CN110162960A - A kind of method for verifying authority based on user management - Google Patents
A kind of method for verifying authority based on user management Download PDFInfo
- Publication number
- CN110162960A CN110162960A CN201910430394.7A CN201910430394A CN110162960A CN 110162960 A CN110162960 A CN 110162960A CN 201910430394 A CN201910430394 A CN 201910430394A CN 110162960 A CN110162960 A CN 110162960A
- Authority
- CN
- China
- Prior art keywords
- user
- role
- permission
- data
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of method for verifying authority based on user management, the present invention can define the role of each user, the cascade mapping relations for generating user role, extract operating right of the user role based on workflow, and be recorded in user right and define in file.Thus system is generated based on the mapping relations between user role, workflow and permission, in systems corresponds to the data resource of the role and permission.Uniqueness and safety of the present invention to increase user right distribution, the ability for making system that there is data personalization to show, the data visualization of raising system is improved data management flexibility, and can be applied in multiple systems framework in a manner of middle service layer, and system administration complexity is reduced.
Description
Technical field
The invention belongs to user management fields, and in particular to a kind of method for verifying authority based on user management.
Background technique
Current various management systems are more single for the management of user right, user's checking and information ways of presentation,
With big data, the continuous development of cloud computing, system user is higher and higher for the attention rate and customization demand of data, tradition
Login mode and information show be not able to satisfy personalized customization data show demand, it is single for the mode of data processing,
User authority management difficulty is big.
Traditional management system is as follows for the management of user role and permission:
User's classification: system user, power user, administrator, tourist user etc.
System permission: i.e. to different user using system resource (function menu item, button, input control etc.) use or
Access authority
User: the concrete operations person of application system, user can possess a certain range of permission
Role: Classification Management is carried out in order to possess many user of similar permission, defines the concept of role, such as be
Unite the roles such as administrator, administrator, user, visitor
Group: in order to preferably manage user, being grouped classification, referred to as user grouping to user, level-one unit user,
Secondary unit user etc.
In SaaS platform lower platform administrator: being responsible for the daily maintenance and management of platform, management, rent including user journal
The audit of family account, the management of tenant's condition managing, tenant's expense, the management of tenant's permission, it is noted that platform administrator is not
The specific business of tenant can be managed.If tenant's quantity is big, role can also be divided to platform administrator, it can be by ground
Domain divides, such as the Northwest, the Northeast etc., and platform administrator is allowed to manage different tenants respectively;It can also be according to business
It is divided, such as tenant administrator, hire charge administrator etc..
Tenant: refer to the user enterprise of access SaaS platform, information is independent between tenant each in SaaS platform.Tenant
Information includes the relevant information of the tenants enterprise such as the title of tenant, address, is mainly used to distinguish each tenant, and by platform management
Member is managed tenant's account state.Each tenant can voluntarily select SaaS platform feature module as needed and pay according to this.
Tenant administrator: permission and related system management, maintenance are distributed for tenant role.
Tenant user: relevant service management is carried out according to the permission of tenant administrator distribution and the role of oneself.Respectively
Tenant user can only access the functional module of the SaaS platform of tenant selection.One system user is if there is multiple roles, then
He can only see the data under current character, by role switching, can achieve the data information under other roles belonging to checking.
Tenant role: carrying out Partition of role by tenant administrator according to business function point, after having divided role, tenant's management
Member can carry out authority distribution to corresponding role.Role has relationship between superior and subordinate, and higher level can check the data of junior, and junior is not
Supervisory data can be accessed, cannot mutually be accessed between sane level.Role upper layer can add packet layer (such as subsector or team
Deng), it is different that difference organizes other data areas, and resource, operation can be shared also can isolate.
Summary of the invention
The purpose of the present invention is to overcome the above shortcomings and to provide a kind of method for verifying authority based on user management, can
It generates based on the mapping relations between user role, workflow and permission, in systems by the data resource of the role and power
Limit is corresponded to.
In order to achieve the above object, comprising the following steps:
Step 1 defines user and role, generates the mapping relations between user and role;
Step 2 extracts the data resource of user and role based on permission, defines data acquisition permission and is recorded in permission
In management, generate user, role, workflow and rights management mapping relations;
User data is obtained permission and data resource matches by step 3;If successful match carries out step 4;
If it fails to match, refuse user data access request;
Step 4, to user feedback successful match data and be shown.
User is operator, and role is the user for possessing corresponding authority.
Data resource of the user role based on permission include according to department's position distribute permission, according to role distribute permission and
Permission is distributed according to user;
It is distributed in permission according to department's position, department's position refers to after load definition in the list of user management institutional sector
All position lists, shown with department's joining tree, distribute corresponding permission to position according to department's position;
It being distributed in permission according to role, role includes the role imported from database and the role added manually, according to
The type of role distributes corresponding permission;
It is distributed in permission according to user, the authority distribution permission according to needed for user.
For the list of user management institutional sector for defining all positions in the department, each position corresponds at least one angle
Color.
Rights management is able to carry out classification rights management, and classification rights management includes grading authorized and data report writer;
Grading authorized is by the permission grant in administrator right by administrator to user, and administrator includes a system
Total administrator and several junior administrators, system manifold reason person can open or close the grading authorized power of junior administrator
Limit and distributing user give corresponding junior administrator;
Data sheet editor is to license to different user by administrator to possess editing authority to different report nodes, editor
Permission includes being increased data sheet, edited, deleted and being adjusted directory tree and increased report, edited, deleted
With modification catalogue.
Compared with prior art, the present invention can define the role of each user, generate the cascade mapping relations of user role,
Operating right of the user role based on workflow is extracted, and is recorded in user right and defines in file.Thus system is raw
At based on the mapping relations between user role, workflow and permission, in systems by the data resource of the role and permission
It is corresponded to.Uniqueness and safety of the present invention to increase user right distribution, make system that there is data personalization to show
Ability, improve system data visualization, improve data management flexibility, and can in a manner of middle service layer be applied to it is more
In kind system architecture, system administration complexity is reduced.
Detailed description of the invention
Fig. 1 is flow chart of the invention;
Fig. 2 is the system block diagram of embodiment in the present invention.
Specific embodiment
The present invention will be further described with reference to the accompanying drawing.
Referring to Fig. 1, the present invention the following steps are included:
Step 1 defines user and role, generates the mapping relations between user and role;
Step 2 extracts the data resource of user and role based on permission, defines data acquisition permission and is recorded in permission
In management, generate user, role, workflow and rights management mapping relations;
User data is obtained permission and data resource matches by step 3;If successful match carries out step 4;
If it fails to match, refuse user data access request;
Step 4, to user feedback successful match data and be shown.
Authority items just refer to assigned object, refer to object, and the authority items of system include that report, platform management and data connect
It connects.
Permission receptor just refers to authority distribution to whom, refers to people, the permission receptor in system includes department's position and role
And user.
User is operator, and role is the user for possessing corresponding authority.
Data resource of the user role based on permission include according to department's position distribute permission, according to role distribute permission and
Permission is distributed according to user;
It is distributed in permission according to department's position, department's position refers to after load definition in the list of user management institutional sector
All position lists, shown with department's joining tree, distribute corresponding permission to position according to department's position;
It being distributed in permission according to role, role includes the role imported from database and the role added manually, according to
The type of role distributes corresponding permission;
It is distributed in permission according to user, the authority distribution permission according to needed for user, following several situations:
1) certain customers' temporary needs checks certain report
2) as more duties, leader has permission to be checked certain reports but department and role is led not to have permission employee
3) it sometimes needs just first must specially build a new role for specific personal distribution report permission
At this moment, permission can be distributed to certain special personnel (user), there is no department's post/role limitation.User
Final permission be department/role/user right intersection.
For the list of user management institutional sector for defining all positions in the department, each position corresponds at least one angle
Color.
Rights management is able to carry out classification rights management, and classification rights management includes grading authorized and data report writer;
Grading authorized is by the permission grant in administrator right by administrator to user, usually subordinate, administrator
It can open or close junior administrator's including a system manifold reason person and several junior administrators, system manifold reason person
Grading authorized permission and distributing user give corresponding junior administrator, i.e. realization multiple management person distributes layer by layer;
System manifold reason person opens grading authorized option in rights management, and authorization privilege is assigned to the angle of junior administrator
Color, while configuring the role and can distribute the role of permission, at this point, when role's login system of junior administrator, it can be by it
The authority distribution authorized have the right to corresponding role.
Data sheet editor is to license to different user by administrator to possess editing authority to different report nodes, editor
Permission includes being increased data sheet, edited, deleted and being adjusted directory tree and increased report, edited, deleted
With modification catalogue.
Embodiment:
Referring to fig. 2, the present invention is the operation support running environment of whole system, uses service by IaaS basic-level support
Device cluster is stored as data, realizes that ultra-large data store using technologies such as Storage Virtualization, network virtualizations;And
With the characteristics such as good access control, load balancing, storage dilatation, calamity be standby, and there is configurability, custom properties;With
And support the application of multi-tenant, multi-user role.
Based on PaaS layers of service, the process and component that the service mode of the system needs are constructed, the side of micro services is passed through
Formula is combined the operation flow service that building meets traffic engineering field, the quick connection of implementation tool and data exhibiting.
Serviced component in this framework includes:
Cloud storage component: server stores resources cluster is said according to the storage demand of business using technologies such as virtualizations
Change, to realize the distributed storage of data resource, achievees the purpose that decentralization, realize the efficient storage of business datum and make
With.
User management component: user's classification, user right control and the user that description Construction of Highway Traffic field is related to
Operation flow;The operation between relationship, user and the business between user, and open configuration file are first defined using file, are surpassed
Grade administrator can customize each role of user, and user role and operation flow form strong association.
User identity authentication tool: being matched the business operation of traffic engineering each side role using description file, and
Record hereof, shows different task modules according to user role.
Traffic engineering field operation flow component: involved by the service logic, operation flow in description traffic engineering field
It can be made by oneself to the user role, business operation and mutual relationship arrived, and according to the actual conditions of specific each project
Adopted configuration attribute and information ways of presentation.
Electronic contract component: traffic engineering construction field can generate a large amount of contracts and file, will using electronic signature technology
Various files carry out electronic preservation and filing, and the whole process electronization of Lai Shixian item file is simultaneously deposited using distribution in system
Energy storage power is energized.
Document management component: real based on various documents such as all pictures, video, the files generated in project management process
The operations such as file synchronization, inquiry, modification, deletion, downloading, sharing in existing traffic engineering project.
Model management component: it needs to carry out Conceptual Modeling using professional software in engineering construction field, uses model management
The decomposition of component implementation model is checked, data generation, the operation such as data query.
Project management component: item attribute and industry characteristic based on traffic engineering field, user can configure item attribute,
Project every terms of information etc., realize different user role using system when show different project information;
Component is linked up in traffic: based on the user task during Traffic construction management, being realized between each user role
The functions such as instant message push, suggestion feedback processing, topic discussion, video conference.
Claims (5)
1. a kind of method for verifying authority based on user management, which comprises the following steps:
Step 1 defines user and role, generates the mapping relations between user and role;
Step 2 extracts the data resource of user and role based on permission, defines data acquisition permission and is recorded in rights management
In, generate user, role, workflow and rights management mapping relations;
User data is obtained permission and data resource matches by step 3;If successful match carries out step 4;If
With failure, then refuse user data access request;
Step 4, to user feedback successful match data and be shown.
2. a kind of method for verifying authority based on user management according to claim 1, which is characterized in that user is operation
Person, role are the user for possessing corresponding authority.
3. a kind of method for verifying authority based on user management according to claim 1, which is characterized in that user role base
It include distributing permission according to department's position, permission is distributed according to role and distributing permission according to user in the data resource of permission;
It is distributed in permission according to department's position, department's position refers to from the institute after load definition in the list of user management institutional sector
There is position list, shown with department's joining tree, distributes corresponding permission to position according to department's position;
It is distributed in permission according to role, role includes the role imported from database and the role added manually, according to role
Type distribute corresponding permission;
It is distributed in permission according to user, the authority distribution permission according to needed for user.
4. a kind of method for verifying authority based on user management according to claim 3, which is characterized in that user management machine
For the list of structure department for defining all positions in the department, each position corresponds at least one role.
5. a kind of method for verifying authority based on user management according to claim 1, which is characterized in that rights management energy
Classification rights management is enough carried out, classification rights management includes grading authorized and data report writer;
Grading authorized is by the permission grant in administrator right by administrator to user, and administrator includes a system manifold
Reason person and several junior administrators, system manifold reason person can open or close the grading authorized permission of junior administrator, with
And distributing user gives corresponding junior administrator;
Data sheet editor is to license to different user by administrator to possess editing authority, editing authority to different report nodes
Including being increased data sheet, being edited, being deleted and being adjusted directory tree and increased report, edited, deleted and repaired
Change catalogue.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910430394.7A CN110162960A (en) | 2019-05-22 | 2019-05-22 | A kind of method for verifying authority based on user management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910430394.7A CN110162960A (en) | 2019-05-22 | 2019-05-22 | A kind of method for verifying authority based on user management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110162960A true CN110162960A (en) | 2019-08-23 |
Family
ID=67632089
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910430394.7A Pending CN110162960A (en) | 2019-05-22 | 2019-05-22 | A kind of method for verifying authority based on user management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110162960A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110704399A (en) * | 2019-10-08 | 2020-01-17 | 四川省地质工程勘察院集团有限公司 | Distributed authority management method based on geographic spatial position |
| CN110895606A (en) * | 2019-11-14 | 2020-03-20 | 上海易点时空网络有限公司 | Internal system management method and device suitable for newly-built account and storage medium |
| CN111400170A (en) * | 2020-02-29 | 2020-07-10 | 中国平安人寿保险股份有限公司 | Data permission testing method and device |
| CN111460500A (en) * | 2020-03-31 | 2020-07-28 | 贵州电网有限责任公司 | Authority management method of network resources |
| CN111552671A (en) * | 2019-12-31 | 2020-08-18 | 远景智能国际私人投资有限公司 | Permission setting method, device and equipment of file directory and storage medium |
| CN111984948A (en) * | 2020-08-20 | 2020-11-24 | 深圳市网绘科技有限公司 | Production relation and authority recombination method based on Internet |
| CN112019543A (en) * | 2020-08-27 | 2020-12-01 | 四川长虹电器股份有限公司 | Multi-tenant permission system based on BRAC model |
| CN112307446A (en) * | 2020-10-30 | 2021-02-02 | 杭州当虹科技股份有限公司 | User authority verification method based on application platform |
| CN112528248A (en) * | 2020-12-08 | 2021-03-19 | 北京航天云路有限公司 | User authority management scheme facing multiple applications |
| CN112702348A (en) * | 2020-12-23 | 2021-04-23 | 绿瘦健康产业集团有限公司 | System authority management method and device |
| CN113742746A (en) * | 2021-08-27 | 2021-12-03 | 北京航天云路有限公司 | Combined authentication authority management system and method based on annotation realization |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103107899A (en) * | 2011-11-10 | 2013-05-15 | 天津市国瑞数码安全***有限公司 | Separation-of-three-powers hierarchical authorization management system and method thereof |
| CN103632082A (en) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | Universal permission management system and universal permission management method |
| CN107657169A (en) * | 2017-10-10 | 2018-02-02 | 泰康保险集团股份有限公司 | Right management method, device, medium and electronic equipment |
| CN109033810A (en) * | 2018-08-08 | 2018-12-18 | 郑州市景安网络科技股份有限公司 | A kind of Rights Management System |
-
2019
- 2019-05-22 CN CN201910430394.7A patent/CN110162960A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103107899A (en) * | 2011-11-10 | 2013-05-15 | 天津市国瑞数码安全***有限公司 | Separation-of-three-powers hierarchical authorization management system and method thereof |
| CN103632082A (en) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | Universal permission management system and universal permission management method |
| CN107657169A (en) * | 2017-10-10 | 2018-02-02 | 泰康保险集团股份有限公司 | Right management method, device, medium and electronic equipment |
| CN109033810A (en) * | 2018-08-08 | 2018-12-18 | 郑州市景安网络科技股份有限公司 | A kind of Rights Management System |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110704399A (en) * | 2019-10-08 | 2020-01-17 | 四川省地质工程勘察院集团有限公司 | Distributed authority management method based on geographic spatial position |
| CN110704399B (en) * | 2019-10-08 | 2020-09-15 | 四川省地质工程勘察院集团有限公司 | Distributed authority management method based on geographic spatial position |
| CN110895606A (en) * | 2019-11-14 | 2020-03-20 | 上海易点时空网络有限公司 | Internal system management method and device suitable for newly-built account and storage medium |
| CN110895606B (en) * | 2019-11-14 | 2022-06-07 | 上海易点时空网络有限公司 | Internal system management method and device suitable for newly-built account and storage medium |
| CN111552671A (en) * | 2019-12-31 | 2020-08-18 | 远景智能国际私人投资有限公司 | Permission setting method, device and equipment of file directory and storage medium |
| CN111552671B (en) * | 2019-12-31 | 2024-01-05 | 远景智能国际私人投资有限公司 | File directory authority setting method, device, equipment and storage medium |
| CN111400170A (en) * | 2020-02-29 | 2020-07-10 | 中国平安人寿保险股份有限公司 | Data permission testing method and device |
| CN111400170B (en) * | 2020-02-29 | 2024-06-07 | 中国平安人寿保险股份有限公司 | Data authority testing method and device |
| CN111460500A (en) * | 2020-03-31 | 2020-07-28 | 贵州电网有限责任公司 | Authority management method of network resources |
| CN111460500B (en) * | 2020-03-31 | 2023-12-01 | 贵州电网有限责任公司 | Authority management method of network resource |
| CN111984948A (en) * | 2020-08-20 | 2020-11-24 | 深圳市网绘科技有限公司 | Production relation and authority recombination method based on Internet |
| CN111984948B (en) * | 2020-08-20 | 2023-05-09 | 深圳市网绘科技有限公司 | Internet-based production relationship and authority recombination method |
| CN112019543A (en) * | 2020-08-27 | 2020-12-01 | 四川长虹电器股份有限公司 | Multi-tenant permission system based on BRAC model |
| CN112307446A (en) * | 2020-10-30 | 2021-02-02 | 杭州当虹科技股份有限公司 | User authority verification method based on application platform |
| CN112528248A (en) * | 2020-12-08 | 2021-03-19 | 北京航天云路有限公司 | User authority management scheme facing multiple applications |
| CN112702348A (en) * | 2020-12-23 | 2021-04-23 | 绿瘦健康产业集团有限公司 | System authority management method and device |
| CN113742746A (en) * | 2021-08-27 | 2021-12-03 | 北京航天云路有限公司 | Combined authentication authority management system and method based on annotation realization |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110162960A (en) | A kind of method for verifying authority based on user management | |
| CN104050401B (en) | Method for managing user right and system | |
| CN102354356B (en) | Data authority management device and method | |
| CN102307185B (en) | Data isolation method used in storage cloud | |
| US20070214144A1 (en) | System and method for managing user profiles | |
| US20060117247A1 (en) | Web based data collaboration tool | |
| US20030110073A1 (en) | Data management system | |
| CN109344603A (en) | A kind of unified entry system | |
| CN112182622A (en) | Authority management system design method based on resource control | |
| CN102053969A (en) | Web ERP (enterprise resource planning) user right management system | |
| CN109063436A (en) | Support the enterprise-level authority managing and controlling and methods for using them more applied | |
| CN104202236A (en) | Method and system for establishing collaborating group and corresponding instant communication method | |
| CN102148712B (en) | Cloud computing-based service management system | |
| CN103310295A (en) | Work micro-blog management system and method | |
| CN112651000A (en) | Permission configuration integrated system for modular plug-in development | |
| CN111988173B (en) | Tenant management platform and tenant management method based on multi-layer father-son structure tenant | |
| CN113112190A (en) | Government affair service system fusing online and offline service capacity | |
| CN105809345A (en) | API (application programming interface) management and virtualization-based service oriented platform and control method | |
| CN101459542A (en) | Method, apparatus and management system for authority control to administrator | |
| Cheng | An object-oriented organizational model to support dynamic role-based access control in electronic commerce applications | |
| US7890394B2 (en) | Secure access to transaction based information | |
| CN110290232A (en) | A kind of public platform management method and system | |
| CN113821500A (en) | Business object construction method based on government affair service scene | |
| CN112184155A (en) | Management system applied to smart park | |
| CN115758322A (en) | Permission control framework integrating RBAC permission and interface button Url design |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190823 |