CN104537488A - Enterprise-level information system function authority unified management method - Google Patents
Enterprise-level information system function authority unified management method Download PDFInfo
- Publication number
- CN104537488A CN104537488A CN201410830557.8A CN201410830557A CN104537488A CN 104537488 A CN104537488 A CN 104537488A CN 201410830557 A CN201410830557 A CN 201410830557A CN 104537488 A CN104537488 A CN 104537488A
- Authority
- CN
- China
- Prior art keywords
- business
- organization
- enterprise
- information system
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0631—Resource planning, allocation, distributing or scheduling for enterprises or organisations
- G06Q10/06313—Resource planning in a project environment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Signal Processing (AREA)
- Game Theory and Decision Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- General Engineering & Computer Science (AREA)
- Development Economics (AREA)
- Computing Systems (AREA)
- Educational Administration (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an enterprise-level information system function authority unified management method which comprises the steps that a set of complete user identity managing center is established; a set of complete work organization system managing center is established; a set of complete resource managing center is established; a set of set of complete role managing center is established; a set of complete work organization model is established by expanding from a standard organization system; and a user establishes a whole set of application and organization where a business user belongs according to business features, the application and organization where the business user belongs are generated according to an enterprise-level information system strategy. The problems that a function mechanism and an authority model in an enterprise-level information system are not consistent, function authority managing is dispersed, and user identity control is not unified are solved, a whole set of authorization system for identity, resource and authorization centralized management is established, the enterprise-level information system function authority unified management method is used for breaking an information isolated island, operation maintaining cost is lowered, safety control cost is lowered, and the consistency, the integrity and the safety of identity, resources and authority data are guaranteed effectively and practically.
Description
Technical field
The present invention relates to areas of information technology, specifically, is enterprise information system function privilege Explore of Unified Management Ideas.
Background technology
Along with modern society's Informatization Development, it is all-round developing that country encourages enterprise information security to build in strategy.Developing of IT application in enterprises, causes information-based application that earth-shaking change occurs, and meanwhile, safety and the management of infosystem are also more and more important.On the other hand, in the file such as " national information security industry " 12 " development plan ", " Central Committee of the Communist Party of China is about the decision of some significant problems of deepening the reforms in an all-round way ", all clearly rule is made safely to national information, and indicated the related request about information security.
In electric power enterprise, information management system quantity explodes day by day, of a great variety, but the technology that different information management systems adopts in secure access and function privilege Controlling model is also not quite similar, in order to adapt to, enterprise information system function and authority are unified to be controlled, and sets up the requirement that authority centralized management that a set of unified function privilege system for unified management solves each infosystem is Informatization Development.
At rights management control field, RBAC(access control based roles) model is an infosystem authority models be usually cited, the ultimate principle of RBAC sets up a series of character object exactly, associate with user with resource, user is assigned to the role of corresponding authority, thus achieve the logical separation of user and access rights.
In addition, different business application service is cited as by unification user Identity Management, create different work organization systems and organization dimensionality, organization unit, the data syn-chronization of user data, system resource and permissions data is carried out by establishment service application and application node, thus carry out operation system control of authority, replace the authority module of original operation system.
Secondly, to different operation systems permission system integrated on also have difference, this just requires that the data structures of data syn-chronization is adaptive flexibly, adopts strategy pattern to mate, carry out data management and propelling movement by strategy at Rights Management System.
Adopt actual resource mode Administration menu and function, employing role entity mode role of manager data, adopt the relation between them to carry out relation management.
Along with enterprise informatization evolution grows, the newly-built kind of infosystem and quantity sharply increase progressively, but each infosystem all needs to set up a set of identity and function privilege management system, therefore, operation maintenance between each system and safety management are just relatively independent, Decentralization not only can not improve management benefit, and return enterprise and leave information security hidden danger, the information sharing between each system has been shared into problem with authority information.
Summary of the invention
The object of the invention is to solve functional entity in enterprise information system, authority models is inconsistent, function privilege management dispersion, the problem of user identity disunity management and control, set up the mandate system of a whole set of identity, resource and authorization set management, utilize enterprise information system function privilege Explore of Unified Management Ideas, break information island, reduce operation expense and security management and control cost, effective guarantee identity, resource and permissions data consistance, integrality and security.
The present invention is achieved through the following technical solutions: enterprise information system function privilege Explore of Unified Management Ideas, comprises the following steps:
1) set up Identity Management center: the user identity management center building complete set, its data mainly cover enterprise all " user ", " benchmark organization unit ", " post " and " service-user "; Described " user ", " benchmark organization unit ", " post " form benchmark organizational framework;
2) set up organization and administration center: the work organization system management center building complete set, its data mainly cover " work organization system ", " organization dimensionality ", " work organization character ", " the work organization unit " of enterprise information system;
3) set up resource management center: the resource management center building complete set, its data mainly cover " business domains ", " service application ", " subsystem ", " resource " and " permission object " of enterprise information system;
4) set up Role Management center: the Role Management center building complete set, the foundation of " role " is safeguarded according to service application and is set up " business roles "; Safeguard according to work organization and set up " organizational roles "; Safeguard according to business hilllock and set up " skills for occupation ", and determine mandate system.
Further, to better implement the present invention, described step 3) comprises the following steps:
3.1) when a newly-built complete enterprise information system, first to identify the service application territory of this enterprise information system place corporate strategy, arrange out the scope of organization that enterprise information system is contained; Enterprise information system, when using first, can complete the initialization of " business domains " and " work organization system " according to the IRP of enterprise, the foundation of this step needs the on the whole from the IRP of enterprise, namely from top to bottom;
3.2) if " business domains " or " work organization system " does not exist, the business demand of then need first combing to go out organization department that this " business domains " participate in and enterprise information system, and the foundation of " work organization system ", " work organization character ", " work organization unit " is completed in conjunction with the administrative organization of company; If existed, then belonging to enterprise information system, " business domains " is selected corresponding " work organization system ";
3.3) create " service application ", finishing service demand in the division of " business application system ", and has built " subsystem " further, by the business information combing of " subsystem ", sets up resource classification and divides and resource assembling.
Further, to better implement the present invention, described step 4) comprises the following steps:
4.1) require to set up " business roles " definition and Templates specifications according to the service authority of " business application system ", complete establishment and the resource division of " business roles " in " business application system ";
4.2) require to set up " organizational roles " definition according to the service authority of " business application system ", complete establishment and the resource division of " organizational roles "; It is assigned by the authority of " business roles " to derive from that the authority of " organizational roles " is set up, but " organizational roles " can to carry out authority according to scene self-defined;
4.3) require to set up " business post " definition according to the service authority of " business application system ", complete establishment and the role association in " business post " in " business application system ";
4.4) according to the authority business need of " business application system ", determine mandate system further, described mandate system comprises: the appointment of " role " and " resource ", the appointment of " role " and " user ", the appointment of " role " inside self.
Further, to better implement the present invention, security domain separation is carried out in " organizational roles " employing " business application system ", and " post " and " organizational roles " is the relation of multi-to-multi; " business post " is directly carried out associating with " business roles " and " organizational roles " and is mounted, and " business post " follows " resource " to be directly a kind of relation of loose coupling, and " business post " can directly authorize concrete personnel.
Further, to better implement the present invention, described " user " is that people provides authoritative source personal information, determines " user " unified source by the mode in enterprise self-defined authority source; Described " benchmark organization unit " is administrative organization, divides according to functional target; Described " post " is the general designation of the one or more responsibility power needed under administrative organization.
Further, to better implement the present invention, a whole set of complete work organization system of structure is expanded by " benchmark organizational framework "; Build application belonging to a whole set of " service-user " and tissue by " user " according to traffic performance, belonging to " service-user ", the generation of application and tissue is according to enterprise information system strategy generating.
The present invention compared with prior art, has the following advantages and beneficial effect:
(1) the present invention solves functional entity in enterprise information system, authority models is inconsistent, function privilege management dispersion, the problem of user identity disunity management and control, set up the mandate system of a whole set of identity, resource and authorization set management, utilize enterprise information system function privilege Explore of Unified Management Ideas, break information island, reduce operation expense and security management and control cost, effective guarantee identity, resource and permissions data consistance, integrality and security.
(2) enterprise-level identity authority resource data is carried out unified management by the present invention, all users, authority, resource object or the relation between them unify management and control, controlled entity divides according to business event ability, different business does not interfere with each other between territory, manages separately, greatly can improve the enterprise-level efficiency of management, reduce production cost and O&M cost.
(3) the present invention determines the unified source of user by the mode in enterprise self-defined authority source, inherits original user and organizational information, extends user profile and copy, facilitating operation management, unified the uniqueness of user.
(4) organizational framework of the present invention is as the top layer framework of a series of linked groups, is responsible for establishment and the unified management of linked groups.
Accompanying drawing explanation
Fig. 1 is the model support composition of enterprise information system function privilege Explore of Unified Management Ideas of the present invention.
Fig. 2 is Identity Management center of the present invention schematic diagram.
Fig. 3 is organization and administration center of the present invention schematic diagram.
Fig. 4 is resource management center schematic diagram of the present invention.
Fig. 5 is Role Management center of the present invention schematic diagram.
Embodiment
Below in conjunction with embodiment, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.
Service application territory: the core business field of information enterprise, its division is combined according to business association and professional ability, and in organizational structure of business organization department division comparing class seemingly.
Business application system: be arranged in enterprise information system, for the logical groups of the same type realizing carrying out between enterprise's same business function target, module being closely connected is fit.
Application node: for realizing business event target and High Availabitity deployment mode, enterprise information system disposes each load node under multinode deployment mode.
Work organization system: the organizational structure's framework meeting each specialized management requirement and business processing flow.
Organization dimensionality: the many covers work organization under same organizational framework.
Work organization unit: institutional abstract representation can be a group, company, department, sections or teams and groups etc.; Also outside organization can be represented, as client or supplier; Provisional tissue can also be represented, as project team.
RBAC: access control based roles (Role-Based Access Control), is associated authority with role, user is by becoming the member of suitable role and obtaining the authority of these roles.
RESTFUL: refer to shelving structure constraint condition and a principle: between (1) client and server mutual request between be stateless; (2) at server end, Application Status and function can be divided into various resource; (3) use the HTTP method of standard, such as GET, PUT, POST and DELETE represent the operation to resource.The application program or the design that meet these constraint conditions and principle are exactly RESTFUL, and the service provided in RESTFUL mode is Rest service.Rest service is a kind of implementation of Web Service.
JSON:(JavaScript Object Notation) be a kind of data interchange format of lightweight.It is based on JavaScript(Standard ECMA-262 3rd Edition-December 1999) a subset.JSON adopts the text formatting being totally independent of language, but also using the custom (comprising C, C++, C#, Java, JavaScript, Perl, Python etc.) being similar to C language family.
Identity sub-topics territory: be made up of benchmark organizational framework, according to the business need of enterprise's letter level breath system, the data of enterprise information system are divided into multiple identity sub-topics territory (field business function is more independent), the division in identity sub-topics territory can divide according to the core standalone module of enterprise information system.
Permission object: by authorizing the object (as: menu, function, service etc.) that could use.
Organizational roles: the role under certain work organization unit, definition work organization unit role, mainly in order to authority difference that same role under distinguishing different business organization unit has.
Embodiment 1:
Enterprise information system function privilege Explore of Unified Management Ideas, comprises the following steps:
1) set up Identity Management center: the user identity management center building complete set, its data mainly cover enterprise all " user ", " benchmark organization unit ", " post " and " service-user "; Described " user ", " benchmark organization unit ", " post " form benchmark organizational framework;
2) set up organization and administration center: the work organization system management center building complete set, its data mainly cover " work organization system ", " organization dimensionality ", " work organization character ", " the work organization unit " of enterprise information system;
3) set up resource management center: the resource management center building complete set, its data mainly cover " business domains ", " service application ", " subsystem ", " resource " and " permission object " of enterprise information system;
4) set up Role Management center: the Role Management center building complete set, the foundation of " role " is safeguarded according to service application and is set up " business roles "; Safeguard according to work organization and set up " organizational roles "; Safeguard according to business hilllock and set up " skills for occupation ", and determine mandate system.
Embodiment 2:
The present embodiment is at the enterprising one-step optimization in the basis of above-described embodiment, and further, to better implement the present invention, described step 3) comprises the following steps:
3.1) when a newly-built complete enterprise information system, first to identify the service application territory of this enterprise information system place corporate strategy, arrange out the scope of organization that enterprise information system is contained; Enterprise information system, when using first, can complete the initialization of " business domains " and " work organization system " according to the IRP of enterprise, the foundation of this step needs the on the whole from the IRP of enterprise, namely from top to bottom;
3.2) if " business domains " or " work organization system " does not exist, the business demand of then need first combing to go out organization department that this " business domains " participate in and enterprise information system, and the foundation of " work organization system ", " work organization character ", " work organization unit " is completed in conjunction with the administrative organization of company; If existed, then belonging to enterprise information system, " business domains " is selected corresponding " work organization system ";
3.3) create " service application ", finishing service demand in the division of " business application system ", and has built " subsystem " further, by the business information combing of " subsystem ", sets up resource classification and divides and resource assembling.
Embodiment 3:
The present embodiment is at the enterprising one-step optimization in the basis of embodiment 1, and further, to better implement the present invention, described step 4) comprises the following steps:
4.1), according to the service authority of " business application system " require to set up " business roles " definition and Templates specifications, complete establishment and the resource division of " business roles " in " business application system ";
4.2), according to the service authority of " business application system " require to set up " organizational roles " definition, complete establishment and the resource division of " organizational roles "; It is assigned by the authority of " business roles " to derive from that the authority of " organizational roles " is set up, but " organizational roles " can to carry out authority according to scene self-defined;
4.3), according to the service authority of " business application system " require to set up " business post " definition, complete establishment and the role association in " business post " in " business application system ";
4.4) according to the authority business need of " business application system ", determine mandate system further, described mandate system comprises: the appointment of " role " and " resource ", the appointment of " role " and " user ", the appointment of " role " inside self.
Embodiment 4:
The present embodiment is at the enterprising one-step optimization in the basis of embodiment 1, and further, to better implement the present invention, security domain separation is carried out in " organizational roles " employing " business application system ", and " post " and " organizational roles " is the relation of multi-to-multi; " business post " is directly carried out associating with " business roles " and " organizational roles " and is mounted, and " business post " follows " resource " to be directly a kind of relation of loose coupling, and " business post " can directly authorize concrete personnel.
Embodiment 5:
The present embodiment is at the enterprising one-step optimization in the basis of embodiment 1, and further, to better implement the present invention, described " user " is that people provides authoritative source personal information, determines " user " unified source by the mode in enterprise self-defined authority source; Described " benchmark organization unit " is administrative organization, divides according to functional target; Described " post " is the general designation of the one or more responsibility power needed under administrative organization.
Embodiment 6:
The present embodiment is at the enterprising one-step optimization in the basis of embodiment 1, further, to better implement the present invention, is expanded build a whole set of complete " work organization system " by " benchmark organizational framework "; Build application belonging to a whole set of " service-user " and tissue by " user " according to traffic performance, belonging to " service-user ", the generation of application and tissue is according to enterprise information system strategy generating.
Further, to better implement the present invention, a whole set of the permissions data hierarchy of control by authorized entity and mandate relation adaptation is built.
Embodiment 7:
The present embodiment is at the enterprising one-step optimization in the basis of above-mentioned any embodiment, and enterprise information system function privilege Explore of Unified Management Ideas, shown in composition graphs 1, Fig. 2, Fig. 3, Fig. 4, Fig. 5, comprises following concrete steps:
A, set up Identity Management center: user management center main contents comprise " user (primary account number or basic authoritative source user) ", " post (basic administrative post) " and " benchmark organization unit (basic organization administrative organization) " information, the unified source of user can be determined by the mode in enterprise self-defined authority source, on the basis inheriting original user and organizational information, extend user profile and copy, facilitate operation management, unify the uniqueness of user.
Expanded by " benchmark organizational framework " and build a whole set of complete work organization model; Build application belonging to a whole set of " service-user (from account) " and tissue by " user " according to traffic performance, belonging to " service-user (from account) ", the generation of application and tissue is according to enterprise information system strategy generating; Be made up of " benchmark organizational framework " " user (primary account number) ", " benchmark organization unit ", " post " and " service-user (from account) ", also namely the sub-main body territory of identity is formed, wherein numeral 1 and 0..* represent that the relation at line two ends is 1 to 0 or multiple, under this " benchmark organizational framework ", benchmark tissue can comprise 0 or multiple user and post, and user can distribute 0 or multiple post.
B, set up organization and administration center, the work organization institution system that to build with work organization unit be core; The generation of work organization mechanism can have several mode (quote, associate, create), service application, work organization administrative unit is combined to form by this several mode, work organization administrative unit is service application professional ability tissue, carry out role definition and delineation of power according to service management organization unit, more fine-grained authorization can be completed; Organization and administration center provided by the invention (work organization model) mainly realizes building that the business system such as " work organization system ", " organization dimensionality ", " work organization character ", " work organization unit " of enterprise information system carries out dividing, and its model model element as shown in Figure 2 built builds all work organizations and the organizational framework classification of an enterprise information system.
Wherein, organizational framework classification one_to_one corresponding service application territory, " work organization system ", as the top layer framework of a series of linked groups, is responsible for establishment and the unified management of linked groups." work organization system " correspondence " work organization unit " be 1 to 0 or many relation, " work organization system " correspondence " work organization character " be 1 to 0 or many relation, " work organization character " correspondence " work organization unit " be 1 to 0 or many relation.
C, set up resource management center: the detailed foundation step of resource management center is as follows:
C1, when a newly-built complete enterprise information system, first to identify the service application territory of this enterprise information system place corporate strategy, arrange out the scope of organization that enterprise information system is contained; Enterprise information system, when using first, can complete the initialization of " business domains " and " work organization system " according to the IRP of enterprise, the foundation of this step needs the on the whole from the IRP of enterprise, namely from top to bottom;
If C2 " business domains " or " work organization system " do not exist, the business demand of then need first combing to go out organization department that this " business domains " participate in and enterprise information system, and the foundation of " work organization system ", " work organization character ", " work organization unit " is completed in conjunction with the administrative organization of company; If existed, then belonging to enterprise information system, " business domains " is selected corresponding " work organization system ";
C3, establishment " service application ", finishing service demand in the division of " business application system ", and has built " subsystem " further, by the business information combing of " subsystem ", sets up resource classification and divides and resource assembling.
As shown in Figure 3, " business domains " corresponding 0 or multiple " service application ", " service application " corresponding 0 or multiple " subsystem ", " resource model " corresponding 0 or multiple " resource ".
D, set up Role Management center: the detailed foundation step in Role Management center is as follows:
The service authority of D1, basis " business application system " requires to set up " business roles " definition and Templates specifications, completes establishment and the resource division of " business roles " in " business application system ";
The service authority of D2, basis " business application system " requires to set up " organizational roles " definition, completes establishment and the resource division of " organizational roles "; It is assigned by the authority of " business roles " to derive from that the authority of " organizational roles " is set up, but " organizational roles " can to carry out authority according to scene self-defined;
The service authority of D3, basis " business application system " requires to set up " business post " definition, completes establishment and the role association in " business post " in " business application system ";
The authority business need of D4, basis " business application system ", determines mandate system further, and described mandate system comprises: the appointment of " role " and " resource ", the appointment of " role " and " user ", the appointment of " role " inside self.
As shown in Figure 4, " business roles grouping " corresponding 0 or multiple " business roles ", " business post " corresponding 0 or multiple " business roles " and " organizational roles ", " business roles " corresponding 0 or multiple " organizational roles ".
The present invention solves functional entity in enterprise information system, authority models is inconsistent, function privilege management dispersion, the problem of user identity disunity management and control, set up the mandate system of a whole set of identity, resource and authorization set management, utilize enterprise information system function privilege Explore of Unified Management Ideas, break information island, reduce operation expense and security management and control cost, effective guarantee identity, resource and permissions data consistance, integrality and security.
The above is only preferred embodiment of the present invention, and not do any pro forma restriction to the present invention, every any simple modification, equivalent variations done above embodiment according to technical spirit of the present invention, all falls within protection scope of the present invention.
Claims (6)
1. enterprise information system function privilege Explore of Unified Management Ideas, is characterized in that: comprise the following steps:
1) set up Identity Management center: the user identity management center building complete set, its data mainly cover enterprise all " user ", " benchmark organization unit ", " post " and " service-user "; Described " user ", " benchmark organization unit ", " post " form benchmark organizational framework;
2) set up organization and administration center: the work organization system management center building complete set, its data mainly cover " work organization system ", " organization dimensionality ", " work organization character ", " the work organization unit " of enterprise information system;
3) set up resource management center: the resource management center building complete set, its data mainly cover " business domains ", " service application ", " subsystem ", " resource " and " permission object " of enterprise information system;
4) set up Role Management center: the Role Management center building complete set, the foundation of " role " is safeguarded according to service application and is set up " business roles "; Safeguard according to work organization and set up " organizational roles "; Safeguard according to business hilllock and set up " skills for occupation ", and determine mandate system.
2. enterprise information system function privilege Explore of Unified Management Ideas according to claim 1, is characterized in that: described step 3) comprises the following steps:
3.1) when a newly-built complete enterprise information system, first to identify the service application territory of this enterprise information system place corporate strategy, arrange out the scope of organization that enterprise information system is contained; Enterprise information system, when using first, can complete the initialization of " business domains " and " work organization system " according to the IRP of enterprise, the foundation of this step needs the on the whole from the IRP of enterprise, namely from top to bottom;
3.2) if " business domains " or " work organization system " does not exist, the business demand of then need first combing to go out organization department that this " business domains " participate in and enterprise information system, and the foundation of " work organization system ", " work organization character ", " work organization unit " is completed in conjunction with the administrative organization of company; If existed, then belonging to enterprise information system, " business domains " is selected corresponding " work organization system ";
3.3) create " service application ", finishing service demand in the division of " business application system ", and has built " subsystem " further, by the business information combing of " subsystem ", sets up resource classification and divides and resource assembling.
3. enterprise information system function privilege Explore of Unified Management Ideas according to claim 1, is characterized in that: described step 4) comprises the following steps:
4.1) require to set up " business roles " definition and Templates specifications according to the service authority of " business application system ", complete establishment and the resource division of " business roles " in " business application system ";
4.2) require to set up " organizational roles " definition according to the service authority of " business application system ", complete establishment and the resource division of " organizational roles " in " business application system "; It is assigned by the authority of " business roles " to derive from that the authority of " organizational roles " is set up, but " organizational roles " can to carry out authority according to scene self-defined;
4.3) require to set up " business post " definition according to the service authority of " business application system ", complete establishment and the role association in " business post " in " business application system ";
4.4) according to the authority business need of " business application system ", determine mandate system further, described mandate system comprises: the appointment of " role " and " resource ", the appointment of " role " and " user ", the appointment of " role " inside self.
4. enterprise information system function privilege Explore of Unified Management Ideas according to claim 1, is characterized in that: security domain separation is carried out in " organizational roles " employing " business application system ", " post " and " organizational roles " is the relation of multi-to-multi; " business post " is directly carried out associating with " business roles " and " organizational roles " and is mounted, and " business post " follows " resource " to be directly a kind of relation of loose coupling, and " business post " can directly authorize concrete personnel.
5. enterprise information system function privilege Explore of Unified Management Ideas according to claim 1, is characterized in that: described " user " is that people provides authoritative source personal information, determines " user " unified source by the mode in enterprise self-defined authority source; Described " benchmark organization unit " is administrative organization, divides according to functional target; Described " post " is the general designation of the one or more responsibility power needed under administrative organization.
6. enterprise information system function privilege Explore of Unified Management Ideas according to claim 1, is characterized in that: expanded building a whole set of complete " work organization system " by " benchmark organizational framework "; Build application belonging to a whole set of " service-user " and tissue by " user " according to traffic performance, belonging to " service-user ", the generation of application and tissue is according to enterprise information system strategy generating.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410830557.8A CN104537488A (en) | 2014-12-29 | 2014-12-29 | Enterprise-level information system function authority unified management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410830557.8A CN104537488A (en) | 2014-12-29 | 2014-12-29 | Enterprise-level information system function authority unified management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104537488A true CN104537488A (en) | 2015-04-22 |
Family
ID=52853007
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410830557.8A Pending CN104537488A (en) | 2014-12-29 | 2014-12-29 | Enterprise-level information system function authority unified management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104537488A (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106227785A (en) * | 2016-07-15 | 2016-12-14 | 杭州数梦工场科技有限公司 | The display packing of a kind of page object and device |
| CN106302435A (en) * | 2016-08-11 | 2017-01-04 | 上海泛微网络科技股份有限公司 | A kind of based on grouping of the world economy classification decentralized management system |
| CN106529027A (en) * | 2016-11-09 | 2017-03-22 | 济南浪潮高新科技投资发展有限公司 | Organization modeling method |
| CN107493304A (en) * | 2017-09-30 | 2017-12-19 | 新奥(中国)燃气投资有限公司 | A kind of Current Authorization Management Platform and method |
| CN107563728A (en) * | 2017-08-29 | 2018-01-09 | 四川长虹电器股份有限公司 | Lightweight workflow the design of enterprise management system method based on skills for occupation group |
| CN107832903A (en) * | 2017-08-28 | 2018-03-23 | 中国石油化工股份有限公司 | The integrated method of application system modularization |
| CN108282477A (en) * | 2018-01-19 | 2018-07-13 | 山东中架工人信息技术股份有限公司 | Business datum sharing method and device based on SaaS cloud platforms |
| CN108416230A (en) * | 2018-03-23 | 2018-08-17 | 重庆市科学技术研究院 | A kind of data access method based on data isolation model |
| CN108629166A (en) * | 2018-04-27 | 2018-10-09 | 华中科技大学 | A kind of user right various dimensions multiple management method of information system |
| CN109063436A (en) * | 2018-07-30 | 2018-12-21 | 中国石油化工股份有限公司 | Support the enterprise-level authority managing and controlling and methods for using them more applied |
| CN109104425A (en) * | 2017-08-14 | 2018-12-28 | 成都牵牛草信息技术有限公司 | The setting method of permission is checked in operation note based on the period |
| CN109308422A (en) * | 2018-08-29 | 2019-02-05 | 北京航天云路有限公司 | Build the sub- account system of enterprise-oriented multistage and method |
| CN111461652A (en) * | 2020-03-30 | 2020-07-28 | 苏州盈数智能科技有限公司 | Construction method and system for standardization of enterprise-level data stream |
| CN112464215A (en) * | 2020-12-15 | 2021-03-09 | 深圳市中博科创信息技术有限公司 | Identity authentication and control method for enterprise service system |
| CN112637430A (en) * | 2020-12-31 | 2021-04-09 | 北京捷通华声科技股份有限公司 | Voice outbound system and method |
| CN112668906A (en) * | 2020-12-31 | 2021-04-16 | 北京捷通华声科技股份有限公司 | Voice analysis system and method |
| CN112667399A (en) * | 2020-12-28 | 2021-04-16 | 紫光云技术有限公司 | Method for resource management of cloud platform main and sub account numbers |
| CN112833902A (en) * | 2020-12-31 | 2021-05-25 | 北京捷通华声科技股份有限公司 | Intelligent voice navigation system and voice navigation method |
| CN113297589A (en) * | 2021-03-31 | 2021-08-24 | 阿里巴巴新加坡控股有限公司 | Method, device and system for setting cluster permission |
| CN113327002A (en) * | 2021-04-16 | 2021-08-31 | 新奥数能科技有限公司 | Method and device for constructing data asset management model |
| CN113377882A (en) * | 2021-06-08 | 2021-09-10 | 北京巨网云互联科技有限公司 | Method for realizing relation model in internet organization and among organizations |
| CN114862375A (en) * | 2022-07-07 | 2022-08-05 | 巨网云互联(北京)科技股份有限公司 | Personnel identity management method, device, terminal and storage medium |
| CN115292272A (en) * | 2021-12-31 | 2022-11-04 | 广东美云智数科技有限公司 | Enterprise-level authority management method, system, electronic device and storage medium |
| CN116805070A (en) * | 2023-08-24 | 2023-09-26 | 中国人民解放军国防科技大学 | User authority fusion method, system and device based on multi-tissue architecture |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| CN101895551A (en) * | 2010-07-22 | 2010-11-24 | 北京天融信科技有限公司 | Resource access control method and system |
| CN102982410A (en) * | 2012-11-12 | 2013-03-20 | 天津市电力公司 | Unified authority platform based on SG-ERP frame |
| CN104125219A (en) * | 2014-07-07 | 2014-10-29 | 四川中电启明星信息技术有限公司 | Centralized identity and management method aiming at electric power information system |
-
2014
- 2014-12-29 CN CN201410830557.8A patent/CN104537488A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| CN101895551A (en) * | 2010-07-22 | 2010-11-24 | 北京天融信科技有限公司 | Resource access control method and system |
| CN102982410A (en) * | 2012-11-12 | 2013-03-20 | 天津市电力公司 | Unified authority platform based on SG-ERP frame |
| CN104125219A (en) * | 2014-07-07 | 2014-10-29 | 四川中电启明星信息技术有限公司 | Centralized identity and management method aiming at electric power information system |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106227785A (en) * | 2016-07-15 | 2016-12-14 | 杭州数梦工场科技有限公司 | The display packing of a kind of page object and device |
| CN106302435A (en) * | 2016-08-11 | 2017-01-04 | 上海泛微网络科技股份有限公司 | A kind of based on grouping of the world economy classification decentralized management system |
| CN106529027A (en) * | 2016-11-09 | 2017-03-22 | 济南浪潮高新科技投资发展有限公司 | Organization modeling method |
| CN109104425B (en) * | 2017-08-14 | 2022-02-01 | 成都牵牛草信息技术有限公司 | Method for setting operation record viewing authority based on time period |
| CN109104425A (en) * | 2017-08-14 | 2018-12-28 | 成都牵牛草信息技术有限公司 | The setting method of permission is checked in operation note based on the period |
| US11586747B2 (en) | 2017-08-14 | 2023-02-21 | Chengdu Qianniucao Information Technology Co., Ltd. | Method for setting operating record viewing right based on time period |
| CN107832903A (en) * | 2017-08-28 | 2018-03-23 | 中国石油化工股份有限公司 | The integrated method of application system modularization |
| CN107563728A (en) * | 2017-08-29 | 2018-01-09 | 四川长虹电器股份有限公司 | Lightweight workflow the design of enterprise management system method based on skills for occupation group |
| CN107493304A (en) * | 2017-09-30 | 2017-12-19 | 新奥(中国)燃气投资有限公司 | A kind of Current Authorization Management Platform and method |
| CN107493304B (en) * | 2017-09-30 | 2020-06-30 | 新奥(中国)燃气投资有限公司 | Authorization management platform and method |
| CN108282477A (en) * | 2018-01-19 | 2018-07-13 | 山东中架工人信息技术股份有限公司 | Business datum sharing method and device based on SaaS cloud platforms |
| CN108282477B (en) * | 2018-01-19 | 2021-06-29 | 瑞姆科技有限公司 | Service data sharing method and device based on SaaS cloud platform |
| CN108416230A (en) * | 2018-03-23 | 2018-08-17 | 重庆市科学技术研究院 | A kind of data access method based on data isolation model |
| CN108416230B (en) * | 2018-03-23 | 2019-12-20 | 重庆市科学技术研究院 | Data access method based on data isolation model |
| CN108629166A (en) * | 2018-04-27 | 2018-10-09 | 华中科技大学 | A kind of user right various dimensions multiple management method of information system |
| CN109063436A (en) * | 2018-07-30 | 2018-12-21 | 中国石油化工股份有限公司 | Support the enterprise-level authority managing and controlling and methods for using them more applied |
| CN109308422A (en) * | 2018-08-29 | 2019-02-05 | 北京航天云路有限公司 | Build the sub- account system of enterprise-oriented multistage and method |
| CN111461652A (en) * | 2020-03-30 | 2020-07-28 | 苏州盈数智能科技有限公司 | Construction method and system for standardization of enterprise-level data stream |
| CN112464215A (en) * | 2020-12-15 | 2021-03-09 | 深圳市中博科创信息技术有限公司 | Identity authentication and control method for enterprise service system |
| CN112667399A (en) * | 2020-12-28 | 2021-04-16 | 紫光云技术有限公司 | Method for resource management of cloud platform main and sub account numbers |
| CN112833902A (en) * | 2020-12-31 | 2021-05-25 | 北京捷通华声科技股份有限公司 | Intelligent voice navigation system and voice navigation method |
| CN112668906A (en) * | 2020-12-31 | 2021-04-16 | 北京捷通华声科技股份有限公司 | Voice analysis system and method |
| CN112637430A (en) * | 2020-12-31 | 2021-04-09 | 北京捷通华声科技股份有限公司 | Voice outbound system and method |
| CN113297589A (en) * | 2021-03-31 | 2021-08-24 | 阿里巴巴新加坡控股有限公司 | Method, device and system for setting cluster permission |
| CN113297589B (en) * | 2021-03-31 | 2024-04-16 | 阿里巴巴创新公司 | Method, device and system for setting cluster permission |
| CN113327002A (en) * | 2021-04-16 | 2021-08-31 | 新奥数能科技有限公司 | Method and device for constructing data asset management model |
| CN113377882A (en) * | 2021-06-08 | 2021-09-10 | 北京巨网云互联科技有限公司 | Method for realizing relation model in internet organization and among organizations |
| CN115292272A (en) * | 2021-12-31 | 2022-11-04 | 广东美云智数科技有限公司 | Enterprise-level authority management method, system, electronic device and storage medium |
| CN115292272B (en) * | 2021-12-31 | 2023-07-07 | 美云智数科技有限公司 | Enterprise-level authority management method, system, electronic equipment and storage medium |
| CN114862375A (en) * | 2022-07-07 | 2022-08-05 | 巨网云互联(北京)科技股份有限公司 | Personnel identity management method, device, terminal and storage medium |
| CN116805070A (en) * | 2023-08-24 | 2023-09-26 | 中国人民解放军国防科技大学 | User authority fusion method, system and device based on multi-tissue architecture |
| CN116805070B (en) * | 2023-08-24 | 2023-11-07 | 中国人民解放军国防科技大学 | User authority fusion method, system and device based on multi-tissue architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104537488A (en) | Enterprise-level information system function authority unified management method | |
| CN104573478B (en) | A kind of user authority management system of Web applications | |
| CN101453475B (en) | Authentication management system and method | |
| CN110443010A (en) | One kind permission visual configuration control method, device, terminal and storage medium in information system | |
| CN103617485A (en) | Uniform authority management and deployment system | |
| CN104125219A (en) | Centralized identity and management method aiming at electric power information system | |
| CN110474897A (en) | A kind of file permission management system | |
| CN101951377A (en) | Hierarchical authorization management method and device | |
| CN106453395A (en) | Hierarchical management method and system for cloud platform resource access authorities | |
| CN104376430A (en) | Hidden risk management system based on cloud service platform and implementing method of hidden risk management system | |
| Li et al. | RBAC-based access control for SaaS systems | |
| CN102053969A (en) | Web ERP (enterprise resource planning) user right management system | |
| CN105550854A (en) | Access control device of cloud environment management platform | |
| CN101572630A (en) | Privilege management system and method based on objects | |
| CN104301149A (en) | Multi-data-center permission management method and system | |
| CN109063436A (en) | Support the enterprise-level authority managing and controlling and methods for using them more applied | |
| CN104424530A (en) | Method for realizing layering management of multilevel departments through permission setting | |
| CN103763369A (en) | Multi-permission distribution method based on SAN storage system | |
| CN105046165A (en) | Network project platform hierarchy right control method | |
| CN105930741A (en) | Power system resource permission management system | |
| CN101571897A (en) | Method for controlling access permission of massive objects in computer system | |
| CN105469197A (en) | Basic data management system of airplane manufacturing technology | |
| CN105653962B (en) | A kind of user role access authorization for resource model management method of object-oriented | |
| CN108268782A (en) | The meeting mechanism of based role permission control | |
| CN106940765A (en) | A kind of access rights dynamic control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150422 |
|
| RJ01 | Rejection of invention patent application after publication |