CN103188249A - Concentration permission management system, authorization method and authentication method thereof - Google Patents
Concentration permission management system, authorization method and authentication method thereof Download PDFInfo
- Publication number
- CN103188249A CN103188249A CN2011104601066A CN201110460106A CN103188249A CN 103188249 A CN103188249 A CN 103188249A CN 2011104601066 A CN2011104601066 A CN 2011104601066A CN 201110460106 A CN201110460106 A CN 201110460106A CN 103188249 A CN103188249 A CN 103188249A
- Authority
- CN
- China
- Prior art keywords
- role
- information
- user
- computer interaction
- human
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
Provided is a concentration permission management system. The concentration permission management system comprises an authorization unit, an authentication unit and a human-computer interaction interface, wherein the authorization unit particularly comprises a domain controller and a resource manager. The domain controller further comprises an authorization manager and an active directory, information of roles, operation and authority is stored on the authorization manager, user information is saved on the active directory, and resource information is stored on the resource manager. An authority relation of users, roles and resources is matched through the human-computer interaction interface, the purpose of concentration authorization is achieved, and an authentication interface provided by the authentication unit is used for achieving authentication. The concentration permission management system designed based on the authorization manager and the active directory in the domain controller achieves concentration authentication of systems, and achieves unified login, grading and authority deconcentration access, and password management.
Description
Technical field
The present invention relates to the rights management field, relate in particular to concentrated Rights Management System and authorization method, method for authenticating.
Background technology
Each software systems in the present operation support management system, the system that comprises C/S and B/S, it all is the independent system that disperses, a unified login user need be arranged, so just needn't all build the user separately by every cover system, in addition, some functions are arranged particularly to the management of network element, be not that each user can have operation power, be related to the fail safe of whole network, so need carry out the visit of classification fraction to systemic-function.For the mobile communications network that enlarges day by day now, network element is more and more, more needs a kind of simple and safe method to manage.
The management of system login user and authority thereof is the important component part of whole software system, if management is appropriate, not only can simplify the operation of login user, and the significant data in the maintenance software system well, simultaneously, if the data fault problem also can find the person liable rapidly.Continuous expansion along with the mobile network, network element is more and more, and the requirement of processing safety is also more and more higher, and the present invention has formed the unified management system of a cover to user and operating right, conveniently administer and maintain, the realization that the present 4A that extensively occurs is unified authentication simultaneously provides prerequisite.
Summary of the invention
The invention provides a kind of concentrated Rights Management System, comprise granted unit, authenticating unit and human-computer interaction interface, it is characterized in that, described granted unit comprises domain controller, explorer;
Described domain controller is used for receiving user, role and the operating right information that arranges by described human-computer interaction interface in preestablishing the territory compass of competency, and all insert user, role, operating right and the triangular relation of the equipment in this territory management and control;
Described explorer be used for to preserve equipment in the described domain controller compass of competency resource information, set and preserve the corresponding relation of role in resource and the described domain controller by described human-computer interaction interface;
The authorization interface that described authenticating unit is used for preestablishing different rights obtains authority information by calling corresponding rights interface from described domain controller and explorer.
Preferably, domain controller specifically comprises Active Directory and Authorization Manager;
Described Active Directory is used for receiving the user profile of described human-computer interaction interface input and preserving, and described user profile comprises user login information and customer attribute information;
Described Authorization Manager is used for receiving Role Information, the operation information of described human-computer interaction interface input and preserves, and preserves each role's operating right, sets the corresponding relation of user in role and the described Active Directory.
Preferably, described domain controller also comprises the Password Management module, is used for being carried out Password Management to what all inserted this territory by guard system according to predefined Password Policy.
Concrete, described Authorization Manager is the catalogue of specified path in the domain controller, receive the information of described human-computer interaction interface after, by calling compiled in advance function, finish the work of described definition role and operating right;
Described Active Directory is the catalogue of specified path in the domain controller, receive the information of described human-computer interaction interface after, by calling compiled in advance function, finish described definition user's work.
Further, the Authorization Manager of described designated position also further comprises:
Role definition module: be used for the role attribute information definition of recipient's machine interactive interface input and preserve the role;
Operating right arranges module: be used for the role according to described role definition module, be described role's setting operation authority;
User right arranges module: be used for by human-computer interaction interface, according to the role in the user profile in the described Active Directory and the described role definition module, for described user is mated corresponding role.
Further, described explorer comprises:
The resource memory module, the resource information that is used for preserving input field controller equipment, described resource information comprises data resource and functional resources;
Access authorization for resource arranges module, is used to the role who defines in the described role definition module to mate corresponding resource.
Concrete, described compiled function in advance is the function in the domain controller.
The present invention also provides a kind of authorization method based on above-mentioned concentrated Rights Management System, it is characterized in that:
According to the role's parameter in the human-computer interaction interface input, call corresponding role's function in the described Authorization Manager, definition role and preservation in Authorization Manager;
Operation information and the Role Information of selecting human-computer interaction interface to present are determined both matching relationships and are deposited in the Authorization Manager;
Role Information and the resource information of selecting human-computer interaction interface to present, the matching relationship of determining both deposit in and described explorer in;
According to the customer parameter in the human-computer interaction interface input, call corresponding user function in the described Active Directory, definition user and preservation in Active Directory;
Role Information and the user profile of selecting human-computer interaction interface to present deposit both matching relationship in the Authorization Manager in, finish mandate.
The present invention also provides a kind of method for authenticating based on above-mentioned concentrated Rights Management System, it is characterized in that:
Input user's log-on message in human-computer interaction interface, the login domain controller;
Need to select the authorization interface of use in human-computer interaction interface, the method attribute by corresponding authorization interface in the authenticating unit is described obtains corresponding authority.
Problem in view of the prior art existence, the company that has adopts the mode in clear data storehouse to carry out rights management, user and authority information are kept at lane database, because mobile network manager software need be managed a lot of base stations, residential quarter, network element etc., quantity is too big, all exist in the database, speed is got up in visit can be slow.Therefore the way to manage in this employing clear data storehouse for thousands of network element among the mobile network, authorizes efficient just too low, uses inconvenient.Concentrated Rights Management System provided by the invention, Active Directory in the domain controller and Authorization Manager storing user's registered information and authority is set after, only need preserve described information by explorer and get final product, saved a large amount of development times, separately preserving of authority and resource also makes the process of mandate and authentication become simple efficient.
Description of drawings
Fig. 1 is for concentrating the structural representation of Rights Management System
Fig. 2 is based on the authorization method flow chart of concentrating Rights Management System
Fig. 3 is based on the method for authenticating flow chart of concentrating Rights Management System
Embodiment
Concentrated Rights Management System of the present invention adopts the mode of Authorization Manager, Active Directory and explorer in the domain controller, finish the function to user, role, authority centralized management, be easy to realize, for managing network element authorities numerous in the mobile communications network, more suitable.Further set forth implementation method of the present invention below in conjunction with embodiment.
A kind of concentrated Rights Management System as shown in Figure 1, comprises human-computer interaction interface 1, granted unit 2, authenticating unit 3.
Human-computer interaction interface 1 is used for receiving the various information of user's input, present the authority information of concentrating the Rights Management System management, information, user and role's the corresponding relation that comprises user's information, role, the corresponding relation of role and resource, role's operating right etc.; Human-computer interaction interface 1 can provide different authority setup menus simultaneously, and the user can pass through human-computer interaction interface, and input or the information of selecting authority to arrange deposit the authority information of importing or select in granted unit, thereby finishes licensing process.
Granted unit 2 is used for finishing the correlation function to subscriber authorisation, comprises the definition user, defines the role, role's operating right is set, and the relation of role and resource is set, and user and role's relation etc. is set.For example when the definition user, granted unit receives the user from the customer attribute information of human-computer interaction interface input, include but not limited to information such as user's name, user cipher, the affiliated group of user, the affiliated specialty of user, the affiliated company of user, be saved in the granted unit.When the definition role, granted unit receives the user from the role attribute information of human-computer interaction interface input, includes but not limited to role's title, role's description, role and user's corresponding relation.
Granted unit function among the present invention mainly adopts domain controller 21 and explorer 22 to realize that wherein domain controller 21 further comprises Active Directory 211 and Authorization Manager 212 again.
The implication in " territory " refers to the computer combination that can the computer on the server controls network add.Under " territory " pattern, have at least a station server to be responsible for each All-China Federation of Taiwan Compatriots and go into the computer of network and user's checking work, the entrance guard who is equivalent to a unit is the same, is called " domain controller (Domain Controller is abbreviated as DC).Domain controller can management and control inserts user, role, operating right and the triangular relation of the equipment in this territory.
Generally all include Active Directory and Authorization Manager in the domain controller, so this case utilizes domain controller to finish the function of concentrating rights management.
Active Directory 211 is used for receiving the user profile of described human-computer interaction interface input and preserving.
Active Directory is a kind of directory service, a kind of data storage of catalogue form is provided, catalogue has comprised relevant various object (user for example, user's group, computer, the territory, organization unit and security strategy) information, these information can be published out, use for user and keeper, on the Active Directory existence domain controller, can be visited by the machine that domain controller is controlled, the technical program utilizes Active Directory that the user is managed, information by the input of recipient's machine interactive interface, the user is defined and preserves, these information comprise user's log-on message and customer attribute information, user login information is including, but not limited to username and password, customer attribute information is organized including, but not limited to the user, company under the user, specialty under the user, user's group and organization unit etc. can also be added in the affiliated areas of user etc., and user profile can arrange according to the actual requirements, but username and password is necessary, is the necessary condition of landing domain controller.The user profile of Active Directory recipient machine interactive interface input is called existing corresponding compiled function, finishes different subscriber management functions, and in a single day the user is defined and preserves, and just can present by human-computer interaction interface, uses for the user.
Be that in domain controller Active Directory specifies a position, namely set a catalogue at specified path, comprise original compiled function in the Active Directory in the catalogue, and encapsulated and use method class and attribute thereof in the concentrated Rights Management System, for example:
Class DirectoryEntry, realize the initial setting up of Active Directory:
DirectoryEntry entity of initialization, carry out instantiation to Active Directory:
new DirectoryEntry(string path,string username,string password);
/ * arranges the Active Directory path, arrange the login domain controller username and password */
Class DirectorySearcher, realize the query function to Active Directory:
DirectorySearcher is carried out initialization, can finish the inquiry to information in the Active Directory:
New DirectorySearcher(DirectoryEntry entry,string condition)
/ * arranges new query entity, arrange querying condition */
Active Directory comprises compiled function originally, can be used for the function of user management:
Add an entity, mainly refer to the user, preferably can add user's group, organization unit etc., the grouping of user's group can be determined according to business demand.
The Add method of adding an entity in the Active Directory and be by Children attribute in the Active Directory realizes:
Add(string name,string schemaClassName)
/ * is different for the literary style of different class name: OU OU=name; User CN=name*/
Delete an entity, mainly refer to the user, preferably can delete user's group, organization unit etc.
Entity of deletion in Active Directory is that the Remove method by Children attribute in the Active Directory realizes:
Remove(DirectoryEntry entry)。
Authorization Manager 212 is used for receiving Role Information, operation information and the preservation of described human-computer interaction interface input, preserves each role's operating right, sets the corresponding relation of user in role and the described Active Directory.
Authorization Manager is used for finishing authorization function, also preserve according to the Role Information of human-computer interaction interface input earlier, these information comprise that role name claims, the role describes etc., can arrange according to the actual requirements, after the definition role finishes, be each role's setting operation authority, operation information mainly comprises increase, deletion, modification etc.After finishing role definition, role and user's relation can be set according to the user profile that human-computer interaction interface presents.Authorization Manager receives the information of human-computer interaction interface input, calls encapsulation corresponding function wherein, finish corresponding function after, the relation information of Role Information, role and user's relation information, role and operation is preserved.For example Rights Management System need define the role, the Role Information of recipient's machine interactive interface input then, and call definition role's function is finished definition role's function and the role who defines is saved in the Authorization Manager.
In domain controller, specify a position for Authorization Manager, namely in catalogue of path setting of appointment, comprise original compiled function in the Authorization Manager in the catalogue, and encapsulated and use method class and attribute thereof in the concentrated Rights Management System, be used for according to the content of human-computer interaction interface input role and operating right being arranged and preserving.
Authorization Manager 212 further comprises:
Role definition module 2121: be used for the content-defined role according to the human-computer interaction interface input, role attribute is set;
Operating right arranges module 2122: for the role of the content of importing according to human-computer interaction interface in conjunction with described role definition module, be described role's setting operation authority;
User right arranges module 2123: user profile and Role Information for presenting according to human-computer interaction interface are that described user is mated corresponding role by human-computer interaction interface, and preserve both relations.
Authorization Manager calls following corresponding function by the information of recipient's machine interactive interface, and role, operation and authority information are managed.
Be example with concrete function example:
Class AzAuthorizationStoreClass
Initialize(int IFlags,string bstrPolicyURL,object varReserved)
/ * initialization mainly is that Authorization Manager arranges the path, namely specify the directory location * of Authorization Manager/
OpenApplication(string bstrApplication,object varReserved)
/ * opens application, namely the directory name * of Authorization Manager/
IAzClientContext
(a)InitializeClientContextFromToken(ulong ullTokenHandle,object)
(b)InitializeClientContextFromName(stirng ClientName,stringDomainName,object)
/ * client-side interface has two kinds of initial methods for client, and a kind of is by Token, and a kind of is mode by the designated user name.Can obtain the role of this client by client, and realize authentication */
Create the role
CreateRole(string bstrRoleName,object varReserved)
/ * create the role be call the * that existing CreateRole realizes in the Authorization Manager/
The deletion role
DeleteRole(string name,string descripting,string[]tasks,string operations)
/ * deletion role be call the * that existing DeleteRole realizes in the Authorization Manager/
Creation operation
CreateOperation(string bstOperationName,object varReserved)
/ * creation operation be call the * that existing CreateOperation realizes in the Authorization Manager/
Deletion action
DeleteOperation(string bstOperationName,object varReserved)
/ * deletion action be the * that existing DeleteOperation realizes in the Authorization Manager/
Role of initialization namely carries out instantiation to the role, and for the role gives attribute, unique identification, role's member, the role who mainly contains the role describes, the role operates etc.
The initialization role
OpenRole(string bstRoleName,object varReserved)
/ * initialization role be call the * that the OpenRolee method of Authorization Manager realizes/.Add corresponding operation to the role
AddOperation(string bstRoleName,object varReserved)
/ * call AddOperation method * among the role/
The corresponding operation of deletion from the role
DeleteOperation(string bstRoleName,object varReserved)
/ * call DeleteOperation method * among the role/
Add subordinate's member or system actor to the role
AddMember(string bstMemberName,object varReserved)
/ * call AddMember method * among the role/
Deletion subordinate's member or system actor from the role
DeleteMenber(string bstMemberName,object varReserved)
/ * call DeleteMenber method * among the role/
Two attributes that call the role can obtain role's all operations and member, i.e. Operations and Members respectively.
The resource information that explorer 22 is used for preserving input field controller equipment is set and preserves the corresponding relation of role in resource and the described domain controller by described human-computer interaction interface.
The resource that resource information mainly refers to, refer to the resource information on the equipment in the input field controller, or the resource information of the application system of carrying on the equipment (namely by management system), comprise functional resources and data resource, the called function resource refers to had as the functional resources that relates in the network management system by the functional module in the guard system, performance module, alarm module, sends single module etc., the user has authority to corresponding functional module, then means to use these functions; So-called data resource refers to be had as the data resource that relates in the network management system by the data message in the guard system, net element information, system information etc., and the user has authority to corresponding data, then means to operate these data.
In mobile communications network, can relate to a plurality of management systems, and relate to a large amount of equipment/network elements, these equipment/network elements may belong to different systems, the possibility that existence is inequality to the operating right of each equipment/network element, therefore the rights management of mobile communications network, it is many to have connecting system, the characteristics that data volume is big, if adopt traditional database mode, the user, the role, authority, resource information all is kept in the database, realize the authority of each equipment/network element is managed by the visit of searching to database, can influence authorize, the speed of authentication and the performance of Rights Management System, the method for employing Authorization Manager and Active Directory, existing function is finished the user in the employing domain controller, the management work of role and authority, authority is separated with resource, and can obtain the authority of each system accordingly after landing domain controller, use simply, exploitation easily realizes, and improved processing speed, especially be fit to the rights management of big data quantity.
For the authority relevant with resource, native system adopts the explorer way to manage, comprises following two modules:
Resource memory module 221 is used for preserving by the resource information of guard system.
Described resource information comprises data asset information and functional resources information.
Data asset information, as net element information, network element group information.
Functional resources information refers to by the functional module information in the guard system.
The data asset information of resource and functional resources information store in the database in advance, can pass through human-computer interaction interface, present to the user.
Access authorization for resource arranges module 222, is used in the described role definition module role to mate corresponding resource.
The relation of role and resource, the relation of role and network element for example, the relation of role and NE type, the relation of role and producer, the relation in role and area etc., namely this role can operate which network element, which producer, which area; The relation of role and function menu, namely this role can use those functional modules in the connecting system.
The relation of role and resource then arranges by human-computer interaction interface, and the content that sets is saved in the described explorer.
Authenticating unit 3 provides the interface of predefined different rights, obtains the user to the operating right of different resource from described domain controller and explorer by calling corresponding rights interface.;
Comprise interface class a: IPrivilege in the authenticating unit, contain some attributes and method in such, specific as follows:
Such attribute that comprises has:
The password to decipher * of EncryptPassword/*/
The path * of AzPath/* Authorization Manager/
Application in the AppName/* Authorization Manager, the title * of system in the input field controller/such method that comprises has
SetConnection/* arrange explorer connect */
Login (user_name, password)/* log-on message */
Through 3 attributes are set, above two methods, if login successfully, just generate an IPrivilege object, thereby login user and Authorization Manager, Active Directory and resource manager contacts are got up, when getting other authorities again, directly the interface method that will mention below this object reference that generates just can have been limit by weighting.
Described interface method comprises:
IsSuperUse/* whether be power user */
GetUserName/* obtain user name */
GetUserPassword/* obtain password */
GetUserID/* obtain user ID */
GetAllRoles/* obtains all role names in the empowerment management, uses | separation */
GetAppAllOperations/* obtains all operations in the Authorization Manager, with | separation */(operation and role have relation, therefore the process of obtaining is exactly the role who obtains this user according to login user earlier from Authorization Manager, and then the operation that obtains being associated according to the role, thereby obtain this user's all operations)
GetRoleMembers (rolename)/* obtains all users under the role, uses | separation */
Rolename:
GetRoleOperations (rolename)/* obtains operations all under the role, uses | separation */
Rolename:
GetUserRoles/* obtains all roles of active user, uses | separation */
GetUserOperations/* obtains all operations of active user, uses | separation */
AccessCheck (Operationld)/* surveys the active user and whether has certain operation permission, have this authority and return 1, otherwise return 0*/
Operationld: operation id
GetDataListWithPrivilegeFlag (IDataType, IDatald1, IDatald2, IDatald3, IRetDataType)/* obtain the active user certain data item had the list of data items of certain operation permission, use | separate */
DataAccessCheck (IDataType, IDatald1, IDatald2, IDatald3 IOperationFlag)/* detects the active user whether certain data item is had certain operation permission, has this authority and returns 1, otherwise return 0*/
Preferably, in order to improve the fail safe of concentrating rights management, some user is to the strict requirement that is provided with of password, the module that in domain controller, also comprises an administrator password, in this Password Management module, be preset with the multiple strategy that password is set, so after using this Password Policy, can make the user of this system of access directly according to the requirement of Password Policy password is set.So-called Password Policy is exactly the requirement that password is set, and requiring password as Password Policy 1 is 6, must comprise letter and number, but can not comprise character.
Domain controller of the present invention can be the domain controller in the windows system, includes Authorization Manager and the Active Directory of self, is used for realizing the function of concentrated rights management of the present invention.
The present invention also provides a kind of authorization method based on above-mentioned concentrated Rights Management System, comprises following steps as shown in Figure 2:
Step 101: according to the role's parameter in the human-computer interaction interface input, call corresponding role's function in the described Authorization Manager, definition role and preservation in Authorization Manager.
Step 102: operation information and the Role Information of selecting human-computer interaction interface to present, determine both matching relationships and deposit in the Authorization Manager.
Step 103: Role Information and the resource information of selecting human-computer interaction interface to present, the matching relationship of determining both deposit in and described explorer in.
Step 104: according to the customer parameter in the human-computer interaction interface input, call corresponding user function in the described Active Directory, definition user and preservation in Active Directory.
Step 105: Role Information and the user profile of selecting human-computer interaction interface to present, both matching relationship is deposited in the Authorization Manager, finish mandate.
The present invention also provides a kind of method for authenticating based on above-mentioned concentrated Rights Management System, as shown in Figure 3, comprises step:
Described log-on message, the user name, the encrypted message that comprise login, according in the said system to the description of authenticating unit operation principle, after the input log-on message, if login successfully, then generate an IPrivilege object, thereby login user and Authorization Manager, Active Directory and resource manager contacts are got up, when getting other authorities, according to user's selection, call in the authenticating unit corresponding interface method and get final product.See description relevant in the system for details, repeat no more.
Foregoing description is only used for illustrating the present invention rather than is used for limiting protection scope of the present invention.Those skilled in the art draw multiple improvement and distortion easily from above-mentioned instruction, only otherwise exceed the protection range of claim.
Claims (9)
1. a concentrated Rights Management System comprises granted unit, authenticating unit and human-computer interaction interface, it is characterized in that, described granted unit comprises domain controller, explorer;
Described domain controller is used for receiving user, role and the operating right information that arranges by described human-computer interaction interface in preestablishing the territory compass of competency, and all insert user, role, operating right and the triangular relation of the equipment in this territory management and control;
Described explorer be used for to preserve equipment in the described domain controller compass of competency resource information, set and preserve the corresponding relation of role in resource and the described domain controller by described human-computer interaction interface;
The authorization interface that described authenticating unit is used for preestablishing different rights obtains authority information by calling corresponding rights interface from described domain controller and explorer.
2. concentrated Rights Management System according to claim 1 is characterized in that, described domain controller specifically comprises Active Directory and Authorization Manager;
Described Active Directory is used for receiving the user profile of described human-computer interaction interface input and preserving, and described user profile comprises user login information and customer attribute information;
Described Authorization Manager is used for receiving Role Information, the operation information of described human-computer interaction interface input and preserves, and preserves each role's operating right, sets the corresponding relation of user in role and the described Active Directory.
3. concentrated Rights Management System according to claim 2 is characterized in that, described domain controller also further comprises the Password Management module, is used for being carried out Password Management to what all inserted this territory by guard system according to predefined Password Policy.
4. concentrated Rights Management System according to claim 3, it is characterized in that, described Authorization Manager is the catalogue of specified path in the domain controller, after receiving the information of described human-computer interaction interface, by calling compiled in advance function, finish the work of described definition role and operating right;
Described Active Directory is the catalogue of specified path in the domain controller, receive the information of described human-computer interaction interface after, by calling compiled in advance function, finish described definition user's work.
5. concentrated Rights Management System according to claim 4 is characterized in that, the Authorization Manager of described designated position also further comprises:
Role definition module: be used for the role attribute information definition of recipient's machine interactive interface input and preserve the role;
Operating right arranges module: be used for the role according to described role definition module, be described role's setting operation authority;
User right arranges module: be used for by human-computer interaction interface, according to the role in the user profile in the described Active Directory and the described role definition module, for described user is mated corresponding role.
6. concentrated Rights Management System according to claim 5 is characterized in that, described explorer further comprises:
The resource memory module, the resource information that is used for preserving input field controller equipment, described resource information comprises data resource and functional resources;
Access authorization for resource arranges module, is used to the role who defines in the described role definition module to mate corresponding resource.
7. concentrated Rights Management System according to claim 6 is characterized in that, described compiled function in advance is the function in the domain controller.
8. authorization method based on above-mentioned concentrated Rights Management System is characterized in that:
According to the role's parameter in the human-computer interaction interface input, call corresponding role's function in the described Authorization Manager, definition role and preservation in Authorization Manager;
Operation information and the Role Information of selecting human-computer interaction interface to present are determined both matching relationships and are deposited in the Authorization Manager;
Role Information and the resource information of selecting human-computer interaction interface to present, the matching relationship of determining both deposit in and described explorer in;
According to the customer parameter in the human-computer interaction interface input, call corresponding user function in the described Active Directory, definition user and preservation in Active Directory;
Role Information and the user profile of selecting human-computer interaction interface to present deposit both matching relationship in the Authorization Manager in, finish mandate.
9. method for authenticating based on above-mentioned concentrated Rights Management System is characterized in that:
Input user's log-on message in human-computer interaction interface, the login domain controller;
Need to select the authorization interface of use in human-computer interaction interface, the method attribute by corresponding authorization interface in the authenticating unit is described obtains corresponding authority.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104601066A CN103188249A (en) | 2011-12-31 | 2011-12-31 | Concentration permission management system, authorization method and authentication method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104601066A CN103188249A (en) | 2011-12-31 | 2011-12-31 | Concentration permission management system, authorization method and authentication method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103188249A true CN103188249A (en) | 2013-07-03 |
Family
ID=48679218
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104601066A Pending CN103188249A (en) | 2011-12-31 | 2011-12-31 | Concentration permission management system, authorization method and authentication method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103188249A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746989A (en) * | 2013-12-31 | 2014-04-23 | 华为技术有限公司 | Method, device and equipment for authorizing network elements |
| CN105227551A (en) * | 2015-09-24 | 2016-01-06 | 四川长虹电器股份有限公司 | The uniform permission administration method of XBRL application platform |
| CN105809024A (en) * | 2014-12-31 | 2016-07-27 | 航天信息软件技术有限公司 | Password setting method and device |
| CN106055377A (en) * | 2016-06-03 | 2016-10-26 | 北京奇虎科技有限公司 | Method for achieving distributed compiling and distributed compiling system |
| CN106656927A (en) * | 2015-10-30 | 2017-05-10 | 北京国双科技有限公司 | Method and device for enabling Linux account to be added to AD domain |
| CN107196915A (en) * | 2017-04-25 | 2017-09-22 | 北京潘达互娱科技有限公司 | Authority setting method, apparatus and system |
| CN109344603A (en) * | 2018-10-23 | 2019-02-15 | 同程网络科技股份有限公司 | A kind of unified entry system |
| CN109995698A (en) * | 2017-12-29 | 2019-07-09 | 北京神州泰岳软件股份有限公司 | A kind of asset equipment authentication method, apparatus and system |
| CN110598412A (en) * | 2018-06-12 | 2019-12-20 | 杨力祥 | Method and computing device for isolating power information and checking power based on power information |
| CN111724134A (en) * | 2020-06-19 | 2020-09-29 | 京东方科技集团股份有限公司 | Role authorization method and system of conference management system |
| CN112910882A (en) * | 2021-01-28 | 2021-06-04 | 山东有人物联网股份有限公司 | Network management method, device, system and computer readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1635439A (en) * | 2003-12-26 | 2005-07-06 | 华为技术有限公司 | A user right management method |
| CN101217368A (en) * | 2007-12-29 | 2008-07-09 | 亿阳安全技术有限公司 | A network logging on system and the corresponding configuration method and methods for logging on the application system |
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN101895551A (en) * | 2010-07-22 | 2010-11-24 | 北京天融信科技有限公司 | Resource access control method and system |
-
2011
- 2011-12-31 CN CN2011104601066A patent/CN103188249A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1635439A (en) * | 2003-12-26 | 2005-07-06 | 华为技术有限公司 | A user right management method |
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN101217368A (en) * | 2007-12-29 | 2008-07-09 | 亿阳安全技术有限公司 | A network logging on system and the corresponding configuration method and methods for logging on the application system |
| CN101895551A (en) * | 2010-07-22 | 2010-11-24 | 北京天融信科技有限公司 | Resource access control method and system |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746989A (en) * | 2013-12-31 | 2014-04-23 | 华为技术有限公司 | Method, device and equipment for authorizing network elements |
| CN105809024A (en) * | 2014-12-31 | 2016-07-27 | 航天信息软件技术有限公司 | Password setting method and device |
| CN105227551A (en) * | 2015-09-24 | 2016-01-06 | 四川长虹电器股份有限公司 | The uniform permission administration method of XBRL application platform |
| CN106656927A (en) * | 2015-10-30 | 2017-05-10 | 北京国双科技有限公司 | Method and device for enabling Linux account to be added to AD domain |
| CN106055377A (en) * | 2016-06-03 | 2016-10-26 | 北京奇虎科技有限公司 | Method for achieving distributed compiling and distributed compiling system |
| CN107196915B (en) * | 2017-04-25 | 2020-02-14 | 北京潘达互娱科技有限公司 | Permission setting method, device and system |
| CN107196915A (en) * | 2017-04-25 | 2017-09-22 | 北京潘达互娱科技有限公司 | Authority setting method, apparatus and system |
| CN109995698A (en) * | 2017-12-29 | 2019-07-09 | 北京神州泰岳软件股份有限公司 | A kind of asset equipment authentication method, apparatus and system |
| CN109995698B (en) * | 2017-12-29 | 2021-08-06 | 北京神州泰岳软件股份有限公司 | Asset equipment authentication method, device and system |
| CN110598412A (en) * | 2018-06-12 | 2019-12-20 | 杨力祥 | Method and computing device for isolating power information and checking power based on power information |
| CN110598412B (en) * | 2018-06-12 | 2021-12-14 | 杨力祥 | Method and computing device for isolating power information and checking power based on power information |
| CN109344603A (en) * | 2018-10-23 | 2019-02-15 | 同程网络科技股份有限公司 | A kind of unified entry system |
| CN111724134A (en) * | 2020-06-19 | 2020-09-29 | 京东方科技集团股份有限公司 | Role authorization method and system of conference management system |
| CN112910882A (en) * | 2021-01-28 | 2021-06-04 | 山东有人物联网股份有限公司 | Network management method, device, system and computer readable storage medium |
| CN112910882B (en) * | 2021-01-28 | 2022-08-12 | 山东有人物联网股份有限公司 | Network management method, device, system and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103188249A (en) | Concentration permission management system, authorization method and authentication method thereof | |
| CN104769908B (en) | Identity management system in multi-tenant cloud based on LDAP | |
| EP2510473B1 (en) | Unified user login for co-location facilities | |
| CN104050401B (en) | Method for managing user right and system | |
| US9003297B2 (en) | Integrated enterprise software and social network system user interfaces utilizing cloud computing infrastructures and single secure portal access | |
| US7478407B2 (en) | Supporting multiple application program interfaces | |
| CN109670768A (en) | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain | |
| EP3465431A1 (en) | Security design and architecture for a multi-tenant hadoop cluster | |
| US20140215595A1 (en) | Security token based user authentication in a multi-tenanted application | |
| CN101729541B (en) | Method and system for accessing resources of multi-service platform | |
| CN105262780B (en) | A kind of authority control method and system | |
| CN111680310B (en) | Authority control method and device, electronic equipment and storage medium | |
| CN101741558A (en) | Method for realizing uniform identity authentication | |
| CN103023921A (en) | Authentication and access method and authentication system | |
| CN109817347A (en) | Inline diagnosis platform, its right management method and Rights Management System | |
| US10333939B2 (en) | System and method for authentication | |
| CN106933605A (en) | A kind of intelligent progress recognizing control method and system | |
| CN106295384A (en) | A kind of big data platform access control method, device and certificate server | |
| CN102194169B (en) | Unified communication management method and system | |
| CN111818090B (en) | Authority management method and system on SaaS platform | |
| US8893269B1 (en) | Import authorities for backup system | |
| CN113688376A (en) | Tenant authority control method for realizing container cloud platform based on CMDB system and RBAC model | |
| CN104580213A (en) | Certificate authorization method and device | |
| CN108989395A (en) | A kind of multiple enterprises Application share method and device based on converged communication technology | |
| CN102355457B (en) | Character terminal application system and calling method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130703 |