CN105871813A - Service management system, user authority control method and system - Google Patents
Service management system, user authority control method and system Download PDFInfo
- Publication number
- CN105871813A CN105871813A CN201610159042.9A CN201610159042A CN105871813A CN 105871813 A CN105871813 A CN 105871813A CN 201610159042 A CN201610159042 A CN 201610159042A CN 105871813 A CN105871813 A CN 105871813A
- Authority
- CN
- China
- Prior art keywords
- user
- control
- access
- list
- coupling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a service management system and a user authority control method and system. By receiving an authorization request of a user, acquiring access control list matching data carried in the authorization request of the user, carrying out access control list matching in a pre-stored access control list configuration file according to the access control list matching data and carrying out authorization control of an authority of the user according to a matched access control list, when a granularity of user authority control needs to be changed, change on the granularity of user authority control can be implemented by expanding definitions on corresponding access control list type elements, i.e. user authority control with a thinner granularity can be conveniently achieved, and when user authority control data needs to be expanded, expansion on the user authority control data can be implemented only by modifying the access control list configuration file, i.e. the user authority control data is more convenient to expand.
Description
Technical field
The present invention relates to user right and control technical field, particularly relate to a kind of business management system, user authority control method and system.
Background technology
Business management system often refers to the control of user right, in business management system, user right is for instance it can be possible that user's operation to certain functional module, the revising of the upper transmitting file to certain business, access to certain service menu, or to the observability control etc. of certain button, certain picture on certain business page, these all can belong to the category of control of authority.
In prior art, in order to realize user right control, generally use access control based roles (RBAC, Role-Based Access Control), i.e. user is associated with authority by role.Briefly, a user has some roles, and each role has some authorities.So, the mandate model of " user-role-authority " it is constructed for.In this model, between user and role, between role and authority, general person is the relation of multi-to-multi, as it is shown in figure 1, but access control based roles technology generally uses the permissions data of database purchase role or user, but use database stores user permissions data, it is not easy to extension;And be based only on role and carry out user right control, the granularity controlling user right is inadequate.
Summary of the invention
In view of the above problems, the embodiment of the present invention provides a kind of business management system, user authority control method and system, is extended to facilitate.
In order to solve above-mentioned technical problem, the user authority control method of a kind of business management system that the embodiment of the present invention provides, comprising:
Receive the authorization requests of user;
Obtain the access carried in the authorization requests of described user and control list match data;
Control list match data conduct interviews control list match according to described access in the access that prestores controls list configuration file;
The control list that accesses according to coupling carries out the authorization control of this user right.
Wherein, the described control list match data that access are that one or more access that user is mated control list type element datas.
Wherein, the described control list type element that accesses includes following one or more: mates user name, coupling role, matched data transmission method or HTTP request method, matching operation code, coupling resource, match parameter, match control time, the IP address of coupling user or mates user's entering frequency to resource.
It addition, also include:
When needing the granularity changing user right control, extend the definition that corresponding access is controlled list type element.
Wherein, described access controls list configuration file and preserves in the form of text.
It addition, also include:
When needs extending user control of authority data, amendment accesses and controls list configuration file.
Correspondingly, the user right control system of a kind of business management system according to embodiments of the present invention, comprising:
Receiving processing module, for receiving the authorization requests of user;
Obtain processing module, control list match data for obtaining the access carried in the authorization requests of described user;
Matching treatment module, controls list match data conduct interviews control list match according to described access in controlling list configuration file in the access that pre-saves;
Authorization control processing module, carries out the authorization control of this user right for the control list that accesses according to coupling.
Wherein, the described control list match data that access are that one or more access that user is mated control list type element datas.
Wherein, the described control list type element that accesses includes following one or more: mates user name, coupling role, matched data transmission method or HTTP request method, matching operation code, coupling resource, match parameter, match control time, the IP address of coupling user or mates user's entering frequency to resource.
It addition, also include:
When needing the granularity changing user right control, extend the definition that corresponding access is controlled list type element.
Wherein, described access controls list configuration file and preserves in the form of text.
It addition, also include:
When needs extending user control of authority data, amendment accesses and controls list configuration file.
Correspondingly, a kind of business management system according to embodiments of the present invention, including operation system and user right control system, it is characterised in that described user right control system specifically includes:
Receiving processing module, for receiving the authorization requests of the user that operation system is sent;
Obtain processing module, control list match data for obtaining the access carried in the authorization requests of described user;
Matching treatment module, controls list match data conduct interviews control list match according to described access in controlling list configuration file in the access that pre-saves;
Authorization control processing module, carries out the authorization control of this user right for the control list that accesses according to coupling.
Wherein, the described control list match data that access are that one or more access that user is mated control list type element datas.
Wherein, the described control list type element that accesses includes following one or more: mates user name, coupling role, matched data transmission method, matching operation code, coupling resource, match parameter, match control time, the IP address of coupling user or mates user's entering frequency to resource.
It addition, also include:
When needing the granularity changing user right control, extend the definition that corresponding access is controlled list type element.
Wherein, described access controls list configuration file and preserves in the form of text.
It addition, also include:
When needs extending user control of authority data, amendment accesses and controls list configuration file.
Business management system, user authority control method and the system provided according to embodiments of the present invention, it is by receiving the authorization requests of user;Obtain the access carried in the authorization requests of described user and control list match data;Control list match data conduct interviews control list match according to described access in the access that prestores controls list configuration file;The control list that accesses according to coupling carries out the authorization control of this user right, when needing the granularity changing user right control, the expansible definition that corresponding access is controlled list type element can realize, the user right that can realize more fine granularity easily controls, and when needs extending user control of authority data, only need to revise access control list configuration file can realize, extension of being i.e. more convenient for.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in describing below is only some embodiments described in the present invention, for those of ordinary skill in the art, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the principle schematic according to prior art access control based roles;
Fig. 2 is the specific embodiment overall schematic according to business management system of the present invention;
Fig. 3 is the specific embodiment flow chart of the user authority control method according to business management system of the present invention;
Fig. 4 is according to the composition schematic diagram of a specific embodiment of user right control system in Fig. 2.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained, broadly fall into the scope of protection of the invention.
Referring to Fig. 2, it is the specific embodiment overall schematic according to business management system of the present invention.
As shown, the present embodiment business management system includes operation system 1 and user right control system 2, when implementing, operation system 1 can be multiple service sub-system, the most each business or the most corresponding service sub-system of application, the user in each service sub-system can carry out the centralized Control of authority by user right control system 2.
Need explanation, owing to user right carries out centralized Control by unified user right control system, in the business management system of the present embodiment, even if the rights management of each service sub-system requires difference, it would however also be possible to employ general unified solution realizes user right control.
With reference to Fig. 3, this figure is the specific embodiment flow chart of the user authority control method according to business management system of the present invention, and in the present embodiment, the user authority control method of business management system mainly comprises the steps:
Step S101, receives the authorization requests of user;
When implementing, the authorization requests of described user can be the authorization requests that the user of each service sub-system sends, and repeats no more here;
Step S102, obtains the access carried in the authorization requests of described user and controls list match data;
When implementing, accessing control list match data can be such as that one or more access that user is mated control list type element datas, need explanation, the present embodiment to pre-define access and controls list type element, need when writing access control rule to quote them, optionally embodiment, the described control list type element that accesses can include following one or more: coupling user name, coupling role, matched data transmission method or HTTP request method, matching operation code, coupling resource, match parameter, the match control time, the IP address of coupling user or coupling user's entering frequency to resource, it is specifically defined and is described as follows, wherein
Basic ACL element grammer is as follows:
acl name type value1 value2...
It is the relation of OR between value value of ACL element, such as:
acl SportsGroup user zhang3 li4
Need explanation, when finding first value coupling, can stop search, therefore, preferably the value of most probable coupling is placed at list head when implementing, the coupling cost time can be reduced;
It addition, as a rule, an ACL element can be enumerated multiple value, multiple ACL i.e. can be had to exercise and use same name, the most following two sections of configurations are of equal value:
acl AllowAccessRes role tv_editor movie_editor zy_editor
acl AllowAccessRes role tv_editor
acl AllowAccessRes role movie_editor
acl AllowAccessRes role zy_editor
Needing explanation, the element of the same name of above-mentioned same type is the relation of OR, as above example;Different types of element of the same name, element below can cover element above, such as:
# is capped
acl myTest user test
# can cover above " myTest " element
acl myTest action add
Access control list type element the following detailed description of the present embodiment:
1.1.ACL types of elements: user, i.e. mates user name
Coupling background user login name (case sensitive) or login ID.
1.2.ACL types of elements: role, i.e. mates role
Coupling background user role name (case sensitive) or role ID.
1.3.ACL types of elements: method, i.e. matched data transmission method or HTTP request method
Coupling REQUEST_METHOD, such as GET, PUT, POST etc. (capital and small letter is insensitive).
1.4.ACL types of elements: action, i.e. matching operation code
Matching operation code name (case sensitive) or operation ID.
1.5.ACL types of elements: resource, i.e. mates resource
Coupling resource (operation object), comprises resource class code name (case sensitive) and resource ID two parts.
Wherein, the grammatical rules to coupling resource of the present embodiment definition is as follows:
restype[resids]
Such as:
Certain class resource entirety restype [*] or restype
Certain class resource entirety child resource restype [123] .*
Specify ID restype [123]
Specify multiple ID restype [123,234]
Specify ID scope restype [10-99]
Restype [-50] (represents <=50)
Restype [100-] (represents >=100)
Negate restype [!123,234] (represent!=123&&!=234)
restype[!10-99] (representing < 10&& > 99)
For having the resource class of hierarchical relationship, following rule can be used:
prestype1[presids1].prestype2[presids2].{...}.restype[resids]
Such as:
# is equal to topic [16] .page [*], represents all page under the topic that id is 16
topic[16].page
channel[1095].page[2594].module[16715]
channel[123].channel[1864].ds[*]
# represents all child resources under the topic that id is 32, is equal to topic [32] .page [*] topic [32] .ds [*] topic [32] .page [*] .module [*]
topic[32].*
1.6.ACL types of elements: param, i.e. match parameter
The parameter specified is carried out general character string/numeric ratio relatively or matching regular expressions.
Wherein grammatical rules is as follows:
Paramname=value1 value2 ... be equal to, is the relation of "or" between the more multiple value of general character string
paramname!=value or
Paramname < > value is not equal to, and general character string compares can only a value
Paramname > numeric_value is more than, and ordinary numeric value compares can only a numeric_value, and must be numerical value
Paramname >=numeric_value is more than or equal to, and ordinary numeric value compares can only a numeric_value, and must be numerical value
Paramname < numeric_value is less than, and ordinary numeric value compares can only a numeric_value, and must be numerical value
Paramname <=numeric_value is less than or equal to, and ordinary numeric value compares can only a numeric_value, and must be numerical value
Paramname=~pattern1pattern2 ... be the relation of "or" between the multiple pattern of matching regular expressions
Paramname be specify to carry out mating parameter name (letter, numeral or underscore " _ " combination).
Wherein matching regular expressions: patternN is the regular expression of PERL style, must comprise complete delimiter (any be not letter, numeral or backslash " " character) and expression formula, can terminate to revise on delimiter heel symbol (seeing http://www.php.net/manual/zh/book.pcre.php).It it is the relation of OR between multiple pattern.
Needing explanation, above-mentioned param types of elements can realize the function of the element types such as user, resource, action, but owing to regular expression ratio is relatively time-consuming, uses front several types or general character string equality matching so preferential.
1.7.ACL types of elements: time
In the present embodiment control can time-based access, the time is the concrete time in every day, and weekly in every day.
When implementing, date and time was as the criterion with the system service end time, so may need to consider time zone and the time difference problem at operation system place when arranging time ACL.
When implementing, the date can represent with single-letter, and the time can represent with 24 hours systems, and the time started can be more than the end time (represent and cross over 0 point), but both can not be identical, specific as follows:
Symbol day
S Sunday Sunday
M Monday Monday
T Tuesday on Tuesday
W Wednesday on Wednesday
H Thursday on Thursday
F Friday on Friday
A Saturday on Saturday
D All on working day weekdays (M-F)
It addition, mate the working time of correspondence to write the access control list ACL of time, can write in the following manner:
acl Working_hours time MTWHF 08:00-17:00
Or
acl Working_hours time D 08:00-17:00
Cross over the example of 0:
acl Offpeak time 20:00-06:00
access deny Offpeak...
It is equivalent to:
acl Offpeak time 06:00-20:00
access deny!Offpeak...
The access control list ACL of same time can place multiple date and time range list, and " date-time " or single date, single time are all legal, such as:
acl Blah time M 08:00-10:00WHF 09:00-11:00SA
It is equivalent to following 3 row:
acl Blah time M 08:00-10:00
acl Blah time WHF 09:00-11:00
acl Blah time SA
1.8.ACL types of elements: ip, i.e. mates the ip address of user
Coupling accesses the IP address of parameter client_ip.
When implementing, it is intended that during IP address, address can be write with forms such as IP subnet, address realms, support standard IP address literary style (by ". " 4 numerals less than 256 connecting) and CIDR specification.
It is, for example possible to use following several form:
The most single IP
172.16.10.12-172.16.10.20 address realm
172.16.10.* the network segment of asterisk wildcard form
172.16.10.0/255.255.255.0 mask mode (mask)
172.16.10.0/24 CIDR (CIDR)
172.16.10.0-172.16.19.0/24 many adjoining subnetworks
Or such as: the often group in lower example is equal:
acl Foo ip 172.16.44.21/255.255.255.255
acl Foo ip 172.16.44.21/32
acl Foo ip 172.16.44.21
acl Xyz ip 172.16.55.32/255.255.255.248
acl Xyz ip 172.16.55.32/28
acl Bar ip 172.16.66.0/255.255.255.0
acl Bar ip 172.16.66.0/24
acl Bar ip 172.16.66.0
Multiple adjoining subnetworks:
Or such as
acl Bar ip 172.16.10.0-172.16.13.0/24
It is equivalent to row below:
acl Bar ip 172.16.10.0/24
acl Bar ip 172.16.11.0/24
acl Bar ip 172.16.12.0/24
acl Bar ip 172.16.13.0/24
Noting using IP address range, mask can only take one, it is impossible to arranges multiple different mask for the address in scope.
It addition, same support arranges multiple IP address value, such as in an ip ACL in the present embodiment:
acl Foo ip 172.16.43.10 172.16.43.16 172.16.43.20-172.16.43.50172.16.44.0/24
1.9.ACL types of elements: freq, i.e. coupling user's entering frequency to resource
Control user's entering frequency to resource, if frequency exceedes designated value, mate.
Its grammatical rules can be defined as follows:
{field1&field2&...}:{times}/{period}
Wherein field can only be restype, resid or action, middle with " & " connection.Represent that certain operation to certain class/certain resource carries out frequency statistics.
Times represents number of operations, it is necessary to be greater than the shaping numerical value of 0.
Period represents nearest a period of time, it is necessary to be greater than the shaping numerical value+unit of 0, and unit can be D (Day), H (Hour), M (Minute) or S (Second), and giving tacit consent to if not writing unit is M.
Owing to freq element is when entering frequency exceedes designated value, mate this ACL element, so the access rule of general deny is controlled.
When implementing, can jointly control together with user, resource, action element, and jointly control rule, such as with an allow not having freq the most again:
acl zhang3 user zhang3
acl allTopic resource topic[*]
acl deleteAction action delete
acl limitFreq freq restype&action:5/1M
access deny zhang3 allTopic deleteAction limitFreq
access allow zhang3 allTopic deleteAction
It addition, the present embodiment also needs to arrange access control rule, it is used for allowing or refusing some action.
Such as, a kind of grammer is as follows:
access allow|deny[!]aclname[!]aclname...
Illustrate:
access allow AllowAccessRes
access deny!NewsChannel
access allow SportsGroup TechGroup FinanceGroup
It is AND relation between the aclname of access rule.
In reality, it would however also be possible to employ following manner, it may be assumed that
access allow ACL1ACL2ACL3
For this matched rule, request must mate any one in ACL1, ACL2, ACL3.If the not matching request of any one in these ACL, stop search this rule, and continues with next.When implementing, for certain rule, the ACL of minimum coupling is put in the first place, efficiency can be made optimal.
Need explanation, the present embodiment can also be supported anonymous ACL element, in a ccess rule, i.e. support anonymous ACL element, i.e. need not the ACL element of predefined, such as:
access allow{user myname}
access deny SportsGroup{action delete}
{ } be anonymous ACL.
Finally, can arrange and preserve access and control list configuration file, when implementing, described access controls list configuration file and preserves the most in the form of text, wherein accesses control list and is defined as follows, i.e.
Access_list:=access rule n access rule n...
Wherein " n " is newline, and access_list mates in order, if one can be matched, then stop coupling, if can not mate, then change to next and continue coupling, therefore, when implementing, generally can will more specifically put in the first place with restricted access list.
Step S103, the access prestored controls to control list match data conduct interviews control list match according to described access in list configuration file;
When implementing, pre-save access according to above-mentioned steps 102 and controlled list configuration file, this step i.e. can read the access that pre-saves and control list configuration file, then controlled list match data conduct interviews control list match according to described access.
Step S104, carries out the authorization control of this user right according to the control list that accesses of coupling.
Need explanation, when needing the dimension of extending user control of authority, new access can be increased and control list element type;And when needing the granularity changing user right control, the corresponding definition accessing control list type element can be able to be realized by the present embodiment by extension, additionally, when needs extending user control of authority data, amendment accesses control list configuration file and can realize, and without revising data base as prior art, additionally, owing to supporting that match control time, the IP address of coupling user or coupling user are to various high level control of authority demands such as the entering frequency of resource in the present embodiment, therefore, the complexity of system design will not significantly improve.
With reference to Fig. 4, this figure is a specific embodiment of the user right control system according to business management system of the present invention, and the user right control system of the present embodiment specifically includes that
Receiving processing module 11, for receiving the authorization requests of user;
When implementing, the authorization requests of described user can be the authorization requests that the user of each service sub-system of operation system sends, and repeats no more here;
Obtain processing module 12, control list match data for obtaining the access carried in the authorization requests of described user;
When implementing, with reference to preceding description, accessing control list match data can be such as that one or more access that user is mated control list type element datas, need explanation, the present embodiment to pre-define access and controls list type element, need when writing access control rule to quote them, optionally embodiment, the described control list type element that accesses can include following one or more: coupling user name, coupling role, matched data transmission method, matching operation code, coupling resource, match parameter, the match control time, the IP address of coupling user or coupling user's entering frequency to resource, it is specifically defined and sees described above, here repeat no more.
Matching treatment module 13, controls list match data conduct interviews control list match according to described access in controlling list configuration file in the access that pre-saves;
When implementing, matching treatment module 13 can read the access pre-saved and controls list configuration file, wherein said access controls list configuration file and can preserve in the form of text, then controls list match data conduct interviews control list match according to described access.
Authorization control processing module 14, carries out the authorization control of this user right for the control list that accesses according to coupling.
Need explanation, in the present embodiment, when needing the dimension of extending user control of authority, new access control element type can be increased;And when needing the granularity changing user right control, the corresponding definition accessing control list type element can be able to be realized by the present embodiment by extension, additionally, when needs extending user control of authority data, amendment accesses control list configuration file and can realize, and without revising data base as prior art, additionally, owing to supporting that match control time, the IP address of coupling user or coupling user are to various high level control of authority demands such as the entering frequency of resource in the present embodiment, therefore, the complexity of system design will not significantly improve.
In above-mentioned provided description, illustrate a large amount of detail.It is to be appreciated, however, that embodiments of the invention can be put into practice in the case of not having these details.In some instances, it is not shown specifically known method, structure and technology, in order to do not obscure the understanding of this description.
Similarly, it is to be understood that, one or more in order to simplify that the disclosure helping understands in each inventive aspect, above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or descriptions thereof sometimes.But, the method for the disclosure should not being construed to reflect an intention that, i.e. the present invention for required protection requires than the more feature of feature being expressly recited in each claim.More precisely, as the following claims reflect, inventive aspect is all features less than single embodiment disclosed above.Therefore, it then follows claims of detailed description of the invention are thus expressly incorporated in this detailed description of the invention, the most each claim itself is as the independent embodiment of the present invention.
The present invention will be described rather than limits the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment without departing from the scope of the appended claims.
Claims (13)
1. the user authority control method of a business management system, it is characterised in that including:
Receive the authorization requests of user;
Obtain the access carried in the authorization requests of described user and control list match data;
Carry out according to the described control list match data that access in the access prestored controls list configuration file
Access and control list match;
The control list that accesses according to coupling carries out the authorization control of this user right.
The user authority control method of business management system the most according to claim 1, its feature exists
In, the described control list match data that access are that one or more access that user is mated control list type
Element data.
The user authority control method of business management system the most according to claim 2, its feature exists
In, the described control list type element that accesses includes following one or more: coupling user name, matching angle
When color, matched data transmission method, matching operation code, coupling resource, match parameter, match control
Between, coupling user IP address or coupling user's entering frequency to resource.
The user authority control method of business management system the most according to claim 3, its feature exists
In, also include:
When needing the granularity changing user right control, it is first that extension controls list type to corresponding access
The definition of element.
5. according to the user authority control method of the business management system described in any one of claim 1-4,
It is characterized in that, described access controls list configuration file and preserves in the form of text.
The user authority control method of business management system the most according to claim 5, its feature exists
In, also include:
When needs extending user control of authority data, amendment accesses and controls list configuration file.
7. the user right control system of a business management system, it is characterised in that including:
Receiving processing module, for receiving the authorization requests of user;
Obtain processing module, control list for obtaining the access carried in the authorization requests of described user
Join data;
Matching treatment module, according to described visit in controlling list configuration file in the access pre-saved
Ask that control list match data conduct interviews control list match;
Authorization control processing module, carries out awarding of this user right for the control list that accesses according to coupling
Power controls.
The user right control system of business management system the most according to claim 7, its feature exists
In, the described control list match data that access are that one or more access that user is mated control list type
Element data.
The user right control system of business management system the most according to claim 8, its feature exists
In, the described control list type element that accesses includes following one or more: coupling user name, matching angle
When color, matched data transmission method, matching operation code, coupling resource, match parameter, match control
Between, coupling user IP address or coupling user's entering frequency to resource.
The user right control system of business management system the most according to claim 9, its feature
It is, also includes:
When needing the granularity changing user right control, it is first that extension controls list type to corresponding access
The definition of element.
11. according to the user right control system of the business management system described in any one of claim 7-10,
It is characterized in that, described access controls list configuration file and preserves in the form of text.
The user right control system of 12. business management systems according to claim 11, its feature
It is, also includes:
When needs extending user control of authority data, amendment accesses and controls list configuration file.
13. 1 kinds of business management systems, weigh including operation system and the user as described in claim 7-12
Limit control system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610159042.9A CN105871813A (en) | 2016-03-18 | 2016-03-18 | Service management system, user authority control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610159042.9A CN105871813A (en) | 2016-03-18 | 2016-03-18 | Service management system, user authority control method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105871813A true CN105871813A (en) | 2016-08-17 |
Family
ID=56625610
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610159042.9A Pending CN105871813A (en) | 2016-03-18 | 2016-03-18 | Service management system, user authority control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105871813A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790001A (en) * | 2016-12-12 | 2017-05-31 | 中电科华云信息技术有限公司 | Multisystem role-security management method and system based on unified interface |
| CN107124310A (en) * | 2017-05-05 | 2017-09-01 | 杭州迪普科技股份有限公司 | The collocation method and device of a kind of authority |
| CN107483483A (en) * | 2017-08-31 | 2017-12-15 | 中国农业银行股份有限公司 | The customer information access control method and device of a kind of financial circles information system |
| CN107783872A (en) * | 2017-10-27 | 2018-03-09 | 郑州云海信息技术有限公司 | The method of testing and device of distributed storage product ACL fast response characteristic |
| CN108156111A (en) * | 2016-12-02 | 2018-06-12 | 北大方正集团有限公司 | The treating method and apparatus of network service permission |
| CN108229115A (en) * | 2016-12-21 | 2018-06-29 | 北京金山云网络技术有限公司 | A kind of method for authenticating and device |
| CN108921520A (en) * | 2017-08-07 | 2018-11-30 | 成都牵牛草信息技术有限公司 | Count list operation permission grant method |
| CN110727930A (en) * | 2019-10-12 | 2020-01-24 | 北京推想科技有限公司 | Authority control method and device |
| CN110956550A (en) * | 2019-12-18 | 2020-04-03 | 广东电力交易中心有限责任公司 | Electric power market trading system oriented to multi-type using main body |
| CN111104652A (en) * | 2019-10-17 | 2020-05-05 | 贝壳技术有限公司 | Authority management method and device, computer readable storage medium and electronic equipment |
| CN111212027A (en) * | 2019-11-29 | 2020-05-29 | 云深互联(北京)科技有限公司 | Network security verification method and device based on enterprise browser |
| CN111537058A (en) * | 2020-04-16 | 2020-08-14 | 哈尔滨工程大学 | Sound field separation method based on Helmholtz equation least square method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1787529A (en) * | 2005-12-06 | 2006-06-14 | 南京邮电大学 | Method for safety access based on policy in network computing environment |
| US20080155652A1 (en) * | 2006-12-22 | 2008-06-26 | International Business Machines Corporation | Using an access control list rule to generate an access control list for a document included in a file plan |
| CN103067400A (en) * | 2013-01-10 | 2013-04-24 | 华为技术有限公司 | Access control method and server |
| WO2015131717A1 (en) * | 2014-10-09 | 2015-09-11 | 中兴通讯股份有限公司 | Method and device for managing access control list of network device |
-
2016
- 2016-03-18 CN CN201610159042.9A patent/CN105871813A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1787529A (en) * | 2005-12-06 | 2006-06-14 | 南京邮电大学 | Method for safety access based on policy in network computing environment |
| US20080155652A1 (en) * | 2006-12-22 | 2008-06-26 | International Business Machines Corporation | Using an access control list rule to generate an access control list for a document included in a file plan |
| CN103067400A (en) * | 2013-01-10 | 2013-04-24 | 华为技术有限公司 | Access control method and server |
| WO2015131717A1 (en) * | 2014-10-09 | 2015-09-11 | 中兴通讯股份有限公司 | Method and device for managing access control list of network device |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108156111B (en) * | 2016-12-02 | 2021-12-03 | 北大方正集团有限公司 | Method and device for processing network service authority |
| CN108156111A (en) * | 2016-12-02 | 2018-06-12 | 北大方正集团有限公司 | The treating method and apparatus of network service permission |
| CN106790001A (en) * | 2016-12-12 | 2017-05-31 | 中电科华云信息技术有限公司 | Multisystem role-security management method and system based on unified interface |
| CN108229115A (en) * | 2016-12-21 | 2018-06-29 | 北京金山云网络技术有限公司 | A kind of method for authenticating and device |
| CN107124310A (en) * | 2017-05-05 | 2017-09-01 | 杭州迪普科技股份有限公司 | The collocation method and device of a kind of authority |
| CN108921520B (en) * | 2017-08-07 | 2021-04-20 | 成都牵牛草信息技术有限公司 | Statistical list operation authority authorization method |
| US11475142B2 (en) | 2017-08-07 | 2022-10-18 | Chengdu Qianniucao Information Technology Co., Ltd. | Method for authorizing operation permission of a statistical list |
| WO2019029501A1 (en) * | 2017-08-07 | 2019-02-14 | 成都牵牛草信息技术有限公司 | Statistical list operation permission authorization method |
| CN108921520A (en) * | 2017-08-07 | 2018-11-30 | 成都牵牛草信息技术有限公司 | Count list operation permission grant method |
| JP7318894B2 (en) | 2017-08-07 | 2023-08-01 | 成都牽牛草信息技術有限公司 | How to authorize the operation privileges for the statistics column table |
| JP2020530615A (en) * | 2017-08-07 | 2020-10-22 | 成都牽牛草信息技術有限公司Chengdu Qianniucao Information Technology Co., Ltd. | How to approve the operation authority of the statistical column table |
| CN107483483A (en) * | 2017-08-31 | 2017-12-15 | 中国农业银行股份有限公司 | The customer information access control method and device of a kind of financial circles information system |
| CN107783872A (en) * | 2017-10-27 | 2018-03-09 | 郑州云海信息技术有限公司 | The method of testing and device of distributed storage product ACL fast response characteristic |
| CN110727930A (en) * | 2019-10-12 | 2020-01-24 | 北京推想科技有限公司 | Authority control method and device |
| CN110727930B (en) * | 2019-10-12 | 2022-07-19 | 推想医疗科技股份有限公司 | Authority control method and device |
| CN111104652A (en) * | 2019-10-17 | 2020-05-05 | 贝壳技术有限公司 | Authority management method and device, computer readable storage medium and electronic equipment |
| CN111104652B (en) * | 2019-10-17 | 2021-04-16 | 北京房江湖科技有限公司 | Authority management method and device, computer readable storage medium and electronic equipment |
| CN111212027A (en) * | 2019-11-29 | 2020-05-29 | 云深互联(北京)科技有限公司 | Network security verification method and device based on enterprise browser |
| CN110956550A (en) * | 2019-12-18 | 2020-04-03 | 广东电力交易中心有限责任公司 | Electric power market trading system oriented to multi-type using main body |
| CN111537058A (en) * | 2020-04-16 | 2020-08-14 | 哈尔滨工程大学 | Sound field separation method based on Helmholtz equation least square method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105871813A (en) | Service management system, user authority control method and system | |
| JP4902120B2 (en) | System and method for distributing software updates | |
| JP4916432B2 (en) | Application programming interface for managing the distribution of software updates in an update distribution system | |
| US9730044B2 (en) | Telecommunications data usage management | |
| US8769704B2 (en) | Method and system for managing and monitoring of a multi-tenant system | |
| US20180026827A1 (en) | Functionality Management via Application Modification | |
| US9075955B2 (en) | Managing permission settings applied to applications | |
| US20090007229A1 (en) | Time-based method for authorizing access to resources | |
| US9226155B2 (en) | Data communications management | |
| US20070079384A1 (en) | System and/or method for authentication and/or authorization | |
| US9473499B2 (en) | Federated role provisioning | |
| EP3661164B1 (en) | Network service plan design | |
| US20180174107A1 (en) | Systems and methods for calendar sharing by enterprise web applications | |
| KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment | |
| US11575711B2 (en) | Device management system | |
| JP6334331B2 (en) | User attribute information management system and user attribute information management method | |
| JP2014002485A (en) | Information providing program, information providing method and information providing device | |
| Shakarami | Operation and administration of access control in IoT environments | |
| Schafer | Unified Endpoint Management Software for a Small Company | |
| JP2022033110A (en) | Filtering device, filtering method, filtering program, and filtering system | |
| Machado et al. | PowerShell for Office 365 | |
| Ge et al. | A New Access Control Model for Manufacturing Grid. | |
| IL166812A (en) | Update distribution system architecture and method for distributing software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160817 |