CN106850623A - A kind of general information issue right management method - Google Patents

A kind of general information issue right management method Download PDF

Info

Publication number
CN106850623A
CN106850623A CN201710066956.5A CN201710066956A CN106850623A CN 106850623 A CN106850623 A CN 106850623A CN 201710066956 A CN201710066956 A CN 201710066956A CN 106850623 A CN106850623 A CN 106850623A
Authority
CN
China
Prior art keywords
authority
function
user
column
distribution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710066956.5A
Other languages
Chinese (zh)
Inventor
肖露露
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur General Software Co Ltd
Original Assignee
Inspur General Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur General Software Co Ltd filed Critical Inspur General Software Co Ltd
Priority to CN201710066956.5A priority Critical patent/CN106850623A/en
Publication of CN106850623A publication Critical patent/CN106850623A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Abstract

The present invention provides a kind of general information issue right management method, belong to software hierarchy architecture technology field, the present invention is by defining one group of feature operation set, each operation has the binary features code of oneself, configuration information and the corresponding relation of operational set, are quoted and inherit, and the setting of user right can be realized based on these definition, wildcard strategy is quoted, the safety acquisition of user access resources data is finally met.By this method, can actually avoid reducing because column increases and function increases cumbersome, inconvenience that distribution limiting operation brings simultaneously, also Consumer's Experience is improved.

Description

A kind of general information issue right management method
Technical field
The present invention relates to software hierarchy architecture technology, more particularly to a kind of general information issue right management method.
Background technology
Computer network can effectively realize resource-sharing, but resource-sharing and information security are conflicts.Current enterprise Information-based and management the networking of industry turns into trend, and increasing enterprise builds the network information management platform of oneself. But management information is put on network, the authority for how managing distribution and control user turns into the weight for influenceing management information security Want problem.
The control of authority of network is directed to a kind of safety precautions that network illegal operation is proposed.Disparate networksization are believed Control of authority problem will necessarily be related in the exploitation of breath system.In terms of the safety management of information system, current enterprise-level information Issue safety applications major part is all that multiple management person's mechanism, i.e. application system have multiple management person, upper-level management's Function of the function comprising lower floor keeper simultaneously can carry out the control of some authorities to lower floor keeper.It is thicker for authorized granularity Opening or semi Open System, on the one hand they cannot carry out unconfined supervisory level expansion, on the other hand, for each The keeper of rank can not easily change function choosing-item, lose the flexibility of script keeper, and also add service The burden of device.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of general information issue right management method.Purpose It is to provide the function that user profile issues control of authority, it is to avoid cumbersome, inconvenience.
By being one group of function set of each column definition of each module in system, this group set is defined under each column the present invention All associative operations, so as to the extension of function and the flexible allocation of authority can be realized based on this group of collective standard.
The technical scheme is that:
A kind of general information issue authority control method, comprises the steps of:
A, structure definition.
The distribution of B, authority.
Rights interface API when C, operation.
In step A, in order to realize system function control of authority, it is necessary to first define whole system functions of modules collection.It is fixed Adopted structure includes following several parts:
(5) dividing system module.
(6) each column L={ i under each module are defined0,i1,i2,…,in}。
(7) defined function set OP={ a0,a1,a2,……,an, wherein corresponding authority characteristic value is 1 (20)、
2(21)、4(22)…、2n(2n)。
(8) defined field corresponding function collection PS (L nown)={ a0,a1,a2,a3,…}。
Wherein, particularly, " column ", is exactly the form of a class same alike result content revealing, such as corporate news, dynamic point A column is not represented.
Wherein " defined function set op ", general utility functions and personalized function two parts are distinguished in definition, and general utility functions is (as increased Plus, delete, edit, checking details ...), personalized function (as examination & verification, issue, authorize ...), be described in detail below:
Wherein " defined field now corresponding function collection ", comprising two operation:" obtaining the general operation set of function privilege ", " preserving individual operation set ".It is described in detail below:
In step B, the distribution of authority is realized by the column privilege feature set defined in operating procedure A.Step B User, tissue or the different dimension distribution authority of role can be given.Wildcard principle is quoted in distribution, simplifies operation, flexibly and easily.Point That matches somebody with somebody is described in detail below:
In step C, during being run in system, the authority information that is set by operating procedure B realizes particular user pair The operation and access of information column.It is described in detail below:
It is of the invention with function and beneficial effect:
The user for passing through to set up from fine to coarse of the invention, tissue and three different dimensions licensing schemes of role, realize to weighing The personalized customization of the fine granularity management and user of operation to data browse right is limited, not only through data filtering, is reduced The difficulty for operating and using, and by supporting to press class authority function, realize the polymerization and multiplexing of authority.By using resource Manager technology, solves the scaling concern in multiple types, multi-level user context system.Not only preferably solve due to power The limit security slightly brought excessively of granularity is low, complex operation shortcoming, but also by reducing volume of transmitted data, alleviate server and The burden of network.
Brief description of the drawings
Fig. 1 is that the information provided for the present invention issues authority control method schematic diagram.
Specific embodiment
In order to preferably explain present disclosure, more detailed elaboration is carried out to the present invention below by embodiment:
Multi-stage user manages inflexible problem in being applied for current enterprise, and authority pipe is realized using binary characteristic The simple differentiation of reason, the flexibility of user function is realized using role, tissue with user management.The present invention is with authority condition code The access authorization for resource control computing on basis is combined with binary digit computing, proposes a kind of new access authorization for resource method of controlling.
The schematic diagram of its parsing of the invention to the method for the present embodiment with the identity of user 1 as shown in figure 1, explained Bright, it comprises the following steps:
(1) structure definition;
(2) distribution of authority;
(3) rights interface API when running;
Assuming that certain column information firm news is, it is necessary to control following authority:
(1) only have an other user can with typing, examination & verification, manage column;
(2) part department, individual character personnel may browse through and read the column information.
Step one:Function privilege binary definition.
Step 2:Column corporate news are set into authority, selects corresponding individual user, tissue, role to be respectively provided with work( Can authority, preservation setting authority information.
Saving interface method
public string SaveShareTargets(Dictionary<string,string>para)
Step 3:The parsing of prescribed profile.When user accesses column corporate news, call first based on the column authority The access interface of configuration information, ID, user group ID, the affiliated role ID of user are passed in method GetUserAcl, should Calling interface method be based on attribute permission object analytics engine, to define binary system authority code parse, according to fortune Calculate result, corresponding function privilege code, 1:With authority, 0:Without the authority.Return result to user.
Obtain login user rights interface method
public string GetUserAcl(Dictionary<string,string>para)
Step 4:According to returning result, resource is accessed.

Claims (4)

1. a kind of general information issues right management method, it is characterised in that
Comprise the steps of:
A, structure definition
The distribution of B, authority
Rights interface API when C, operation
By defining one group of feature operation set, each operation has the binary features code of oneself, configuration information and operation set The corresponding relation of conjunction, is quoted and inherits, and the setting of user right can be realized based on these definition, quotes wildcard strategy, final full The safety acquisition of sufficient user access resources data.
2. method according to claim 1, it is characterised in that
In step, in order to realize system function control of authority, it is necessary to first define whole system functions of modules collection;Definition Structure includes following several parts:
(1) dividing system module
(2) each column L={ i under each module are defined0,i1,i2,…,in}
(3) defined function set OP={ a0,a1,a2,……,an, wherein corresponding authority characteristic value is 1 (20)、2(21)、4 (22)…、2n(2n)
(4) defined field corresponding function collection PS (L nown)={ a0,a1,a2,a3,…}
Wherein, " column ", is the form of a class same alike result content revealing;
Wherein " defined function set op ", general utility functions and personalized function two parts are distinguished in definition, are described in detail below:
Defined function, according to the function information of input, is preserved;Whether it includes " general " parameter, sets corresponding Binary system authority characteristic value code;Without return value;
Wherein " defined field now corresponding function collection ", comprising two operations:Obtain the general operation set of function privilege, preserve individual character Change operational set;It is described in detail below:
The general operation set of function privilege is obtained, the function universal set for setting is obtained, the column of definition inherits general utility functions collection; Return to universal set;
Preserve individual operation set, the personalized function collection of assignment of allocation;If it did not, needing first to safeguard that personalized function is believed Breath;Without return value.
3. method according to claim 2, it is characterised in that
In stepb, the distribution of authority is realized by the column privilege feature set defined in operating procedure A;Step B can Authority is distributed with to user, tissue or the different dimension of role;That distributes is described in detail below:
Distribution authority, to user, tissue, role's distribution authority, wildcard principle is used in this distribution;
Authority distribution record is preserved, user, tissue, the authority information preservation of role's different dimensions setting that will be set;Without return Value.
4. method according to claim 3, it is characterised in that
In step C, during being run in system, the authority information set by operating procedure B realizes particular user to letter Cease the operation and access of column;It is described in detail below:
GetUserAcl, when user accesses column corporate news, calls the access based on the column priority assignation information first Interface, ID, user group ID, the affiliated role ID of user is passed in method GetUserAcl, the calling interface method base In the permission object analytics engine of attribute, the binary system authority code to defining is parsed, according to operation result, corresponding work( Can authority code, 1:With authority, 0:Without the authority;Return result to user.
CN201710066956.5A 2017-02-07 2017-02-07 A kind of general information issue right management method Pending CN106850623A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710066956.5A CN106850623A (en) 2017-02-07 2017-02-07 A kind of general information issue right management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710066956.5A CN106850623A (en) 2017-02-07 2017-02-07 A kind of general information issue right management method

Publications (1)

Publication Number Publication Date
CN106850623A true CN106850623A (en) 2017-06-13

Family

ID=59122007

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710066956.5A Pending CN106850623A (en) 2017-02-07 2017-02-07 A kind of general information issue right management method

Country Status (1)

Country Link
CN (1) CN106850623A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107688732A (en) * 2017-09-15 2018-02-13 郑州云海信息技术有限公司 A kind of configuration of access authorization for resource, acquisition methods and device
CN109697357A (en) * 2018-12-27 2019-04-30 珠海格力电器股份有限公司 System permission setting method, the management system of dynamic extending
TWI712972B (en) * 2018-12-28 2020-12-11 開曼群島商創新先進技術有限公司 Trustworthiness verification method, system, device and equipment of alliance chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101631116A (en) * 2009-08-10 2010-01-20 中国科学院地理科学与资源研究所 Distributed dual-license and access control method and system
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method
US20160098572A1 (en) * 2014-10-01 2016-04-07 Viktor Povalyayev Providing Integrated Role-based Access Control
CN105787317A (en) * 2016-03-23 2016-07-20 中国电力科学研究院 Permission control method based on multi-layer hierarchy system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101631116A (en) * 2009-08-10 2010-01-20 中国科学院地理科学与资源研究所 Distributed dual-license and access control method and system
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method
US20160098572A1 (en) * 2014-10-01 2016-04-07 Viktor Povalyayev Providing Integrated Role-based Access Control
CN105787317A (en) * 2016-03-23 2016-07-20 中国电力科学研究院 Permission control method based on multi-layer hierarchy system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107688732A (en) * 2017-09-15 2018-02-13 郑州云海信息技术有限公司 A kind of configuration of access authorization for resource, acquisition methods and device
CN107688732B (en) * 2017-09-15 2020-08-18 苏州浪潮智能科技有限公司 Resource permission configuration and acquisition method and device
CN109697357A (en) * 2018-12-27 2019-04-30 珠海格力电器股份有限公司 System permission setting method, the management system of dynamic extending
TWI712972B (en) * 2018-12-28 2020-12-11 開曼群島商創新先進技術有限公司 Trustworthiness verification method, system, device and equipment of alliance chain

Similar Documents

Publication Publication Date Title
US8458337B2 (en) Methods and apparatus for scoped role-based access control
US9058471B2 (en) Authorization system for heterogeneous enterprise environments
US6578037B1 (en) Partitioned access control to a database
US7434257B2 (en) System and methods for providing dynamic authorization in a computer system
US8122484B2 (en) Access control policy conversion
CA2499986C (en) Enforcing computer security utilizing an adaptive lattice mechanism
US8769604B2 (en) System and method for enforcing role membership removal requirements
CN105046146B (en) A kind of resource access method of Android system
US8555403B1 (en) Privileged access to managed content
EP2405607B1 (en) Privilege management system and method based on object
US20050108526A1 (en) Query server system security and privacy access profiles
US20130227638A1 (en) Provisioning authorization claims using attribute-based access-control policies
US20070169204A1 (en) System and method for dynamic security access
US20100211989A1 (en) Method and apparatus for automated assignment of access permissions to users
US20040088563A1 (en) Computer access authorization
US20230195877A1 (en) Project-based permission system
Mazzoleni et al. XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!
CN102904877A (en) Binary serialization role permission management method based on cloud storage
CN106850623A (en) A kind of general information issue right management method
US9160752B2 (en) Database authorization rules and component logic authorization rules aggregation
CN107566375B (en) Access control method and device
Chen et al. XACML and risk-aware access control
Ma et al. RCBAC: A risk-aware content-based access control model for large-scale text data
KR20070076342A (en) User Group Role / Permission Management System and Access Control Methods in a Grid Environment
Bai et al. On cloud computing security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170613

RJ01 Rejection of invention patent application after publication