CN107707572A - A kind of WEB safety access control methods of based role - Google Patents
A kind of WEB safety access control methods of based role Download PDFInfo
- Publication number
- CN107707572A CN107707572A CN201711168787.2A CN201711168787A CN107707572A CN 107707572 A CN107707572 A CN 107707572A CN 201711168787 A CN201711168787 A CN 201711168787A CN 107707572 A CN107707572 A CN 107707572A
- Authority
- CN
- China
- Prior art keywords
- user
- resources
- file
- role
- system resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to system software Permission Design technical field, the WEB safety access control methods of particularly a kind of based role.The present invention establishes user's table, Jiao Sebiao, function privilege table in a manner of RBAC;User's table associates with role's table multi-to-multi, role's table associates with function privilege table multi-to-multi;System resource table, correlation function authority list are established, function privilege table associates with system resource table multi-to-multi;Establish user resources table, association user table and role's table;User's table associates with the one-to-many association of user resources table, role's table with user resources table multi-to-multi;For system resource table and user resources table, instantiated by actual demand;According to the actual conditions of system, system resource table is instantiated as multiple specific tables.All WEB resources are contained the invention enables control of authority, have reached complete control of authority, avoid the blind area of authority;Suitable for progress WEB safe access controls in need system software.
Description
Technical field
The present invention relates to system software Permission Design technical field, the WEB secure access controls of particularly a kind of based role
Method processed.
Technical background
In the Permission Design of system software, RBAC (Role-Based Access Control, the authority of based role
Access control) be a kind of main flow function privilege control program, function privilege is associated with role, user by association role,
The authority of these roles is obtained, greatly simplifies rights management;.It can control user to see with control function authority
See some function, some resource can be accessed.But RBAC be there are problems that:
1st, without static files such as control front end script, front end pattern, front end icons, there is authority blind area;
2nd, User Defined Resource caused by user can not be controlled;
3rd, for the resistivity deficiency of illegal file.
The content of the invention
Present invention solves the technical problem that being the WEB safety access control methods for providing a kind of based role, realize
Full control of authority, avoid the blind area of authority.
The present invention solves the technical scheme of above-mentioned technical problem:
Described method comprises the following steps:
Step 1:User's table, Jiao Sebiao, function privilege table are established in a manner of RBAC;User's table closes with role's table multi-to-multi
Connection, role's table associate with function privilege table multi-to-multi;
Step 2:System resource table, correlation function authority list are established, function privilege table associates with system resource table multi-to-multi;
Step 3:Establish user resources table, association user table and role's table;User's table is with the one-to-many pass of user resources table
Connection, role's table associate with user resources table multi-to-multi;
Step 4:For system resource table and user resources table, instantiated by actual demand;According to the reality of system
Border situation, system resource table is instantiated as multiple specific tables.
The system resource, refers to the predefined existing resource of system, also, these resources can allow use by authorizing
Family accesses;Including:Front end page file, front end pattern file, front end script file, front end icon file, front end font file,
Back end interface data.
The user resources, refer to User Defined Resource caused by user, also, these resources can allow it by authorizing
His user accesses, including:File that user uploads, file derived from user.
It is described instantiated by actual demand after table include front end page file table, front end static file table, rear end
Interface table, the upper transmitting file table of user, user's export table.
System resource and user resources are all incorporated among RBAC by the present invention so that control of authority contains all
WEB resources, reach complete control of authority, avoid the blind area of authority;RBAC only controls the system resource of a part, this
Invention controls more system resources on the basis of RBAC, but also can control user resources;Further, since all texts
Part is all by control of authority, even if hacker uploads illegal file, hacker can not also access illegal file, system is more pacified
Entirely.Suitable for progress WEB safe access controls in need system software.
Brief description of the drawings
The present invention is further described below in conjunction with the accompanying drawings:
Fig. 1 is the thinking flow chart of the present invention;
Fig. 2 is RBAC conceptual model figure;
Fig. 3 is idea of the invention illustraton of model;
Fig. 4 is the exemplary plot of present example.
Embodiment
As Figure 1-4, method of the invention includes following basic step:
Step 1:User's table, Jiao Sebiao, function privilege table are established in a manner of RBAC;User's table closes with role's table multi-to-multi
Connection, role's table associate with function privilege table multi-to-multi;
Step 2:System resource table, correlation function authority list are established, function privilege table associates with system resource table multi-to-multi;
Step 3:Establish user resources table, association user table and role's table;User's table is with the one-to-many pass of user resources table
Connection, role's table associate with user resources table multi-to-multi;
Step 4:For system resource table and user resources table, instantiated by actual demand;According to the reality of system
Border situation, system resource table is instantiated as multiple specific tables.
Aforementioned system resource, refers to the predefined existing resource of system, also, these resources can allow use by authorizing
Family accesses;Including:Front end page file, front end pattern file, front end script file, front end icon file, front end font file,
Back end interface data.
The user resources, refer to User Defined Resource caused by user, also, these resources can allow it by authorizing
His user accesses, including:File that user uploads, file derived from user.
It is described instantiated by actual demand after table include front end page file table, front end static file table, rear end
Interface table, the upper transmitting file table of user, user's export table.
Claims (5)
- A kind of 1. WEB safety access control methods of based role, it is characterised in that:Described method comprises the following steps:Step 1:User's table, Jiao Sebiao, function privilege table are established in a manner of RBAC;User's table associates with role's table multi-to-multi, angle Color table associates with function privilege table multi-to-multi;Step 2:System resource table, correlation function authority list are established, function privilege table associates with system resource table multi-to-multi;Step 3:Establish user resources table, association user table and role's table;User's table is with the one-to-many association of user resources table, angle Color table associates with user resources table multi-to-multi;Step 4:For system resource table and user resources table, instantiated by actual demand;According to the actual feelings of system Condition, system resource table is instantiated as multiple specific tables.
- 2. according to the method for claim 1, it is characterised in that:The system resource, refer to the predefined existing money of system Source, also, these resources can allow user to access by authorizing;Including:Front end page file, front end pattern file, front end pin This document, front end icon file, front end font file, back end interface data.
- 3. according to the method for claim 1, it is characterised in that:The user resources, refer to User Defined Resource caused by user, also, these resources can allow other to use by authorizing Family accesses, including:File that user uploads, file derived from user.
- 4. according to the method for claim 2, it is characterised in that:The user resources, refer to User Defined Resource caused by user, also, these resources can allow other to use by authorizing Family accesses, including:File that user uploads, file derived from user.
- 5. according to the method described in any one of Claims 1-4, it is characterised in that:For system resource table and user resources Table, instantiated by actual demand;It is described instantiated by actual demand after table include front end page file table, front end static file table, back end interface Table, the upper transmitting file table of user, user's export table.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711168787.2A CN107707572A (en) | 2017-11-21 | 2017-11-21 | A kind of WEB safety access control methods of based role |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711168787.2A CN107707572A (en) | 2017-11-21 | 2017-11-21 | A kind of WEB safety access control methods of based role |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107707572A true CN107707572A (en) | 2018-02-16 |
Family
ID=61180475
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711168787.2A Withdrawn CN107707572A (en) | 2017-11-21 | 2017-11-21 | A kind of WEB safety access control methods of based role |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107707572A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108492084A (en) * | 2018-03-02 | 2018-09-04 | 信阳师范学院 | A kind of decomposed based on Boolean matrix excavates optimization method with the role of gesture constraint |
CN108763960A (en) * | 2018-06-04 | 2018-11-06 | 北京奇虎科技有限公司 | Access authorization for resource management method and device |
CN108804944A (en) * | 2018-06-04 | 2018-11-13 | 北京奇虎科技有限公司 | Access authorization for resource configuration method based on tables of data and device |
CN110135127A (en) * | 2019-04-11 | 2019-08-16 | 北京亿赛通科技发展有限责任公司 | A kind of Document distribution formula baselined system and importing and distribution method based on sandbox |
CN112667639A (en) * | 2020-12-31 | 2021-04-16 | 恩亿科(北京)数据科技有限公司 | Authority design method, system, equipment and storage medium based on SaaS multi-tenant |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102968599A (en) * | 2012-10-25 | 2013-03-13 | 北京邮电大学 | User-defined access control system and method based on resource publisher |
CN104573478A (en) * | 2014-11-20 | 2015-04-29 | 深圳市远行科技有限公司 | User authority management system of Web application |
CN104935599A (en) * | 2015-06-18 | 2015-09-23 | 北京京东尚科信息技术有限公司 | Control and management method and system for universal right |
CN106126706A (en) * | 2016-06-30 | 2016-11-16 | 国云科技股份有限公司 | A kind of scope of resource control method of based role |
US20170214696A1 (en) * | 2016-01-27 | 2017-07-27 | International Business Machines Corporation | User abstracted rbac in a multi tenant environment |
-
2017
- 2017-11-21 CN CN201711168787.2A patent/CN107707572A/en not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102968599A (en) * | 2012-10-25 | 2013-03-13 | 北京邮电大学 | User-defined access control system and method based on resource publisher |
CN104573478A (en) * | 2014-11-20 | 2015-04-29 | 深圳市远行科技有限公司 | User authority management system of Web application |
CN104935599A (en) * | 2015-06-18 | 2015-09-23 | 北京京东尚科信息技术有限公司 | Control and management method and system for universal right |
US20170214696A1 (en) * | 2016-01-27 | 2017-07-27 | International Business Machines Corporation | User abstracted rbac in a multi tenant environment |
CN106126706A (en) * | 2016-06-30 | 2016-11-16 | 国云科技股份有限公司 | A kind of scope of resource control method of based role |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108492084A (en) * | 2018-03-02 | 2018-09-04 | 信阳师范学院 | A kind of decomposed based on Boolean matrix excavates optimization method with the role of gesture constraint |
CN108492084B (en) * | 2018-03-02 | 2021-05-28 | 信阳师范学院 | Role mining optimization method based on Boolean matrix decomposition and potential constraint |
CN108763960A (en) * | 2018-06-04 | 2018-11-06 | 北京奇虎科技有限公司 | Access authorization for resource management method and device |
CN108804944A (en) * | 2018-06-04 | 2018-11-13 | 北京奇虎科技有限公司 | Access authorization for resource configuration method based on tables of data and device |
CN110135127A (en) * | 2019-04-11 | 2019-08-16 | 北京亿赛通科技发展有限责任公司 | A kind of Document distribution formula baselined system and importing and distribution method based on sandbox |
CN112667639A (en) * | 2020-12-31 | 2021-04-16 | 恩亿科(北京)数据科技有限公司 | Authority design method, system, equipment and storage medium based on SaaS multi-tenant |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107707572A (en) | A kind of WEB safety access control methods of based role | |
US9177237B2 (en) | Computer device and method for isolating untrusted content | |
Aleman et al. | Asymmetric Synthesis of 4‐Amino‐4H‐Chromenes by Organocatalytic Oxa‐Michael/Aza‐Baylis–Hillman Tandem Reactions | |
US8458337B2 (en) | Methods and apparatus for scoped role-based access control | |
US8572755B2 (en) | Trust verification in copy and move operations | |
DE602004011871T2 (en) | Providing secure input to a system with a high security environment | |
US20130061335A1 (en) | Method, Apparatus, Computer Readable Media for a Storage Virtualization Middleware System | |
GB2538518A (en) | Computer device and method for controlling access to a resource via a security system | |
US7895664B2 (en) | Determination of access checks in a mixed role based access control and discretionary access control environment | |
DE112012004114T5 (en) | Assess the social risk due to exposure to potential threats from connected contacts | |
US9122889B2 (en) | Managing access to class objects in a system utilizing a role-based access control framework | |
CN104811932B (en) | For handling the process of safety setting or access control in mobile terminal device | |
WO2018119589A1 (en) | Account management method and apparatus, and account management system | |
US20190354395A1 (en) | Limiting folder and link sharing | |
CN104504343A (en) | Authority control method base on resource granularity | |
KR20130120893A (en) | System and method for providing cloud computing service using virtual machine | |
JP5799399B1 (en) | Virtual communication system | |
JP2004303242A (en) | Security attributes in trusted computing systems | |
Shlyakhtin et al. | Thermal behaviour of the copolymers of acrylonitrile with methyl acrylate and itaconic acid or its derivatives | |
CN114662090A (en) | File processing method, device, storage medium and system | |
Gkioulos et al. | Enhancing usage control for performance: An architecture for systems of systems | |
US11734443B2 (en) | Information control program, information control system, and information control method | |
Zhang | Applicability Analysis of Semi-Network Operating System. | |
Rozmus et al. | Computer aided shaping of safe behavior at work place | |
Dhillon et al. | Intelligent and Dynamic Permission Model for User Permissions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180216 |
|
WW01 | Invention patent application withdrawn after publication |