CN102968599A - User-defined access control system and method based on resource publisher - Google Patents
User-defined access control system and method based on resource publisher Download PDFInfo
- Publication number
- CN102968599A CN102968599A CN2012104132890A CN201210413289A CN102968599A CN 102968599 A CN102968599 A CN 102968599A CN 2012104132890 A CN2012104132890 A CN 2012104132890A CN 201210413289 A CN201210413289 A CN 201210413289A CN 102968599 A CN102968599 A CN 102968599A
- Authority
- CN
- China
- Prior art keywords
- role
- resource
- access control
- user
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a user-defined access control system and method based on a resource publisher. The system comprise an access control interface module, a role-resource mapping rule management module, a user-role mapping rule management module, an authority judgment module and a role authority management module, wherein the access control interface module is used for providing a configuration and query interface relevant to the access control; the role-resource mapping rule management module is used for a mapping rule between a management role and the resource; the access control interface module is used for receiving an association rule between a specific-format role and the resource and storing the association rule to an access control database; the user-role mapping rule management module is used for managing an association rule between a user and the role; the access control interface module is used for receiving an association rule between a specific-format user and the role and storing the association rule to the access control database; the authority judgment module is used for judging the access authority of the user by accessing a mapping rule stored in the access control database according to the authority judgment request of the user; and the role authority management module is used for creating a management role and appointing the access authority to the resource associated with the role.
Description
Technical field
The present invention relates to communication field, relate in particular to the resource publisher can customize in a kind of resources open operation system fine granularity access control system and method.
Background technology
Access control refers to allow or forbid the ability of certain certain object of principal access.In computer system; access control refers to limit the main body (promoter of access; be generally the user; process; use etc.) to the access rights of object (can be accessed to and need protected resource or resource collection), thus the ability that computer system is used in legal range.Access control mechanisms has determined which main body can access system, which kind of resource that can access system and how to use these resources.
Existing access control mechanisms mainly contains: autonomous access control, force access control, based on role's access control method (RBAC), based on user's access control method (UBAC), based on the access control method (TBAC) of task, based on the access control method (ABAC) of attribute etc.Based on these basic access control models, people according to the demand of concrete operation system, have realized many different access control systems again.
Wherein the access control method (RBAC) based on the role is present widely used access control model.In access control, introduced role's concept, all authorities are authorized the role rather than directly given the user, access control just minute is associated with the role and user's two parts that are associated with the role for authority like this, make the role as the Agent layer of a user and authority, thus decoupling zero authority and user's relation.---the mapping relations between the definition of these several set of role's---authority-----object and set that RBAC has different versions, but basically, the RBAC access control can be abstracted into: the user.
Many and the operation system tight coupling of current access control model, thus the mapping between the definition of respectively gathering in the RBAC model and set is all carried out abstract according to the specific transactions system and optimization, lacks universality.For example, in a resources open operation system, the resource that each Resource Owner can they have by open system, the application of different application developer exploitations can utilize the different business of these resource constructions.In such resources open operation system, may comprise the demand of access control:
1, satisfies simultaneously the access control function of application-specific scene and open service system.
2, according to the possessory resources open wish of different resource, by its self-defined flexibly digital right management scheme, satisfy coarseness and fine-grained access control.
3, the access control under the open service environment needs towards the public user, need to carry out the role-security definition under the condition of user's the unknown, and realizes rights management in conjunction with the attribute information of role definition and access resources.
4, the design philosophy of the WEB framework of resourceoriented is centered by resource rather than take action, task as the access control model of the main heart.
But current access control model is difficult to satisfy simultaneously above all requirements of resources open operation system.
Summary of the invention
It is a kind of based on the self-defining access control system of resource publisher and method that the technical issues that need to address of the present invention are to provide, when being applied to customer-centric, the users such as ubiquitous network, WEB2.0 and participating in resource sharing and the professional open service system that generates to overcome existing access control system, resource can't independently be formulated the problem of the varigrained access control rule of resourceoriented.
For solving the problems of the technologies described above, the invention provides a kind ofly based on the self-defining access control system of resource publisher, be applied to comprise in the resources open operation system:
The access control interface module is used for providing configuration and the query interface relevant with access control;
Role-resource mapping rules administration module, be used for the correlation rule between role of manager and the resource, receive the correlation rule between the role-resource of specific format by described access control interface module, and described role-resource correlation rule is stored to the access control database;
User-role's mapping ruler administration module, be used for the correlation rule between leading subscriber and the role, receive the correlation rule between the user-role of specific format by described access control interface module, and with described user-role association rale store to the access control database;
The authority judge module is used for judging request according to user's authority, by accessing the rule judgment user's who stores in the described access control database access rights;
The role-security administration module is used for role of manager's establishment, is the associated resource assignment access rights of role.
The present invention and then provide a kind of based on the self-defining access control method of resource publisher is applied to comprise in the resources open operation system:
The access control interface is provided, and this access control interface is configuration and the query interface relevant with access control;
Correlation rule between role of manager and the resource receives the correlation rule between the role-resource of specific format by described access control interface, and described role-resource correlation rule is stored to the access control database;
Correlation rule between leading subscriber and the role receives the correlation rule between the user-role of specific format by described access control interface, and with described user-role association rale store to the access control database;
Authority according to the user is judged request, by accessing the rule judgment user's who stores in the described access control database access rights;
Role of manager's establishment is the associated resource assignment access rights of role.
According to technical scheme of the present invention, resource publisher can realize the varigrained access control of resourceoriented in the resources open operation system, content, the element number of role, authority, resource object set can customize, mapping relations between user, role, authority, object set can customize, thereby make the user can customize the access control rule of supporting any refinement granularity; And can support various open service environment, support multiple open mode, support the loose coupling of user role and operation system, role when making the user in different business even in same business and realizing different resource-accessing is switched flexibly, has strengthened the performance expansion demand of access control system.
Description of drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, consists of the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not consist of improper restriction of the present invention.In the accompanying drawings:
Fig. 1 is according to the described structured flowchart based on the self-defining access control system of resource publisher of the embodiment of the invention;
Fig. 2 is according to the described process flow diagram based on the self-defining access control method of resource publisher of the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
According to embodiments of the invention, provide a kind of based on the self-defining access control system of resource publisher.
Fig. 1 is the structured flowchart based on the self-defining access control system of resource publisher according to the embodiment of the invention, as shown in Figure 1, comprise: access control interface module 101, role-resource mapping rules administration module 102, user-role's mapping ruler administration module 103, authority judge module 104 and role-security administration module 105, the below describes the structure of each module in detail.
Access control interface module 101 is used for providing configuration and the query interface relevant with access control;
Role-resource mapping rules administration module 102, be used for the correlation rule between role of manager and the resource, receive the correlation rule between the role-resource of specific format by described access control interface module, and described role-resource correlation rule is stored to the access control database;
User-role's mapping ruler administration module 103, be used for the correlation rule between leading subscriber and the role, receive the correlation rule between the user-role of specific format by described access control interface module, and with described user-role association rale store to the access control database;
Authority judge module 104 is used for judging request according to user's authority, by accessing the rule judgment user's who stores in the described access control database access rights;
Role-security administration module 105 is used for role of manager's establishment, is the associated resource assignment access rights of role.
In addition, can also comprise:
Resource publisher's defined interface presents module 106, is used for providing the interface that concerns configuration authority, definition role with the maintenance resources publisher according to the user profile of its SNS and good friend and distribute the role.
According to above-described embodiment, the publisher defines Role and privilege by resource, carries out role's mapping according to resource access person's SNS information, thereby determines the resource access authority.
Described authority judge module is further used for: the authority according to the user is judged request, by accessing the rule of storing in the described access control database, calling resource data interface module and SNS(SocialNetworking Services, social network services) data interface module judges user's authority; Wherein: described resource data interface module is used for providing the attribute information of various resources; Described SNS data interface module is used for being responsible for providing user's social prototype and social networks.
Described role-security administration module 105 can also be further used for setting up the role according to described resource publisher's request, and determines the resource that the role is associated according to described role-resource correlation rule, and the authority of assign visited resource.
So, autonomous definition and configuration to resource and authority by the resource publisher can realize the varigrained access control of resourceoriented.
Resource of the present invention, include but not limited to the various kinds of equipment (gateway, sensor, intelligent terminal, embedded device etc.) that the user shares in the open service system, equipment self storage, computing power, and the equipment Various types of data that generates, collect etc.The publisher of resource should be able to register having resource and upload in system, and offers other users access by open system and call.Generally speaking, the resource publisher is resource owner.
Equipment or resource publisher's is self-defined, refer to can to own resource that have or that obtain the authorization according to Resource Properties read, write, the authority setting such as deletion, the multiple authority of a plurality of resources is arbitrarily made with the role, so with the role in many ways (such as social networks SNS good friend relation, user property etc.) distribute to other users in the open service system.
Described varigrained access control refers to the granularity of the access control of resource object is not done restriction, and application or resource publisher can refine to concrete resource aspect with control law according to the user security demand.In the fine granularity access control, role, permissions mapping are not unique, and role's set, authority set also are definable, and resource publisher can be according to Resource Properties, and at any time definition is authority and role how arbitrarily.
According to embodiments of the invention, also provide a kind of based on the self-defining access control method of resource publisher.
Fig. 2 is the process flow diagram based on the self-defining access control method of resource publisher according to the embodiment of the invention, as shown in Figure 2, comprising:
Step S201 provides the access control interface, and this access control interface is configuration and the query interface relevant with access control;
Step S202, the correlation rule between role of manager and the resource receives the correlation rule between the role-resource of specific format by described access control interface, and described role-resource correlation rule is stored to the access control database;
Step S203, the correlation rule between leading subscriber and the role receives the correlation rule between the user-role of specific format by described access control interface, and with described user-role association rale store to the access control database;
Step S204 judges request according to user's authority, by accessing the rule judgment user's who stores in the described access control database access rights;
Step S205, role of manager's establishment is the associated resource assignment access rights of role.
In addition, according to embodiments of the invention, also comprise: the interface that concerns configuration authority, definition role and distribution role with the maintenance resources publisher according to the user profile among its SNS and good friend is provided.
Step S204 specifically comprises: the authority according to the user is judged request, by accessing the rule of storing in the described access control database, calls the authority that resource data interface and SNS data-interface are judged the user; Wherein: described resource data interface is used for providing the attribute information of various resources; Described SNS data-interface is used for being responsible for providing user's social prototype and social networks.
Step S205 specifically comprises: the role is set up in the request according to described resource publisher, and determines the resource that the role is associated according to described role-resource correlation rule, and the authority of assign visited resource.
And described access control database is stored described role-resource correlation rule and described user-role association rule.
Below in conjunction with a specific embodiment authority layoutprocedure of the present invention is described.
At first, user 1 is as the equipment owner, upload institute when having equipment (take the light switch controller as example) to open platform, the standard x ML format description device name that provides according to platform uploading device specification documents, resource name that equipment comprises, comprise the device descriptive information such as the operation that resource can carry out (read-only, only write, readable writing), resource location information, also with " owner " field, requiring to be somebody's turn to do " owner " field should be consistent with the user name of user 1 in platform in the descriptor.Wherein, resource name--operation that resource can be carried out can be: the control of electric light ON/OFF--readable writing, electric light brightness regulation--readable writing.
Then, user 1 sends the uploading device request to platform, and sends this XML device description document after configuration is finished.
After platform is received the uploading device request, resolve this XML document, and the resource that comprises for equipment carries out URI and distribute, comprising: the electric light ON/OFF is controlled to be URI1, and the light switch brightness regulation is URI2, then unifies storage in platform database.
User 1 can select equipment control after utilizing the username and password landing platform page.The page presents the Resources list that user 1 has, and comprises URI1, URI2, and descriptor of each resource, the operation that can carry out etc.
User 1 is self-defined role name " power user " in device management pages, and choose that URI1 is readable to be write, URI2 is readable to be write, and with newly-built role and corresponding authority write into Databasce, namely finishes and gives " power user " process of authority that the role possesses after click is preserved.In like manner, the user can continue self-defined role name " general user ", and it is read-only to choose URI1, and URI2 is read-only, namely gives general user's corresponding authority after the preservation.The like, the user can and give any granularity authority according to the self-defined any role of hobby.
After finishing role-authority configuration, user 1 enters and distributes role's page.The page will show user 1 defined role and separately authority, other users of platform, will show buddy list etc. as considering the SNS system.User 1 can select manually to input the mode of user name, one by one carry out role assignments; Also can by choosing user's mode, carry out role assignments; Can also pass through group's mode, all be Beijing University of Post ﹠ Telecommunication etc. such as all good friends or school, carries out role assignments.
Suppose that user 1 distributes to sam " power user " role, distributes to jeff " general user " role.
Each configuration finishes, and after the user preserves operation, platform will call API, with the above results write into Databasce.
When the equipment owner has the situation of a plurality of equipment, for example supposing that user 1 is the owner of light switch controller, also is the owner of temperature sensor, if after two equipment are all uploaded, dispose simultaneously again the resource of two equipment, then dispose authority, role method is the same.
If first the light switch controller has been finished configuration, then in configuration during temperature sensor, both can be by existing role having been increased the mode of authority; Also can finish configuration by newly-increased role's mode.
By above-mentioned layoutprocedure, can realize the access control to resource, for example:
Mode one, the direct access resources of user
Scene 1:
1) the Sam landing platform page is clicked the platform device option, will see platform armamentarium information; Simultaneously, also can check by the platform page armamentarium information of Internet access.
2) Sam selects this equipment of light switch controller, can see the resource information that the light switch controller has, i.e. electric light ON/OFF control and electric light brightness regulation.
3) Sam selects " turning on light ", and platform utilizes user name and resource URI1, and Query Database finds that sam has authority, then smooth complete operation.
4) in like manner, jeff selects " turning on light ", and platform utilizes jeff user name and resource URI1 Query Database, finds that jeff haves no right operation and then returns " sorry, you have no right to carry out this operation ".But jeff has authority to check the open/close state of lamp, and the monochrome information of lamp.
Scene 2: if another equipment--temperature regulator is arranged in the platform, the owner of this temperature regulator is user 2, and user 2 is by self-defined layoutprocedure, give the sam role of " normal ", authority is read-only certificate, gives the jeff role of " top ", and authority is readable writing.
1) Sam selects this equipment of temperature regulator, and when sam carried out Adjustment operation to temperature regulator, platform is Query Database as stated above, and returns the sam prompting of " having no right to carry out this operation "; But sam can read temperature.
2) Jeff access control flow process is the same.
By above-mentioned contrast as seen, same user sam has different Role and privileges for the distinct device owner's (user 1, user 2) resource.And the different equipment owners is separate to the process of sam type ascribed role and authority, and the renewal of Role and privilege is only effective to the possessory resource of same equipment, on the possessory resource access of other equipment without impact.
Mode two: the user is by the platform application access resources
Because platform is an open platform, any user both may be owner, generic access person, also can be application developer.The developer can be based on the platform opening API, by integrating the colourful application of all kinds of developments of resources.Use the temperature data that can utilize temperature sensor to gather such as drcssing index, the classification of wearing the clothes is recommended.The user might be direct access platform resource, and by using the dereference resource.In this case:
The owner who supposes temperature sensor is user 3, comprises two resources: temperature data--read-only; Temperature sensor switch control--readable writing.User 3 and give the sam role of " domestic consumer " by said process, this role has the authority of the temperature read.
When sam access drcssing index was used, platform will be inquired about it according to the temperature data URI of the user name of sam and temperature sensor lack of competence.Because sam has authority, then returns sam drcssing index information.
As seen, the user when the platform application access resources, access control with use irrelevant, or according to the resource publisher to the configuration result of " user-role-resource " control that conducts interviews.
This shows, the present invention has not only realized being can customize by the resource publisher role of any granularity or quantity, and can customize the user to role's mapping, can be the authority that defined role assigns any granularity, support simultaneously various open service environment, support the loose coupling of user role and operation system, make the user in similar and different business, can switch flexibly the role during to different resource-accessing, strengthened the performance expansion demand of access control system, made the concrete user who uses of resource publisher and exploitation can utilize structure of the present invention to realize the access control rule of controlling oneself.
The above is embodiments of the invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within the claim scope of the present invention.
Claims (10)
1. one kind based on the self-defining access control system of resource publisher, be applied in the resources open operation system, resource publisher is according to the fine granularity rules of competence of its social network services SNS user profile and the self-defined role's mapping ruler of social networks and the resource of issuing, it is characterized in that described system comprises:
The access control interface module is used for providing configuration and the query interface relevant with access control;
Role-resource mapping rules administration module, be used for the correlation rule between role of manager and the resource, receive the correlation rule between the role-resource of specific format by described access control interface module, and described role-resource correlation rule is stored to the access control database;
User-role's mapping ruler administration module, be used for the correlation rule between leading subscriber and the role, receive the correlation rule between the user-role of specific format by described access control interface module, and with described user-role association rale store to the access control database;
The authority judge module is used for judging request according to user's authority, by accessing the rule judgment user's who stores in the described access control database access rights;
The role-security administration module is used for role of manager's establishment, is the associated resource assignment access rights of role.
2. system according to claim 1 is characterized in that, also comprises:
Resource publisher's defined interface presents module, is used for providing the interface that concerns configuration authority, definition role with the maintenance resources publisher according to the user profile of its SNS and good friend and distribute the role.
3. system according to claim 1, it is characterized in that, described authority judge module is further used for: the authority according to the user is judged request, by accessing the rule of storing in the described access control database, call the authority that resource data interface module and SNS data interface module are judged the user;
Wherein:
Described resource data interface module is used for providing the attribute information of various resources;
Described SNS data interface module is used for being responsible for providing user's social prototype and social networks.
4. system according to claim 1, it is characterized in that, described role-security administration module is further used for: the role is set up in the request according to described resource publisher, and determines the resource that the role is associated according to described role-resource correlation rule, and the authority of assign visited resource.
5. system according to claim 1 is characterized in that, also comprises:
Described access control database is stored described role-resource correlation rule and described user-role association rule.
6. one kind based on the self-defining access control method of resource publisher, is applied to it is characterized in that in the resources open operation system, comprising:
The access control interface is provided, and this access control interface is configuration and the query interface relevant with access control;
Correlation rule between role of manager and the resource receives the correlation rule between the role-resource of specific format by described access control interface, and described role-resource correlation rule is stored to the access control database;
Correlation rule between leading subscriber and the role receives the correlation rule between the user-role of specific format by described access control interface, and with described user-role association rale store to the access control database;
Authority according to the user is judged request, by accessing the rule judgment user's who stores in the described access control database access rights;
Role of manager's establishment is the associated resource assignment access rights of role.
7. method according to claim 6 is characterized in that, also comprises:
The interface that concerns configuration authority, definition role and distribution role with the maintenance resources publisher according to the user profile among its SNS and good friend is provided.
8. method according to claim 6 is characterized in that, described authority according to the user is judged request, and the step of the access rights by accessing the rule judgment user who stores in the described access control database comprises:
Authority according to the user is judged request, by accessing the rule of storing in the described access control database, calls the authority that resource data interface and SNS data-interface are judged the user;
Wherein:
Described resource data interface is used for providing the attribute information of various resources;
Described SNS data-interface is used for being responsible for providing user's social prototype and social networks.
9. method according to claim 6 is characterized in that, described role of manager's establishment, for the step of the associated resource assignment access rights of role comprises:
The role is set up in request according to described resource publisher, and determines the resource that the role is associated according to described role-resource correlation rule, and the authority of assign visited resource.
10. method according to claim 6 is characterized in that, described access control database is stored described role-resource correlation rule and described user-role association rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210413289.0A CN102968599B (en) | 2012-10-25 | 2012-10-25 | Based on the self-defining access control system of resource publisher and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210413289.0A CN102968599B (en) | 2012-10-25 | 2012-10-25 | Based on the self-defining access control system of resource publisher and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102968599A true CN102968599A (en) | 2013-03-13 |
| CN102968599B CN102968599B (en) | 2016-05-04 |
Family
ID=47798735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210413289.0A Expired - Fee Related CN102968599B (en) | 2012-10-25 | 2012-10-25 | Based on the self-defining access control system of resource publisher and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102968599B (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104063636A (en) * | 2013-03-22 | 2014-09-24 | 鸿富锦精密工业(深圳)有限公司 | Role permission control method and system |
| CN104301315A (en) * | 2014-09-30 | 2015-01-21 | 腾讯科技(深圳)有限公司 | Method and device for limiting information access |
| CN104504343A (en) * | 2014-12-05 | 2015-04-08 | 国云科技股份有限公司 | Authority control method base on resource granularity |
| CN104579726A (en) * | 2013-10-16 | 2015-04-29 | 航天信息股份有限公司 | Method and device for managing network resource use permission of user |
| CN105474591A (en) * | 2013-07-29 | 2016-04-06 | 微软技术许可有限责任公司 | Content distribution using social relationships |
| CN105550590A (en) * | 2015-09-09 | 2016-05-04 | 上海赞越软件服务中心 | Role-based access control mechanism |
| CN105718817A (en) * | 2016-01-22 | 2016-06-29 | 合肥工业大学 | Data safety exchange system and method based on authority mapping |
| CN105827564A (en) * | 2015-01-04 | 2016-08-03 | 中国移动通信集团安徽有限公司 | Information management method and information management system |
| CN106096976A (en) * | 2016-06-03 | 2016-11-09 | 成都镜杰科技有限责任公司 | Small business's client relation management method |
| CN106778299A (en) * | 2016-12-01 | 2017-05-31 | 同方知网(北京)技术有限公司 | A kind of multiple users concurrent processing system |
| CN107104931A (en) * | 2016-02-23 | 2017-08-29 | 中兴通讯股份有限公司 | A kind of access control method and platform |
| CN107707572A (en) * | 2017-11-21 | 2018-02-16 | 国云科技股份有限公司 | A kind of WEB safety access control methods of based role |
| CN108009431A (en) * | 2017-10-24 | 2018-05-08 | 广东康美通信息服务有限公司 | A kind of merchant store fronts management system, method and storage medium |
| CN108304732A (en) * | 2017-12-22 | 2018-07-20 | 石化盈科信息技术有限责任公司 | A kind of method and system for refining data library permission |
| CN109254951A (en) * | 2018-08-22 | 2019-01-22 | 北京知金链网络技术有限公司 | A kind of method and apparatus that the card customized deposit system of platform is deposited based on block chain |
| CN110245499A (en) * | 2019-05-08 | 2019-09-17 | 深圳丝路天地电子商务有限公司 | Web application rights management method and system |
| CN110414257A (en) * | 2018-04-26 | 2019-11-05 | 中移(苏州)软件技术有限公司 | A kind of data access method and server |
| CN111062028A (en) * | 2019-12-13 | 2020-04-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
| CN111264050A (en) * | 2017-10-23 | 2020-06-09 | 瑞典爱立信有限公司 | Limited access interface for dynamic deployment of computing resources |
| CN111400681A (en) * | 2020-04-07 | 2020-07-10 | 杭州指令集智能科技有限公司 | Data permission processing method, device and equipment |
| CN111488595A (en) * | 2020-03-27 | 2020-08-04 | 腾讯科技(深圳)有限公司 | Method for realizing authority control and related equipment |
| CN111753340A (en) * | 2020-05-18 | 2020-10-09 | 贵州电网有限责任公司 | USB interface information security prevention and control method and system |
| CN112231720A (en) * | 2020-09-18 | 2021-01-15 | 苏州浪潮智能科技有限公司 | Positioning method for forced access control rule hiding formulator |
| CN112307446A (en) * | 2020-10-30 | 2021-02-02 | 杭州当虹科技股份有限公司 | User authority verification method based on application platform |
| CN113379300A (en) * | 2021-06-29 | 2021-09-10 | 浪潮通用软件有限公司 | Method, device and medium for dynamically configuring data authority control granularity |
| CN113590118A (en) * | 2021-07-23 | 2021-11-02 | 南京赛宁信息技术有限公司 | Resource authority control device and method based on DRF framework |
| CN113742743A (en) * | 2021-07-23 | 2021-12-03 | 苏州浪潮智能科技有限公司 | LDAP-based data encryption access control method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN101321064A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | Information system access control method and apparatus based on digital certificate technique |
| CN101350722A (en) * | 2008-07-24 | 2009-01-21 | 上海众恒信息产业有限公司 | Apparatus and method for controlling data security of information system |
| CN101729403A (en) * | 2009-12-10 | 2010-06-09 | 上海电机学院 | Access control method based on attribute and rule |
| CN102004867A (en) * | 2009-09-01 | 2011-04-06 | 上海杉达学院 | Method and device for authorizing user roles in information system |
-
2012
- 2012-10-25 CN CN201210413289.0A patent/CN102968599B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN101321064A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | Information system access control method and apparatus based on digital certificate technique |
| CN101350722A (en) * | 2008-07-24 | 2009-01-21 | 上海众恒信息产业有限公司 | Apparatus and method for controlling data security of information system |
| CN102004867A (en) * | 2009-09-01 | 2011-04-06 | 上海杉达学院 | Method and device for authorizing user roles in information system |
| CN101729403A (en) * | 2009-12-10 | 2010-06-09 | 上海电机学院 | Access control method based on attribute and rule |
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104063636A (en) * | 2013-03-22 | 2014-09-24 | 鸿富锦精密工业(深圳)有限公司 | Role permission control method and system |
| CN105474591A (en) * | 2013-07-29 | 2016-04-06 | 微软技术许可有限责任公司 | Content distribution using social relationships |
| CN104579726A (en) * | 2013-10-16 | 2015-04-29 | 航天信息股份有限公司 | Method and device for managing network resource use permission of user |
| CN104301315A (en) * | 2014-09-30 | 2015-01-21 | 腾讯科技(深圳)有限公司 | Method and device for limiting information access |
| CN104504343A (en) * | 2014-12-05 | 2015-04-08 | 国云科技股份有限公司 | Authority control method base on resource granularity |
| CN105827564A (en) * | 2015-01-04 | 2016-08-03 | 中国移动通信集团安徽有限公司 | Information management method and information management system |
| CN105827564B (en) * | 2015-01-04 | 2019-10-29 | 中国移动通信集团安徽有限公司 | A kind of approaches to IM and system |
| CN105550590A (en) * | 2015-09-09 | 2016-05-04 | 上海赞越软件服务中心 | Role-based access control mechanism |
| CN105718817B (en) * | 2016-01-22 | 2018-05-18 | 合肥工业大学 | A kind of data safety exchange system and method based on permissions mapping |
| CN105718817A (en) * | 2016-01-22 | 2016-06-29 | 合肥工业大学 | Data safety exchange system and method based on authority mapping |
| CN107104931A (en) * | 2016-02-23 | 2017-08-29 | 中兴通讯股份有限公司 | A kind of access control method and platform |
| CN106096976A (en) * | 2016-06-03 | 2016-11-09 | 成都镜杰科技有限责任公司 | Small business's client relation management method |
| CN106778299A (en) * | 2016-12-01 | 2017-05-31 | 同方知网(北京)技术有限公司 | A kind of multiple users concurrent processing system |
| CN111264050B (en) * | 2017-10-23 | 2023-10-24 | 瑞典爱立信有限公司 | Dynamically deployed limited access interface for computing resources |
| US11665167B2 (en) | 2017-10-23 | 2023-05-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Dynamically deployed limited access interface to computational resources |
| CN111264050A (en) * | 2017-10-23 | 2020-06-09 | 瑞典爱立信有限公司 | Limited access interface for dynamic deployment of computing resources |
| CN108009431A (en) * | 2017-10-24 | 2018-05-08 | 广东康美通信息服务有限公司 | A kind of merchant store fronts management system, method and storage medium |
| CN107707572A (en) * | 2017-11-21 | 2018-02-16 | 国云科技股份有限公司 | A kind of WEB safety access control methods of based role |
| CN108304732A (en) * | 2017-12-22 | 2018-07-20 | 石化盈科信息技术有限责任公司 | A kind of method and system for refining data library permission |
| CN110414257A (en) * | 2018-04-26 | 2019-11-05 | 中移(苏州)软件技术有限公司 | A kind of data access method and server |
| CN109254951A (en) * | 2018-08-22 | 2019-01-22 | 北京知金链网络技术有限公司 | A kind of method and apparatus that the card customized deposit system of platform is deposited based on block chain |
| CN110245499A (en) * | 2019-05-08 | 2019-09-17 | 深圳丝路天地电子商务有限公司 | Web application rights management method and system |
| CN111062028A (en) * | 2019-12-13 | 2020-04-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
| CN111062028B (en) * | 2019-12-13 | 2023-11-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
| CN111488595B (en) * | 2020-03-27 | 2023-03-28 | 腾讯科技(深圳)有限公司 | Method for realizing authority control and related equipment |
| CN111488595A (en) * | 2020-03-27 | 2020-08-04 | 腾讯科技(深圳)有限公司 | Method for realizing authority control and related equipment |
| CN111400681A (en) * | 2020-04-07 | 2020-07-10 | 杭州指令集智能科技有限公司 | Data permission processing method, device and equipment |
| CN111400681B (en) * | 2020-04-07 | 2023-09-12 | 杭州指令集智能科技有限公司 | Data authority processing method, device and equipment |
| CN111753340A (en) * | 2020-05-18 | 2020-10-09 | 贵州电网有限责任公司 | USB interface information security prevention and control method and system |
| CN111753340B (en) * | 2020-05-18 | 2023-07-18 | 贵州电网有限责任公司 | USB interface information security prevention and control method and system |
| CN112231720A (en) * | 2020-09-18 | 2021-01-15 | 苏州浪潮智能科技有限公司 | Positioning method for forced access control rule hiding formulator |
| CN112231720B (en) * | 2020-09-18 | 2022-11-22 | 苏州浪潮智能科技有限公司 | Positioning method for forced access control rule hiding formulator |
| CN112307446A (en) * | 2020-10-30 | 2021-02-02 | 杭州当虹科技股份有限公司 | User authority verification method based on application platform |
| CN113379300B (en) * | 2021-06-29 | 2023-04-25 | 浪潮通用软件有限公司 | Method, equipment and medium for dynamically configuring data authority control granularity |
| CN113379300A (en) * | 2021-06-29 | 2021-09-10 | 浪潮通用软件有限公司 | Method, device and medium for dynamically configuring data authority control granularity |
| CN113742743A (en) * | 2021-07-23 | 2021-12-03 | 苏州浪潮智能科技有限公司 | LDAP-based data encryption access control method and system |
| CN113742743B (en) * | 2021-07-23 | 2023-08-08 | 苏州浪潮智能科技有限公司 | LDAP-based data encryption access control method and system |
| CN113590118A (en) * | 2021-07-23 | 2021-11-02 | 南京赛宁信息技术有限公司 | Resource authority control device and method based on DRF framework |
| CN113590118B (en) * | 2021-07-23 | 2024-02-09 | 南京赛宁信息技术有限公司 | Resource authority control device and method based on DRF framework |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102968599B (en) | 2016-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102968599A (en) | User-defined access control system and method based on resource publisher | |
| CN104573478B (en) | A kind of user authority management system of Web applications | |
| US8850041B2 (en) | Role based delegated administration model | |
| US9047462B2 (en) | Computer account management system and realizing method thereof | |
| CN101631116B (en) | Distributed dual-license and access control method and system | |
| RU2598324C2 (en) | Means of controlling access to online service using conventional catalogue features | |
| CN110086783B (en) | Multi-account management method and device, electronic equipment and storage medium | |
| CN105046146B (en) | A kind of resource access method of Android system | |
| CN112182619A (en) | Service processing method and system based on user permission, electronic device and medium | |
| US20120246738A1 (en) | Resource Sharing and Isolation in Role Based Access | |
| Rajpoot et al. | Integrating attributes into role-based access control | |
| CN101729403A (en) | Access control method based on attribute and rule | |
| US20100306393A1 (en) | External access and partner delegation | |
| CN102999730A (en) | Securing data usage in computing devices | |
| CN102724221A (en) | Enterprise information system using cloud computing and method for setting user authority thereof | |
| CN105051749A (en) | Policy based data protection | |
| CN101573691A (en) | Time based permissioning | |
| CN105871914A (en) | Customer-relationship-management-system access control method | |
| CN103049684A (en) | Data authority control method and data authority control system based on RBAC (role-based access control) model extension | |
| CN106936765B (en) | A kind of terminal side privacy of user guard method of web service application | |
| CN112532632A (en) | Resource allocation method and device for multi-level cloud platform and computer equipment | |
| CN104376272A (en) | Cloud computing enterprise information system and user right setting method thereof | |
| CN103049707B (en) | A kind of interception of the gps data based on Android platform control method | |
| CN104217146A (en) | Access control method based on ABAC (Attribute Based Access Control) and RBAC (Role Based Access Control) | |
| CN103793635A (en) | Multi-level menu permission establishing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160504 Termination date: 20211025 |