CN104573439A - Permission assignment method and system based on product configuration - Google Patents
Permission assignment method and system based on product configuration Download PDFInfo
- Publication number
- CN104573439A CN104573439A CN201310522761.9A CN201310522761A CN104573439A CN 104573439 A CN104573439 A CN 104573439A CN 201310522761 A CN201310522761 A CN 201310522761A CN 104573439 A CN104573439 A CN 104573439A
- Authority
- CN
- China
- Prior art keywords
- user
- configuration
- product
- group
- configuration data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a permission assignment method and system based on product configuration. The method comprises the following steps: acquiring user information and a product selected by a user; acquiring a corresponding permission according to the user information and the product; assigning the configuration data of the product according to the corresponding permission. According to the permission assignment method based on the product configuration, the permission is determined according to the user information and the product, and corresponding configuration data is allocated according to the permission; since the user information and the product are combined, and different permissions can be implemented even for the same user specific to different products, the data security is enhanced.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of authority distributing method based on products configuration and system.
Background technology
In the production test of development, because product category is numerous, the production data related to is a lot, if effectively do not administer and maintain, is easily modified by the operator of different rights or deletes, and causing comparatively serious consequence.Traditional data management mode mainly contains three kinds, and one is self contained navigation model, directly authority is assigned to user, and dirigibility is high, but level of security is low; One is Mandatory Access Control Model, and for object arranges certain level of security, determine that this main body can access the resource of which level of security by authorizing Permission Levels to main body, model safety is high, but dirigibility is low; One is Role-based access control model, carrying out decoupling zero, simplifying and authorizing and safety management by introducing role to user and authority.But above-mentioned three kinds of data management modes are all not suitable for the data management in production test, because product category is many, different products may need open data different for same role, only adopts role to carry out authority configuration, reduces the security of data.
Summary of the invention
Based on this, reduce the problem of data security when to be necessary for existing data-management application in production data, a kind of authority distributing method based on product that can improve data security is provided.
In addition, there is a need to provide a kind of right assignment system based on product that can improve data security.
Based on an authority distributing method for products configuration, comprising:
Obtain the product of user profile and user's selection;
Corresponding authority is obtained according to described user profile and product;
The configuration data of product according to corresponding right assignment.
Wherein in an embodiment, the described step obtaining corresponding authority according to described user profile and product comprises:
User's group at place is determined according to described user profile;
The configuration file obtaining corresponding product is organized according to described user;
Resolve described configuration file and obtain corresponding authority.
Wherein in an embodiment, described method also comprises:
Set up the corresponding relation of the configuration file of user's group and product in advance;
The described step organizing the configuration file obtaining corresponding product according to described user comprises:
According to described user's group from setting up user's group and the configuration file obtaining corresponding product the corresponding relation of the configuration file of product in advance.
Wherein in an embodiment, described method also comprises:
The grade of user's group is set;
The configuration data that user's group that acquisition adjacent rank middle grade is high is screened from the configuration data of self correspondence distributes to the low user's group of grade;
Using the configuration data of described screening as the user that grade is low organize the configuration data of operable product.
Wherein in an embodiment, the step that the configuration data that user's group that described acquisition adjacent rank middle grade is high is screened from the configuration data of self correspondence distributes to the low user's group of grade comprises:
In the configuration data Windows filter partial configuration data that the user that grade is high organizes, and the partial configuration data dragging described screening enter the configuration data window of the low user's group of grade.
Based on a right assignment system for products configuration, comprising:
Acquisition module, for obtaining the product of user profile and user's selection;
Authority determination module, for obtaining corresponding authority according to described user profile and product;
Configuration module, for the configuration data of product according to corresponding right assignment.
Wherein in an embodiment, described authority determination module comprises:
User's group determines submodule, for determining user's group at place according to described user profile;
Configuration file obtains submodule, for organizing the configuration file obtaining corresponding product according to described user;
Analyzing sub-module, obtains corresponding authority for resolving described configuration file.
Wherein in an embodiment, described system also comprises:
Relation sets up module, for setting up the corresponding relation of the configuration file of user's group and product in advance;
Described configuration file obtains submodule also for organizing and the configuration file obtaining corresponding product the corresponding relation of the configuration file of product from setting up user in advance according to described user's group.
Wherein in an embodiment, described system also comprises:
Grade arranges module, for arranging the grade of user's group;
Screening module, the configuration data screened from the configuration data of self correspondence for obtaining the high user's group of adjacent rank middle grade distributes to the low user's group of grade;
Priority assignation module, for using the configuration data of described screening as the user that grade is low organize the configuration data of operable product.
Wherein in an embodiment, described screening module is also for the configuration data Windows filter partial configuration data that the user high in grade organizes, and the partial configuration data dragging described screening enter the configuration data window of the low user's group of grade.
The above-mentioned authority distributing method based on products configuration and system, define the competence according to user profile and product, and according to the corresponding configuration data of right assignment, because combining user profile and product, for different products, even same user, its authority also can realize difference, improves the security of data.
Accompanying drawing explanation
Fig. 1 is the process flow diagram based on the authority distributing method of products configuration in an embodiment;
Fig. 2 is the process flow diagram obtaining corresponding authority according to this user profile and product;
Fig. 3 is client and server architecture block diagram;
Fig. 4 is the process flow diagram based on the authority distributing method of products configuration in another embodiment;
Fig. 5 is user's group that grade is high for the low user's component of grade joins the schematic diagram of configuration data;
Fig. 6 is the structured flowchart based on the right assignment system of products configuration in an embodiment;
Fig. 7 is the inner structure schematic diagram of authority determination module in Fig. 6;
Fig. 8 is the structured flowchart based on the right assignment system of products configuration in another embodiment;
Fig. 9 is the structured flowchart based on the right assignment system of products configuration in another embodiment.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
As shown in Figure 1, be process flow diagram based on the authority distributing method of products configuration in an embodiment.Based on the authority distributing method of products configuration, should comprise:
Step 102, obtains the product of user profile and user's selection.
First, user by client registers account, and fills in user profile.This user profile comprises user's name, post, job number, phone, contact method etc.Obtain the user profile obtained after user is logged in by register account number.Then, then obtain user select product.
Step 104, obtains corresponding authority according to this user profile and product.
As shown in Figure 2, in one embodiment, this step obtaining corresponding authority according to this user profile and product comprises:
Step 202, determines user's group at place according to this user profile.
Concrete, user is divided into different user's groups in advance.This user's group can comprise as research and development group, engineering group and production group etc., but is not limited thereto.User's group at its place can be determined according to user profile.
Step 204, organizes the configuration file obtaining corresponding product according to this user.
Concrete, the configuration file of product comprises this user and organizes concrete operating right.
Step 206, resolves this configuration file and obtains corresponding authority.
As shown in Figure 3, user is by after accessing server by customer end, and server judges to user profile the user's group determining its place, organize 1 as user belongs to user, user organize 2 or user organize 3; User can select product 1, product 2 or product 3 on the client, selects product 1 to obtain the configuration file of corresponding product 1, selects product 2 to obtain the configuration file of corresponding product 2, selects product 3 to obtain the configuration file of corresponding product 3.
Above by determining that user's group at user place obtains corresponding configuration file, and then resolve this configuration file and obtain corresponding authority, the authority of a class user distributed, and do not distribute authority for unique user, process is simple, improves allocative efficiency.
Step 106, according to the configuration data of this corresponding this product of right assignment.
Concrete, can determine which configuration data of this user to product has the right to operate according to corresponding authority, so, the corresponding configuration data of product can be distributed to user.
The above-mentioned authority distributing method based on products configuration, defines the competence according to user profile and product, and according to the corresponding configuration data of right assignment, because combining user profile and product, for different products, even same user, its authority also can realize difference, improves the security of data.
In one embodiment, based on the authority distributing method of products configuration, also comprise: the corresponding relation setting up the configuration file of user's group and product in advance.
This step organizing the configuration file obtaining corresponding product according to this user comprises:
According to this user's group from setting up user's group and the configuration file obtaining corresponding product the corresponding relation of the configuration file of product in advance.
As shown in Figure 4, in one embodiment, the above-mentioned authority distributing method based on products configuration, also comprises:
Step 402, arranges the grade of user's group.
Such as, user's group comprises research and development group, engineering group and production group, and three's grade reduces gradually.Higher grade, and corresponding authority is also higher.
Step 404, the configuration data that user's group that acquisition adjacent rank middle grade is high is screened from the configuration data of self correspondence distributes to the low user's group of grade.
Step 406, using the configuration data of this screening as the user that grade is low organize the configuration data of operable product.
The above-mentioned authority distributing method based on products configuration, the configuration data of self selects partial configuration data to distribute to the low user's group of grade by the user group high by grade, and allocation scheme is simple, and safety.
In one embodiment, the step that the configuration data that user's group that this acquisition adjacent rank middle grade is high is screened from the configuration data of self correspondence distributes to the low user's group of grade comprises: the configuration data Windows filter partial configuration data organized the user that grade is high, and the partial configuration data dragging this screening enter the configuration data window of the low user's group of grade.
As shown in Figure 5, the grade that user organizes 1, user organizes 2, user organizes 3 reduces gradually, user organizes the 1 configuration page configuration that can drag the configuration data of own partial and organizes 2 to user, and user organizes the 2 configuration page configuration that can drag the configuration data of own partial and organizes 3 to user.
As shown in Figure 6, be structured flowchart based on the right assignment system of products configuration in an embodiment.Based on the right assignment system of products configuration, acquisition module 620, authority determination module 640 and configuration module 660 should be comprised.Wherein:
Acquisition module 620, for obtaining the product of user profile and user's selection.
First, user by client registers account, and fills in user profile.This user profile comprises user's name, post, job number, phone, contact method etc.Obtain the user profile obtained after user is logged in by register account number.Then, then obtain user select product.
Authority determination module 640, for obtaining corresponding authority according to this user profile and product.
As shown in Figure 7, this authority determination module 640 comprises user's group and determines that submodule 642, configuration file obtain submodule 644 and analyzing sub-module 646.Wherein:
User's group determines submodule 642, for determining user's group at place according to this user profile.
Concrete, user is divided into different user's groups in advance.This user's group can comprise as research and development group, engineering group and production group etc., but is not limited thereto.User's group at its place can be determined according to user profile.
Configuration file obtains submodule 644, for organizing the configuration file obtaining corresponding product according to this user.
Concrete, the configuration file of product comprises this user and organizes concrete operating right.
Analyzing sub-module 646, obtains corresponding authority for resolving this configuration file.
Configuration module 660, for the configuration data according to this corresponding this product of right assignment.
Concrete, can determine which configuration data of this user to product has the right to operate according to corresponding authority, so, the corresponding configuration data of product can be distributed to user.
The above-mentioned right assignment system based on products configuration, defines the competence according to user profile and product, and according to the corresponding configuration data of right assignment, because combining user profile and product, for different products, even same user, its authority also can realize difference, improves the security of data.
As shown in Figure 8, in another embodiment based on the structured flowchart of the right assignment system of products configuration.Should based on the right assignment system of products configuration, comprise acquisition module 620, authority determination module 640 and configuration module 660, the relation that also comprises sets up module 630.
Relation sets up module 630, for setting up the corresponding relation of the configuration file of user's group and product in advance.
This configuration file obtains submodule 644 also for organizing and the configuration file obtaining corresponding product the corresponding relation of the configuration file of product from setting up user in advance according to this user's group.
As shown in Figure 9, in another embodiment based on the structured flowchart of the right assignment system of products configuration.Should based on the right assignment system of products configuration, comprise acquisition module 620, authority determination module 640, configuration module 660, relation set up module 630, also comprise grade and module 650, screening module 670, priority assignation module 680 are set.
Grade arranges module 650, for arranging the grade of user's group.
Such as, user's group comprises research and development group, engineering group and production group, and three's grade reduces gradually.Higher grade, and corresponding authority is also higher.
Screening module 670, the configuration data screened from the configuration data of self correspondence for obtaining the high user's group of adjacent rank middle grade distributes to the low user's group of grade.
Priority assignation module 680, for using the configuration data of this screening as the user that grade is low organize the configuration data of operable product.
This screening module 670 is also for the configuration data Windows filter partial configuration data that the user high in grade organizes, and the partial configuration data dragging this screening enter the configuration data window of the low user's group of grade.
The above-mentioned right assignment system based on products configuration, the configuration data of self selects partial configuration data to distribute to the low user's group of grade by the user group high by grade, and allocation scheme is simple, and safety.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
The above embodiment only have expressed several embodiment of the present invention, and it describes comparatively concrete and detailed, but therefore can not be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.
Claims (10)
1., based on an authority distributing method for products configuration, comprising:
Obtain the product of user profile and user's selection;
Corresponding authority is obtained according to described user profile and product;
The configuration data of product according to corresponding right assignment.
2. the authority distributing method based on products configuration according to claim 1, is characterized in that, the described step obtaining corresponding authority according to described user profile and product comprises:
User's group at place is determined according to described user profile;
The configuration file obtaining corresponding product is organized according to described user;
Resolve described configuration file and obtain corresponding authority.
3. the authority distributing method based on products configuration according to claim 2, is characterized in that, described method also comprises:
Set up the corresponding relation of the configuration file of user's group and product in advance;
The described step organizing the configuration file obtaining corresponding product according to described user comprises:
According to described user's group from setting up user's group and the configuration file obtaining corresponding product the corresponding relation of the configuration file of product in advance.
4. the authority distributing method based on products configuration according to claim 3, is characterized in that, described method also comprises:
The grade of user's group is set;
The configuration data that user's group that acquisition adjacent rank middle grade is high is screened from the configuration data of self correspondence distributes to the low user's group of grade;
Using the configuration data of described screening as the user that grade is low organize the configuration data of operable product.
5. the authority distributing method based on products configuration according to claim 4, is characterized in that, the step that the configuration data that user's group that described acquisition adjacent rank middle grade is high is screened from the configuration data of self correspondence distributes to the low user's group of grade comprises:
In the configuration data Windows filter partial configuration data that the user that grade is high organizes, and the partial configuration data dragging described screening enter the configuration data window of the low user's group of grade.
6. based on a right assignment system for products configuration, it is characterized in that, comprising:
Acquisition module, for obtaining the product of user profile and user's selection;
Authority determination module, for obtaining corresponding authority according to described user profile and product;
Configuration module, for the configuration data of product according to corresponding right assignment.
7. the right assignment system based on products configuration according to claim 6, is characterized in that, described authority determination module comprises:
User's group determines submodule, for determining user's group at place according to described user profile;
Configuration file obtains submodule, for organizing the configuration file obtaining corresponding product according to described user;
Analyzing sub-module, obtains corresponding authority for resolving described configuration file.
8. the right assignment system based on products configuration according to claim 7, is characterized in that, described system also comprises:
Relation sets up module, for setting up the corresponding relation of the configuration file of user's group and product in advance;
Described configuration file obtains submodule also for organizing and the configuration file obtaining corresponding product the corresponding relation of the configuration file of product from setting up user in advance according to described user's group.
9. the right assignment system based on products configuration according to claim 8, is characterized in that, described system also comprises:
Grade arranges module, for arranging the grade of user's group;
Screening module, the configuration data screened from the configuration data of self correspondence for obtaining the high user's group of adjacent rank middle grade distributes to the low user's group of grade;
Priority assignation module, for using the configuration data of described screening as the user that grade is low organize the configuration data of operable product.
10. the right assignment system based on products configuration according to claim 9, it is characterized in that, described screening module is also for the configuration data Windows filter partial configuration data that the user high in grade organizes, and the partial configuration data dragging described screening enter the configuration data window of the low user's group of grade.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310522761.9A CN104573439A (en) | 2013-10-29 | 2013-10-29 | Permission assignment method and system based on product configuration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310522761.9A CN104573439A (en) | 2013-10-29 | 2013-10-29 | Permission assignment method and system based on product configuration |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104573439A true CN104573439A (en) | 2015-04-29 |
Family
ID=53089481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310522761.9A Pending CN104573439A (en) | 2013-10-29 | 2013-10-29 | Permission assignment method and system based on product configuration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104573439A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893835A (en) * | 2016-03-30 | 2016-08-24 | 广州杰赛科技股份有限公司 | Operation authority control method and device |
| CN109656452A (en) * | 2018-12-18 | 2019-04-19 | 珠海格力电器股份有限公司 | Parameter setting permission changing method and system in touch screen interface and heating ventilation air conditioner |
| CN111327416A (en) * | 2019-12-13 | 2020-06-23 | 刘高峰 | Internet of things equipment access method and device and Internet of things platform |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101178757A (en) * | 2007-11-23 | 2008-05-14 | 珠海博睿科技有限公司 | Right managing method and apparatus |
| CN101197026A (en) * | 2007-12-20 | 2008-06-11 | 浙江大学 | Design and storage method for resource and its access control policy in high-performance access control system |
| CN101441688A (en) * | 2007-11-20 | 2009-05-27 | 阿里巴巴集团控股有限公司 | User authority allocation method and user authority control method |
-
2013
- 2013-10-29 CN CN201310522761.9A patent/CN104573439A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101441688A (en) * | 2007-11-20 | 2009-05-27 | 阿里巴巴集团控股有限公司 | User authority allocation method and user authority control method |
| CN101178757A (en) * | 2007-11-23 | 2008-05-14 | 珠海博睿科技有限公司 | Right managing method and apparatus |
| CN101197026A (en) * | 2007-12-20 | 2008-06-11 | 浙江大学 | Design and storage method for resource and its access control policy in high-performance access control system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893835A (en) * | 2016-03-30 | 2016-08-24 | 广州杰赛科技股份有限公司 | Operation authority control method and device |
| CN105893835B (en) * | 2016-03-30 | 2019-02-19 | 广州杰赛科技股份有限公司 | Operating right control method and device |
| CN109656452A (en) * | 2018-12-18 | 2019-04-19 | 珠海格力电器股份有限公司 | Parameter setting permission changing method and system in touch screen interface and heating ventilation air conditioner |
| CN111327416A (en) * | 2019-12-13 | 2020-06-23 | 刘高峰 | Internet of things equipment access method and device and Internet of things platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101448002B (en) | Method and device for accessing digital resources | |
| CN108259422B (en) | Multi-tenant access control method and device | |
| CN112182619A (en) | Service processing method and system based on user permission, electronic device and medium | |
| CN110363012B (en) | Method for configuring authority of authority resource, authority system and storage medium | |
| CN104750826B (en) | A kind of structural data resource metadata is screened automatically and dynamic registration method | |
| CN113821777A (en) | Authority control method and device, computer equipment and storage medium | |
| CN105447030A (en) | Index processing method and equipment | |
| CN104573439A (en) | Permission assignment method and system based on product configuration | |
| CN104022913A (en) | Test method and device for data cluster | |
| US8676847B2 (en) | Visibility control of resources | |
| CN115758459A (en) | Data authority management method and device | |
| CN116126542A (en) | Cluster resource allocation method, device and storage medium | |
| CN104063636A (en) | Role permission control method and system | |
| CN111177700A (en) | Method and device for controlling row-level authority | |
| CN104391935A (en) | Implementation method and device of range lock | |
| CN102868525A (en) | Authorization management method based on digital certificate | |
| CN112149112B (en) | Enterprise information security management method based on authority separation | |
| US10831906B1 (en) | Techniques for automatic bucket access policy generation | |
| WO2023226461A1 (en) | Multi-domain data fusion method and device, and storage medium | |
| CN102855278B (en) | A kind of emulation mode and system | |
| CN112100592A (en) | Authority management method, device, electronic equipment and storage medium | |
| CN111752539A (en) | BI service cluster system and building method thereof | |
| CN111046115A (en) | Knowledge graph-based heterogeneous database interconnection management method | |
| CN110852634A (en) | Data storage method, storage device, server, readable storage medium and equipment | |
| KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150429 |
|
| RJ01 | Rejection of invention patent application after publication |