CN110753059B - Authority management method, equipment and storage medium - Google Patents
Authority management method, equipment and storage medium Download PDFInfo
- Publication number
- CN110753059B CN110753059B CN201911025165.3A CN201911025165A CN110753059B CN 110753059 B CN110753059 B CN 110753059B CN 201911025165 A CN201911025165 A CN 201911025165A CN 110753059 B CN110753059 B CN 110753059B
- Authority
- CN
- China
- Prior art keywords
- user
- client
- authority
- user group
- attribute file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title description 42
- 238000013507 mapping Methods 0.000 claims abstract description 33
- 238000000034 method Methods 0.000 claims abstract description 29
- 238000004590 computer program Methods 0.000 claims description 14
- 230000008859 change Effects 0.000 abstract description 3
- 230000007547 defect Effects 0.000 abstract description 3
- 238000012423 maintenance Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for managing authority, which comprises the following steps that: receiving mapping relations between users and user groups respectively and authorities sent by a client; updating the user expansion attribute file and the user group expansion attribute file stored in the management terminal according to the mapping relation; and binding the authority with the user and the user group by using the user extended attribute file and the user group extended attribute file. The invention also discloses a computer device and a readable storage medium. The method disclosed by the invention overcomes the defect that the authority is indirectly associated with the user after being associated with the user group in the prior art by directly mapping the authority with the user and the user group, so that the change of the authority is more convenient. And the association relation between the authority and the user group is recorded at the management terminal, so that the authority, the user and the user group can be conveniently managed without the maintenance of a client.
Description
Technical Field
The present invention relates to the field of rights management, and in particular, to a method, device, and storage medium for rights management.
Background
In the internet era, a plurality of devices share one set of account information, the account information and the password of each device are the same, and each device stores one piece of user information, so that the management of a user is inconvenient besides redundancy. To solve this problem, we will typically build a user management server within the lan. Account information of a plurality of devices is centrally managed. In order to distinguish the rights of users on different clients, the traditional processing mode is as follows: firstly, a Client end is remotely connected with a user management server to create a user, and the user group where the user is located is appointed or the user is directly created on the user management server and the user group where the user is located is appointed, if the user group is not appointed, the user group is defaulted to be under the user group with the same name as the user, then the user group on the user management server is inquired, the appointed user group and the role authority of the Client are selected to be mapped, and finally the user is added to the group where the role authority is located, namely the user has the role authority of the Client. Although this method can implement the role mapping between the Client side authority and the authority of the user management server, as the user scale increases, the user is affiliated with a plurality of user groups, as shown in fig. 1, a plurality of users under one user group, i.e. the user and the authority of the Client role are in a many-to-many relationship, and if the user wants to cancel a certain authority, the user must be removed from the user group with the authority. If a plurality of user groups all have the authority and the user belongs to a plurality of user groups, the relationship with the several user groups must be released. The operation is complicated, and the Client service logic is complex and is easy to make mistakes.
Therefore, a method of rights management is urgently needed.
Disclosure of Invention
In view of the above, in order to overcome at least one aspect of the above problems, an embodiment of the present invention provides a rights management method, including the following steps performed at a management end:
receiving mapping relations between users and user groups respectively and authorities sent by a client;
updating the user expansion attribute file and the user group expansion attribute file stored in the management terminal according to the mapping relation;
and binding the authority with the user and the user group by using the user extended attribute file and the user group extended attribute file.
In some embodiments, receiving the mapping relationship between the user and the user group sent by the client and the authority respectively, further includes:
establishing a connection with the client;
creating the user;
creating the user group with the user.
In some embodiments, further comprising:
acquiring the IP of the client, the name of the user and the name of the user group;
and acquiring the private authority of the client and the public authority of the client according to the mapping relation.
In some embodiments, updating the user extended attribute file stored by the management end according to the mapping relationship, further includes:
and updating the user extended attribute file according to a preset format by utilizing the mapping relation between the user and the authority, the name of the user, the IP of the client, the private authority of the client and the name of the user group.
In some embodiments, updating the user group extension attribute file stored by the management end according to the mapping relationship further includes:
and updating the user group expansion attribute file according to a preset format by utilizing the mapping relation between the user group and the permission, the name of the user group, the IP of the client and the public permission of the client.
In some embodiments, further comprising:
reading the user extended attribute file and the user group extended attribute file;
and acquiring the permission binding information of the client.
In some embodiments, further comprising:
updating the authority binding information and the IP of a second client with the same configuration as the client into the user extended attribute file and the user group extended attribute file;
and binding the authority of the second client with the user and the user group corresponding to the second client by using the updated user extended attribute file and the user group extended attribute file.
In some embodiments, further comprising:
recording the binding recording result of the authority into a file;
and reading the file and recording the binding record result into an operation log.
Based on the same inventive concept, according to another aspect of the present invention, an embodiment of the present invention further provides a computer apparatus, including:
at least one processor; and
a memory storing a computer program operable on the processor, wherein the processor executes the program to perform any of the steps of the method of rights management as described above.
Based on the same inventive concept, according to another aspect of the present invention, an embodiment of the present invention further provides a computer-readable storage medium storing a computer program which, when executed by a processor, performs the steps of any of the rights management methods described above.
The invention has one of the following beneficial technical effects: the method disclosed by the invention overcomes the defect that the authority is indirectly associated with the user after being associated with the user group in the prior art by directly mapping the authority with the user and the user group, so that the change of the authority is more convenient. And the association relation between the authority and the user group is recorded at the management terminal, so that the authority, the user and the user group can be conveniently managed without the maintenance of a client.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a schematic diagram of a structure of a rights binding relationship in the prior art
FIG. 2 is a flowchart illustrating a rights management method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a rights binding relationship provided in an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a computer device provided in an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
It should be noted that, in the embodiment of the present invention, a Client refers to a Client, and a uaei (user authorization extended interface) refers to a user extensible interface.
According to an aspect of the present invention, an embodiment of the present invention proposes a rights management method, as shown in fig. 2, which may include performing the following steps at a management end: s1, receiving the mapping relation between the user and the user group respectively and the authority sent by the client; s2, updating the user expansion attribute file and the user group expansion attribute file stored in the management terminal according to the mapping relation; s3, binding the authority with the user and the user group by using the user extended attribute file and the user group extended attribute file.
The method disclosed by the invention overcomes the defect that the authority is indirectly associated with the user after being associated with the user group in the prior art by directly mapping the authority with the user and the user group, so that the change of the authority is more convenient. And the association relation between the authority and the user group is recorded at the management terminal, so that the authority, the user and the user group can be conveniently managed without the maintenance of a client.
In some embodiments, receiving the mapping relationship between the user and the user group sent by the client and the authority respectively, further includes:
establishing a connection with the client;
creating the user;
creating the user group with the user.
Specifically, information of the management terminal, such as an IP address and the like, may be set at the client, the connection between the client and the management terminal is realized through the information, and then the user is created on the server in a conventional manner, and the user group where the user is located is specified.
It should be noted that the user and the user group may be created directly on the management side, or may be created on the service side by using the client after being remotely connected to the service side through the client.
In some embodiments, the rights management method provided by the embodiments of the present invention further includes: acquiring the IP of the client, the name of the user and the name of the user group; and acquiring the private authority of the client and the public authority of the client according to the mapping relation.
Specifically, in order to associate the authority of the client with the client, or to record which authority a certain user has under the client, or to record which authority a user group has, the names of the corresponding user and user group, the IP of the client, and the authority need to be obtained.
It should be noted that the rights vary with the client, not with the user, that is, the type and number of rights that the user can possess under the client are determined by the type and number of rights of the client, for example, client a has rights 1 and rights 2, and user1 under client a can only have rights 1 and rights 2 at most.
The private authority of the client refers to that only one user in the user group has the authority, other users do not have the authority, and the public authority of the client refers to the authority of the user group, namely all users in the user group have the authority. For example, as shown in FIG. 3, Client1 has three permissions auth1, auth2 and auth3, where auth1 and auth3 are private permissions assigned to user U1 and user U2, respectively, and auth2 is a public permission assigned to user group G1, so all users in user group G1 have that permission. Client2 has both auth4 and auth5 rights, which are assigned to user group G2, so users U3 and U4 in user group G2 each have auth4 and auth 5. Of course, a user group may not only have a user of one client, but also have users of multiple clients, and a client may not only correspond to only one user group, but also correspond to multiple user groups.
In some embodiments, updating the user extended attribute file stored by the management end according to the mapping relationship, further includes:
and generating/updating the user extended attribute file according to a preset format by utilizing the mapping relation between the user and the authority, the name of the user, the IP of the client, the private authority of the client and the name of the user group.
In some embodiments, the preset format for the generated user extended property file may be:
“user1”:{“Device”:“100.7.46.161,100,7,46.131”,“100.7.46.161”:{“Auth”:”auth1,auth2”,“group”:”group1,group2”}“100,7,46.131”:{“Auth”:”auth1,auth6”}}
wherein, user1 refers to user1, Device refers to client, Device: "100.7.46.161,100, 7, 46.131" indicates that the user1 is both a client under 100.7.46.161 at IP and a client under 100,7,46.131 at IP, "100.7.46.161" { "Auth": "Auth 1, Auth 2", "group": "group 1, group 2" } indicates that the user1 has the private rights of Auth1 and Auth2 in 100.7.46.161 and the rights possessed by the group groups 1 and 2 in which the user1 belongs, i.e. user1 is in two user groups. "100, 7, 46.131" { "Auth": "Auth 1, Auth 6" } indicates that the user1 has no public rights, at 100,7,46.131, for Auth1 and Auth 6. Therefore, the authority of the user1 is the private authority plus the public authority, that is, the authority of the user1 is the intersection of the extended attribute authority and the authority of the user group in which the user is located.
Therefore, the user extended attribute file can be generated through the mapping relation between the authority and the user, the name of the user, the IP of the client, the private authority of the client and the name of the user group.
In some embodiments, updating the user group extension attribute file stored by the management end according to the mapping relationship further includes:
and generating/updating the user group expansion attribute file according to a preset format by utilizing the mapping relation between the user group and the permission, the name of the user group, the IP of the client and the public permission of the client.
In some embodiments, the preset format for the generated user group extension attribute file may be:
“group1”:{“Device”:”100.7.46.161,100,7,46.131”,“100.7.46.161”:{“Auth”:”auth3,auth4”}“100,7,46.131”:{“Auth”:”auth7,auth8”}}
wherein group1 refers to user group1, Device ": 100.7.46.161,100,7,46.131 refers to having two clients in the user group, wherein client1 with IP 100.7.46.161 has common permissions of auth3 and auth4, and client2 with IP 100,7,46.131 has common permissions of auth7 and auth 8.
Specifically, client1 with IP 100.7.46.161 has permissions auth1, auth2, auth3 and auth4, where permissions auth1 and auth2 are private permissions of user1, permissions auth3 and auth4 are public permissions of user group G1, so that user1 under client1 has permissions including private permissions auth1 and auth2, and public permissions auth3 and auth4 of user group G1. Client2, IP 100,7,46.131, has permissions auth1, auth6, auth7, and auth8, where permissions auth1 and auth6 are both private permissions for user1, auth7 and auth8 are public permissions for user group G1, so user1 under client2 has permissions that include private permissions auth1 and auth6, and public permissions auth7 and auth8 for user group G1.
It should be noted that the private right may also be a public right, that is, the private right may be bound to the user group according to a requirement, and only the right type in the user group extension file needs to be adjusted.
In some embodiments, an extension interface UAEI may be added to the management side, and the interface adds an extension attribute to the user group and the user, identifies the client and the current user group, and the authority relationship between the user and the user, and the extension attribute is recorded in the user extension attribute file. In the method, the user is added, the user group expansion attribute file records each client and gives the user group and the user authority, so that the user management server can store the role authority relationship between the account and each client in a centralized manner, the client does not need to maintain, and the client can directly use the instruction to inquire the authority. The administrator is more convenient to manage the user. If the authority of a certain client is changed, the client can directly log in the user management server or remotely link the user management server to execute an instruction for removing the mapping between the user or the user group and the role.
It should be noted that the user extended attribute file and the user group extended attribute file on the management side are both one, that is, the binding relationship between all users and permissions is recorded in the user extended attribute file, and the binding relationship between the user group and the permissions is recorded in the user group extended attribute file.
In some embodiments, further comprising:
reading the user extended attribute file and the user group extended attribute file;
and acquiring the permission binding information of the client.
In some embodiments, further comprising:
updating the authority binding information and the IP of a second client with the same configuration as the client into the user extended attribute file and the user group extended attribute file;
and binding the authority of the second client with the user and the user group corresponding to the second client by using the updated user extended attribute file and the user group extended attribute file.
Therefore, for two clients with the same configuration, the step of repeating the ClientA (mapping user groups and roles) in the ClientB is not needed, the user extended attribute file and the user group extended attribute file are directly read to obtain the corresponding relation between the user, the user group and the authority under the ClientA, then the corresponding relation is added into the user extended attribute file and the user group extended attribute file, and then the authority binding of the ClientB can be realized by utilizing the updated user extended attribute file and the user group extended attribute file, so that the method is simple and convenient.
In some embodiments, the method for rights management provided by the present invention further includes:
recording the binding recording result of the authority into a file;
and reading the file and recording the binding record result into an operation log.
Specifically, after the management end executes the two extended attribute files, the execution binding result can be recorded in the ret file, then the ret file is read, and the ret file is recorded in the operation log, so that a user can conveniently check the task execution result.
The authority management method provided by the embodiment of the invention adds an extended interface UAEI to the user management server, the extended attribute is added to the user through the interface, the client, the current user group and the role authority relationship of the user are identified, and then the extended attribute is recorded in the user extended attribute file. Therefore, the user management server stores the role authority relationship between the account and each client side in a centralized manner, the client does not need to maintain, the client can directly use the instruction to inquire the authority, and the administrator manages the user more conveniently.
Based on the same inventive concept, according to another aspect of the present invention, as shown in fig. 4, an embodiment of the present invention further provides a computer apparatus 501, including:
at least one processor 520; and
the memory 510, the memory 510 storing a computer program 511 executable on the processor, the processor 520 executing the program to perform the steps of any of the above rights management methods.
Based on the same inventive concept, according to another aspect of the present invention, as shown in fig. 5, an embodiment of the present invention further provides a computer-readable storage medium 601, where the computer-readable storage medium 601 stores computer program instructions 610, and the computer program instructions 610, when executed by a processor, perform the steps of any of the above rights management methods.
Finally, it should be noted that, as will be understood by those skilled in the art, all or part of the processes of the methods of the above embodiments may be implemented by a computer program to instruct related hardware to implement the methods. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like. The embodiments of the computer program may achieve the same or similar effects as any of the above-described method embodiments.
In addition, the apparatuses, devices, and the like disclosed in the embodiments of the present invention may be various electronic terminal devices, such as a mobile phone, a Personal Digital Assistant (PDA), a tablet computer (PAD), a smart television, and the like, or may be a large terminal device, such as a server, and the like, and therefore the scope of protection disclosed in the embodiments of the present invention should not be limited to a specific type of apparatus, device. The client disclosed by the embodiment of the invention can be applied to any one of the electronic terminal devices in the form of electronic hardware, computer software or a combination of the electronic hardware and the computer software.
Furthermore, the method disclosed according to an embodiment of the present invention may also be implemented as a computer program executed by a CPU, and the computer program may be stored in a computer-readable storage medium. The computer program, when executed by the CPU, performs the above-described functions defined in the method disclosed in the embodiments of the present invention.
Further, the above method steps and system elements may also be implemented using a controller and a computer readable storage medium for storing a computer program for causing the controller to implement the functions of the above steps or elements.
Further, it should be appreciated that the computer-readable storage media (e.g., memory) herein can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. By way of example, and not limitation, nonvolatile memory can include Read Only Memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which can act as external cache memory. By way of example and not limitation, RAM is available in a variety of forms such as synchronous RAM (DRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The storage devices of the disclosed aspects are intended to comprise, without being limited to, these and other suitable types of memory.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein may be implemented or performed with the following components designed to perform the functions herein: a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination of these components. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP, and/or any other such configuration.
The steps of a method or algorithm described in connection with the disclosure herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
In one or more exemplary designs, the functions may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk, blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps of implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (8)
1. A method for managing authority includes the following steps executed at management end:
receiving mapping relations between users and user groups respectively and authorities sent by a client;
updating the user expansion attribute file and the user group expansion attribute file stored in the management terminal according to the mapping relation;
binding the permission with the user and the user group by using the user extended attribute file and the user group extended attribute file;
wherein the method further comprises:
reading the user extended attribute file and the user group extended attribute file;
acquiring the authority binding information of the client;
updating the authority binding information and the IP of a second client with the same configuration as the client into the user extended attribute file and the user group extended attribute file;
and binding the authority of the second client with the user and the user group corresponding to the second client by using the updated user extended attribute file and the user group extended attribute file.
2. The method of claim 1, wherein the mapping relationship between the user and the user group respectively sent by the client and the authority is received, further comprising:
establishing a connection with the client;
creating the user;
creating the user group with the user.
3. The method of claim 1, further comprising:
acquiring the IP of the client, the name of the user and the name of the user group;
and acquiring the private authority of the client and the public authority of the client according to the mapping relation.
4. The method of claim 3, wherein updating the user extended property file stored by the management side according to the mapping relationship further comprises:
and updating the user extended attribute file according to a preset format by utilizing the mapping relation between the user and the authority, the name of the user, the IP of the client, the private authority of the client and the name of the user group.
5. The method of claim 3, wherein updating the user group extension attribute file stored by the administrator according to the mapping relationship further comprises:
and updating the user group expansion attribute file according to a preset format by utilizing the mapping relation between the user group and the permission, the name of the user group, the IP of the client and the public permission of the client.
6. The method of claim 1, further comprising:
recording the binding recording result of the authority into a file;
and reading the file and recording the binding record result into an operation log.
7. A computer device, comprising:
at least one processor; and
memory storing a computer program operable on the processor, characterized in that the processor executes the program to perform the steps of the method according to any of claims 1-6.
8. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911025165.3A CN110753059B (en) | 2019-10-25 | 2019-10-25 | Authority management method, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911025165.3A CN110753059B (en) | 2019-10-25 | 2019-10-25 | Authority management method, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110753059A CN110753059A (en) | 2020-02-04 |
| CN110753059B true CN110753059B (en) | 2022-01-04 |
Family
ID=69280030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911025165.3A Active CN110753059B (en) | 2019-10-25 | 2019-10-25 | Authority management method, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110753059B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111488599A (en) * | 2020-04-09 | 2020-08-04 | 北京思特奇信息技术股份有限公司 | Authorization method and device based on additional group use, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1532718A (en) * | 2003-03-24 | 2004-09-29 | 北京北佳信息***有限公司 | Method and device for setting information access autority in computer network |
| CN106599718A (en) * | 2016-12-09 | 2017-04-26 | 中国人民银行清算总中心 | Control method and device for information access permission |
| CN109711122A (en) * | 2019-01-23 | 2019-05-03 | 北京奇艺世纪科技有限公司 | A kind of right management method, device, system, equipment and readable storage medium storing program for executing |
| CN109726579A (en) * | 2017-10-27 | 2019-05-07 | 阿里巴巴集团控股有限公司 | Resource access authority group technology and equipment |
| CN109783581A (en) * | 2018-11-30 | 2019-05-21 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020026592A1 (en) * | 2000-06-16 | 2002-02-28 | Vdg, Inc. | Method for automatic permission management in role-based access control systems |
-
2019
- 2019-10-25 CN CN201911025165.3A patent/CN110753059B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1532718A (en) * | 2003-03-24 | 2004-09-29 | 北京北佳信息***有限公司 | Method and device for setting information access autority in computer network |
| CN106599718A (en) * | 2016-12-09 | 2017-04-26 | 中国人民银行清算总中心 | Control method and device for information access permission |
| CN109726579A (en) * | 2017-10-27 | 2019-05-07 | 阿里巴巴集团控股有限公司 | Resource access authority group technology and equipment |
| CN109783581A (en) * | 2018-11-30 | 2019-05-21 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN109711122A (en) * | 2019-01-23 | 2019-05-03 | 北京奇艺世纪科技有限公司 | A kind of right management method, device, system, equipment and readable storage medium storing program for executing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110753059A (en) | 2020-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11381572B2 (en) | Pervasive intermediate network attached storage application | |
| EP3639465B1 (en) | Improved hardware security module management | |
| US11469891B2 (en) | Expendable cryptographic key access | |
| US8612710B2 (en) | Permissions of objects in hosted storage | |
| US7664829B2 (en) | Document managing system, document managing apparatus and document managing method | |
| US11829502B2 (en) | Data sharing via distributed ledgers | |
| CN111602166B (en) | Method and apparatus for providing traversable key-value data storage on a blockchain | |
| CN101689989A (en) | creating and validating cryptographically secured documents | |
| CN108108633B (en) | Data file and access method, device and equipment thereof | |
| US9584508B2 (en) | Peer to peer enterprise file sharing | |
| US11063922B2 (en) | Virtual content repository | |
| CN110753059B (en) | Authority management method, equipment and storage medium | |
| KR20140104796A (en) | User denial and data integrity verification method by storage service | |
| US8396969B1 (en) | Domain name buckets in a hosted storage system | |
| CN111309264B (en) | Method, system, device and medium for making directory quota compatible with snapshot | |
| JP4939247B2 (en) | Method, computer program, and content management system for managing digital content in a content management system | |
| KR20200020122A (en) | Method for processing Query between Clients connected to a Blockchain and Service Provider | |
| CN111737736A (en) | Method, system, device and medium for creating and managing encryption area | |
| CN113312669B (en) | Password synchronization method, device and storage medium | |
| CN110659035A (en) | Method and device for batch mounting of mirror images based on BMC | |
| US20140150115A1 (en) | Assigning electronically purchased items of content to users | |
| CN111292082B (en) | Public key management method, device and equipment in block chain type account book | |
| Ramesh et al. | Public auditing for shared data with efficient user revocation in the cloud | |
| CN108268794A (en) | A kind of document security privileges of management system record and querying method and device | |
| US20160062991A1 (en) | Electronic discovery management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |