CN106650500A - Method and system for modifying user authority - Google Patents
Method and system for modifying user authority Download PDFInfo
- Publication number
- CN106650500A CN106650500A CN201611237983.6A CN201611237983A CN106650500A CN 106650500 A CN106650500 A CN 106650500A CN 201611237983 A CN201611237983 A CN 201611237983A CN 106650500 A CN106650500 A CN 106650500A
- Authority
- CN
- China
- Prior art keywords
- authority configuration
- user
- authority
- configuration item
- user right
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Document Processing Apparatus (AREA)
Abstract
The invention discloses a method and a system for modifying user authority. The method comprises the following steps: confirming a current request user role according to a current login request; receiving to-be-modified authority configuration items corresponding to the current request user role; confirming the authority configuration items of a target user authority configuration fragment corresponding to the current request user role according to the user roles and the authority configuration items of all the user authority configuration fragments stored in a user authority configuration document in a preset structural document format and the current request user role; and modifying the authority configuration items of the target user authority configuration fragment according to the to-be-modified authority configuration items. According to the invention, the user authority configuration document is stored in the preset structural document format and does not need to be stored in a database, so that the cost and maintenance of the database are saved; different user roles are corresponding to different configuration information; the configuration information corresponding to the current request user role can be quickly acquired; and the modification speed of the user authority is increased.
Description
Technical field
The present invention relates to rights management techniques field, more particularly to a kind of user right amending method and system.
Background technology
In actual management system, system has the distribution of user role and configuration information.In order to realize user configuring
The modification of information, traditional way is stored in configuration information in database, and corresponding configuration information is obtained from database to be carried out
Corresponding modification.But the data volume of user role and configuration information is typically little, and database itself is relatively huger, so increases
The expense of database and maintenance.
The content of the invention
Based on this, it is necessary to increased database overhead and the problem safeguarded for traditional method, there is provided a kind of user's power
Limit amending method and system.
To achieve these goals, the embodiment of technical solution of the present invention is:
A kind of user right amending method, comprises the following steps:
Determine current request user role according to request is currently logined;
Receive the corresponding authority configuration item to be modified of the current request user role;
According to each user right allocated segments in the user right configuration file stored with preset structure document format
User role and authority configuration item, and the current request user role, determine the current request user role correspondence
Targeted customer's authority configuration fragment authority configuration item;
The authority configuration item of targeted customer's authority configuration fragment is changed according to the authority configuration item to be modified.
A kind of user right changes system, including:
Current request user role determining module, currently logins request and determines current request user role for basis;
Authority configuration item receiver module to be modified, for receiving the corresponding authority to be modified of the current request user role
Configuration item;
Authority configuration item determining module, for the user right configuration file that basis is stored with preset structure document format
In each user right allocated segments user role and authority configuration item, and the current request user role, determine institute
State the authority configuration item of the corresponding targeted customer's authority configuration fragment of current request user role;
User right modified module, for changing targeted customer's authority configuration according to the authority configuration item to be modified
The authority configuration item of fragment.
Compared with prior art, beneficial effects of the present invention are:User right amending method of the present invention and system, first root
Determine current request user role according to request is currently logined;Receive the corresponding authority configuration to be modified of current request user role
;The user right configuration file stored according to current request user role and with preset structure document format, it is determined that currently
The authority configuration item of the corresponding targeted customer's authority configuration fragment of request user role;Repaiied according to above-mentioned authority configuration item to be modified
Change the authority configuration item of targeted customer's authority configuration fragment.The present invention is because user right configuration file is with preset structure document
Form is stored, it is not necessary to which user right configuration file is stored in database, saves expense and the maintenance of database, while with
The user right configuration file storage different user role of preset structure document format storage, different user role correspondence is different
Configuration information, can in user right configuration file the corresponding configuration information of quick obtaining current request user role, carry
The speed of high user right modification.
Description of the drawings
Fig. 1 is user right amending method flow chart in one embodiment;
Fig. 2 is based on user right amending method flow chart in method one shown in Fig. 1 specific example;
Fig. 3 is user right modification system structure diagram in one embodiment.
Specific embodiment
To make the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with drawings and Examples, to this
Invention is described in further detail.It should be appreciated that specific embodiment described herein is only to explain the present invention,
Protection scope of the present invention is not limited.
User right amending method in one embodiment, as shown in figure 1, comprising the following steps:
Step S101:Determine current request user role according to request is currently logined;
Here, user role includes admin (keeper), everyone (any user), user (domestic consumer) etc..
Specifically, the corresponding relation of request and user role is logined according to what is prestored, it is determined that it is corresponding currently to login request
Current request user role.
Step S102:Receive the corresponding authority configuration item to be modified of the current request user role;
Here, user input needs the authority configuration item of modification, and to backstage the request of modification configuration is sent.
Specifically, authority configuration item to be modified can adopt readable stronger JSON dictionary formats or xml document form.
Step S103:According to each user right in the user right configuration file stored with preset structure document format
The user role and authority configuration item of allocated segments, and the current request user role, determine the current request user
The authority configuration item of the corresponding targeted customer's authority configuration fragment of role;
Here, preset structure document format is arranged according to actual needs, for example xml document form.
Specifically, user right configuration file includes multiple user right allocated segments, each user right configuration slice
Section includes user role and authority configuration item, a user right configuration stored with xml document form in one embodiment
Fragment is:
<Normal role='admin'>
<network>10.1.166</network>
<controllerserver>10.1.xx.xxx</controllerserver>
<delayon>60</delayon>
<delayoff>5</delayoff>
<authkey>1YO4r5w8TAAk</authkey>
<expiration>3600</expiration>
<rdpkey>sq7c2b2PtnbtqKLB</rdpkey>
</normal>
User role is admin in the embodiment, and authority configuration item is<normal>With</normal>Between each match somebody with somebody
Put item.
Step S104:Matched somebody with somebody according to the authority that the authority configuration item to be modified changes targeted customer's authority configuration fragment
Put item.
Here, first targeted customer's authority configuration fragment authority configuration item find it is corresponding with authority configuration item to be modified
Authority configuration item;
Whether the authority configuration item that judgement is found is identical with authority configuration item to be modified;
When judging different, according to the authority configuration item that authority configuration item to be modified modification is found.
It is evidenced from the above discussion that, user right amending method of the present invention, because user right configuration file is with preset structure
Change document format storage, it is not necessary to which user right configuration file is stored in database, save expense and the maintenance of database,
The user right configuration file storage different user role for being stored with preset structure document format simultaneously, different user role couple
Answer different configuration informations, can in user right configuration file quick obtaining current request user role it is corresponding with confidence
Breath, improves the speed of user right modification.
Additionally, in a specific example, determining the corresponding targeted customer's authority configuration of the current request user role
The mode of the authority configuration item of fragment includes:
According to the user role of each user right allocated segments, obtain in each described user right allocated segments
Take targeted customer's authority configuration fragment corresponding with the current request user role;
According to the authority configuration item of each user right allocated segments, targeted customer's authority configuration fragment is determined
Authority configuration item.
Here, by each user right allocated segments in current request user role and above-mentioned user right configuration file
In user role matched, after role match passes through, obtain corresponding with current request user role targeted customer and weigh
Limit allocated segments;Otherwise stopping is processed, and returns null value or any value without flesh and blood.
Specifically, the mode bag of targeted customer's authority configuration fragment corresponding with the current request user role is obtained
Include:
According to the user role for prestoring and the corresponding relation of role hierarchy, the role of the current request user role is determined
The role hierarchy of the user role of grade and each user right allocated segments;
According to the role hierarchy of the user role of each user right allocated segments, match somebody with somebody in each described user right
Put and obtain in fragment targeted customer's authority configuration fragment corresponding with the current request user role, targeted customer's authority
Allocated segments be less than and match somebody with somebody equal to the corresponding user right of user role of the role hierarchy of the current request user role
Put fragment.
Here, the user right configuration file to prestoring is carried out filtering and obtains the corresponding target use of current request user role
Family authority configuration fragment.
Here, obtain in each user right allocated segments and be less than and equal to the role hierarchy of current request user role
The corresponding targeted customer's authority configuration fragment of user role, such as user right configuration file includes the configuration of 3 user rights
Fragment, the user role of first user right allocated segments is admin, the user role of second user right allocated segments
For user, the user role of third party authority configuration fragment is everyone, and the corresponding role hierarchies of wherein admin are more than
The corresponding role hierarchies of user, the corresponding role hierarchies of user are more than the corresponding role hierarchies of everyone, current request user
Role is user, then targeted customer's authority configuration fragment is the corresponding user right allocated segments of user role user and user angle
The corresponding user right allocated segments of color everyone.
Additionally, in a specific example, each described user right allocated segments also includes operational attribute;
Methods described also includes step:
According to the operational attribute of each user right allocated segments, targeted customer's authority configuration fragment is determined
Operational attribute;
Whether the operational attribute for judging targeted customer's authority configuration fragment is read-write;
When the operational attribute for judging targeted customer's authority configuration fragment is as read-write, enter according to the power to be modified
The step of limit configuration item changes the authority configuration item of targeted customer's authority configuration fragment.
Specifically, when the operational attribute of targeted customer's authority configuration fragment is to read and write or being read-only, according to power to be modified
Limit configuration item changes the authority configuration item of targeted customer's authority configuration fragment, otherwise, stops modification.
Here, authority configuration item and operational attribute are linked up with, and the user for preventing low rights accesses important configuration information, while
The user for preventing low rights distorts important configuration information, configuration information has been obtained the configurable of the bigger free degree and has been protected,
Meet the scene application needs of multi-user/multi-tenant.
Additionally, in a specific example, methods described also includes step:
The authority configuration item of the authority configuration item to be modified and targeted customer's authority configuration fragment is carried out respectively
Json formattings are processed.
Specifically, json is carried out to the authority configuration item of targeted customer's authority configuration fragment and formats the mode bag for processing
Include:
Targeted customer's authority configuration fragment is resolved into a kind of tree, will the parsing of targeted customer's authority configuration fragment
For child node, the authority configuration item that targeted customer's authority configuration fragment is included is resolved into leaf node;
Above-mentioned child node is iterated, the keyword and value of each leaf node that above-mentioned child node is included is determined.
The structured document of script, after being resolved, can be converted into json forms, and basic format is { " keyword ":
" value " } mapping dictionary, ultimately form readable stronger value, facilitate subsequent treatment.
In the same manner, treating modification authority configuration item carries out json formatting process.
Additionally, in a specific example, methods described also includes step:
Detect whether the syntax format of the authority configuration item to be modified is correct;
When the syntax format for detecting the authority configuration item to be modified is correct, into the determination current request user angle
The step of authority configuration item of color corresponding targeted customer's authority configuration fragment.
Specifically, detect whether the syntax format of authority configuration item to be modified is correct, presets language according to default syntax format
Method form is according to each user right allocated segments in the user right configuration file stored with preset structure document format
Authority configuration item determines.
When the syntax format for detecting authority configuration item to be modified is correct, the corresponding target of current request user role is determined
The authority configuration item of user right allocated segments, otherwise, stops subsequent treatment.
In order to more fully understand said method, the application of a user right amending method of the present invention detailed below is real
Example.
As shown in Fig. 2 may comprise steps of:
Step S201:User right configuration file, each in the user right configuration file are stored with xml document form
User right allocated segments include user role, operational attribute and authority configuration item;
All kinds of configurations are identified using a pair of brackets, and file structure is as follows in one embodiment:
Here, there are two user right allocated segments normal and log in above-described embodiment in user right configuration file,
The wherein user role role of user right allocated segments normal is admin, and operational attribute opt is r/w, and authority configuration item is
<normal>With</normal>Between each configuration item;The user role role of user right allocated segments log is
Everyone, operational attribute opt are r, and authority configuration item is<log>With</log>Between each configuration item.
Specifically, user role includes admin (keeper), everyone (any user), user (domestic consumer) etc..
Operational attribute includes r/w (read/write), r (read-only) etc..
Step S202:Receive client transmission currently logins request, and currently logining request includes logining user name and step on
Enter password;
Step S203:Determine current request user role according to request is currently logined;
Specifically, according to the corresponding relation of the username and password and user role for prestoring, it is determined that logining user with above-mentioned
Name logins the corresponding current request user role of password with above-mentioned.
Step S204:Receive the corresponding authority configuration item to be modified of current request user role that above-mentioned client sends;
Here, user input needs the authority configuration item of modification, and to backstage the request of modification configuration is sent.
Specifically, authority configuration item to be modified can adopt readable stronger JSON dictionary formats or xml document form.
Step S205:Detect whether the syntax format of above-mentioned authority configuration item to be modified is correct;
Specifically, detect whether the syntax format of authority configuration item to be modified is correct, presets language according to default syntax format
Method form is according to each user right allocated segments in the user right configuration file stored with preset structure document format
Authority configuration item determines.
Step S206:When the syntax format for detecting above-mentioned authority configuration item to be modified is correct, according to the user angle for prestoring
The corresponding relation of color and role hierarchy, in determining the role hierarchy and above-mentioned user right configuration file of current request user role
The role hierarchy of the user role of each user right allocated segments, otherwise, stops subsequent treatment;
Step S207:According to the angle of the user role of each user right allocated segments in above-mentioned user right configuration file
Colour gradation, obtains targeted customer's authority configuration piece corresponding with current request user role in each user right allocated segments
Section, targeted customer's authority configuration fragment be less than and it is corresponding equal to the user role of the role hierarchy of current request user role
User right allocated segments;
Specifically, the corresponding role hierarchies of admin are more than the corresponding role hierarchies of user, and the corresponding role hierarchies of user are big
In the corresponding role hierarchies of everyone.
Here, current request user role is admin, then targeted customer's authority configuration fragment is user role admin pair
The corresponding user right allocated segments of user right allocated segments and user role everyone answered.
Step S208:According to the authority configuration item of each user right allocated segments in above-mentioned user right configuration file,
Determine the authority configuration item of targeted customer's authority configuration fragment;
Step S209:According to the operational attribute of each user right allocated segments in above-mentioned user right configuration file, really
The operational attribute of the user right allocated segments that set the goal;
Step S210:Whether the operational attribute for judging targeted customer's authority configuration fragment is read-write;
Step S211:When the operational attribute for judging targeted customer's authority configuration fragment is as read-write, respectively to above-mentioned to be repaired
Changing the authority configuration item of authority configuration item and above-mentioned targeted customer's authority configuration fragment carries out json formatting process;
Here, authority configuration item and operational attribute are linked up with, and the user for preventing low rights accesses important configuration information, while
The user for preventing low rights distorts important configuration information, configuration information has been obtained the configurable of the bigger free degree and has been protected,
Meet the scene application needs of multi-user/multi-tenant.
Specifically, json is carried out to the authority configuration item of targeted customer's authority configuration fragment and formats the mode bag for processing
Include:
Targeted customer's authority configuration fragment is resolved into a kind of tree, will the parsing of targeted customer's authority configuration fragment
For child node, the authority configuration item that targeted customer's authority configuration fragment is included is resolved into leaf node;
Above-mentioned child node is iterated, the keyword and value of each leaf node that above-mentioned child node is included is determined.
The structured document of script, after being resolved, can be converted into json forms, and basic format is { " keyword ":
" value " } mapping dictionary, ultimately form readable stronger value, facilitate subsequent treatment.
In the same manner, treating modification authority configuration item carries out json formatting process.
Here, or respectively user right configuration file and authority configuration to be modified are stored with xml document form to above-mentioned
Item carries out json formatting process;
Specifically, to carrying out bag in the way of json formats process by xml document form storage user right configuration file
Include:
Read in by row with xml document form storage user right configuration file above-mentioned, be spliced into a large-scale character
String variable;
Configuration file is converted into after character string, the bracket mark of head and the tail in character string '<config>With</config
>', showing the whole story of file, this is complete configuration information.
Then above-mentioned user right configuration file is resolved into a kind of tree, will be each in user right configuration file
Individual user right allocated segments resolve to child node, and the authority configuration item that user right allocated segments are included resolves to leaf section
Point, is iterated to each child node, determines the keyword and value of each leaf node that each child node is included;
Specifically, by taking the file structure embodiment in above-mentioned steps S201 as an example, parsing obtains root node config, derives from
Go out two child nodes normal and log, normal and log and derive some child nodes respectively, respectively to different son sections
Point is iterated, and finally obtains the value of each leaf node, and the structured document of script after being resolved, can be converted into json
Form, basic format is { " keyword ":" value " } mapping dictionary, ultimately form readable stronger value, facilitate subsequent treatment.
Here, two child nodes normal and log include user role, operational attribute and authority configuration item.
Step S212:Find and authority configuration item to be modified in the authority configuration item of above-mentioned targeted customer's authority configuration fragment
Corresponding authority configuration item;
Specifically, authority configuration item to be modified includes { " keyword ":" value " }, in above-mentioned targeted customer's authority configuration fragment
Authority configuration item find keyword identical authority configuration item with authority configuration item to be modified, the authority configuration item includes
{ " keyword ":" value " };
Step S213:The value of the authority configuration item found according to value amendment step S212 of authority configuration item to be modified.
Here, whether the value of the authority configuration item that the value and step S212 for judging authority configuration item to be modified finds is identical;
When judging different, the value of the authority configuration item that step S212 is found is revised as authority configuration item to be modified
Value.
The value of such as authority configuration item to be modified is 20, and the value of the authority configuration item that step S212 finds is 10, by step
The value of the authority configuration item that S212 finds is revised as 20.
It is evidenced from the above discussion that, the present embodiment stores user right configuration file with xml document form, current receiving
After logining request, according to request is currently logined current request user role is determined, receive treating for current request user role input
Modification authority configuration item, detects whether the syntax format of above-mentioned authority configuration item to be modified correct, when detecting correct, according to
The user role of each user right allocated segments in the competence profile of family, obtains the mesh matched with current request user role
The corresponding targeted customer's authority configuration fragment of mark user role, further determines that the authority configuration of targeted customer's authority configuration fragment
Item and operational attribute, when the operational attribute of targeted customer's authority configuration fragment is to read and write, match somebody with somebody respectively to above-mentioned authority to be modified
Putting the authority configuration item of item and above-mentioned targeted customer's authority configuration fragment carries out json formatting process, in above-mentioned targeted customer power
The authority configuration item of limit allocated segments finds authority configuration item corresponding with authority configuration item to be modified, is matched somebody with somebody according to authority to be modified
Put the authority configuration item that item modification is found.The present embodiment is because user right configuration file is with the storage of xml document form, it is not necessary to
User right configuration file is stored in database, expense and the maintenance of database is saved;With the use that xml document form is stored
Family competence profile storage different user role, the different configuration information of different user role correspondence can be in user right
The corresponding configuration information of quick obtaining current request user role in configuration file, improves the speed of user right modification;Authority
Configuration item and operational attribute are linked up with, and the user for preventing low rights accesses important configuration information, while preventing the user of low rights
Important configuration information is distorted, configuration information has been obtained the configurable of the bigger free degree and has been protected, meet multi-user/multi-tenant
Scene application need.
User right modification system in one embodiment, as shown in figure 3, including:
Current request user role determining module 301, currently logins request and determines current request user role for basis;
Authority configuration item receiver module 302 to be modified, it is corresponding to be modified for receiving the current request user role
Authority configuration item;
Authority configuration item determining module 303, is configured for basis with the user right that preset structure document format is stored
The user role of each user right allocated segments and authority configuration item in file, and the current request user role, really
Determine the authority configuration item of the corresponding targeted customer's authority configuration fragment of the current request user role;
User right modified module 304, for changing targeted customer's authority according to the authority configuration item to be modified
The authority configuration item of allocated segments.
As shown in figure 3, in a specific embodiment, the authority configuration item determining module 303 includes:
Targeted customer's authority configuration fragment acquiring unit 3031, for according to the use of each user right allocated segments
Family role, obtains targeted customer's power corresponding with the current request user role in each described user right allocated segments
Limit allocated segments;
Authority configuration item determining unit 3032, for according to the authority configuration item of each user right allocated segments,
Determine the authority configuration item of targeted customer's authority configuration fragment.
Additionally, in a specific example, each described user right allocated segments also includes operational attribute;
As shown in figure 3, in a specific embodiment, the system also includes:
Operational attribute determining module 305, for according to the operational attribute of each user right allocated segments, determining institute
State the operational attribute of targeted customer's authority configuration fragment;
Operational attribute judge module 306, for judging that whether the operational attribute of targeted customer's authority configuration fragment be
Read-write;
When the operational attribute judge module 306 judges the operational attribute of targeted customer's authority configuration fragment as read-write
When, the user right modified module 304 changes targeted customer's authority configuration piece according to the authority configuration item to be modified
The authority configuration item of section.
As shown in figure 3, in a specific embodiment, the system also includes:
Json formatting modules 307, for matching somebody with somebody to the authority configuration item to be modified and targeted customer's authority respectively
Putting the authority configuration item of fragment carries out json formatting process.
As shown in figure 3, in a specific embodiment, the system also includes:
Whether syntax format detection module 308, the syntax format for detecting the authority configuration item to be modified is correct;
When the syntax format detection module 308 is detected the syntax format of the authority configuration item to be modified is correct when, institute
Authority configuration item determining module 303 is stated according to each use in the user right configuration file stored with preset structure document format
The user role and authority configuration item of family authority configuration fragment, and the current request user role, determine and described currently please
Seek the authority configuration item of the corresponding targeted customer's authority configuration fragment of user role.
It is evidenced from the above discussion that, user right of the present invention changes system, because user right configuration file is with preset structure
Change document format storage, it is not necessary to which user right configuration file is stored in database, save expense and the maintenance of database,
The user right configuration file storage different user role for being stored with preset structure document format simultaneously, different user role couple
Answer different configuration informations, can in user right configuration file quick obtaining current request user role it is corresponding with confidence
Breath, improves the speed of user right modification.
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality
Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, the scope of this specification record is all considered to be.
Embodiment described above only expresses the several embodiments of the present invention, and its description is more concrete and detailed, but and
Can not therefore be construed as limiting the scope of the patent.It should be pointed out that for one of ordinary skill in the art comes
Say, without departing from the inventive concept of the premise, some deformations and improvement can also be made, these belong to the protection of the present invention
Scope.Therefore, the protection domain of patent of the present invention should be defined by claims.
Claims (10)
1. a kind of user right amending method, it is characterised in that comprise the following steps:
Determine current request user role according to request is currently logined;
Receive the corresponding authority configuration item to be modified of the current request user role;
According to the use of each user right allocated segments in the user right configuration file stored with preset structure document format
Family role and authority configuration item, and the current request user role, determine the corresponding mesh of the current request user role
The authority configuration item of mark user right allocated segments;
The authority configuration item of targeted customer's authority configuration fragment is changed according to the authority configuration item to be modified.
2. user right amending method according to claim 1, it is characterised in that determine the current request user role
The mode of the authority configuration item of corresponding targeted customer's authority configuration fragment includes:
According to the user role of each user right allocated segments, in each described user right allocated segments obtain with
The corresponding targeted customer's authority configuration fragment of the current request user role;
According to the authority configuration item of each user right allocated segments, the power of targeted customer's authority configuration fragment is determined
Limit configuration item.
3. user right amending method according to claim 1 and 2, it is characterised in that each described user right configuration
Fragment also includes operational attribute;
Methods described also includes step:
According to the operational attribute of each user right allocated segments, the operation of targeted customer's authority configuration fragment is determined
Attribute;
Whether the operational attribute for judging targeted customer's authority configuration fragment is read-write;
When the operational attribute for judging targeted customer's authority configuration fragment is as read-write, enters and matched somebody with somebody according to the authority to be modified
The step of putting the authority configuration item of item modification targeted customer's authority configuration fragment.
4. user right amending method according to claim 1, it is characterised in that methods described also includes step:
Respectively json is carried out to the authority configuration item of the authority configuration item to be modified and targeted customer's authority configuration fragment
Formatting is processed.
5. user right amending method according to claim 1, it is characterised in that methods described also includes step:
Detect whether the syntax format of the authority configuration item to be modified is correct;
When the syntax format for detecting the authority configuration item to be modified is correct, into the determination current request user role pair
The step of authority configuration item of the targeted customer's authority configuration fragment answered.
6. a kind of user right changes system, it is characterised in that include:
Current request user role determining module, currently logins request and determines current request user role for basis;
Authority configuration item receiver module to be modified, for receiving the corresponding authority configuration to be modified of the current request user role
;
Authority configuration item determining module, it is each in the user right configuration file stored with preset structure document format for basis
The user role and authority configuration item of individual user right allocated segments, and the current request user role, it is determined that described work as
The authority configuration item of the front request corresponding targeted customer's authority configuration fragment of user role;
User right modified module, for changing targeted customer's authority configuration fragment according to the authority configuration item to be modified
Authority configuration item.
7. user right according to claim 6 changes system, it is characterised in that the authority configuration item determining module bag
Include:
Targeted customer's authority configuration fragment acquiring unit, for according to the user role of each user right allocated segments,
Targeted customer's authority configuration corresponding with the current request user role is obtained in each described user right allocated segments
Fragment;
Authority configuration item determining unit, for according to the authority configuration item of each user right allocated segments, it is determined that described
The authority configuration item of targeted customer's authority configuration fragment.
8. the user right according to claim 6 or 7 changes system, it is characterised in that each described user right configuration
Fragment also includes operational attribute;
The system also includes:
Operational attribute determining module, for according to the operational attribute of each user right allocated segments, determining the target
The operational attribute of user right allocated segments;
Operational attribute judge module, for judging whether the operational attribute of targeted customer's authority configuration fragment is read-write;
It is described when the operational attribute judge module judges the operational attribute of targeted customer's authority configuration fragment as read-write
User right modified module is matched somebody with somebody according to the authority that the authority configuration item to be modified changes targeted customer's authority configuration fragment
Put item.
9. user right according to claim 6 changes system, it is characterised in that the system also includes:
Json formatting modules, for respectively to the authority configuration item to be modified and targeted customer's authority configuration fragment
Authority configuration item carries out json formatting process.
10. user right according to claim 6 changes system, it is characterised in that the system also includes:
Whether syntax format detection module, the syntax format for detecting the authority configuration item to be modified is correct;
When the syntax format of the syntax format detection module detection authority configuration item to be modified is correct, the authority is matched somebody with somebody
A determining module is put according to each user right configuration in the user right configuration file stored with preset structure document format
The user role and authority configuration item of fragment, and the current request user role, determine the current request user role
The authority configuration item of corresponding targeted customer's authority configuration fragment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611237983.6A CN106650500B (en) | 2016-12-28 | 2016-12-28 | User permission modification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611237983.6A CN106650500B (en) | 2016-12-28 | 2016-12-28 | User permission modification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106650500A true CN106650500A (en) | 2017-05-10 |
| CN106650500B CN106650500B (en) | 2020-04-14 |
Family
ID=58832364
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611237983.6A Active CN106650500B (en) | 2016-12-28 | 2016-12-28 | User permission modification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106650500B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109284602A (en) * | 2018-09-13 | 2019-01-29 | 广东电网有限责任公司 | A kind of authority configuring method and system |
| WO2022033130A1 (en) * | 2020-08-11 | 2022-02-17 | 深圳市前海手绘科技文化有限公司 | Method for editing and saving json configuration file |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773413A (en) * | 2004-11-10 | 2006-05-17 | 中国人民解放军国防科学技术大学 | Character constant weight method |
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN103034790A (en) * | 2011-09-30 | 2013-04-10 | 上海博泰悦臻网络技术服务有限公司 | Service system and user permission activation method |
| CN104036166A (en) * | 2014-06-11 | 2014-09-10 | 中国人民解放军国防科学技术大学 | User privilege escalation method supporting mandatory access control |
| CN104732123A (en) * | 2015-03-24 | 2015-06-24 | 浪潮集团有限公司 | Function operation authority control method based on JSON format |
| CN105488431A (en) * | 2015-11-30 | 2016-04-13 | 布比(北京)网络技术有限公司 | Authority management method and device for block chain system |
-
2016
- 2016-12-28 CN CN201611237983.6A patent/CN106650500B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773413A (en) * | 2004-11-10 | 2006-05-17 | 中国人民解放军国防科学技术大学 | Character constant weight method |
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN103034790A (en) * | 2011-09-30 | 2013-04-10 | 上海博泰悦臻网络技术服务有限公司 | Service system and user permission activation method |
| CN104036166A (en) * | 2014-06-11 | 2014-09-10 | 中国人民解放军国防科学技术大学 | User privilege escalation method supporting mandatory access control |
| CN104732123A (en) * | 2015-03-24 | 2015-06-24 | 浪潮集团有限公司 | Function operation authority control method based on JSON format |
| CN105488431A (en) * | 2015-11-30 | 2016-04-13 | 布比(北京)网络技术有限公司 | Authority management method and device for block chain system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109284602A (en) * | 2018-09-13 | 2019-01-29 | 广东电网有限责任公司 | A kind of authority configuring method and system |
| WO2022033130A1 (en) * | 2020-08-11 | 2022-02-17 | 深圳市前海手绘科技文化有限公司 | Method for editing and saving json configuration file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106650500B (en) | 2020-04-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10050986B2 (en) | Systems and methods for traffic classification | |
| US8925087B1 (en) | Apparatus and methods for in-the-cloud identification of spam and/or malware | |
| CN110427754B (en) | Network application attack detection method, device, equipment and storage medium | |
| CN108718298B (en) | Malicious external connection flow detection method and device | |
| US20170149830A1 (en) | Apparatus and method for automatically generating detection rule | |
| CN110177114B (en) | Network security threat indicator identification method, equipment, device and computer readable storage medium | |
| US10848505B2 (en) | Cyberattack behavior detection method and apparatus | |
| US9461966B2 (en) | Method and apparatus for rating URLs | |
| US20140207853A1 (en) | External link processing | |
| WO2017188534A1 (en) | Method for supporting normalization of unstructured data and computing apparatus using same | |
| CN106126383B (en) | A kind of log processing method and device | |
| WO2017217163A1 (en) | Access classification device, access classification method, and access classification program | |
| CN110096303B (en) | Code detection method and device | |
| US20130232545A1 (en) | System and method for detecting and preventing attacks against a server in a computer network | |
| CN106650414A (en) | User authority management method and system | |
| CN106650500A (en) | Method and system for modifying user authority | |
| US11729145B2 (en) | User interface for web server risk awareness | |
| WO2016201994A1 (en) | Method and device for determining domain name credibility | |
| KR101639869B1 (en) | Program for detecting malignant code distributing network | |
| US11539746B2 (en) | Methods and systems for browser spoofing mitigation | |
| CN116136901B (en) | Application program anti-counterfeiting method and device, computer equipment and storage medium | |
| US20110161798A1 (en) | Matching various combinations of xpath uris to the same xml node | |
| CN115242436B (en) | Malicious traffic detection method and system based on command line characteristics | |
| CN113992371B (en) | Threat label generation method and device for traffic log and electronic equipment | |
| US20220350686A1 (en) | Application programming interface (api) and site discovery via request similarity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |