CN107707572A - A kind of WEB safety access control methods of based role - Google Patents

A kind of WEB safety access control methods of based role Download PDF

Info

Publication number
CN107707572A
CN107707572A CN201711168787.2A CN201711168787A CN107707572A CN 107707572 A CN107707572 A CN 107707572A CN 201711168787 A CN201711168787 A CN 201711168787A CN 107707572 A CN107707572 A CN 107707572A
Authority
CN
China
Prior art keywords
user
resources
file
role
system resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201711168787.2A
Other languages
Chinese (zh)
Inventor
梁炜平
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
G Cloud Technology Co Ltd
Original Assignee
G Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by G Cloud Technology Co Ltd filed Critical G Cloud Technology Co Ltd
Priority to CN201711168787.2A priority Critical patent/CN107707572A/en
Publication of CN107707572A publication Critical patent/CN107707572A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to system software Permission Design technical field, the WEB safety access control methods of particularly a kind of based role.The present invention establishes user's table, Jiao Sebiao, function privilege table in a manner of RBAC;User's table associates with role's table multi-to-multi, role's table associates with function privilege table multi-to-multi;System resource table, correlation function authority list are established, function privilege table associates with system resource table multi-to-multi;Establish user resources table, association user table and role's table;User's table associates with the one-to-many association of user resources table, role's table with user resources table multi-to-multi;For system resource table and user resources table, instantiated by actual demand;According to the actual conditions of system, system resource table is instantiated as multiple specific tables.All WEB resources are contained the invention enables control of authority, have reached complete control of authority, avoid the blind area of authority;Suitable for progress WEB safe access controls in need system software.

Description

A kind of WEB safety access control methods of based role
Technical field
The present invention relates to system software Permission Design technical field, the WEB secure access controls of particularly a kind of based role Method processed.
Technical background
In the Permission Design of system software, RBAC (Role-Based Access Control, the authority of based role Access control) be a kind of main flow function privilege control program, function privilege is associated with role, user by association role, The authority of these roles is obtained, greatly simplifies rights management;.It can control user to see with control function authority See some function, some resource can be accessed.But RBAC be there are problems that:
1st, without static files such as control front end script, front end pattern, front end icons, there is authority blind area;
2nd, User Defined Resource caused by user can not be controlled;
3rd, for the resistivity deficiency of illegal file.
The content of the invention
Present invention solves the technical problem that being the WEB safety access control methods for providing a kind of based role, realize Full control of authority, avoid the blind area of authority.
The present invention solves the technical scheme of above-mentioned technical problem:
Described method comprises the following steps:
Step 1:User's table, Jiao Sebiao, function privilege table are established in a manner of RBAC;User's table closes with role's table multi-to-multi Connection, role's table associate with function privilege table multi-to-multi;
Step 2:System resource table, correlation function authority list are established, function privilege table associates with system resource table multi-to-multi;
Step 3:Establish user resources table, association user table and role's table;User's table is with the one-to-many pass of user resources table Connection, role's table associate with user resources table multi-to-multi;
Step 4:For system resource table and user resources table, instantiated by actual demand;According to the reality of system Border situation, system resource table is instantiated as multiple specific tables.
The system resource, refers to the predefined existing resource of system, also, these resources can allow use by authorizing Family accesses;Including:Front end page file, front end pattern file, front end script file, front end icon file, front end font file, Back end interface data.
The user resources, refer to User Defined Resource caused by user, also, these resources can allow it by authorizing His user accesses, including:File that user uploads, file derived from user.
It is described instantiated by actual demand after table include front end page file table, front end static file table, rear end Interface table, the upper transmitting file table of user, user's export table.
System resource and user resources are all incorporated among RBAC by the present invention so that control of authority contains all WEB resources, reach complete control of authority, avoid the blind area of authority;RBAC only controls the system resource of a part, this Invention controls more system resources on the basis of RBAC, but also can control user resources;Further, since all texts Part is all by control of authority, even if hacker uploads illegal file, hacker can not also access illegal file, system is more pacified Entirely.Suitable for progress WEB safe access controls in need system software.
Brief description of the drawings
The present invention is further described below in conjunction with the accompanying drawings:
Fig. 1 is the thinking flow chart of the present invention;
Fig. 2 is RBAC conceptual model figure;
Fig. 3 is idea of the invention illustraton of model;
Fig. 4 is the exemplary plot of present example.
Embodiment
As Figure 1-4, method of the invention includes following basic step:
Step 1:User's table, Jiao Sebiao, function privilege table are established in a manner of RBAC;User's table closes with role's table multi-to-multi Connection, role's table associate with function privilege table multi-to-multi;
Step 2:System resource table, correlation function authority list are established, function privilege table associates with system resource table multi-to-multi;
Step 3:Establish user resources table, association user table and role's table;User's table is with the one-to-many pass of user resources table Connection, role's table associate with user resources table multi-to-multi;
Step 4:For system resource table and user resources table, instantiated by actual demand;According to the reality of system Border situation, system resource table is instantiated as multiple specific tables.
Aforementioned system resource, refers to the predefined existing resource of system, also, these resources can allow use by authorizing Family accesses;Including:Front end page file, front end pattern file, front end script file, front end icon file, front end font file, Back end interface data.
The user resources, refer to User Defined Resource caused by user, also, these resources can allow it by authorizing His user accesses, including:File that user uploads, file derived from user.
It is described instantiated by actual demand after table include front end page file table, front end static file table, rear end Interface table, the upper transmitting file table of user, user's export table.

Claims (5)

  1. A kind of 1. WEB safety access control methods of based role, it is characterised in that:Described method comprises the following steps:
    Step 1:User's table, Jiao Sebiao, function privilege table are established in a manner of RBAC;User's table associates with role's table multi-to-multi, angle Color table associates with function privilege table multi-to-multi;
    Step 2:System resource table, correlation function authority list are established, function privilege table associates with system resource table multi-to-multi;
    Step 3:Establish user resources table, association user table and role's table;User's table is with the one-to-many association of user resources table, angle Color table associates with user resources table multi-to-multi;
    Step 4:For system resource table and user resources table, instantiated by actual demand;According to the actual feelings of system Condition, system resource table is instantiated as multiple specific tables.
  2. 2. according to the method for claim 1, it is characterised in that:The system resource, refer to the predefined existing money of system Source, also, these resources can allow user to access by authorizing;Including:Front end page file, front end pattern file, front end pin This document, front end icon file, front end font file, back end interface data.
  3. 3. according to the method for claim 1, it is characterised in that:
    The user resources, refer to User Defined Resource caused by user, also, these resources can allow other to use by authorizing Family accesses, including:File that user uploads, file derived from user.
  4. 4. according to the method for claim 2, it is characterised in that:
    The user resources, refer to User Defined Resource caused by user, also, these resources can allow other to use by authorizing Family accesses, including:File that user uploads, file derived from user.
  5. 5. according to the method described in any one of Claims 1-4, it is characterised in that:For system resource table and user resources Table, instantiated by actual demand;
    It is described instantiated by actual demand after table include front end page file table, front end static file table, back end interface Table, the upper transmitting file table of user, user's export table.
CN201711168787.2A 2017-11-21 2017-11-21 A kind of WEB safety access control methods of based role Withdrawn CN107707572A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711168787.2A CN107707572A (en) 2017-11-21 2017-11-21 A kind of WEB safety access control methods of based role

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711168787.2A CN107707572A (en) 2017-11-21 2017-11-21 A kind of WEB safety access control methods of based role

Publications (1)

Publication Number Publication Date
CN107707572A true CN107707572A (en) 2018-02-16

Family

ID=61180475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711168787.2A Withdrawn CN107707572A (en) 2017-11-21 2017-11-21 A kind of WEB safety access control methods of based role

Country Status (1)

Country Link
CN (1) CN107707572A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108492084A (en) * 2018-03-02 2018-09-04 信阳师范学院 A kind of decomposed based on Boolean matrix excavates optimization method with the role of gesture constraint
CN108763960A (en) * 2018-06-04 2018-11-06 北京奇虎科技有限公司 Access authorization for resource management method and device
CN108804944A (en) * 2018-06-04 2018-11-13 北京奇虎科技有限公司 Access authorization for resource configuration method based on tables of data and device
CN110135127A (en) * 2019-04-11 2019-08-16 北京亿赛通科技发展有限责任公司 A kind of Document distribution formula baselined system and importing and distribution method based on sandbox
CN112667639A (en) * 2020-12-31 2021-04-16 恩亿科(北京)数据科技有限公司 Authority design method, system, equipment and storage medium based on SaaS multi-tenant

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968599A (en) * 2012-10-25 2013-03-13 北京邮电大学 User-defined access control system and method based on resource publisher
CN104573478A (en) * 2014-11-20 2015-04-29 深圳市远行科技有限公司 User authority management system of Web application
CN104935599A (en) * 2015-06-18 2015-09-23 北京京东尚科信息技术有限公司 Control and management method and system for universal right
CN106126706A (en) * 2016-06-30 2016-11-16 国云科技股份有限公司 A kind of scope of resource control method of based role
US20170214696A1 (en) * 2016-01-27 2017-07-27 International Business Machines Corporation User abstracted rbac in a multi tenant environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968599A (en) * 2012-10-25 2013-03-13 北京邮电大学 User-defined access control system and method based on resource publisher
CN104573478A (en) * 2014-11-20 2015-04-29 深圳市远行科技有限公司 User authority management system of Web application
CN104935599A (en) * 2015-06-18 2015-09-23 北京京东尚科信息技术有限公司 Control and management method and system for universal right
US20170214696A1 (en) * 2016-01-27 2017-07-27 International Business Machines Corporation User abstracted rbac in a multi tenant environment
CN106126706A (en) * 2016-06-30 2016-11-16 国云科技股份有限公司 A kind of scope of resource control method of based role

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108492084A (en) * 2018-03-02 2018-09-04 信阳师范学院 A kind of decomposed based on Boolean matrix excavates optimization method with the role of gesture constraint
CN108492084B (en) * 2018-03-02 2021-05-28 信阳师范学院 Role mining optimization method based on Boolean matrix decomposition and potential constraint
CN108763960A (en) * 2018-06-04 2018-11-06 北京奇虎科技有限公司 Access authorization for resource management method and device
CN108804944A (en) * 2018-06-04 2018-11-13 北京奇虎科技有限公司 Access authorization for resource configuration method based on tables of data and device
CN110135127A (en) * 2019-04-11 2019-08-16 北京亿赛通科技发展有限责任公司 A kind of Document distribution formula baselined system and importing and distribution method based on sandbox
CN112667639A (en) * 2020-12-31 2021-04-16 恩亿科(北京)数据科技有限公司 Authority design method, system, equipment and storage medium based on SaaS multi-tenant

Similar Documents

Publication Publication Date Title
CN107707572A (en) A kind of WEB safety access control methods of based role
US9177237B2 (en) Computer device and method for isolating untrusted content
Aleman et al. Asymmetric Synthesis of 4‐Amino‐4H‐Chromenes by Organocatalytic Oxa‐Michael/Aza‐Baylis–Hillman Tandem Reactions
US8458337B2 (en) Methods and apparatus for scoped role-based access control
US8572755B2 (en) Trust verification in copy and move operations
DE602004011871T2 (en) Providing secure input to a system with a high security environment
US20130061335A1 (en) Method, Apparatus, Computer Readable Media for a Storage Virtualization Middleware System
GB2538518A (en) Computer device and method for controlling access to a resource via a security system
US7895664B2 (en) Determination of access checks in a mixed role based access control and discretionary access control environment
DE112012004114T5 (en) Assess the social risk due to exposure to potential threats from connected contacts
US9122889B2 (en) Managing access to class objects in a system utilizing a role-based access control framework
CN104811932B (en) For handling the process of safety setting or access control in mobile terminal device
WO2018119589A1 (en) Account management method and apparatus, and account management system
US20190354395A1 (en) Limiting folder and link sharing
CN104504343A (en) Authority control method base on resource granularity
KR20130120893A (en) System and method for providing cloud computing service using virtual machine
JP5799399B1 (en) Virtual communication system
JP2004303242A (en) Security attributes in trusted computing systems
Shlyakhtin et al. Thermal behaviour of the copolymers of acrylonitrile with methyl acrylate and itaconic acid or its derivatives
CN114662090A (en) File processing method, device, storage medium and system
Gkioulos et al. Enhancing usage control for performance: An architecture for systems of systems
US11734443B2 (en) Information control program, information control system, and information control method
Zhang Applicability Analysis of Semi-Network Operating System.
Rozmus et al. Computer aided shaping of safe behavior at work place
Dhillon et al. Intelligent and Dynamic Permission Model for User Permissions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180216

WW01 Invention patent application withdrawn after publication