CN112866293A - Gateway equipment system administrator authority management method and device - Google Patents
Gateway equipment system administrator authority management method and device Download PDFInfo
- Publication number
- CN112866293A CN112866293A CN202110246510.7A CN202110246510A CN112866293A CN 112866293 A CN112866293 A CN 112866293A CN 202110246510 A CN202110246510 A CN 202110246510A CN 112866293 A CN112866293 A CN 112866293A
- Authority
- CN
- China
- Prior art keywords
- role
- system administrator
- authority
- user
- gateway device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims description 27
- 238000000034 method Methods 0.000 claims abstract description 28
- 238000012795 verification Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 description 4
- 238000004088 simulation Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a method and a device for managing the authority of a gateway equipment system administrator, wherein the method comprises the following steps: receiving operation input of a user, and creating a plurality of roles according to the operation input of the user, wherein each role has different role attributes, and the role attributes at least comprise authority ranges; the method comprises the steps of obtaining role selection information input by a user according to the authority of a system administrator, and endowing the system administrator with roles according to the role selection information input by the user, wherein the authority of the system administrator is matched with the role attributes of the roles endowed by the system administrator. The invention solves the problem of network environment damage caused by single and fixed authority distribution of the network administrator at present.
Description
Technical Field
The present invention relates to the field of network management technologies, and in particular, to a method, an apparatus, a device, and a storage medium for managing administrator privileges of a gateway device system.
Background
A gateway device, also called an inter-network connector or a protocol converter, is a computer system or device that provides data conversion services between multiple networks. A gateway device can be said to be a connector between different networks, i.e. a device that "negotiates" when data is to be passed from one network to another.
The existing gateway equipment has the advantages of single and fixed distribution of authority of a system administrator. All created system administrators have the same access rights to all web page menus and read-write rights to all modules of the system. Different administrators can read and write the same system module, and can freely change the configuration which is not concerned by the administrators, thereby possibly causing the damage of the network environment. In addition, due to the common access to the system, some network attack behaviors can also simulate the access of a system administrator to perform unauthorized operation on the system, and damage can be caused to the system.
Disclosure of Invention
In view of the above, it is desirable to provide a method, an apparatus and a storage medium for managing rights of a gateway device system administrator, so as to solve the problem of network environment damage caused by relatively single and fixed rights assignment of a network administrator.
The invention provides a gateway equipment system administrator authority management method, which comprises the following steps:
receiving operation input of a user, and creating a plurality of roles according to the operation input of the user, wherein each role has different role attributes, and the role attributes at least comprise authority ranges;
the method comprises the steps of obtaining role selection information input by a user according to the authority of a system administrator, and endowing the system administrator with roles according to the role selection information input by the user, wherein the authority of the system administrator is matched with the role attributes of the roles endowed by the system administrator.
Preferably, in the method for managing the authority of the gateway device system administrator, the authority range at least includes an access range of a web page menu and a read-write authority of access.
Preferably, in the method for managing administrator authority of gateway device system, the operation input at least includes role creation button click information, role naming input information, button click information and/or input information of accessible pages and read-write authorities of accessible pages, and role saving button click information.
Preferably, the method for managing the administrator authority of the gateway device system further includes:
receiving role selection information input by a user according to the authority of a system administrator, and changing or canceling the role of the system administrator according to the role selection information input by the user.
Preferably, the method for managing the administrator authority of the gateway device system further includes:
when a system administrator logs in, the identity of the system administrator is verified, the role attribute of the role corresponding to the system administrator is inquired after the verification is successful, and the page menu is displayed according to the role attribute of the role corresponding to the system administrator.
Preferably, in the method for managing the authority of the gateway device system administrator, the verifying the identity of the system administrator specifically includes:
and verifying whether the user name and the password input by the user are correct.
Preferably, the method for managing the administrator authority of the gateway device system further includes:
when a logged-in system administrator performs read-write operation on a displayed web page menu, inquiring the role attribute of a role corresponding to the system administrator, and judging whether the current system administrator can successfully operate according to the role attribute of the role corresponding to the system administrator.
In a second aspect, the present invention further provides a gateway device system administrator authority management apparatus, including:
the role creating module is used for receiving the operation input of a user and creating a plurality of roles according to the operation input of the user, wherein each role has different role attributes, and the role attributes at least comprise an authority range;
and the role endowing module is used for acquiring role selection information input by a user according to the authority of a system administrator and endowing the system administrator with roles according to the role selection information input by the user, wherein the authority of the system administrator is matched with the role attributes of the roles endowed by the system administrator.
In a third aspect, the present invention further provides a gateway device system administrator right management device, including: a processor and a memory:
the memory has stored thereon a computer readable program executable by the processor;
the processor, when executing the computer readable program, implements the steps in the gateway device system administrator rights management method described above.
In a fourth aspect, the present invention also provides a computer readable storage medium storing one or more programs, which are executable by one or more processors to implement the steps in the gateway device system administrator rights management method as described above.
Compared with the prior art, the method, the device, the equipment and the storage medium for managing the authority of the gateway equipment system administrator provided by the invention have the advantages that different roles are given to network administrators with different authorities by creating a plurality of roles with different authority ranges, and the system administrators with different authorities are bound with the roles with different authority ranges, so that the system administrators can only manage the gateway equipment within the authority ranges, and can not randomly change the configuration which is not concerned, the damage to the network environment is avoided, and the system damage caused when the network attack behavior simulation system administrators access the unauthorized operation of the system is also avoided.
Drawings
Fig. 1 is a flowchart of a method for managing administrator rights of a gateway device system according to a preferred embodiment of the present invention.
Detailed Description
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate preferred embodiments of the invention and together with the description, serve to explain the principles of the invention and not to limit the scope of the invention.
Referring to fig. 1, a method for managing administrator rights of a gateway device system according to an embodiment of the present invention includes the following steps:
s100, receiving operation input of a user, and creating a plurality of roles according to the operation input of the user, wherein each role has different role attributes, and the role attributes at least comprise authority ranges.
In this embodiment, a role exists as an independent object. Each role has different role attributes corresponding to different authority ranges, the role attributes are user-defined, in other words, the role attributes of each role are determined according to operation input of a user, before the roles are allocated to a gateway device system administrator, the user creates a plurality of different roles through the operation input, wherein the authority ranges of each role at least comprise an access range of a web page menu and read-write authority of access, in other words, when the roles are created, the access ranges of the web page menu are allocated to the roles and whether the access has the read-write authority or not, the authority ranges of each role are refined to each page menu, and the roles are bound with the access ranges and the access authorities of the page menus.
Specifically, the operation input at least includes role creation button click information, role naming input information, button click information and/or input information of accessible pages and read-write permissions of the accessible pages, and role saving button click information.
In this embodiment, a user may create roles one by one on a role creation page, and then create a role with a unique role attribute, and in specific implementation, the user first clicks a role creation button, then inputs a role name, and then sets a permission for the role, that is, after selecting or inputting an accessible page of the role and a read-write permission of the accessible page one by one, clicks a role storage button, and thus, creation of the role is achieved. The read-write permission of the accessible page at least comprises read-only, readable and writable. It should be noted that the role attributes of the roles are all different, so when creating a role, if the role attribute of the created role is the same as the role attribute of a certain created role, the user is directly prompted to abandon creation, modify creation, or prompt that creation is unsuccessful.
In a specific embodiment, assuming that the system management web page menu has P1-P6, a role R1 is created in a role creation module, and web pages P1-P3 are allocated to the role R1, wherein P1 is read-only, and P2 and P3 are readable and writable; and (3) creating a role R2, and allocating web pages P4-P6 to the role R2, wherein P4 is read-only, and P5 and P6 are read-writable, namely the creation of 2 different roles is completed.
The embodiment of the invention creates a plurality of roles with different role attributes in a user-defined mode, and has good independent reference flexibility and strong expansibility.
S200, acquiring role selection information input by a user according to the authority of a system administrator, and endowing the system administrator with roles according to the role selection information input by the user, wherein the authority of the system administrator is adapted to the role attributes of the roles endowed by the system administrator.
In this embodiment, in order to enable system administrators with different permissions to have different permissions during operation, the roles created in step S100 are assigned to each system administrator according to the permissions of each system administrator, and the permissions of the role attributes of the roles corresponding to the system administrator are the permissions of the system administrator, so that the roles are bound to the system administrator, and for administrators with the same permission, the roles assigned by system administrators with different permissions are assigned to the same role, and the roles assigned by system administrators with different permissions are different. In one embodiment, the system administrator a and the system administrator B have different authorities, and in order to enable the system administrators a and B to manage the gateway devices within their authority ranges, the system administrator a is assigned a role R1, and the system administrator B is assigned a role R2.
In the embodiment, system administrators with different authorities are bound with roles in different authority ranges, so that the system administrators can only manage gateway devices in the authority ranges, configuration which is not concerned by the system administrators can not be changed randomly, damage to a network environment is avoided, and system damage caused when the network attack behavior simulation system administrators access the system to override the system is also avoided. By means of binding roles and web page menus, system administrators with different roles can effectively isolate system access, and system data which are not in the permission range of the administrators can be prevented from being checked by errors in access.
In a preferred embodiment, the method for managing rights of the gateway device system administrator further includes:
receiving role selection information input by a user according to the authority of a system administrator, and changing or canceling the role of the system administrator according to the role selection information input by the user.
In other words, since the actual authority of the system administrator may change, the embodiment of the present invention may also change or cancel the role of the system administrator according to the authority change of the system administrator, thereby ensuring that the role of the system administrator changes according to the actual authority, facilitating the operation of the system administrator, and further maintaining the network environment.
In a preferred embodiment, the method for managing rights of the gateway device system administrator further includes:
when a system administrator logs in, the identity of the system administrator is verified, the role attribute of the role corresponding to the system administrator is inquired after the verification is successful, and the page menu is displayed according to the role attribute of the role corresponding to the system administrator.
In this embodiment, when a system administrator logs in the system, the authority management module verifies the identity of the system administrator, queries the role attribute of the system administrator, displays the web page menu according to the access range of the web page menu owned by the role, does not provide the web page menu not owned by the role, and realizes page imperceptibility, so that the system administrator can only view the page menu corresponding to the authority of the system administrator.
In a preferred embodiment, the identity of the authentication system administrator is specifically:
and verifying whether the user name and the password input by the user are correct.
In other words, whether the user name and the password input by the user are correct or not is verified, and whether a system administrator can log in or not is further determined, so that the damage to the network environment caused by the access of illegal users is avoided.
In a preferred embodiment, the method for managing rights of the gateway device system administrator further includes:
when a logged-in system administrator performs read-write operation on a displayed web page menu, inquiring the role attribute of a role corresponding to the system administrator, and judging whether the current system administrator can successfully operate according to the role attribute of the role corresponding to the system administrator.
Specifically, if administrator a1 logs in the system, the rights management module checks the role of a1 to know that the role of a1 is R1, and returns the P1-P3 pages to the administrator a1 according to the allocation of R1, at which time a1 can see that pages P1-P3 cannot see P4-P6. When A1 writes to P1, the rights management module checks whether role R1 of A1 has write rights to P1, and if no write rights are available, the operation is denied. When A1 writes to P2 and P3, the authority management module checks whether the role R1 of A1 has write authority to P2 and P3, and the operation is allowed as the result of the check.
When the administrator A2 logs in the system, the authority management module checks the role of A2 to know that the role of A2 is R2, and returns and displays the P4-P6 pages to the administrator A2 according to the distribution condition of R2, and at the moment, the A2 can see that the pages P4-P6 cannot see the P1-P3. When A2 writes to P4, the rights management module checks whether role R2 of A2 has write rights to P4, and if no write rights are available, the operation is denied. When A2 writes to P5 and P6, the authority management module checks whether the role R2 of A2 has write authority to P5 and P6, and the operation is allowed as the result of the check.
In such a case, a1 and a2 do not know each other's existence, nor what is other than the web page menu that they see. The A1 and the A2 are isolated and do not influence each other.
Based on the above method for managing the authority of the gateway device system administrator, the present invention also provides a corresponding apparatus for managing the authority of the gateway device system administrator, which includes:
the role creating module is used for receiving the operation input of a user and creating a plurality of roles according to the operation input of the user, wherein each role has different role attributes, and the role attributes at least comprise an authority range;
and the role endowing module is used for acquiring role selection information input by a user according to the authority of a system administrator and endowing the system administrator with roles according to the role selection information input by the user, wherein the authority of the system administrator is matched with the role attributes of the roles endowed by the system administrator.
Since the above has described the gateway device system administrator authority management method in detail, no further description is given here.
Based on the above method for managing the authority of the gateway device system administrator, the present invention also provides a corresponding apparatus for managing the authority of the gateway device system administrator, which comprises: a processor and a memory;
the memory has stored thereon a computer readable program executable by the processor;
the processor, when executing the computer readable program, implements the steps in the method for managing authority of a gateway device system administrator as described in the embodiments.
Since the above has described the gateway device system administrator authority management method in detail, no further description is given here.
Based on the above method for managing the right of the gateway device system administrator, the present invention also provides a computer-readable storage medium, where one or more programs are stored in the computer-readable storage medium, and the one or more programs can be executed by one or more processors to implement the steps in the method for managing the right of the gateway device system administrator according to the foregoing embodiments.
Since the above has described the gateway device system administrator authority management method in detail, no further description is given here.
In summary, the method, the apparatus, the device and the storage medium for managing the authority of the gateway device system administrator provided by the present invention create a plurality of roles with different authority ranges, give different roles to network administrators with different authorities, and bind the system administrators with different authorities and the roles with different authority ranges, so that the system administrator can only manage the gateway device within the authority range, and cannot randomly change the configuration without concern, thereby avoiding damage to the network environment, and also avoiding system damage caused when the network attack behavior simulates the system administrator to access to override the system.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention.
Claims (10)
1. A method for managing the authority of a gateway equipment system administrator is characterized by comprising the following steps:
receiving operation input of a user, and creating a plurality of roles according to the operation input of the user, wherein each role has different role attributes, and the role attributes at least comprise authority ranges;
the method comprises the steps of obtaining role selection information input by a user according to the authority of a system administrator, and endowing the system administrator with roles according to the role selection information input by the user, wherein the authority of the system administrator is matched with the role attributes of the roles endowed by the system administrator.
2. The gateway device system administrator permission management method of claim 1, wherein the permission range at least comprises an access range of a web page menu and read-write permission of access.
3. The method of claim 1, wherein the operation input at least comprises role creation button click information, role naming input information, accessible page and button click information and/or input information of read/write permissions of accessible pages, and role saving button click information.
4. The gateway device system administrator rights management method of claim 1, further comprising:
receiving role selection information input by a user according to the authority of a system administrator, and changing or canceling the role of the system administrator according to the role selection information input by the user.
5. The gateway device system administrator rights management method of claim 1, further comprising:
when a system administrator logs in, the identity of the system administrator is verified, the role attribute of the role corresponding to the system administrator is inquired after the verification is successful, and the page menu is displayed according to the role attribute of the role corresponding to the system administrator.
6. The method for managing the authority of the gateway device system administrator as claimed in claim 5, wherein the verifying the identity of the system administrator specifically comprises:
and verifying whether the user name and the password input by the user are correct.
7. The gateway device system administrator rights management method of claim 5, further comprising:
when a logged-in system administrator performs read-write operation on a displayed web page menu, inquiring the role attribute of a role corresponding to the system administrator, and judging whether the current system administrator can successfully operate according to the role attribute of the role corresponding to the system administrator.
8. A gateway device system administrator rights management apparatus, comprising:
the role creating module is used for receiving the operation input of a user and creating a plurality of roles according to the operation input of the user, wherein each role has different role attributes, and the role attributes at least comprise an authority range;
and the role endowing module is used for acquiring role selection information input by a user according to the authority of a system administrator and endowing the system administrator with roles according to the role selection information input by the user, wherein the authority of the system administrator is matched with the role attributes of the roles endowed by the system administrator.
9. A gateway device system administrator rights management device, comprising: a processor and a memory:
the memory has stored thereon a computer readable program executable by the processor;
the processor, when executing the computer readable program, performs the steps in the gateway device system administrator rights management method of any of claims 1-7.
10. A computer-readable storage medium, storing one or more programs, the one or more programs being executable by one or more processors for performing the steps in the gateway device system administrator rights management method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110246510.7A CN112866293A (en) | 2021-03-05 | 2021-03-05 | Gateway equipment system administrator authority management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110246510.7A CN112866293A (en) | 2021-03-05 | 2021-03-05 | Gateway equipment system administrator authority management method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112866293A true CN112866293A (en) | 2021-05-28 |
Family
ID=75994084
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110246510.7A Pending CN112866293A (en) | 2021-03-05 | 2021-03-05 | Gateway equipment system administrator authority management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112866293A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102402663A (en) * | 2011-12-01 | 2012-04-04 | 浪潮电子信息产业股份有限公司 | Method for customizing role authorization in management information system |
| US20140223512A1 (en) * | 2013-02-04 | 2014-08-07 | Ricoh Company, Ltd. | Customizing security role in device management system, apparatus and method |
| WO2017143975A1 (en) * | 2016-02-23 | 2017-08-31 | 中兴通讯股份有限公司 | Access control method and platform |
| CN108111495A (en) * | 2017-12-13 | 2018-06-01 | 郑州云海信息技术有限公司 | A kind of authority control method and device |
| CN110138785A (en) * | 2019-05-16 | 2019-08-16 | 重庆八戒电子商务有限公司 | A kind of processing method of document access authority, device, medium and electronic equipment |
| CN112187728A (en) * | 2020-09-08 | 2021-01-05 | 灵犀科技有限公司 | Gateway proxy management method and device based on unified user permission |
| CN112187748A (en) * | 2020-09-15 | 2021-01-05 | 中信银行股份有限公司 | Cross-network access control management method and device and electronic equipment |
| CN112383534A (en) * | 2020-11-10 | 2021-02-19 | 苏州思必驰信息科技有限公司 | Data access authority control method and device |
-
2021
- 2021-03-05 CN CN202110246510.7A patent/CN112866293A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102402663A (en) * | 2011-12-01 | 2012-04-04 | 浪潮电子信息产业股份有限公司 | Method for customizing role authorization in management information system |
| US20140223512A1 (en) * | 2013-02-04 | 2014-08-07 | Ricoh Company, Ltd. | Customizing security role in device management system, apparatus and method |
| WO2017143975A1 (en) * | 2016-02-23 | 2017-08-31 | 中兴通讯股份有限公司 | Access control method and platform |
| CN108111495A (en) * | 2017-12-13 | 2018-06-01 | 郑州云海信息技术有限公司 | A kind of authority control method and device |
| CN110138785A (en) * | 2019-05-16 | 2019-08-16 | 重庆八戒电子商务有限公司 | A kind of processing method of document access authority, device, medium and electronic equipment |
| CN112187728A (en) * | 2020-09-08 | 2021-01-05 | 灵犀科技有限公司 | Gateway proxy management method and device based on unified user permission |
| CN112187748A (en) * | 2020-09-15 | 2021-01-05 | 中信银行股份有限公司 | Cross-network access control management method and device and electronic equipment |
| CN112383534A (en) * | 2020-11-10 | 2021-02-19 | 苏州思必驰信息科技有限公司 | Data access authority control method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2523113C1 (en) | System and method for target installation of configured software | |
| JP3965020B2 (en) | Intelligent trust management system | |
| US9420006B2 (en) | Method and system for managing security policies | |
| US7320141B2 (en) | Method and system for server support for pluggable authorization systems | |
| US8474012B2 (en) | Progressive consent | |
| US20090205018A1 (en) | Method and system for the specification and enforcement of arbitrary attribute-based access control policies | |
| US6678682B1 (en) | Method, system, and software for enterprise access management control | |
| CN109829286B (en) | User authority management system and method for WEB application | |
| US20190342143A1 (en) | Autonomous management of resources by an administrative node network | |
| US9473499B2 (en) | Federated role provisioning | |
| CN113297550A (en) | Authority control method, device, equipment, storage medium and program product | |
| KR20060049122A (en) | Securing lightweight directory access protocol traffic | |
| CN110138767B (en) | Transaction request processing method, device, equipment and storage medium | |
| CN105095788A (en) | Method, device and system for private data protection | |
| CN112019543A (en) | Multi-tenant permission system based on BRAC model | |
| WO2022046225A1 (en) | Automated code analysis tool | |
| JP4342242B2 (en) | Secure file sharing method and apparatus | |
| CN112866293A (en) | Gateway equipment system administrator authority management method and device | |
| Nagarajan et al. | Trust management for trusted computing platforms in web services | |
| CN109359450A (en) | Safety access method, device, equipment and the storage medium of linux system | |
| US11586746B2 (en) | Integration management of applications | |
| US20080065899A1 (en) | Variable Expressions in Security Assertions | |
| KR20210027038A (en) | Proxy apparatus and method for processing information executed on proxy apparatus | |
| CN112417403A (en) | Automatic system authentication and authorization processing method based on GitLab API | |
| CN112823501A (en) | System and method for determining data connections between software applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210528 |
|
| RJ01 | Rejection of invention patent application after publication |