CN106850623A - A kind of general information issue right management method - Google Patents
A kind of general information issue right management method Download PDFInfo
- Publication number
- CN106850623A CN106850623A CN201710066956.5A CN201710066956A CN106850623A CN 106850623 A CN106850623 A CN 106850623A CN 201710066956 A CN201710066956 A CN 201710066956A CN 106850623 A CN106850623 A CN 106850623A
- Authority
- CN
- China
- Prior art keywords
- authority
- function
- user
- column
- distribution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of general information issue right management method, belong to software hierarchy architecture technology field, the present invention is by defining one group of feature operation set, each operation has the binary features code of oneself, configuration information and the corresponding relation of operational set, are quoted and inherit, and the setting of user right can be realized based on these definition, wildcard strategy is quoted, the safety acquisition of user access resources data is finally met.By this method, can actually avoid reducing because column increases and function increases cumbersome, inconvenience that distribution limiting operation brings simultaneously, also Consumer's Experience is improved.
Description
Technical field
The present invention relates to software hierarchy architecture technology, more particularly to a kind of general information issue right management method.
Background technology
Computer network can effectively realize resource-sharing, but resource-sharing and information security are conflicts.Current enterprise
Information-based and management the networking of industry turns into trend, and increasing enterprise builds the network information management platform of oneself.
But management information is put on network, the authority for how managing distribution and control user turns into the weight for influenceing management information security
Want problem.
The control of authority of network is directed to a kind of safety precautions that network illegal operation is proposed.Disparate networksization are believed
Control of authority problem will necessarily be related in the exploitation of breath system.In terms of the safety management of information system, current enterprise-level information
Issue safety applications major part is all that multiple management person's mechanism, i.e. application system have multiple management person, upper-level management's
Function of the function comprising lower floor keeper simultaneously can carry out the control of some authorities to lower floor keeper.It is thicker for authorized granularity
Opening or semi Open System, on the one hand they cannot carry out unconfined supervisory level expansion, on the other hand, for each
The keeper of rank can not easily change function choosing-item, lose the flexibility of script keeper, and also add service
The burden of device.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of general information issue right management method.Purpose
It is to provide the function that user profile issues control of authority, it is to avoid cumbersome, inconvenience.
By being one group of function set of each column definition of each module in system, this group set is defined under each column the present invention
All associative operations, so as to the extension of function and the flexible allocation of authority can be realized based on this group of collective standard.
The technical scheme is that:
A kind of general information issue authority control method, comprises the steps of:
A, structure definition.
The distribution of B, authority.
Rights interface API when C, operation.
In step A, in order to realize system function control of authority, it is necessary to first define whole system functions of modules collection.It is fixed
Adopted structure includes following several parts:
(5) dividing system module.
(6) each column L={ i under each module are defined0,i1,i2,…,in}。
(7) defined function set OP={ a0,a1,a2,……,an, wherein corresponding authority characteristic value is 1 (20)、
2(21)、4(22)…、2n(2n)。
(8) defined field corresponding function collection PS (L nown)={ a0,a1,a2,a3,…}。
Wherein, particularly, " column ", is exactly the form of a class same alike result content revealing, such as corporate news, dynamic point
A column is not represented.
Wherein " defined function set op ", general utility functions and personalized function two parts are distinguished in definition, and general utility functions is (as increased
Plus, delete, edit, checking details ...), personalized function (as examination & verification, issue, authorize ...), be described in detail below:
Wherein " defined field now corresponding function collection ", comprising two operation:" obtaining the general operation set of function privilege ",
" preserving individual operation set ".It is described in detail below:
In step B, the distribution of authority is realized by the column privilege feature set defined in operating procedure A.Step B
User, tissue or the different dimension distribution authority of role can be given.Wildcard principle is quoted in distribution, simplifies operation, flexibly and easily.Point
That matches somebody with somebody is described in detail below:
In step C, during being run in system, the authority information that is set by operating procedure B realizes particular user pair
The operation and access of information column.It is described in detail below:
It is of the invention with function and beneficial effect:
The user for passing through to set up from fine to coarse of the invention, tissue and three different dimensions licensing schemes of role, realize to weighing
The personalized customization of the fine granularity management and user of operation to data browse right is limited, not only through data filtering, is reduced
The difficulty for operating and using, and by supporting to press class authority function, realize the polymerization and multiplexing of authority.By using resource
Manager technology, solves the scaling concern in multiple types, multi-level user context system.Not only preferably solve due to power
The limit security slightly brought excessively of granularity is low, complex operation shortcoming, but also by reducing volume of transmitted data, alleviate server and
The burden of network.
Brief description of the drawings
Fig. 1 is that the information provided for the present invention issues authority control method schematic diagram.
Specific embodiment
In order to preferably explain present disclosure, more detailed elaboration is carried out to the present invention below by embodiment:
Multi-stage user manages inflexible problem in being applied for current enterprise, and authority pipe is realized using binary characteristic
The simple differentiation of reason, the flexibility of user function is realized using role, tissue with user management.The present invention is with authority condition code
The access authorization for resource control computing on basis is combined with binary digit computing, proposes a kind of new access authorization for resource method of controlling.
The schematic diagram of its parsing of the invention to the method for the present embodiment with the identity of user 1 as shown in figure 1, explained
Bright, it comprises the following steps:
(1) structure definition;
(2) distribution of authority;
(3) rights interface API when running;
Assuming that certain column information firm news is, it is necessary to control following authority:
(1) only have an other user can with typing, examination & verification, manage column;
(2) part department, individual character personnel may browse through and read the column information.
Step one:Function privilege binary definition.
Step 2:Column corporate news are set into authority, selects corresponding individual user, tissue, role to be respectively provided with work(
Can authority, preservation setting authority information.
Saving interface method
public string SaveShareTargets(Dictionary<string,string>para)
Step 3:The parsing of prescribed profile.When user accesses column corporate news, call first based on the column authority
The access interface of configuration information, ID, user group ID, the affiliated role ID of user are passed in method GetUserAcl, should
Calling interface method be based on attribute permission object analytics engine, to define binary system authority code parse, according to fortune
Calculate result, corresponding function privilege code, 1:With authority, 0:Without the authority.Return result to user.
Obtain login user rights interface method
public string GetUserAcl(Dictionary<string,string>para)
Step 4:According to returning result, resource is accessed.
Claims (4)
1. a kind of general information issues right management method, it is characterised in that
Comprise the steps of:
A, structure definition
The distribution of B, authority
Rights interface API when C, operation
By defining one group of feature operation set, each operation has the binary features code of oneself, configuration information and operation set
The corresponding relation of conjunction, is quoted and inherits, and the setting of user right can be realized based on these definition, quotes wildcard strategy, final full
The safety acquisition of sufficient user access resources data.
2. method according to claim 1, it is characterised in that
In step, in order to realize system function control of authority, it is necessary to first define whole system functions of modules collection;Definition
Structure includes following several parts:
(1) dividing system module
(2) each column L={ i under each module are defined0,i1,i2,…,in}
(3) defined function set OP={ a0,a1,a2,……,an, wherein corresponding authority characteristic value is 1 (20)、2(21)、4
(22)…、2n(2n)
(4) defined field corresponding function collection PS (L nown)={ a0,a1,a2,a3,…}
Wherein, " column ", is the form of a class same alike result content revealing;
Wherein " defined function set op ", general utility functions and personalized function two parts are distinguished in definition, are described in detail below:
Defined function, according to the function information of input, is preserved;Whether it includes " general " parameter, sets corresponding
Binary system authority characteristic value code;Without return value;
Wherein " defined field now corresponding function collection ", comprising two operations:Obtain the general operation set of function privilege, preserve individual character
Change operational set;It is described in detail below:
The general operation set of function privilege is obtained, the function universal set for setting is obtained, the column of definition inherits general utility functions collection;
Return to universal set;
Preserve individual operation set, the personalized function collection of assignment of allocation;If it did not, needing first to safeguard that personalized function is believed
Breath;Without return value.
3. method according to claim 2, it is characterised in that
In stepb, the distribution of authority is realized by the column privilege feature set defined in operating procedure A;Step B can
Authority is distributed with to user, tissue or the different dimension of role;That distributes is described in detail below:
Distribution authority, to user, tissue, role's distribution authority, wildcard principle is used in this distribution;
Authority distribution record is preserved, user, tissue, the authority information preservation of role's different dimensions setting that will be set;Without return
Value.
4. method according to claim 3, it is characterised in that
In step C, during being run in system, the authority information set by operating procedure B realizes particular user to letter
Cease the operation and access of column;It is described in detail below:
GetUserAcl, when user accesses column corporate news, calls the access based on the column priority assignation information first
Interface, ID, user group ID, the affiliated role ID of user is passed in method GetUserAcl, the calling interface method base
In the permission object analytics engine of attribute, the binary system authority code to defining is parsed, according to operation result, corresponding work(
Can authority code, 1:With authority, 0:Without the authority;Return result to user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710066956.5A CN106850623A (en) | 2017-02-07 | 2017-02-07 | A kind of general information issue right management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710066956.5A CN106850623A (en) | 2017-02-07 | 2017-02-07 | A kind of general information issue right management method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106850623A true CN106850623A (en) | 2017-06-13 |
Family
ID=59122007
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710066956.5A Pending CN106850623A (en) | 2017-02-07 | 2017-02-07 | A kind of general information issue right management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106850623A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107688732A (en) * | 2017-09-15 | 2018-02-13 | 郑州云海信息技术有限公司 | A kind of configuration of access authorization for resource, acquisition methods and device |
CN109697357A (en) * | 2018-12-27 | 2019-04-30 | 珠海格力电器股份有限公司 | System permission setting method, the management system of dynamic extending |
TWI712972B (en) * | 2018-12-28 | 2020-12-11 | 開曼群島商創新先進技術有限公司 | Trustworthiness verification method, system, device and equipment of alliance chain |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101631116A (en) * | 2009-08-10 | 2010-01-20 | 中国科学院地理科学与资源研究所 | Distributed dual-license and access control method and system |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
US20160098572A1 (en) * | 2014-10-01 | 2016-04-07 | Viktor Povalyayev | Providing Integrated Role-based Access Control |
CN105787317A (en) * | 2016-03-23 | 2016-07-20 | 中国电力科学研究院 | Permission control method based on multi-layer hierarchy system |
-
2017
- 2017-02-07 CN CN201710066956.5A patent/CN106850623A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101631116A (en) * | 2009-08-10 | 2010-01-20 | 中国科学院地理科学与资源研究所 | Distributed dual-license and access control method and system |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
US20160098572A1 (en) * | 2014-10-01 | 2016-04-07 | Viktor Povalyayev | Providing Integrated Role-based Access Control |
CN105787317A (en) * | 2016-03-23 | 2016-07-20 | 中国电力科学研究院 | Permission control method based on multi-layer hierarchy system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107688732A (en) * | 2017-09-15 | 2018-02-13 | 郑州云海信息技术有限公司 | A kind of configuration of access authorization for resource, acquisition methods and device |
CN107688732B (en) * | 2017-09-15 | 2020-08-18 | 苏州浪潮智能科技有限公司 | Resource permission configuration and acquisition method and device |
CN109697357A (en) * | 2018-12-27 | 2019-04-30 | 珠海格力电器股份有限公司 | System permission setting method, the management system of dynamic extending |
TWI712972B (en) * | 2018-12-28 | 2020-12-11 | 開曼群島商創新先進技術有限公司 | Trustworthiness verification method, system, device and equipment of alliance chain |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8458337B2 (en) | Methods and apparatus for scoped role-based access control | |
US9058471B2 (en) | Authorization system for heterogeneous enterprise environments | |
US6578037B1 (en) | Partitioned access control to a database | |
US7434257B2 (en) | System and methods for providing dynamic authorization in a computer system | |
US8122484B2 (en) | Access control policy conversion | |
CA2499986C (en) | Enforcing computer security utilizing an adaptive lattice mechanism | |
US8769604B2 (en) | System and method for enforcing role membership removal requirements | |
CN105046146B (en) | A kind of resource access method of Android system | |
US8555403B1 (en) | Privileged access to managed content | |
EP2405607B1 (en) | Privilege management system and method based on object | |
US20050108526A1 (en) | Query server system security and privacy access profiles | |
US20070169204A1 (en) | System and method for dynamic security access | |
US20040088563A1 (en) | Computer access authorization | |
US20230195877A1 (en) | Project-based permission system | |
Mazzoleni et al. | XACML policy integration algorithms: not to be confused with XACML policy combination algorithms! | |
CN102904877A (en) | Binary serialization role permission management method based on cloud storage | |
CN106850623A (en) | A kind of general information issue right management method | |
US9160752B2 (en) | Database authorization rules and component logic authorization rules aggregation | |
US7260831B1 (en) | Method and system for authorization and access to protected resources | |
CN107566375B (en) | Access control method and device | |
Chen et al. | XACML and risk-aware access control | |
Ma et al. | RCBAC: A risk-aware content-based access control model for large-scale text data | |
CN114254350A (en) | Multi-dimensional fine-grained hierarchical classification management system and method and data access method | |
Pan et al. | An Attribute‐Based Access Control Policy Retrieval Method Based on Binary Sequence | |
KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170613 |
|
RJ01 | Rejection of invention patent application after publication |