CN104462903B - The treating method and apparatus of operation system permission - Google Patents
The treating method and apparatus of operation system permission Download PDFInfo
- Publication number
- CN104462903B CN104462903B CN201410779460.9A CN201410779460A CN104462903B CN 104462903 B CN104462903 B CN 104462903B CN 201410779460 A CN201410779460 A CN 201410779460A CN 104462903 B CN104462903 B CN 104462903B
- Authority
- CN
- China
- Prior art keywords
- permission
- user
- copied
- mapping relations
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind for the treatment of method and apparatus of operation system permission.Wherein, which includes: the first request received for for user allocation system permission, wherein the attribute information of user is carried in the first request;Read the first permissions data corresponding with attribute information, wherein the first mapping relations of Business Entity and operating right item in the first permissions data including operation system;First mapping relations are copied to user.Through the invention, it solves the problems, such as that modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art, realizes and the mapping relations of Business Entity and operating right item are copied to effect of the user without modifying program code automatically.
Description
Technical field
The present invention relates to data processing fields, in particular to a kind for the treatment of method and apparatus of operation system permission.
Background technique
Software systems all have the function of System right management at present, and the prior art is based on role and functional module
Realize rights management, concrete methods of realizing is that can define several roles in an operation system, distribute under each role several
Functional module, wherein what the distribution of role and functional module was realized in a program.
Above-mentioned role can be the several different administration authority levels for website defined in operation system, than
Such as: an Advertising Management System can mark off administrator, dealer, observer;Functional module can be root in operation system
Several pieces of function points marked off according to system concrete function, each piece of function point are defined as a functional module, such as: advertisement pipe
Reason system, which can mark off, launches the functional modules such as management module, data center module, Reporting Center's module.
But existing rights management distribution technique mainly has following two disadvantage:
1, for operation system using functional module as most thin permission granularity, permission granularity is thicker, so cannot be accurately
The permission of management system also results in the safety decline of operation system accordingly.
2, operation system realizes the definition and relationship map of role and functional module in a program, when operation system needs add
When adding or modify the mapping relations of role and functional module, it is necessary to manual modification program code, cause maintenance to permission at
This height, and it is cumbersome.
Modification program code leads to the dimension to system permission when for the system permission for modifying operation system in the prior art
Problem at high cost is protected, currently no effective solution has been proposed.
Summary of the invention
The main purpose of the present invention is to provide a kind for the treatment of method and apparatus of operation system permission, to solve existing skill
Modification program code leads to the problem high to the maintenance cost of system permission when modifying the system permission of operation system in art.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of processing side of operation system permission
Method.
Processing method according to the present invention includes: the first request received for for user allocation system permission, wherein the
The attribute information of user is carried in one request;Read the first permissions data corresponding with attribute information, wherein the first permission number
First mapping relations of Business Entity and operating right item in including operation system;First mapping relations are copied to use
Family.
Further, before reading the first permissions data corresponding with attribute information, processing method further include: obtain industry
The configuration file of the operating right item of entity, wherein operating right item include: creation operation, modification operation, delete operation with
And check operation;Establish the initial mapping relationship of each Business Entity and operating right item in operation system;Based on initial mapping
Relationship generates multiple initial rights data, wherein initial rights data include the first permissions data;Initial rights data are saved
In the database.
Further, reading the first permissions data corresponding with attribute information includes: to extract permission in dependence information to refer to
Determine information;The initial rights data that permission specify information is read from database, obtain the first permissions data.
Further, after the first mapping relations are copied to user, processing method further include: receive and used for changing
Second request of the system permission at family, wherein the authority information of altering system permission is carried in the second request;Acquisition and permission
Corresponding second permissions data of information, wherein initial rights data include the second permissions data, and the second permissions data includes business
The Business Entity of system and the second mapping relations of operating right item;Second mapping relations are copied to user.
Further, before the first mapping relations are copied to user, processing method further include: creation permission duplication
Class;It includes: to replicate class by permission the first mapping relations are copied to user that first mapping relations, which are copied to user,;By second
It includes: to replicate class by permission the second mapping relations are copied to user that mapping relations, which are copied to user,.
To achieve the goals above, according to another aspect of the present invention, a kind of processing dress of operation system permission is provided
It sets.
Processing unit according to the present invention includes: the first receiving module, for receiving for being user allocation system permission
The first request, wherein carry the attribute information of user in the first request;Read module, for reading and attribute information pair
The first permissions data answered, wherein first of Business Entity and operating right item in the first permissions data including operation system
Mapping relations;First replication module, for the first mapping relations to be copied to user.
Further, processing unit further include: first obtains module, for reading the first power corresponding with attribute information
Before limiting data, the configuration file of the operating right item of Business Entity is obtained, wherein operating right item includes: creation operation, repairs
Change operation, delete operation and checks operation;Module is established, for establishing each Business Entity and operating right in operation system
The initial mapping relationship of item;Generation module, for generating multiple initial rights data based on initial mapping relationship, wherein initial
Permissions data includes the first permissions data;Preserving module, for saving initial rights data in the database.
Further, read module includes: extraction module, for extracting permission specify information in dependence information;It reads
Submodule obtains the first permissions data for reading the initial rights data of permission specify information from database.
Further, processing unit further include: the second receiving module, for by the first mapping relations be copied to user it
Afterwards, the second request of the system permission for changing user is received, wherein the power of altering system permission is carried in the second request
Limit information;Second obtains module, for obtaining the second permissions data corresponding with authority information, wherein initial rights data packet
The second permissions data is included, the second permissions data includes the Business Entity of operation system and the second mapping relations of operating right item;
Second replication module, for the second mapping relations to be copied to user.
Further, processing unit further include: creation module, for before the first mapping relations are copied to user,
It creates permission and replicates class;First replication module includes: the first duplication submodule, closes the first mapping for replicating class by permission
System is copied to user;Second replication module includes: the second duplication submodule, for replicating class for the second mapping relations by permission
It is copied to user.
Using the embodiment of the present invention, after receiving for the first request for user allocation system permission, read with
Corresponding first permissions data of attribute information in first request, then by the Business Entity and operating rights in the first permissions data
First mapping relations of limit item are copied to user, to distribute the system permission of operation system for user.In embodiments of the present invention,
It, can be with by reading corresponding with the attribute information of user permissions data and the mapping relations in permissions data being copied to user
Automatically the mapping relations of Business Entity and operating right item are copied to user, are embodied as user's distribution by replicating mapping relations
Or modification authority, it avoids and needs the problem of modifying program code when modifying the system permission of user in the prior art, simplify
The operation of the system permission of distribution operation system, reduces the cost of maintenance system permission.Through the embodiment of the present invention, it solves
Modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art
Problem realizes and the mapping relations of Business Entity and operating right item is copied to user without modifying program code automatically
Effect.
Detailed description of the invention
The attached drawing constituted part of this application is used to provide further understanding of the present invention, schematic reality of the invention
It applies example and its explanation is used to explain the present invention, do not constitute improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the processing method of operation system permission according to an embodiment of the present invention;
Fig. 2 is a kind of flow chart of the processing method of optional operation system permission according to an embodiment of the present invention;And
Fig. 3 is the schematic diagram of the processing unit of operation system permission according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
Fig. 1 is the flow chart of the processing method of operation system permission according to an embodiment of the present invention, as shown in Figure 1, at this
Reason method may include following step S102 to step S106:
Step S102 is received for the first request for user allocation system permission.
Wherein, the attribute information of user is carried in the first request.
Step S104 reads the first permissions data corresponding with attribute information.
Wherein, the first mapping relations of the Business Entity in the first permissions data including operation system and operating right item.
First mapping relations are copied to user by step S106.
Using the embodiment of the present invention, after receiving for the first request for user allocation system permission, read with
Corresponding first permissions data of attribute information in first request, then by the Business Entity and operating rights in the first permissions data
First mapping relations of limit item are copied to user, to distribute the system permission of operation system for user.In embodiments of the present invention,
It, can be with by reading corresponding with the attribute information of user permissions data and the mapping relations in permissions data being copied to user
Automatically the mapping relations of Business Entity and operating right item are copied to user, are embodied as user's distribution by replicating mapping relations
Or modification authority, it avoids and needs the problem of modifying program code when modifying the system permission of user in the prior art, simplify
The operation of the system permission of distribution operation system, reduces the cost of maintenance system permission.Through the embodiment of the present invention, it solves
Modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art
Problem realizes and the mapping relations of Business Entity and operating right item is copied to user without modifying program code automatically
Effect.
In the above embodiment of the present invention, the least privilege granularity that operation system can be managed is by function in the prior art
Energy module refine to Business Entity, is embodied as using by the way that the mapping relations of Business Entity and operating right item are copied to user
The system permission of operation system is distributed at family, and solving system permission coarse size in the prior art causes the safety of operation system low
The problem of, to keep the rights management of operation system more accurate, and then improve the safety of operation system.
In the above-described embodiments, functional module can be several by being marked off in operation system according to system concrete function
Block function point, each piece of function point are defined as a functional module, such as: Advertising Management System can mark off launch management module,
The functional modules such as data center module, Reporting Center's module;Business Entity can be business object involved in operation system,
Advertisement, project, advertiser's business object, these business objects, that is, above-mentioned reality can be such as related in an Advertising Management System
Apply the Business Entity in example.
According to that above embodiment of the present invention, before reading the first permissions data corresponding with attribute information, processing method
It can also include: the configuration file for obtaining the operating right item of Business Entity, wherein operating right item includes: creation operation, repairs
Change operation, delete operation and checks operation;Establish the initial mapping of each Business Entity and operating right item in operation system
Relationship;Multiple initial rights data are generated based on initial mapping relationship, wherein initial rights data include the first permissions data;
Initial rights data are saved in the database.
Specifically, the configuration file of the operating right item of Business Entity is obtained, and business system is established according to the configuration file
The initial mapping relationship of each Business Entity and operating right item in system is then based on initial mapping relationship and generates multiple initial power
It limits data and saves initial rights data in the database.
Optionally, initial rights data can be used as permission template, be stored in configuration file or be stored in database
In.
Further, reading the first permissions data corresponding with attribute information may include: that power is extracted in dependence information
Limit specify information;The initial rights data of permission specify information are read from database.
Specifically, the permission specify information of the system permission for designated user is extracted in the attribute information from user
Later, the corresponding initial rights data of permission specify information are read from database, then using the permissions data read as
Corresponding first permissions data of the attribute information of user.
Above-described embodiment through the invention, before reading the first permissions data, according to the Business Entity in operation system
Initial mapping relationships different from operating right item generate different initial rights data, by the way that different permissions datas is automatic
It is copied to different users, is avoided in the prior art to need the problem of modifying program code when user allocation system permission,
The operation for simplifying distribution system permission realizes intelligence by the way that different permissions datas to be copied to different users automatically
The effect of distribution system permission.
In the above embodiment of the invention, after the first mapping relations are copied to user, processing method can be with
It include: the second request for receiving the system permission for changing user, wherein carry altering system permission in the second request
Authority information;Obtaining the second permissions data corresponding with authority information, wherein initial rights data include the second permissions data,
Second permissions data includes the Business Entity of operation system and the second mapping relations of operating right item;Second mapping relations are answered
It makes to user.
Specifically, after the first mapping relations are copied to user, to change the system permission of user, can pass through
The second permissions data corresponding with the authority information of altering system permission in the second request received is obtained, and second is weighed
The second mapping relations in limit data are copied to user, to realize the system permission of change user.
Further, before the first mapping relations are copied to user, processing method can also include: that creation permission is multiple
Class processed;It may include: to replicate class by permission the first mapping relations are copied to user that first mapping relations, which are copied to user,;
It may include: to replicate class by permission the second mapping relations are copied to user that second mapping relations, which are copied to user,.
Specifically, it may be implemented different mapping relations being copied to use by permission duplication class (i.e. permission reproducer class)
Family, that is, when creating new user, permission duplication class can be used will be in the first permissions data corresponding with the attribute information of user
The first mapping relations be copied to new user, to be embodied as the purpose of new user allocation system permission;In the system of change user
When permission, permission duplication class can be used by second in the second permissions data corresponding with the permissions data of altering system permission
Mapping relations are copied to user, to be embodied as the purpose of user's altering system permission.
Above-described embodiment through the invention, the new user in creation operation system or the user for operation system change system
When permission of uniting, different permission template (the initial rights data i.e. in above-described embodiment) can be created, class is replicated by permission
The mapping relations of Business Entity and operating right item in permission template are copied to user automatically, are not necessarily to manual modification program generation
Code realizes intelligentized permission maintenance, reduces the maintenance cost of operation system permission.
Fig. 2 is a kind of flow chart of the processing method of optional operation system permission according to an embodiment of the present invention, such as Fig. 2
Shown, which may include steps of:
Step S202 creates the configuration file for defining the operating right item of Business Entity.
Wherein, operating right item may include creation operation, modification operation, delete operation and check operation.
Step S204 creates the permission template of operation system.
Wherein, permission template can be configuration file, include the mapping relations of entity and operating right item in permission template.
The initial rights data in permission template, that is, above-described embodiment in this embodiment.
Step S206 creates permission reproducer class.
Wherein, the permission in permission reproducer class, that is, above-described embodiment replicates class, for closing the mapping in permission template
System is copied to user.
Step S208 creates user, and specifies permission template for user.
Mapping relations in specified power template are copied to user by step S210, permission reproducer class.
Specifically, before the new user of creation operation system, the operating right item for defining Business Entity is created
Configuration file allows Business Entity to execute creation operation, modification operation, delete operation and check operation, then basis
The permission template of the configuration file creation operation system of operating right item, and permission template is stored in the form of configuration file
In database, meanwhile, it creates for realizing the permission reproducer class that the mapping relations in permission template are copied to user;It is creating
When building user, according to give user's specified power template, access right reproducer class by permission template Business Entity and behaviour
The mapping relations for making authority items are copied to user, so that newly created user has Business Entity and behaviour as permission template
Make the mapping relations of authority items.
It should be further noted that can according to need the multiple permission template of creation in operation system, used in modification
When the system permission at family, permission reproducer class need to be only utilized, reassigns the permission template with user-association, and will reassign
Permission template in mapping relations be copied to user, the modification of the system permission of user can be realized, avoid the prior art
It is middle need to modify to program code the system permission that could change user the problem of.
Above-described embodiment through the invention, using the Business Entity in operation system as the unit of rights management, by matching
The operating right item of purchase of property entity and the permission template of creation Business Entity, and by permission reproducer class automatically by permission mould
The mapping relations of Business Entity and operating right item in plate are copied to user, and realizing automatic is user allocation system permission
Effect, it is easy to operate.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions
It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not
The sequence being same as herein executes shown or described step.
Fig. 3 is the schematic diagram of the processing unit of operation system permission according to an embodiment of the present invention, as shown in figure 3, at this
Managing device may include: the first receiving module 10, for receiving the first request being used for as user allocation system permission, wherein
The attribute information of user is carried in first request;Read module 30, for reading the first permission number corresponding with attribute information
According to, wherein the first mapping relations of Business Entity and operating right item in the first permissions data including operation system;First is multiple
Molding block 50, for the first mapping relations to be copied to user.
Using the embodiment of the present invention, after receiving for the first request for user allocation system permission, read with
Corresponding first permissions data of attribute information in first request, then by the Business Entity and operating rights in the first permissions data
First mapping relations of limit item are copied to user, to distribute the system permission of operation system for user.In embodiments of the present invention,
It, can be with by reading corresponding with the attribute information of user permissions data and the mapping relations in permissions data being copied to user
Automatically the mapping relations of Business Entity and operating right item are copied to user, are embodied as user's distribution by replicating mapping relations
Or modification authority, it avoids and needs the problem of modifying program code when modifying the system permission of user in the prior art, simplify
The operation of the system permission of distribution operation system, reduces the cost of maintenance system permission.Through the embodiment of the present invention, it solves
Modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art
Problem realizes and the mapping relations of Business Entity and operating right item is copied to user without modifying program code automatically
Effect.
In the above embodiment of the present invention, the least privilege granularity that operation system can be managed is by function in the prior art
Energy module refine to Business Entity, is embodied as using by the way that the mapping relations of Business Entity and operating right item are copied to user
The system permission of operation system is distributed at family, and solving system permission coarse size in the prior art causes the safety of operation system low
The problem of, to keep the rights management of operation system more accurate, and then improve the safety of operation system.
In the above-described embodiments, functional module can be several by being marked off in operation system according to system concrete function
Block function point, each piece of function point are defined as a functional module, such as: Advertising Management System can mark off launch management module,
The functional modules such as data center module, Reporting Center's module;Business Entity can be business object involved in operation system,
Advertisement, project, advertiser's business object, these business objects, that is, above-mentioned reality can be such as related in an Advertising Management System
Apply the Business Entity in example.
According to that above embodiment of the present invention, processing unit can also include: the first acquisition module, in reading and attribute
Before corresponding first permissions data of information, the configuration file of the operating right item of Business Entity is obtained, wherein operating right item
Include: creation operation, modify operation, delete operation and check operation;Module is established, for establishing each industry in operation system
The initial mapping relationship of entity and operating right item;Generation module, for generating multiple initial power based on initial mapping relationship
Limit data, wherein initial rights data include the first permissions data;Preserving module, for initial rights data to be stored in number
According in library.
Specifically, the configuration file of the operating right item of Business Entity is obtained, and business system is established according to the configuration file
The initial mapping relationship of each Business Entity and operating right item in system is then based on initial mapping relationship and generates multiple initial power
It limits data and saves initial rights data in the database.
Optionally, initial rights data can be used as permission template, be stored in configuration file or be stored in database
In.
Further, read module may include: extraction module, for extracting permission specify information in dependence information;
Reading submodule obtains the first permissions data for reading the initial rights data of permission specify information from database.
Specifically, the permission specify information of the system permission for designated user is extracted in the attribute information from user
Later, the corresponding initial rights data of permission specify information are read from database, then using the permissions data read as
Corresponding first permissions data of the attribute information of user.
Above-described embodiment through the invention, before reading the first permissions data, according to the Business Entity in operation system
Initial mapping relationships different from operating right item generate different initial rights data, by the way that different permissions datas is automatic
It is copied to different users, is avoided in the prior art to need the problem of modifying program code when user allocation system permission,
The operation for simplifying distribution system permission realizes intelligence by the way that different permissions datas to be copied to different users automatically
The effect of distribution system permission.
In the above embodiment of the invention, processing unit can also include: the second receiving module, for reflecting by first
The relationship of penetrating is copied to after user, receives the second request of the system permission for changing user, wherein carry in the second request
Have altered the authority information of system permission;Second obtains module, for obtaining the second permissions data corresponding with authority information,
In, initial rights data include the second permissions data, and the second permissions data includes the Business Entity and operating right of operation system
Second mapping relations of item;Second replication module, for the second mapping relations to be copied to user.
Specifically, after the first mapping relations are copied to user, to change the system permission of user, can pass through
The second permissions data corresponding with the authority information of altering system permission in the second request received is obtained, and second is weighed
The second mapping relations in limit data are copied to user, to realize the system permission of change user.
Further, processing unit can also include: creation module, for by the first mapping relations be copied to user it
Before, creation permission replicates class;First replication module includes: the first duplication submodule, is reflected for replicating class by permission by first
The relationship of penetrating is copied to user;Second replication module includes: the second duplication submodule, for replicating class for the second mapping by permission
Relationship is copied to user.
Specifically, it may be implemented different mapping relations being copied to use by permission duplication class (i.e. permission reproducer class)
Family, that is, when creating new user, permission duplication class can be used will be in the first permissions data corresponding with the attribute information of user
The first mapping relations be copied to new user, to be embodied as the purpose of new user allocation system permission;In the system of change user
When permission, permission duplication class can be used by second in the second permissions data corresponding with the permissions data of altering system permission
Mapping relations are copied to user, to be embodied as the purpose of user's altering system permission.
Above-described embodiment through the invention, the new user in creation operation system or the user for operation system change system
When permission of uniting, different permission template (the initial rights data i.e. in above-described embodiment) can be created, class is replicated by permission
The mapping relations of Business Entity and operating right item in permission template are copied to user automatically, are not necessarily to manual modification program generation
Code realizes intelligentized permission maintenance, reduces the maintenance cost of operation system permission.
Application method is identical, answers with provided by the corresponding step of embodiment of the method for modules provided in the present embodiment
It can also be identical with scene.It is noted, of course, that during the scheme that above-mentioned module is related to can be not limited to the above embodiments
Content and scene, and above-mentioned module may operate in terminal or mobile terminal, can pass through software or hardware realization.
It can be seen from the above description that the present invention realizes following technical effect:
Using the embodiment of the present invention, after receiving for the first request for user allocation system permission, read with
Corresponding first permissions data of attribute information in first request, then by the Business Entity and operating rights in the first permissions data
First mapping relations of limit item are copied to user, to distribute the system permission of operation system for user.In embodiments of the present invention,
It, can be with by reading corresponding with the attribute information of user permissions data and the mapping relations in permissions data being copied to user
Automatically the mapping relations of Business Entity and operating right item are copied to user, are embodied as user's distribution by replicating mapping relations
Or modification authority, it avoids and needs the problem of modifying program code when modifying the system permission of user in the prior art, simplify
The operation of the system permission of distribution operation system, reduces the cost of maintenance system permission.Through the embodiment of the present invention, it solves
Modification program code causes the maintenance cost to system permission high when modifying the system permission of operation system in the prior art
Problem realizes and the mapping relations of Business Entity and operating right item is copied to user without modifying program code automatically
Effect.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
Be performed by computing device in the storage device, perhaps they are fabricated to each integrated circuit modules or by they
In multiple modules or step be fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific
Hardware and software combines.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of processing method of operation system permission characterized by comprising
It receives for the first request for user allocation system permission, wherein carry the user's in first request
Attribute information;
Read the first permissions data corresponding with the attribute information, wherein include the business in first permissions data
The Business Entity of system and the first mapping relations of operating right item;
First mapping relations are copied to the user.
2. processing method according to claim 1, which is characterized in that reading the first power corresponding with the attribute information
Before limiting data, the processing method further include:
Obtain the configuration file of the operating right item of the Business Entity, wherein the operating right item includes: creation behaviour
Make, modify operation, delete operation and check operation;
Establish the initial mapping relationship of each Business Entity and the operating right item in the operation system;
Multiple initial rights data are generated based on the initial mapping relationship, wherein the initial rights data include described the
One permissions data;
The initial rights data are saved in the database.
3. processing method according to claim 2, which is characterized in that read the first permission corresponding with the attribute information
Data include:
Permission specify information is extracted from the attribute information;
The initial rights data for reading the permission specify information from the database obtain first permissions data.
4. processing method according to claim 2, which is characterized in that first mapping relations are being copied to the use
After family, the processing method further include:
Receive the second request of the system permission for changing the user, wherein carry change in second request
The authority information of the system permission;
Obtain the second permissions data corresponding with the authority information, wherein the initial rights data include second power
Data are limited, second permissions data includes that the second mapping of the Business Entity and the operating right item of the operation system is closed
System;
Second mapping relations are copied to the user.
5. processing method according to claim 4, which is characterized in that
Before first mapping relations are copied to the user, the processing method further include: creation permission replicates class;
It includes: to replicate class for first mapping relations by the permission that first mapping relations, which are copied to the user,
It is copied to the user;
It includes: to replicate class for second mapping relations by the permission that second mapping relations, which are copied to the user,
It is copied to the user.
6. a kind of processing unit of operation system permission characterized by comprising
First receiving module, for receiving the first request being used for as user allocation system permission, wherein in first request
Carry the attribute information of the user;
Read module, for reading the first permissions data corresponding with the attribute information, wherein in first permissions data
First mapping relations of Business Entity and operating right item including the operation system;
First replication module, for first mapping relations to be copied to the user.
7. processing unit according to claim 6, which is characterized in that the processing unit further include:
First obtains module, for obtaining the business before reading the first permissions data corresponding with the attribute information
The configuration file of the operating right item of entity, wherein the operating right item includes: creation operation, modification operation, deletes
Operate and check operation;
Module is established, for establishing the initial mapping of each Business Entity and the operating right item in the operation system
Relationship;
Generation module, for generating multiple initial rights data based on the initial mapping relationship, wherein the initial rights number
According to including first permissions data;
Preserving module, for saving the initial rights data in the database.
8. processing unit according to claim 7, which is characterized in that the read module includes:
Extraction module, for extracting permission specify information from the attribute information;
Reading submodule obtains described for reading the initial rights data of the permission specify information from the database
First permissions data.
9. processing unit according to claim 7, which is characterized in that the processing unit further include:
Second receiving module, it is described for changing for receiving after first mapping relations are copied to the user
Second request of the system permission of user, wherein the permission for the system permission that has altered is carried in second request
Information;
Second obtains module, for obtaining the second permissions data corresponding with the authority information, wherein the initial rights number
According to include second permissions data, second permissions data include the operation system Business Entity and the operating rights
Limit the second mapping relations of item;
Second replication module, for second mapping relations to be copied to the user.
10. processing unit according to claim 9, which is characterized in that
The processing unit further include: creation module, for creating before first mapping relations are copied to the user
Build permission duplication class;
First replication module includes: the first duplication submodule, is mapped for replicating class by the permission by described first
Relationship is copied to the user;
Second replication module includes: the second duplication submodule, is mapped for replicating class by the permission by described second
Relationship is copied to the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410779460.9A CN104462903B (en) | 2014-12-15 | 2014-12-15 | The treating method and apparatus of operation system permission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410779460.9A CN104462903B (en) | 2014-12-15 | 2014-12-15 | The treating method and apparatus of operation system permission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104462903A CN104462903A (en) | 2015-03-25 |
| CN104462903B true CN104462903B (en) | 2019-01-08 |
Family
ID=52908930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410779460.9A Active CN104462903B (en) | 2014-12-15 | 2014-12-15 | The treating method and apparatus of operation system permission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104462903B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778310A (en) * | 2016-12-26 | 2017-05-31 | 北京恒华伟业科技股份有限公司 | A kind of data managing method and system |
| CN108280354B (en) * | 2017-01-05 | 2022-09-23 | 珠海金山办公软件有限公司 | Method and device for using authority template |
| CN108280362A (en) * | 2017-01-05 | 2018-07-13 | 珠海金山办公软件有限公司 | A kind of permission template edit methods and device |
| CN109814849B (en) * | 2017-11-20 | 2022-10-25 | 迈普通信技术股份有限公司 | Information synchronization method and device |
| CN110245499B (en) * | 2019-05-08 | 2023-02-28 | 深圳丝路天地电子商务有限公司 | Web application authority management method and system |
| CN112491987A (en) * | 2020-11-16 | 2021-03-12 | 珠海格力电器股份有限公司 | User permission configuration method, device, server and configuration system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546664A (en) * | 2012-02-27 | 2012-07-04 | 中国科学院计算技术研究所 | User and authority management method and system for distributed file system |
| CN102882834A (en) * | 2011-07-13 | 2013-01-16 | 阿里巴巴集团控股有限公司 | Access control method and device |
| CN103078859A (en) * | 2012-12-31 | 2013-05-01 | 普天新能源有限责任公司 | Service system authority management method, equipment and system |
| CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
-
2014
- 2014-12-15 CN CN201410779460.9A patent/CN104462903B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102882834A (en) * | 2011-07-13 | 2013-01-16 | 阿里巴巴集团控股有限公司 | Access control method and device |
| CN102546664A (en) * | 2012-02-27 | 2012-07-04 | 中国科学院计算技术研究所 | User and authority management method and system for distributed file system |
| CN103078859A (en) * | 2012-12-31 | 2013-05-01 | 普天新能源有限责任公司 | Service system authority management method, equipment and system |
| CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104462903A (en) | 2015-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104462903B (en) | The treating method and apparatus of operation system permission | |
| Tieman et al. | Leveraging blockchain technology for halal supply chains | |
| CN110427434B (en) | Multidimensional data query method and device | |
| CN102651775B (en) | Based on method, the equipment and system of many tenants shared object management of cloud computing | |
| CN109597822B (en) | User data storage and query method and user data processing device | |
| CN108270874B (en) | Application program updating method and device | |
| CN110225095B (en) | Data processing method, device and system | |
| CN105677250B (en) | The update method and updating device of object data in object storage system | |
| CN110147684B (en) | Method and device for realizing privacy protection of blockchain data | |
| CN110335055B (en) | Service data tracing method and device based on cloud platform | |
| CN101673289B (en) | Method and device for constructing distributed file storage framework | |
| CN106022143B (en) | A kind of method, apparatus and system of the operation of database level of confidentiality mark security gateway | |
| CN105243335A (en) | Rights management method and apparatus | |
| CN105760781A (en) | Storage method, restoration method and operation method of ordered and derivable large-data files | |
| CN102945356B (en) | The access control method of search engine under cloud environment and system | |
| CN109446195A (en) | A kind of design method of non-homogeneous digital asset standard | |
| CN106886535A (en) | A kind of data pick-up method and apparatus for being adapted to multiple data sources | |
| US20160065593A1 (en) | Device verification prior to registration | |
| CN105227380B (en) | The method, apparatus and system of user data processing | |
| CN105279198A (en) | Data table storage method, data table modification method, data table query method and data table statistical method | |
| CN106951743A (en) | A kind of software code infringement detection method | |
| WO2022267769A1 (en) | Method and apparatus for generating graph data | |
| CN109446255A (en) | A kind of storage method and system that can be adaptive | |
| CN105404826A (en) | Authority management method for dynamically generated business object | |
| CN108090364B (en) | Method and system for positioning data leakage source |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Operation system authority processing method and device Effective date of registration: 20190531 Granted publication date: 20190108 Pledgee: Shenzhen Black Horse World Investment Consulting Co., Ltd. Pledgor: Beijing Guoshuang Technology Co.,Ltd. Registration number: 2019990000503 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| CP02 | Change in the address of a patent holder |
Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing Patentee after: Beijing Guoshuang Technology Co.,Ltd. Address before: 100086 Beijing city Haidian District Shuangyushu Area No. 76 Zhichun Road cuigongfandian 8 layer A Patentee before: Beijing Guoshuang Technology Co.,Ltd. |
|
| CP02 | Change in the address of a patent holder |