark service template, generates current business model and current business template, comprising:
Described current business data are write to described benchmark service model, generate the current business model;
Revise described benchmark service template according to described current business model, generate the current business template.
3. method according to claim 1 and 2, is characterized in that, after described generation authority control system, described method also comprises:
Obtain more new data of business corresponding to described current business data;
The described business of foundation is new data more, revises the current business model in described authority control system;
According to amended current business model, revise the current business template in described authority control system.
4. method according to claim 3, is characterized in that, the described business of described foundation is new data more, revises the current business model in described authority control system, comprising:
Determine in described authority control system and the described business corresponding objective business model of new data more;
The described business of foundation is new data more, revises the described objective business model in described authority control system;
Obtain and described the business corresponding and newly-increased master pattern that be different from described objective business model of new data more;
The described business of foundation is new data more, generates the Added Business model corresponding with described newly-increased master pattern;
Described Added Business model is added in described authority control system.
5. according to the described method of claim 1 or 4, it is characterized in that, also comprise:
Current business template in described authority control system is resolved, generated the display interface corresponding with described current business data of described authority control system;
Described display interface is shown.
6. an authority control system construction device, it is characterized in that, be applied in the RBAC model of expansion, the RBAC model of described expansion is for setting up middle increase user type item, group item and the generation of set type item of RBAC model in advance, the all corresponding benchmark service model of each item of information in the RBAC model of described expansion and a benchmark service template, described device comprises:
Data capture unit, for obtaining the current business data;
The standard calls unit, for calling at least one benchmark service model and the benchmark service template corresponding with described current business data;
Current generation unit, for according to described current business data and described benchmark service model and benchmark service template, generate current business model and current business template;
The system generation unit, for described current business model and current business template are combined, generate authority control system.
7. device according to claim 6, is characterized in that, described current generation unit comprises:
"current" model generates subelement, for described current business data are write to described benchmark service model, generates the current business model;
When front template generates subelement, for according to described current business model, revise described benchmark service template, generate the current business template.
8. according to the described device of claim 6 or 7, it is characterized in that, also comprise:
Upgrade acquiring unit, for obtaining more new data of business corresponding to described current business data;
The model modification unit, for according to described business new data more, revise the current business model in described authority control system;
Template is revised unit, for according to amended current business model, revises the current business template in described authority control system.
9. device according to claim 8, is characterized in that, described model modification unit comprises:
The first model is determined subelement, for determining the more corresponding objective business model of new data of described authority control system and described business;
Object module is revised subelement, for according to described business new data more, revises the described objective business model in described authority control system;
The second model obtains subelement, for obtaining and described the business corresponding and newly-increased master pattern that be different from described objective business model of new data more;
Newly-increased model generation subelement, for according to described business new data more, generate the Added Business model corresponding with described newly-increased master pattern;
Newly-increased model adds subelement, for described Added Business model is added into to described authority control system.
10. according to the described device of claim 6 or 9, it is characterized in that, also comprise:
The interface generation unit, for after described system generation unit generates described authority control system, the current business template in described authority control system is resolved to the display interface corresponding with described current business data that generates described authority control system;
The interface display unit, for being shown described display interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310468353.XA CN103500314B (en) | 2013-10-09 | 2013-10-09 | A kind of authorization control system construction method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310468353.XA CN103500314B (en) | 2013-10-09 | 2013-10-09 | A kind of authorization control system construction method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103500314A true CN103500314A (en) | 2014-01-08 |
| CN103500314B CN103500314B (en) | 2016-08-17 |
Family
ID=49865520
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310468353.XA Active CN103500314B (en) | 2013-10-09 | 2013-10-09 | A kind of authorization control system construction method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103500314B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320498B (en) * | 2014-05-28 | 2018-05-25 | 中国科学院沈阳自动化研究所 | Configurable multi-level roduction track method for visualizing based on figure |
| CN111381864A (en) * | 2020-04-01 | 2020-07-07 | 中国铁塔股份有限公司 | Configuration method and device of software system |
| CN117113960A (en) * | 2023-09-05 | 2023-11-24 | 北京数聚智连科技股份有限公司 | Method and device for generating service data form, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100651751B1 (en) * | 2005-10-14 | 2006-12-01 | 한국전자통신연구원 | Method of service access control in ubiquitous platform and securtity middleware thereof |
| KR20080006157A (en) * | 2006-07-11 | 2008-01-16 | 박재근 | Env-rbac: dynamic access control for ubiquitous environment |
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
| US20120215718A1 (en) * | 2011-02-17 | 2012-08-23 | Rajagopal Sitaram | Computer Implemented System and Method for Aggregating, Analyzing and Distributing Information Corresponding to Retirement Plans |
-
2013
- 2013-10-09 CN CN201310468353.XA patent/CN103500314B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100651751B1 (en) * | 2005-10-14 | 2006-12-01 | 한국전자통신연구원 | Method of service access control in ubiquitous platform and securtity middleware thereof |
| KR20080006157A (en) * | 2006-07-11 | 2008-01-16 | 박재근 | Env-rbac: dynamic access control for ubiquitous environment |
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
| US20120215718A1 (en) * | 2011-02-17 | 2012-08-23 | Rajagopal Sitaram | Computer Implemented System and Method for Aggregating, Analyzing and Distributing Information Corresponding to Retirement Plans |
Non-Patent Citations (2)
| Title |
|---|
| 范志等: "《基于组织结构的RBAC扩展模型及应用》", 《电脑知识与技术》, vol. 9, no. 3, 25 January 2013 (2013-01-25) * |
| 邢小永: "《基于RBAC扩展模型的授权策略研究》", 《中国优秀硕士学位论文全文数据库·信息科技辑》, 15 June 2007 (2007-06-15) * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320498B (en) * | 2014-05-28 | 2018-05-25 | 中国科学院沈阳自动化研究所 | Configurable multi-level roduction track method for visualizing based on figure |
| CN111381864A (en) * | 2020-04-01 | 2020-07-07 | 中国铁塔股份有限公司 | Configuration method and device of software system |
| CN117113960A (en) * | 2023-09-05 | 2023-11-24 | 北京数聚智连科技股份有限公司 | Method and device for generating service data form, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103500314B (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105487864B (en) | The method and apparatus of Code automatic build | |
| CN102779040B (en) | A kind of method and apparatus generating customizing form | |
| CN106445536B (en) | Automatic business design management system | |
| CN107807913A (en) | A kind of form design system and method based on web | |
| Douglas | The formalities of informal improvement: technical and scholarly knowledge at work in do-it-yourself urban design | |
| CN101539855A (en) | Service basic software platform | |
| CN108694260A (en) | Application process of the BIM technology in Steel Bridge processing and manufacturing | |
| CN103903085B (en) | A kind of method and device for isolating Report form application scene | |
| CN103500314A (en) | Authorization control system construction method and device | |
| Frank | Memo organisation modelling language (1): Focus on organisational structure | |
| Lee Jr | Requiem for large-scale models | |
| US10140387B2 (en) | Model for managing variations in a product structure for a product | |
| CN111752552A (en) | Industrial software design and application platform | |
| Charalambous et al. | Collaborative BIM in the Cloud and the Communication tools to support it | |
| Hause et al. | An elaboration of service views within the UAF | |
| de Kinderen et al. | On model-based analysis of organizational structures: an assessment of current modeling approaches and application of multi-level modeling in support of design and analysis of organizational structures | |
| Brucker et al. | Building Information Modeling (BIM): a road map for implementation to support MILCON transformation and civil works projects within the US Army Corps of Engineers | |
| Ouellette | Development with the Force. com platform: building business applications in the cloud | |
| Egorenko et al. | Management system transformation while moving to digital economy | |
| Wong | Work in the creative economy: Living contradictions between the market and creative collaboration | |
| CN106815714A (en) | Training project and training resource management method and system | |
| Han et al. | Philosophical insights in system modelling: an application to the field of innovation systems | |
| Johnson | Dynamic object model | |
| Cong et al. | A model-driven architecture approach for developing e-learning platform | |
| Mai et al. | An architecture for a distributed lean innovation management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211208 Address after: 250014 No. 41-1 Qianfo Shandong Road, Lixia District, Jinan City, Shandong Province Patentee after: SHANDONG CIVIC SE COMMERCIAL MIDDLEWARE Co.,Ltd. Address before: 250014 No. 41-1 Qianfo Shandong Road, Lixia District, Jinan City, Shandong Province Patentee before: SHANDONG CVIC SOFTWARE ENGINEERING Co.,Ltd. Patentee before: Shandong Zhongchuang software commercial middleware Co., Ltd |