CN103078859A - Service system authority management method, equipment and system - Google Patents
Service system authority management method, equipment and system Download PDFInfo
- Publication number
- CN103078859A CN103078859A CN2012105944941A CN201210594494A CN103078859A CN 103078859 A CN103078859 A CN 103078859A CN 2012105944941 A CN2012105944941 A CN 2012105944941A CN 201210594494 A CN201210594494 A CN 201210594494A CN 103078859 A CN103078859 A CN 103078859A
- Authority
- CN
- China
- Prior art keywords
- metadata
- user
- data resource
- access
- action type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The embodiment of the invention provides a service system authority management method, service system authority management equipment and a service system authority management system. The method comprises the following steps that the login request sent by a user terminal is received, the login request comprises marking information of users, a first metadata capable of being visited by the users is obtained according to the marking information of the users, the mapping relationship between the preset operation type and the metadata and the mapping relationship between the data resource and the metadata are inquired according to the first metadata, the first visit authority information of the users is obtained, the visit request sent by the user terminal is received, the visit request comprises the metadata of data resources to be visited and the operation type codes, and whether the visit to the data resources to be visited by the users is legal or not is judged according to the first visit authority information and the visit request. The mapping relationship is built in advance, the fine granularity grading visit authority control on the data resources of the service system is realized, and the authority management capability on the service system is improved.
Description
Technical field
The present invention relates to data processing technique, relate in particular to a kind of operation system right management method, equipment and system.
Background technology
At present, many employings manage the authority of operation system based on role's access control (Role-based Access Control is referred to as RBAC) model.The RBAC model connects authority and role, in this RBAC model, needs according to operation system are that different work position creates corresponding role, and distribute corresponding authority for different role, and the user as different role uses different authorities that operation system is conducted interviews like this.
Existing RBAC model can be realized the coarseness overlay management to the authority of operation system, but present management granularity can not satisfy the demand of the operation system data resource being carried out fine granularity classification rights management.The granularity how further refinement is carried out the rights management of data resource to operation system to improve the ability that operation system is carried out rights management, becomes problems to be solved.
Summary of the invention
The invention provides a kind of operation system right management method, equipment and system, the granularity in order to refinement is carried out rights management to the data resource of operation system improves the ability that operation system is carried out rights management.
To achieve these goals, the invention provides a kind of operation system right management method, comprising:
Receive the logging request of the request registering service system of user terminal transmission, described logging request comprises the user's that described user terminal is corresponding identification information;
According to described user's identification information, obtain the first metadata of described user-accessible;
According to described the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata are obtained described user to the first access authority information of the first data resource corresponding to described the first metadata;
Receive the access request that described user terminal sends, described access request comprises metadata and the action type code of data resource to be visited, and described action type code is used for the action type that sign is carried out described data resource to be visited;
According to described the first access authority information and described access request, judge whether described user is legal to the access of described data resource to be visited.
To achieve these goals, the invention provides a kind of server, comprising:
Receiver module, the logging request that is used for the request registering service system of reception user terminal transmission, described logging request comprises the user's that described user terminal is corresponding identification information and receives the access request that described user terminal sends, described access request comprises metadata and the action type code of data resource to be visited, and described action type code is used for the action type that sign is carried out described data resource to be visited;
The first acquisition module, be used for the identification information according to described user, obtain the first metadata of described user-accessible and according to described the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata are obtained described user to the first access authority information of the first data resource corresponding to described the first metadata;
The first judge module is used for according to described the first access authority information and described access request, judges whether described user is legal to the access of described data resource to be visited.
To achieve these goals, the invention provides a kind of operation system Rights Management System, comprising:
Above-mentioned server and at least one user terminal.
A kind of operation system right management method provided by the invention, equipment and system, receive the logging request that user terminal sends, this logging request comprises user's identification information, identification information according to the user, obtain the first metadata of user-accessible, according to the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata, obtain the user to the first access authority information of the first data resource corresponding to the first metadata, receive the access request that user terminal sends, access request comprises metadata and the action type code of data resource to be visited, this action type code is used for sign and treats the action type that the visit data resource is carried out, according to the first access authority information and access request, judge whether the user treats the access of visit data resource legal.The present invention is by obtaining the metadata of data resource, set up in advance mapping relations between data resource and the metadata and the mapping relations between action type and the metadata, by above-mentioned mapping relations, can realize the control of the access rights of the fine granularity classification of data resource has been improved the ability of operation system being carried out rights management.
Description of drawings
Fig. 1 is the operation system Rights Management System based on the RBAC model;
Fig. 2 is for designing a model based on differentiated control mechanism general-purpose rights;
A kind of operation system right management method schematic diagram that Fig. 3 provides for the embodiment of the invention;
A kind of server architecture schematic diagram that Fig. 4 provides for the embodiment of the invention;
A kind of operation system Rights Management System structural representation that Fig. 5 provides for the embodiment of the invention.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Fig. 1 is based on RBAC model operation system Rights Management System.As shown in Figure 1, the data resource of operation system, action type and user profile etc. all are stored in the database, wherein, the data resource of operation system is mainly all kinds of business objects, for example, sales order, paying bill etc. in marketing system, and data resource is tree structure, for example, and in the 0vehicle marketing system, the 0vehicle marketing order comprises that each vehicle forms the sales order of module, and forms the sales order that the module sales order can comprise parts under this composition module.Action type represents the operation possible to the data resource, for example, increases, deletes, revises, checks and the operation such as inquiry.Further, set up the mapping relations between data resource and the action type, namely the authority of operation system is stored in these mapping relations in the database of operation system.The authority of operation system represents the accessing operation that can carry out the data resource.Operation system Rights Management System based on the RBAC model is that operation system arranges the role according to operation system rule and institutional framework, and the Role Information of system is stored in the database.Wherein, the position in the role representation operation system or the division of labor represent a kind of qualification, right and responsibility, and for example, in marketing system, the sales manager represents a kind of role in operation system.Further, after setting up the role for operation system, set up mapping relations between the Role and privilege and the mapping relations between user and the role based on the operation system Rights Management System of RBAC model, and should above-mentioned mapping relations be stored in the database.Wherein, authority is the operable function of role, and the role is the set of authority.When the user wants data resource to operation system to conduct interviews, the user sends access request by user terminal to operation system, request operates the data resource in the operation system, Rights Management System is judged user's access rights according to above-mentioned mapping relations, judges whether this user is legal to the access request that sends.Can referring to the record of related content of the prior art, repeat no more about the detailed introduction based on RBAC model operation system Rights Management System herein.
Fig. 2 is for designing a model based on differentiated control mechanism general-purpose rights.As shown in Figure 2, to design a model be that the operation system Rights Management System based on the RBAC model to shown in Figure 1 is expanded further to this general-purpose rights.The middle control that has increased the operation system data permission that designs a model of this general-purpose rights at first arranges data type and the data object of operation system data resource, and data object and data type is stored in the data.Wherein, need the object type controlled in the data types to express operation system, for example, department, storehouse, employee, client and supplier etc.Data object represents concrete business object, is the object instance of data type, such as Beijing sales department, Shanghai sales department, Zhang San, Li Si etc.Further, set up the pass mapping relations of data resource and data type, for example, sales order and department or sales order and client's mapping relations, and set up the mapping relations between data object and the role, mapping relations between role and the data object are exactly the mapping relations between sales manager and the Zhang San, perhaps the mapping relations between sales manager and the Shanghai sales department.This general-purpose rights design module is by the pass mapping relations of data resource and data type, and the control point that can obtain data resource is according to the management of the realization of the mapping relations between data object and the role to the data permission of data resource.Can referring to the record of related content of the prior art, repeat no more about the detailed introduction that designs a model based on differentiated control mechanism general-purpose rights herein.But the management granularity of above-mentioned existing business System right management system can not satisfy the demand of operation system being carried out rights management.Granularity for further refinement is carried out rights management to operation system to improve the ability that operation system is carried out rights management, proposes following technical scheme.
A kind of operation system right management method schematic diagram that Fig. 3 provides for the embodiment of the invention.As shown in Figure 3, this operation system right management method may further comprise the steps:
301, receive the logging request of the request registering service system of user terminal transmission, described logging request comprises the user's that described user terminal is corresponding identification information.
In the present embodiment, the executive agent of the method can be server.Before step 301, server is at first from database shown in Figure 2, obtain the metadata of operation system, wherein, metadata is the data of data, can express the information such as title, constraint, sign, attribute, field type, field length, description of tables of data and field in the data resource by metadata, also can carry out essential information to non-relational database data resource and describe.Metadata can be stored in its defined database or the data file path, generally can be encrypted processing to strengthen fail safe to metadata and related resource access configures information in actual applications.About the introduction referring to related content in the prior art of the related content of metadata, repeat no more herein.After getting access to the metadata of operation system, set up mapping relations between action type and the metadata and the mapping relations between data resource and the metadata, and above-mentioned mapping relations are stored in the database.Further, set up mapping relations between user totem information and the role and the mapping relations between role and the metadata, and above-mentioned mapping relations are stored in the database.
When the user wanted the data resource in the operation system conducted interviews, the user at first logined this operation system by residing user terminal.Particularly, the user is by the server transmission logging request of user terminal to the operation system place, this logging request is used for request registering service system, and in this logging request, carry the identification information with this user, for example, log-on message when user's identification information can be registered this operation system for the user, perhaps user's authorization message.
302, according to described user's identification information, obtain the first metadata of described user-accessible.
After receiving logging request, server obtains user's identification information, and the identification information according to user in the user's who prestores identity information and the logging request carries out legitimate verification to user's identity.If the user's who prestores identity information is consistent with user side identification information in the logging request, illustrate that user's identity is legal, then allow this user's registering service system.Wherein, the user's who prestores identity information can be user's log-on message or authorization message.Present embodiment is verified by the legitimacy to user's identity, can avoid disabled user's the invasion to operation system, improves the fail safe of operation system.
After the identity of verifying out the user was legal, server was according to user's identification information, and the user totem information that inquiry prestores and the mapping relations between the role are determined this user's role.After determining this user's role, server is according to user's role, and the role that inquiry prestores and the mapping relations between the metadata get access to the first metadata of user-accessible.
303, according to described the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata are obtained described user to the first access authority information of the first data resource corresponding to described the first metadata.
After getting access to the first metadata, the action type that server prestores according to the first metadata query and the mapping relations between the metadata, getting access to can be to the accessing operation of the first metadata, and the data resource that inquiry prestores and the mapping relations between the metadata, to get access to and corresponding the first data resource of the first metadata, the data resource that this first data resource can be accessed for the user.Mapping relations between the action type that server lookup prestores and the mapping relations between the metadata and data resource and the metadata, the Query Result that obtains, can obtain the user to the first access authority information of the first data resource, particularly, the first access authority information can be with the form storage of tabulation.
304, receive the access request that described user terminal sends, described access request comprises metadata and the action type code of data resource to be visited, and described action type code is used for the action type that sign is carried out described data resource to be visited.
When operation system is conducted interviews, the user sends access request by user terminal to server, and carry metadata and the action type code of user's data resource to be visited in access request, wherein, the action type code is used for sign and treats the action type that the visit data resource is carried out.
305, according to described the first access authority information and described access request, judge whether described user is legal to the access of described data resource to be visited.
After receiving access request, server is according to metadata and the action type code of the user's data resource to be visited that carries in the access request, the first access authority information of inquiring user, if the metadata of data resource to be visited belongs to the first metadata that comprises in the first access authority information, and the action type for the treatment of the visit data resource that the action type code identifies, belong to the action type that comprises in the first access authority information, the access request that server is judged user's transmission is legal, illustrates that the user can operate accordingly to data resource to be visited.
The operation system right management method that present embodiment provides, receive the logging request that user terminal sends, this logging request comprises user's identification information, identification information according to the user, obtain the first metadata of user-accessible, according to the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata, obtain the user to the first access authority information of the first data resource corresponding to the first metadata, receive the access request that user terminal sends, access request comprises metadata and the action type code of data resource to be visited, this action type code is used for sign and treats the action type that the visit data resource is carried out, according to the first access authority information and access request, judge whether the user treats the access of visit data resource legal.Present embodiment is by obtaining the metadata of data resource, set up in advance mapping relations between data resource and the metadata and the mapping relations between action type and the metadata, by above-mentioned mapping relations, can realize the control to the access rights of the data resource fine granularity classification of operation system, further refinement the granularity that user's authority manages in the operation system, improved the ability of operation system being carried out rights management.
Further, in operation system, part specific user under the same role, can have the authority that the particular data resource is conducted interviews, in order not change the authority of whole users under the role, can set in advance user's identification information and the mapping relations between the metadata, and these mapping relations are stored in the database.Wherein, metadata is the corresponding metadata of particular data resource in these mapping relations.These mapping relations can identify this user except the authority that has affiliated role and have, can also some have specific authority, for example, other users under same role do not have for a certain service fields in some traffic table in access rights of specific span etc., and because work requirements need to be given this user in the access rights of specific span with this service fields in this this traffic table.Mapping relations between the user totem information metadata corresponding with this specific span so just can be set.
Judge according to the first access authority information the Client-initiated access request illegal after, server is according to user's identification information, the user totem information that inquiry prestores and the mapping relations between the metadata, if user's identification information belongs to the user totem information that comprises in these mapping relations, server can obtain the second metadata of this user-accessible.The action type that server prestores according to the second metadata query and the mapping relations between the mapping relations between the metadata and data resource and the metadata, the Query Result that obtains can obtain the user to the second access authority information of the second data resource corresponding to the second metadata.Server is according to the second access authority information and access request, judge whether the user treats the access of visit data resource legal, particularly, server is according to metadata and the action type code of the data resource to be visited that carries in the access request, the second access authority information of inquiring user, if the metadata of data resource to be visited belongs to the second metadata that comprises in the second access authority information, and the action type for the treatment of the visit data resource that the action type code identifies, belong to the action type that comprises in the second access authority information, the access request that server is judged user's transmission is legal, and the user can operate accordingly to data resource to be visited; If user's identification information does not belong to the user totem information that comprises in the mapping relations between user totem information and the metadata, server judges that the access request that the user sends is illegal.Alternatively, server can return indicating user without the information of these access rights to the user.
Alternatively, server is with the first access authority information of the user that gets access to and the user terminal that the second access authority information sends to the user place, the user is again by this user terminal registering service system like this, when the data resource of operation system is conducted interviews, user terminal just can according to access request and be stored in the first access authority information on the user terminal and the second authority information no legal when judging this access request.Particularly, user terminal is according to metadata and the action type code of the data resource to be visited that carries in the access request, the first access authority information of inquiring user, if the metadata of data resource to be visited belongs to the first metadata that comprises in the first access authority information, and the action type for the treatment of the visit data resource that the action type code identifies, belong to the action type that comprises in the first access authority information, the access request that user terminal is judged user's transmission is legal, and the user can operate accordingly to data resource to be visited.Further, judge according to the first access authority information the Client-initiated access request illegal after, user terminal is according to access request and the second access authority information, judge whether the user treats the access of visit data resource legal, particularly, user terminal is according to metadata and the action type code of the data resource to be visited that carries in the access request, the second access authority information of inquiring user, if the metadata of data resource to be visited belongs to the second metadata that comprises in the second access authority information, and the action type for the treatment of the visit data resource that the action type code identifies, belong to the action type that comprises in the second access authority information, the access request that user terminal is judged user's transmission is legal, and the user can operate accordingly to data resource to be visited.In the present embodiment, after the first registering service of user system, server will get access to this user's the first access authority information and the second access authority information, send to the user terminal at user place, as user again during the registering service system, user terminal just can carry out validity judgement to the Client-initiated access request, has improved the ageing of operation system rights management, and has reduced the load of server.
Further, server can send the access rights updating message to user terminal, the user's that this access rights updating message is can informing user terminal corresponding access authority information is upgraded, and needs user terminal again to obtain this user's the first access authority information and the second access authority information.Particularly, server can be by carrying user's identification information in this access rights updating message, this access rights updating message is sent to user terminal, after user terminal receives this access rights updating message, when the user after the registering service system is carried out in this locality, from server, again obtain this user's the first access authority information and the second access authority information according to this access rights updating message.
Alternatively, user terminal can also be to getting access to the first access authority information and the second access authority information is encrypted processing, to improve the fail safe of operation system.
A kind of server architecture schematic diagram that Fig. 4 provides for the embodiment of the invention.As shown in Figure 4, this server comprises: receiver module 41, the first acquisition module 42 and the first judge module 43.
Wherein, receiver module 41 receives the logging request of the request registering service system of user terminal transmission, logging request comprises the user's that this user terminal is corresponding identification information and receives the access request that user terminal sends, this access request comprises metadata and the action type code of data resource to be visited, and this action type code is used for sign and treats the action type that the visit data resource is carried out.The first acquisition module 42 is according to user's identification information, obtain the first metadata of user-accessible and according to the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata are obtained the user to the first access authority information of the first data resource corresponding to the first metadata.The first judge module 43 judges according to described the first access authority information and described access request whether described user is legal to the access of described data resource to be visited.
In the present embodiment, server also comprises a presetting module 40, this presetting module is obtained the metadata of operation system, wherein, metadata is the data of data, can express the information such as title, constraint, sign, attribute, field type, field length, description of tables of data and field in the data resource by metadata, also can carry out essential information to non-relational database data resource and describe.Metadata can be stored in its defined database or the data file path, generally can be encrypted processing to strengthen fail safe to metadata and related resource access configures information in actual applications.After getting access to the metadata of operation system, set up mapping relations between action type and the metadata and the mapping relations between data resource and the metadata, and above-mentioned mapping relations are stored in the database.Further, set up mapping relations between user totem information and the role and the mapping relations between role and the metadata, and above-mentioned mapping relations are stored in the database.
When the user wanted the data resource in the operation system conducted interviews, the user at first logined this operation system by residing user terminal.Particularly, the user sends logging request by user terminal to the receiver module 41 in the server at operation system place, this logging request is used for request registering service system, and in this logging request, carry the identification information with this user, for example, log-on message when user's identification information can be registered this operation system for the user, perhaps user's authorization message.
After receiving logging request, the first acquisition module 42 users' identification information obtains the first metadata of user-accessible.Particularly, after receiver module 41 receives logging request, the first acquisition module 42 obtains user's identification information, and user's identification information carries out legitimate verification to user's identity in the user's that the first acquisition module 42 bases prestore identity information and the logging request.If the user's who prestores identity information is consistent with user side identification information in the logging request, illustrate that user's identity is legal, then allow this user's registering service system.Wherein, the user's who prestores identity information can be user's log-on message or authorization message.Present embodiment is verified by the legitimacy to user's identity, can avoid disabled user's the invasion to operation system, improves the fail safe of operation system.
After the identity of verifying out the user was legal, the first acquisition module 42 was according to user's identification information, and the user totem information that inquiry prestores and the mapping relations between the role are determined this user's role.After determining this user's role, then according to user's role, the role that inquiry prestores and the mapping relations between the metadata get access to the first metadata of user-accessible.
Further, after getting access to the first metadata, the action type that the first acquisition module 42 prestores according to the first metadata query and the mapping relations between the metadata, getting access to can be to the accessing operation of the first metadata, and the data resource that inquiry prestores and the mapping relations between the metadata, to get access to and corresponding the first data resource of the first metadata, the data resource that this first data resource can be accessed for the user.The action type that 42 inquiries of the first acquisition module prestore and the mapping relations between the mapping relations between the metadata and data resource and the metadata, the Query Result that obtains, can obtain the user to the first access authority information of the first data resource, particularly, the first access authority information can be with the form storage of tabulation.
After the user signs in to operation system, when the data resource of operation system is conducted interviews, the user sends access request by user terminal to receiver module 41, and in access request, carry metadata and the action type code of user's data resource to be visited, wherein, the action type code is treated the action type that the visit data resource is carried out for sign.
After receiver module 41 received access request, the first judge module 43 was according to the first access authority information and access request, judged whether the user treats the access of visit data resource legal.Particularly, the first judge module 43 is according to metadata and the action type code of the user's data resource to be visited that carries in the access request, the first access authority information of inquiring user, if the metadata of data resource to be visited belongs to the first metadata that comprises in the first access authority information, and the action type for the treatment of the visit data resource that the action type code identifies, belong to the action type that comprises in the first access authority information, the access request that the first judge module 43 is judged user's transmission is legal, illustrates that the user can operate accordingly to data resource to be visited.
The server that present embodiment provides, receive the logging request that user terminal sends, this logging request comprises user's identification information, identification information according to the user, obtain the first metadata of user-accessible, according to the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata, obtain the user to the first access authority information of the first data resource corresponding to the first metadata, receive the access request that user terminal sends, access request comprises metadata and the action type code of data resource to be visited, this action type code is used for sign and treats the action type that the visit data resource is carried out, according to the first access authority information and access request, judge whether the user treats the access of visit data resource legal.Present embodiment is by obtaining the metadata of data resource, set up in advance mapping relations between data resource and the metadata and the mapping relations between action type and the metadata, by above-mentioned mapping relations, can realize the control to the access rights of the data resource fine granularity classification of operation system, further refinement the granularity that manages of user right in the operation system, improved the ability of operation system being carried out rights management.
Further, the server that provides of the embodiment of the invention also comprises: the second acquisition module 44 and the second judge module 45.This second acquisition module 44 be used for the first judge module 43 judge the user treat the access of visit data resource illegal after, identification information according to the user, the user totem information that inquiry prestores and the mapping relations between the metadata, obtain the second metadata of user-accessible, and according to the second metadata, mapping relations between mapping relations between query manipulation type and the metadata and data resource and the metadata are obtained the user to the second access authority information of the second data resource corresponding to the second metadata.The second judge module 45 is used for after the second acquisition module 44 gets access to the second access authority information, according to the second access authority information and access request, judges whether the user treats the access of visit data resource legal.
In operation system, part specific user under the same role, can have the authority that the particular data resource is conducted interviews, in order not change the authority of whole users under the role, can set in advance user's identification information and the mapping relations between the metadata, and these mapping relations are stored in the database.Wherein, metadata is the corresponding metadata of particular data resource in these mapping relations.These mapping relations can identify this user except the authority that has affiliated role and have, can also some have specific authority, for example, other users under same role do not have for a certain service fields in some traffic table in access rights of specific span etc., and because work requirements need to be given this user in the access rights of specific span with this service fields in this this traffic table.Mapping relations between the user totem information metadata corresponding with this specific span so just can be set.
The first judge module 43 judge according to the first access authority information the Client-initiated access request illegal after, the second acquisition module 44 is according to user's identification information, the user totem information that inquiry prestores and the mapping relations between the metadata, if user's identification information belongs to the user totem information that comprises in these mapping relations, the second acquisition module 44 can obtain the second metadata of this user-accessible.The action type that the second acquisition module 44 prestores according to the second metadata query and the mapping relations between the mapping relations between the metadata and data resource and the metadata, obtain Query Result, can obtain the user to the second access authority information of the second data resource corresponding to addressable the second metadata.The second judge module 45 is according to the second access authority information and access request, judges whether the user treats the access of visit data resource legal.Particularly, the second judge module 45 is according to metadata and the action type code of the data resource to be visited that carries in the access request, the second access authority information of inquiring user, if the metadata of data resource to be visited belongs to the second metadata that comprises in the second access authority information, and the action type for the treatment of the visit data resource that the action type code identifies, belong to the action type that comprises in the second access authority information, the access request that the second judge module 45 is judged user's transmission is legal, and the user can operate accordingly to data resource to be visited; If user's identification information does not belong to the user totem information that comprises in the mapping relations between user totem information and the metadata, perhaps the metadata of data resource to be visited belongs to the second metadata that comprises in the second access authority information, the action type for the treatment of the visit data resource that perhaps the action type code identifies, belong to the action type that comprises in the second access authority information, the second judge module 45 judges that the access request that the user sends is illegal.Alternatively, the second judge module 45 can return prompting user without the information of these access rights to the user.
Alternatively, the server that present embodiment provides also comprises sending module 46, this sending module 46 can be with the first access authority information of the user that gets access to and the user terminal that the second access authority information sends to the user place, the user is again by this user terminal registering service system like this, when the data resource of operation system is conducted interviews, user terminal just can according to access request and be stored in the first access authority information on the user terminal and the second authority information no legal when judging this access request.Particularly, user terminal is according to metadata and the action type code of the data resource to be visited that carries in the access request, the first access authority information of inquiring user, if the metadata of data resource to be visited belongs to the first metadata that comprises in the first access authority information, and the action type for the treatment of the visit data resource that the action type code identifies, belong to the action type that comprises in the first access authority information, the access request that user terminal is judged user's transmission is legal, and the user can operate accordingly to data resource to be visited.If it is illegal that user terminal is judged the Client-initiated access request according to the first access authority information, user terminal is then according to the second access authority information and access request, judges whether the user treats the access of visit data resource legal.Particularly, user terminal is according to metadata and the action type code of the data resource to be visited that carries in the access request, the second access authority information of inquiring user, if the metadata of data resource to be visited belongs to the second metadata that comprises in the second access authority information, and the action type for the treatment of the visit data resource that the action type code identifies, belong to the action type that comprises in the second access authority information, the access request that user terminal is judged user's transmission is legal, and the user can operate accordingly to data resource to be visited.In the present embodiment, this user's the first access authority information and the second access authority information will be got access to, send to the user terminal at user place, the user is again during the registering service system like this, can directly carry out validity judgement by user terminal to the Client-initiated access request, improve the ageing of operation system rights management, and reduced the load of server.
Further, server can send the access rights updating message to user terminal by sending module 46, the user's that this access rights updating message is can informing user terminal corresponding access authority information is upgraded, and needs user terminal again to obtain this user's the first access authority information and the second access authority information.Particularly, server sends the access rights updating message by sending module 46 to user terminal, in this access rights updating message, carry user's identification information, this access rights updating message is sent to user terminal, after user terminal receives this access rights updating message, when the user after the registering service system is carried out in this locality, from server, again obtain this user's the first access authority information and the second access authority information according to this access rights updating message.
Alternatively, user terminal can also be to getting access to the first access authority information and the second access authority information is encrypted processing, to improve the fail safe of operation system.
Fig. 5 is a kind of operation system Rights Management System structural representation provided by the invention.As shown in Figure 5, this operation system Rights Management System comprises: server 51 and at least one user terminal 52.Wherein, the server of server 51 for providing in above-described embodiment, user terminal 52 can be the terminal equipments such as personal computer, the user is by carrying out information interaction between this user terminal 52 and the server 51.About the introduction of server 51 and user terminal 52 record referring to related content in above-described embodiment, repeat no more herein.
The operation system Rights Management System that present embodiment provides, receive the logging request that user terminal sends, this logging request comprises user's identification information, identification information according to the user, obtain the first metadata of user-accessible, according to the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata, obtain the user to the first access authority information of the first data resource corresponding to the first metadata, receive the access request that user terminal sends, access request comprises metadata and the action type code of data resource to be visited, this action type code is used for sign and treats the action type that the visit data resource is carried out, according to the first access authority information and access request, judge whether the user treats the access of visit data resource legal.Present embodiment is by obtaining the metadata of data resource, set up in advance mapping relations between data resource and the metadata and the mapping relations between action type and the metadata, realization is to the control of the access rights of the data resource fine granularity classification of operation system, further refinement the granularity that manages of user right in the operation system, improved the ability of operation system being carried out rights management, and will get access to user's the first access authority information and the second access authority information, user terminal sends to user terminal so that can carry out validity judgement to the Client-initiated access request, improve the ageing of operation system rights management, and reduced the load of server.
It should be noted that at last: above each embodiment is not intended to limit only in order to technical scheme of the present invention to be described; Although with reference to aforementioned each embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps some or all of technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of various embodiments of the present invention technical scheme.
Claims (13)
1. an operation system right management method is characterized in that, comprising:
Receive the logging request of the request registering service system of user terminal transmission, described logging request comprises the user's that described user terminal is corresponding identification information;
According to described user's identification information, obtain the first metadata of described user-accessible;
According to described the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata are obtained described user to the first access authority information of the first data resource corresponding to described the first metadata;
Receive the access request that described user terminal sends, described access request comprises metadata and the action type code of data resource to be visited, and described action type code is used for the action type that sign is carried out described data resource to be visited;
According to described the first access authority information and described access request, judge whether described user is legal to the access of described data resource to be visited.
2. operation system right management method according to claim 1 is characterized in that, described identification information according to described user, and the first metadata of obtaining described user-accessible comprises:
Identification information according to user described in the described user's who prestores identity information and the described logging request carries out legitimate verification to described user's identity;
If the result is legal, according to described user's identification information, obtain described first metadata of described user-accessible.
3. operation system right management method according to claim 2 is characterized in that, if described the result is legal, according to described user's identification information, the metadata of obtaining the first data resource of described user-accessible comprises:
According to described user's identification information, the user totem information that prestores of inquiry and the mapping relations between the role are determined described user's role;
According to described user's role, the role that prestores of inquiry and the mapping relations between the metadata are obtained the first metadata of described user-accessible.
4. operation system right management method according to claim 1 and 2 is characterized in that, and is described according to described the first access authority information and described access request, judges that described user is to the access of described data resource to be visited legal comprising whether:
If the metadata of described data resource to be visited belongs to described the first metadata that described the first access authority information comprises, and the action type to described data resource to be visited that described action type code identifies belongs to the action type that comprises in described the first access authority information, and it is legal to judge described access request.
5. operation system right management method according to claim 4 is characterized in that, also comprises:
If according to described the first access authority information and described access request, it is illegal to the access of described data resource to be visited to judge described user, identification information according to described user, the user totem information that prestores of inquiry and the mapping relations between the metadata are obtained the second metadata of described user-accessible;
According to described the second metadata, inquire about mapping relations between described action type and the metadata and the mapping relations between described data resource and the metadata, obtain described user to the second access authority information of the second data resource corresponding to described the second metadata;
According to described the second access authority information and described access request, judge whether described user is legal to the access of described data resource to be visited.
6. operation system right management method according to claim 5 is characterized in that, also comprises:
Described the first access authority information and the second access authority information are sent to described user terminal.
7. a server is characterized in that, comprising:
Receiver module, the logging request that is used for the request registering service system of reception user terminal transmission, described logging request comprises the user's that described user terminal is corresponding identification information, and receive the access request that described user terminal sends, described access request comprises metadata and the action type code of data resource to be visited, and described action type code is used for the action type that sign is carried out described data resource to be visited;
The first acquisition module, be used for the identification information according to described user, obtain the first metadata of described user-accessible, and according to described the first metadata, the action type that inquiry prestores and the mapping relations between the mapping relations between the metadata and data resource and the metadata are obtained described user to the first access authority information of the first data resource corresponding to described the first metadata;
The first judge module is used for according to described the first access authority information and described access request, judges whether described user is legal to the access of described data resource to be visited.
8. server according to claim 7, it is characterized in that, described the first acquisition module also is used for the identification information according to user described in the described user's who prestores identity information and the described logging request, identity to described user is carried out legitimate verification, if the result is legal, according to described user's identification information, obtain described first metadata of described user-accessible.
9. server according to claim 8, it is characterized in that, described the first acquisition module specifically is used for the identification information according to described user, the user totem information that inquiry prestores and the mapping relations between the role, determine described user's role, according to described user's role, the role that prestores of inquiry and the mapping relations between the metadata are obtained the first metadata of described user-accessible.
10. according to claim 7 or 8 described servers, it is characterized in that, if described the first judge module specifically is used for the metadata of described data resource to be visited and belongs to described the first metadata that described the first access authority information comprises, and the action type to described data resource to be visited that described action type code identifies belongs to the action type that comprises in described the first access authority information, and it is legal to judge described access request.
11. server according to claim 10 is characterized in that, also comprises: the second acquisition module and the second judge module,
Described the second acquisition module, be used for described the first judge module judge described user illegal to the access of described data resource to be visited after, identification information according to described user, the user totem information that inquiry prestores and the mapping relations between the metadata, obtain the second metadata of described user-accessible, according to described the second metadata, inquire about mapping relations between described action type and the metadata and the mapping relations between described data resource and the metadata, obtain described user to the second access authority information of the second data resource corresponding to described the second metadata
Described the second judge module is used for according to described the second access authority information and described access request, judging whether described user is legal to the access of described data resource to be visited after described the second acquisition module gets access to described the second access authority information.
12. server according to claim 11 is characterized in that, also comprises:
Sending module is used for described the first access authority information and the second access authority information are sent to described user terminal.
13. an operation system Rights Management System is characterized in that, comprising: each described server of the claims 7-12 and at least one user terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210594494.1A CN103078859B (en) | 2012-12-31 | 2012-12-31 | Operation system right management method, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210594494.1A CN103078859B (en) | 2012-12-31 | 2012-12-31 | Operation system right management method, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103078859A true CN103078859A (en) | 2013-05-01 |
| CN103078859B CN103078859B (en) | 2016-03-02 |
Family
ID=48155263
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210594494.1A Active CN103078859B (en) | 2012-12-31 | 2012-12-31 | Operation system right management method, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103078859B (en) |
Cited By (51)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104348666A (en) * | 2014-10-16 | 2015-02-11 | 北京奇虎科技有限公司 | Data acquisition method, device and system |
| CN104462903A (en) * | 2014-12-15 | 2015-03-25 | 北京国双科技有限公司 | Operation system authority processing method and device |
| CN103701801B (en) * | 2013-12-26 | 2015-07-15 | 四川九洲电器集团有限责任公司 | Resource access control method |
| CN104796280A (en) * | 2014-01-21 | 2015-07-22 | 中国移动通信集团河北有限公司 | Service authority detection method and device |
| CN104994086A (en) * | 2015-06-26 | 2015-10-21 | 北京京东尚科信息技术有限公司 | Database cluster authority control method and device |
| CN105227315A (en) * | 2015-08-31 | 2016-01-06 | 青岛海尔智能家电科技有限公司 | A kind of Web application authentication method, server and system thereof |
| WO2016015366A1 (en) * | 2014-08-01 | 2016-02-04 | 苏州阔地网络科技有限公司 | Resource control architecture based on identity service identifier, and method using said architecture |
| CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
| CN106096347A (en) * | 2016-06-03 | 2016-11-09 | 上海携程商务有限公司 | Hierarchical authorisation method based on logging status and system |
| CN106533693A (en) * | 2016-11-03 | 2017-03-22 | 中车青岛四方机车车辆股份有限公司 | Access method and device of railway vehicle monitoring and maintenance system |
| CN106941417A (en) * | 2014-08-01 | 2017-07-11 | 阔地教育科技有限公司 | A kind of method that application resource controls framework |
| CN107133505A (en) * | 2017-03-30 | 2017-09-05 | 武汉斗鱼网络科技有限公司 | A kind of right management method, method for authenticating and system |
| CN107169745A (en) * | 2017-06-05 | 2017-09-15 | 广州诚予国际市场信息研究有限公司 | A kind of project management system |
| CN107483495A (en) * | 2017-09-21 | 2017-12-15 | 浪潮软件股份有限公司 | A kind of big data cluster Host Administration method, management system and service end |
| CN107508783A (en) * | 2016-06-14 | 2017-12-22 | 阿里巴巴集团控股有限公司 | A kind for the treatment of method and apparatus of data |
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| WO2018126381A1 (en) * | 2017-01-05 | 2018-07-12 | 深圳市前海中康汇融信息技术有限公司 | Database access control method |
| CN108629484A (en) * | 2018-03-30 | 2018-10-09 | 平安科技(深圳)有限公司 | It attends a banquet qualification management method, apparatus and storage medium |
| CN109241358A (en) * | 2018-08-14 | 2019-01-18 | 中国平安财产保险股份有限公司 | Metadata management method, device, computer equipment and storage medium |
| CN109598117A (en) * | 2018-10-24 | 2019-04-09 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN110191470A (en) * | 2019-06-03 | 2019-08-30 | 武汉思普崚技术有限公司 | A kind of method and its correspondence system of security firewall |
| CN110474897A (en) * | 2019-08-06 | 2019-11-19 | 合肥泓泉档案信息科技有限公司 | A kind of file permission management system |
| CN110636054A (en) * | 2019-09-05 | 2019-12-31 | 珠海格力电器股份有限公司 | Resource multiplexing method, device, equipment and system |
| CN110704871A (en) * | 2019-09-23 | 2020-01-17 | 北京百分点信息科技有限公司 | Authority management method and device |
| CN110889142A (en) * | 2019-12-20 | 2020-03-17 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
| CN110909373A (en) * | 2018-09-18 | 2020-03-24 | 阿里巴巴集团控股有限公司 | Access control method, device, system and storage medium |
| CN110929280A (en) * | 2019-11-25 | 2020-03-27 | 普元信息技术股份有限公司 | System and method for realizing data authority control based on metadata in big data environment |
| CN110941683A (en) * | 2019-11-05 | 2020-03-31 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for acquiring object attribute information in space |
| CN110968890A (en) * | 2018-09-30 | 2020-04-07 | 北京国双科技有限公司 | Operation control method and device based on permission |
| CN111191210A (en) * | 2019-12-10 | 2020-05-22 | 未鲲(上海)科技服务有限公司 | Data access right control method and device, computer equipment and storage medium |
| CN111352740A (en) * | 2018-12-21 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Application interaction processing method and device |
| CN111385264A (en) * | 2018-12-29 | 2020-07-07 | 卓望数码技术(深圳)有限公司 | Communication service data access system and method |
| CN111753340A (en) * | 2020-05-18 | 2020-10-09 | 贵州电网有限责任公司 | USB interface information security prevention and control method and system |
| CN111769939A (en) * | 2020-06-29 | 2020-10-13 | 北京海泰方圆科技股份有限公司 | Business system access method and device, storage medium and electronic equipment |
| CN111966996A (en) * | 2019-05-20 | 2020-11-20 | 杭州海康威视数字技术股份有限公司 | Data processing method and device |
| CN111984343A (en) * | 2019-05-22 | 2020-11-24 | 百度(中国)有限公司 | Plug-in resource searching method, device, equipment and readable storage medium |
| CN111984949A (en) * | 2020-08-24 | 2020-11-24 | 北京达佳互联信息技术有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
| CN112100585A (en) * | 2020-08-19 | 2020-12-18 | 北京小米移动软件有限公司 | Authority management method, device and storage medium |
| CN112231659A (en) * | 2020-09-25 | 2021-01-15 | 山东浪潮通软信息科技有限公司 | Hierarchical protection access control method and device under multi-security system |
| CN112291250A (en) * | 2020-10-31 | 2021-01-29 | 贵州电网有限责任公司 | Multi-energy device digital twin data stream communication authority management method and system |
| CN112532595A (en) * | 2020-11-18 | 2021-03-19 | 四川安迪科技实业有限公司 | Satellite network data authority control method, device and storage medium |
| CN112597510A (en) * | 2020-12-16 | 2021-04-02 | 中国工商银行股份有限公司 | Access control method and device |
| CN112615925A (en) * | 2020-12-22 | 2021-04-06 | 北京金山云网络技术有限公司 | Configuration and management method and device of service resources and electronic equipment |
| CN112822207A (en) * | 2021-01-29 | 2021-05-18 | 上海分布信息科技有限公司 | Method and system for managing block chain data |
| CN112906028A (en) * | 2021-03-04 | 2021-06-04 | 广州虎牙科技有限公司 | Access control method, device, electronic equipment and computer readable storage medium |
| CN113190870A (en) * | 2021-05-27 | 2021-07-30 | 新华三技术有限公司 | Redis database access authority control method and device |
| CN113704285A (en) * | 2021-08-30 | 2021-11-26 | 北京达佳互联信息技术有限公司 | Permission-based retrieval method, device and equipment |
| CN113779616A (en) * | 2021-02-08 | 2021-12-10 | 北京沃东天骏信息技术有限公司 | Method and apparatus for identifying data |
| CN114338060A (en) * | 2020-09-28 | 2022-04-12 | 北京金山云网络技术有限公司 | Authority verification method, device, system, equipment and storage medium |
| CN114553484A (en) * | 2022-01-18 | 2022-05-27 | 国电南瑞科技股份有限公司 | Dual access authority control method and system based on two-dimensional security marker |
| CN115906155A (en) * | 2022-11-04 | 2023-04-04 | 浙江联运知慧科技有限公司 | Data management system of sorting center |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282330A (en) * | 2007-04-04 | 2008-10-08 | 华为技术有限公司 | Method and apparatus for managing network memory access authority, network memory access control method |
| CN102012981A (en) * | 2010-11-16 | 2011-04-13 | 传神联合(北京)信息技术有限公司 | Distributing and matching method and system of general permission grade |
| CN102457555A (en) * | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
| CN102546664A (en) * | 2012-02-27 | 2012-07-04 | 中国科学院计算技术研究所 | User and authority management method and system for distributed file system |
-
2012
- 2012-12-31 CN CN201210594494.1A patent/CN103078859B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282330A (en) * | 2007-04-04 | 2008-10-08 | 华为技术有限公司 | Method and apparatus for managing network memory access authority, network memory access control method |
| CN102457555A (en) * | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
| CN102012981A (en) * | 2010-11-16 | 2011-04-13 | 传神联合(北京)信息技术有限公司 | Distributing and matching method and system of general permission grade |
| CN102546664A (en) * | 2012-02-27 | 2012-07-04 | 中国科学院计算技术研究所 | User and authority management method and system for distributed file system |
Cited By (72)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701801B (en) * | 2013-12-26 | 2015-07-15 | 四川九洲电器集团有限责任公司 | Resource access control method |
| CN104796280A (en) * | 2014-01-21 | 2015-07-22 | 中国移动通信集团河北有限公司 | Service authority detection method and device |
| CN104796280B (en) * | 2014-01-21 | 2018-06-26 | 中国移动通信集团河北有限公司 | A kind of service authority detection method and device |
| CN106941417A (en) * | 2014-08-01 | 2017-07-11 | 阔地教育科技有限公司 | A kind of method that application resource controls framework |
| WO2016015366A1 (en) * | 2014-08-01 | 2016-02-04 | 苏州阔地网络科技有限公司 | Resource control architecture based on identity service identifier, and method using said architecture |
| CN106941417B (en) * | 2014-08-01 | 2020-07-17 | 阔地教育科技有限公司 | Application method of resource control architecture |
| CN104348666B (en) * | 2014-10-16 | 2018-09-11 | 北京奇虎科技有限公司 | Data capture method, apparatus and system |
| CN104348666A (en) * | 2014-10-16 | 2015-02-11 | 北京奇虎科技有限公司 | Data acquisition method, device and system |
| CN104462903A (en) * | 2014-12-15 | 2015-03-25 | 北京国双科技有限公司 | Operation system authority processing method and device |
| CN104462903B (en) * | 2014-12-15 | 2019-01-08 | 北京国双科技有限公司 | The treating method and apparatus of operation system permission |
| CN104994086A (en) * | 2015-06-26 | 2015-10-21 | 北京京东尚科信息技术有限公司 | Database cluster authority control method and device |
| CN104994086B (en) * | 2015-06-26 | 2018-09-04 | 北京京东尚科信息技术有限公司 | A kind of control method and device of data-base cluster permission |
| CN105227315A (en) * | 2015-08-31 | 2016-01-06 | 青岛海尔智能家电科技有限公司 | A kind of Web application authentication method, server and system thereof |
| CN105912949B (en) * | 2016-04-13 | 2019-11-05 | 北京京东尚科信息技术有限公司 | Data permission management method, data right management system and business management system |
| CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
| CN106096347A (en) * | 2016-06-03 | 2016-11-09 | 上海携程商务有限公司 | Hierarchical authorisation method based on logging status and system |
| CN106096347B (en) * | 2016-06-03 | 2018-10-09 | 上海携程商务有限公司 | Hierarchical authorisation method based on login status and system |
| CN107508783A (en) * | 2016-06-14 | 2017-12-22 | 阿里巴巴集团控股有限公司 | A kind for the treatment of method and apparatus of data |
| CN106533693A (en) * | 2016-11-03 | 2017-03-22 | 中车青岛四方机车车辆股份有限公司 | Access method and device of railway vehicle monitoring and maintenance system |
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| WO2018126381A1 (en) * | 2017-01-05 | 2018-07-12 | 深圳市前海中康汇融信息技术有限公司 | Database access control method |
| CN107133505A (en) * | 2017-03-30 | 2017-09-05 | 武汉斗鱼网络科技有限公司 | A kind of right management method, method for authenticating and system |
| CN107133505B (en) * | 2017-03-30 | 2020-07-31 | 武汉斗鱼网络科技有限公司 | Authority management method, authentication method and system |
| CN107169745A (en) * | 2017-06-05 | 2017-09-15 | 广州诚予国际市场信息研究有限公司 | A kind of project management system |
| CN107483495A (en) * | 2017-09-21 | 2017-12-15 | 浪潮软件股份有限公司 | A kind of big data cluster Host Administration method, management system and service end |
| CN108629484A (en) * | 2018-03-30 | 2018-10-09 | 平安科技(深圳)有限公司 | It attends a banquet qualification management method, apparatus and storage medium |
| CN109241358A (en) * | 2018-08-14 | 2019-01-18 | 中国平安财产保险股份有限公司 | Metadata management method, device, computer equipment and storage medium |
| CN110909373B (en) * | 2018-09-18 | 2023-06-20 | 阿里巴巴集团控股有限公司 | Access control method, equipment, system and storage medium |
| CN110909373A (en) * | 2018-09-18 | 2020-03-24 | 阿里巴巴集团控股有限公司 | Access control method, device, system and storage medium |
| CN110968890A (en) * | 2018-09-30 | 2020-04-07 | 北京国双科技有限公司 | Operation control method and device based on permission |
| CN109598117A (en) * | 2018-10-24 | 2019-04-09 | 平安科技(深圳)有限公司 | Right management method, device, electronic equipment and storage medium |
| CN111352740B (en) * | 2018-12-21 | 2023-04-18 | 腾讯科技(深圳)有限公司 | Application interaction processing method and device |
| CN111352740A (en) * | 2018-12-21 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Application interaction processing method and device |
| CN111385264A (en) * | 2018-12-29 | 2020-07-07 | 卓望数码技术(深圳)有限公司 | Communication service data access system and method |
| CN111966996A (en) * | 2019-05-20 | 2020-11-20 | 杭州海康威视数字技术股份有限公司 | Data processing method and device |
| CN111984343B (en) * | 2019-05-22 | 2024-03-01 | 百度(中国)有限公司 | Plug-in resource searching method, device, equipment and readable storage medium |
| CN111984343A (en) * | 2019-05-22 | 2020-11-24 | 百度(中国)有限公司 | Plug-in resource searching method, device, equipment and readable storage medium |
| CN110191470B (en) * | 2019-06-03 | 2022-05-03 | 武汉思普崚技术有限公司 | Method and corresponding system for security firewall |
| CN110191470A (en) * | 2019-06-03 | 2019-08-30 | 武汉思普崚技术有限公司 | A kind of method and its correspondence system of security firewall |
| CN110474897A (en) * | 2019-08-06 | 2019-11-19 | 合肥泓泉档案信息科技有限公司 | A kind of file permission management system |
| CN110636054A (en) * | 2019-09-05 | 2019-12-31 | 珠海格力电器股份有限公司 | Resource multiplexing method, device, equipment and system |
| CN110636054B (en) * | 2019-09-05 | 2020-08-21 | 珠海格力电器股份有限公司 | Resource multiplexing method, device, equipment and system |
| CN110704871A (en) * | 2019-09-23 | 2020-01-17 | 北京百分点信息科技有限公司 | Authority management method and device |
| CN110941683A (en) * | 2019-11-05 | 2020-03-31 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for acquiring object attribute information in space |
| CN110929280A (en) * | 2019-11-25 | 2020-03-27 | 普元信息技术股份有限公司 | System and method for realizing data authority control based on metadata in big data environment |
| CN110929280B (en) * | 2019-11-25 | 2023-03-28 | 普元信息技术股份有限公司 | System and method for realizing data authority control based on metadata in big data environment |
| CN111191210B (en) * | 2019-12-10 | 2022-09-27 | 未鲲(上海)科技服务有限公司 | Method and device for controlling data access authority, computer equipment and storage medium |
| CN111191210A (en) * | 2019-12-10 | 2020-05-22 | 未鲲(上海)科技服务有限公司 | Data access right control method and device, computer equipment and storage medium |
| CN110889142A (en) * | 2019-12-20 | 2020-03-17 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
| CN111753340B (en) * | 2020-05-18 | 2023-07-18 | 贵州电网有限责任公司 | USB interface information security prevention and control method and system |
| CN111753340A (en) * | 2020-05-18 | 2020-10-09 | 贵州电网有限责任公司 | USB interface information security prevention and control method and system |
| CN111769939A (en) * | 2020-06-29 | 2020-10-13 | 北京海泰方圆科技股份有限公司 | Business system access method and device, storage medium and electronic equipment |
| CN111769939B (en) * | 2020-06-29 | 2021-02-09 | 北京海泰方圆科技股份有限公司 | Business system access method and device, storage medium and electronic equipment |
| CN112100585A (en) * | 2020-08-19 | 2020-12-18 | 北京小米移动软件有限公司 | Authority management method, device and storage medium |
| CN111984949A (en) * | 2020-08-24 | 2020-11-24 | 北京达佳互联信息技术有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
| CN111984949B (en) * | 2020-08-24 | 2023-11-28 | 北京达佳互联信息技术有限公司 | Authentication method, device, electronic equipment and storage medium |
| CN112231659A (en) * | 2020-09-25 | 2021-01-15 | 山东浪潮通软信息科技有限公司 | Hierarchical protection access control method and device under multi-security system |
| CN114338060A (en) * | 2020-09-28 | 2022-04-12 | 北京金山云网络技术有限公司 | Authority verification method, device, system, equipment and storage medium |
| CN112291250A (en) * | 2020-10-31 | 2021-01-29 | 贵州电网有限责任公司 | Multi-energy device digital twin data stream communication authority management method and system |
| CN112532595A (en) * | 2020-11-18 | 2021-03-19 | 四川安迪科技实业有限公司 | Satellite network data authority control method, device and storage medium |
| CN112597510A (en) * | 2020-12-16 | 2021-04-02 | 中国工商银行股份有限公司 | Access control method and device |
| CN112597510B (en) * | 2020-12-16 | 2024-01-30 | 中国工商银行股份有限公司 | Access control method and device |
| CN112615925B (en) * | 2020-12-22 | 2022-11-01 | 北京金山云网络技术有限公司 | Configuration and management method and device of service resources and electronic equipment |
| CN112615925A (en) * | 2020-12-22 | 2021-04-06 | 北京金山云网络技术有限公司 | Configuration and management method and device of service resources and electronic equipment |
| CN112822207A (en) * | 2021-01-29 | 2021-05-18 | 上海分布信息科技有限公司 | Method and system for managing block chain data |
| CN113779616A (en) * | 2021-02-08 | 2021-12-10 | 北京沃东天骏信息技术有限公司 | Method and apparatus for identifying data |
| CN113779616B (en) * | 2021-02-08 | 2024-04-05 | 北京沃东天骏信息技术有限公司 | Method and device for identifying data |
| CN112906028A (en) * | 2021-03-04 | 2021-06-04 | 广州虎牙科技有限公司 | Access control method, device, electronic equipment and computer readable storage medium |
| CN113190870A (en) * | 2021-05-27 | 2021-07-30 | 新华三技术有限公司 | Redis database access authority control method and device |
| CN113704285A (en) * | 2021-08-30 | 2021-11-26 | 北京达佳互联信息技术有限公司 | Permission-based retrieval method, device and equipment |
| CN114553484A (en) * | 2022-01-18 | 2022-05-27 | 国电南瑞科技股份有限公司 | Dual access authority control method and system based on two-dimensional security marker |
| CN115906155A (en) * | 2022-11-04 | 2023-04-04 | 浙江联运知慧科技有限公司 | Data management system of sorting center |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103078859B (en) | 2016-03-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103078859B (en) | Operation system right management method, equipment and system | |
| CN107342992B (en) | System authority management method and device and computer readable storage medium | |
| US11886547B2 (en) | Systems and methods for entitlement management | |
| KR101008121B1 (en) | A method and system for managing xml document | |
| EP2405607B1 (en) | Privilege management system and method based on object | |
| CN102473229B (en) | Modification of access control lists | |
| CN102891826B (en) | The control method of web page access, equipment and system | |
| CN108200050A (en) | Single logging-on server, method and computer readable storage medium | |
| EP2767030B1 (en) | Multi-repository key storage and selection | |
| CN103597494A (en) | Method and device for managing digital usage rights of documents | |
| CN102457377A (en) | Role-based web remote authentication and authorization method and system thereof | |
| CN102546664A (en) | User and authority management method and system for distributed file system | |
| CN101729541B (en) | Method and system for accessing resources of multi-service platform | |
| CN105262780A (en) | Authority control method and system | |
| CN105225072A (en) | A kind of access management method of multi-application system and system | |
| CN102571380A (en) | Multi-instance GIS platform unified user management method and system | |
| CN110430180A (en) | A kind of platform of internet of things and implementation method based on hot plug | |
| CN101119197B (en) | Contracting method and system | |
| CN101493872A (en) | Fine grain authority management method based on classification method | |
| Yoon et al. | Blockchain-based object name service with tokenized authority | |
| US11075922B2 (en) | Decentralized method of tracking user login status | |
| JP4805615B2 (en) | Access control method | |
| CN101325493A (en) | Method and system for authenticating a user | |
| Delessy et al. | Patterns for access control in distributed systems | |
| CN113051614B (en) | Information access processing method, device, equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |