CN108229206B - Authority management method and system based on label library - Google Patents
Authority management method and system based on label library Download PDFInfo
- Publication number
- CN108229206B CN108229206B CN201810019976.1A CN201810019976A CN108229206B CN 108229206 B CN108229206 B CN 108229206B CN 201810019976 A CN201810019976 A CN 201810019976A CN 108229206 B CN108229206 B CN 108229206B
- Authority
- CN
- China
- Prior art keywords
- label
- data
- group
- authority
- library
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for authority management based on a label library, wherein resource data and the label library are associated through a discrimination rule, role authority access is combined with a label, the data can automatically discriminate resource authority affiliation, the application range is wide, and the method and the system provided by the invention can be used in system authority processing related to data authority interaction. According to the authority management method and system based on the label library, the label library is established, and centralized management and classification are more definite; matching rules are customized, and tag management is more flexible; and group management is maintained, and the data attribution identification degree is high. Therefore, the label library-based authority management method and system have the advantages of convenience in operation, high maintainability, high management refinement degree, low maintenance cost and high maintenance efficiency.
Description
Technical Field
The invention relates to the technical field of software system construction authority management, in particular to an authority management method and system based on a tag library.
Background
When a traditional software system is constructed and set up with authority management, the general method is to divide the authority management in the system into five parts, namely a user, an organization, a role, a function, authority and the like, and the conventional method is that the user belongs to organization, organization associated role, role associated resource, resource associated authority operation and the like. When a user logs in the system, the system searches the role of the user according to the user identification, and the role is associated with a plurality of resources and operation authorities, so that the user can have operation authorities on which function modules and data after entering the system, and the resource data is required to be added into the corresponding role when new resource data is added, so that the user can have access authorities of the new resource data only by establishing association between the resources and the role. The step has great influence on the identification and the convenience of system resource data, and the manual identification of the resource classification and the classification are fuzzy, so that the resource maintenance identification degree is low, and the operation efficiency is reduced.
The problems and the disadvantages existing in the prior technical scheme are as follows: the system maintainability is reduced due to low identification degree, poor convenience, fuzzy resource classification and identification and low efficiency, and the design cannot meet the requirement of the diversified and refined operation of the authority management.
Therefore, designing a new authority management system and method, which can automatically identify resource authority attribution method by data, is an urgent need for software project authority management.
Disclosure of Invention
The invention aims to provide a label library-based right management method and system with high efficiency and maintainability.
In order to achieve the purpose, the invention adopts the following technical scheme:
a label library-based rights management method comprises the following steps: s1, establishing a label library; creating a label library in the system, wherein labels in the label library are divided into three types: the system label, the application label and the user-defined label respectively correspond to the system level data, the application level data and the user-defined data; s2, determining a label matching rule; the tag matching rules are divided into two categories: matching data with a label item rule and matching a data maintenance group rule to which the data with a label belongs; s3, setting a label group and a user role; grouping the tags in the tag library according to system requirements to form a tag group, and performing an authorization function; after the label group is created, the label group is associated with the user role according to service division so that the user role has the authority of all labels in the label group, and users contained in the user role also have the authority of all labels in the corresponding label group; s4, maintaining group management; establishing a maintenance group, appointing a system label and an application label of the maintenance group, and appointing a maintenance group leader and members in the group; the maintenance group will maintain per service system data packet storage.
As a preferred technical solution, in the step S1, the tag library is a tree structure, that is, the existence of parent-child types is supported: a subsystem is arranged under the system, and a secondary subsystem is arranged under the subsystem; when creating labels, the labels are created under each category according to label categories.
As a preferred technical solution, in the step S2, the rule that the matching data has the label item is defined when the label is created; and after the user submits the data, the newly added data is matched with the label item rule, after the matching is successful, the newly added data is marked as a successfully matched label item, and the unsuccessfully matched data is uniformly stored in a data warehouse for manual matching.
As a further preferred technical solution, the label entry rule includes an IP address and a system name.
As a preferred technical solution, after the maintenance group is created in step S4, matching the maintenance group label with the data setting identification label, and automatically grouping the data into the maintenance group; after a user logs in the system, the user role and the label group and the label corresponding to the role are firstly obtained, and if the label granted by the user is matched with the label of the maintenance group, the user has the maintenance authority of the maintenance group.
As a further preferred technical solution, the maintenance right includes data modification and deletion.
The invention also provides a label library-based authority management system, which comprises labels, users, user roles, authorities, data instances and maintenance groups; the set of tags constitutes a tag library; the user role is associated with the tag library; the authority comprises an access authority and a maintenance authority, and the authority is associated with the tag library; the data instance has the tag; the maintenance group is used for classified management of the data instance.
As a preferred technical solution, the tags include a system tag, an application tag, and a custom tag.
As a preferred technical solution, the system further comprises an organization mechanism, wherein the organization mechanism is a department organization where the user is located, and establishes an organization user relationship with the user.
As a further preferable technical solution, the system further includes a job, and the job is job information assumed by the user in the department organization; the authority indicates the scope of data access with the role.
According to the authority management method and system based on the label library, the resource data and the label library are associated through the identification rule, the role authority access is combined with the label, the data can automatically identify the resource authority affiliation, the use range is wide, and the method and the system provided by the invention can be used in the system authority processing related to data authority interaction. According to the authority management method and system based on the label library, the label library is established, and centralized management and classification are more definite; matching rules are customized, and tag management is more flexible; and group management is maintained, and the data attribution identification degree is high. Therefore, the label library-based authority management method and system have the advantages of convenience in operation, high maintainability, high management refinement degree, low maintenance cost and high maintenance efficiency.
Drawings
FIG. 1 is a flow chart of a rights management method based on a tag library according to the present invention;
fig. 2 is a schematic structural diagram of a rights management system based on a tag library according to the present invention.
Detailed Description
The following describes details of a specific embodiment of a rights management method and structure based on a tag library in conjunction with the accompanying drawings. It should be understood that the following is merely illustrative of the present invention and is not intended to limit the claimed methods and systems within the scope of the present claims.
As shown in fig. 1, the present invention provides a rights management method based on a tag library, including the following steps: and S1, establishing a label library. Creating a label library in the system, wherein labels in the label library are divided into three types: the system label, the application label and the user-defined label respectively correspond to the system level data, the application level data and the user-defined data; s2, determining a label matching rule; the tag matching rules are divided into two categories: matching data with a label item rule and matching a data maintenance group rule to which the data with a label belongs; s3, setting a label group and a user role; grouping the tags in the tag library according to system requirements to form a tag group, and performing an authorization function; after the label group is created, the label group is associated with the user role according to service division so that the user role has the authority of all labels in the label group, and users contained in the user role also have the authority of all labels in the corresponding label group; s4, maintaining group management; establishing a maintenance group, appointing a system label and an application label of the maintenance group, and appointing a maintenance group leader and members in the group; the maintenance group will maintain per service system data packet storage.
Wherein, the tag library in step S1 is a tree structure, that is, supports existence of parent-child types: a subsystem is arranged under the system, and a secondary subsystem is arranged under the subsystem; when creating labels, the labels are created under each category according to label categories.
In step S2, the rule that the matching data has the label entry is defined when the label is created, such as: the system A matching rule is that data with IP addresses between 192.168.0.1 and 192.168.0.255 all belong to the system A label, and the system B matching rule is that data with system names hostname in the range of jk-hostname-100 to jk-hostname-300 belong to the system B label. When a user newly adds data, the user must have two items of IP addresses or system names and other self-defined attributes, when the user submits the data, the system matches the newly added data with the label rule, after the matching is successful, the newly added data is marked as a label item which is successfully matched, and after the matching is unsuccessful, the data is uniformly stored in a data warehouse for manual matching. The data maintenance group rule to which the matched data with the label belongs in step S2 is: the system creates data maintenance groups which are classified by the system, assigns a system label and an application label which are related to each maintenance group, searches and matches the maintenance groups with the same label according to the identified system label item after a new data is successfully matched with the label and is identified by the system label item, and pushes the data into the maintenance groups.
After the maintenance group is created in the step S4, matching the maintenance group label with the data setting identification label, and automatically grouping the data into the maintenance group; after a user logs in the system, the user role and the label group and the label corresponding to the role are firstly obtained, and if the label granted by the user is matched with the label of the maintenance group, the user has the maintenance authority of the maintenance group. Wherein, the maintenance authority comprises data modification and deletion.
As shown in fig. 2, the present invention further provides a rights management system based on a tag library, which includes tags, users, user roles, rights, data instances, and maintenance groups; the set of tags constitutes a set of tags, the set of tags constitutes a library of tags; the user role is associated with the tag library; the authority comprises an access authority and a maintenance authority, and the authority is associated with the tag library; the data instance has the tag; the maintenance group is used for classified management of the data instance.
In this embodiment, the tags include a system tag, an application tag, and a custom tag. The authority management system based on the tag library further comprises an organization and a post, wherein the organization is a department organization where the user is located and establishes an organization user relationship with the user; the job is information of the job undertaken by the user in the department organization; the authority indicates the scope of data access with the role.
In the authority management system based on the tag library of the embodiment, a user is a user logging in the system, the user comprises a unique identification ID and basic information of the user, and the user ID has a user organization relationship with an organization; a user job relationship exists with the job; a user role relationship exists with the user role; and the maintenance group relationship of the user exists with the maintenance group. After the user logs in the system successfully, the organization, the job, the user role and the maintenance group to which the user belongs are searched according to the relation between the user and each part. The user role contains the relationship with the tag library and the rights resources to the user. The maintenance group is a group for managing data examples according to business system data in a classified manner, the maintenance group specifies a system label, a maintenance group length and user members to which the maintenance group belongs, a user enters a maintenance management page to search a maintenance group matched with the system label according to the system label granted by the user role, and the user applies to join the maintenance group after searching the maintenance group to check and maintain the data examples in the group.
In the authority management system based on the tag library of the embodiment, the authority is divided into an access authority and a maintenance authority, the authority is associated with the tag library, the tag library is associated with a user role, and the user enters a maintenance group to acquire an operation authority granted by the role. The data instance is a single data record in the system, the data instance is provided with a system label and a plurality of application labels, the matched system label is added when the data instance is newly added, and the data automatically belongs to the maintenance group with the same label after the matching is successful.
According to the authority management method and system based on the label library, the resource data and the label library are associated through the identification rule, the role authority access is combined with the label, the data can automatically identify the resource authority affiliation, the use range is wide, and the method and system provided by the invention can be used in the system authority processing related to data authority interaction. According to the authority management method and system based on the label library, the label library is established, and centralized management and classification are more definite; matching rules are customized, and tag management is more flexible; and group management is maintained, and the data attribution identification degree is high. Therefore, the label library-based authority management method and system have the advantages of convenience in operation, high maintainability, high management refinement degree, low maintenance cost and high maintenance efficiency.
The above embodiments are only examples of the present invention, and are not intended to limit the present invention, but equivalent modifications and variations can be made by those skilled in the art according to the present disclosure within the scope of the appended claims.
Claims (10)
1. A label library-based rights management method is characterized by comprising the following steps:
s1, establishing a label library; creating a label library in the system, wherein labels in the label library are divided into three types: the system label, the application label and the user-defined label respectively correspond to the system level data, the application level data and the user-defined data;
s2, determining a label matching rule; the tag matching rules are divided into two categories: matching data with a label item rule and matching a data maintenance group rule to which the data with a label belongs;
s3, setting a label group and a user role; grouping the tags in the tag library according to system requirements to form a tag group, and performing an authorization function; after the label group is created, the label group is associated with the user role according to service division so that the user role has the authority of all labels in the label group, and users contained in the user role also have the authority of all labels in the corresponding label group;
s4, maintaining group management; establishing a maintenance group, appointing a system label and an application label of the maintenance group, and appointing a maintenance group leader and members in the group; the maintenance group will maintain per service system data packet storage.
2. The label library-based rights management method of claim 1, wherein: the tag library in step S1 is a tree structure, that is, it supports existence of parent-child types: a subsystem is arranged under the system, and a secondary subsystem is arranged under the subsystem; when creating labels, the labels are created under each category according to label categories.
3. The label library-based rights management method of claim 1, wherein: the rule that the matching data has the label item in the step S2 is defined at the time of label creation; and after the user submits the data, the newly added data is matched with the label item rule, after the matching is successful, the newly added data is marked as a successfully matched label item, and the unsuccessfully matched data is uniformly stored in a data warehouse for manual matching.
4. The label library-based rights management method of claim 3, wherein: the label item rule comprises an IP address and a system name.
5. The label library-based rights management method of claim 1, wherein: after the maintenance group is created in step S4, matching the maintenance group label with the data setting identification label, and automatically grouping the data into the maintenance group; after a user logs in the system, the user role and the label group and the label corresponding to the role are firstly obtained, and if the label granted by the user is matched with the label of the maintenance group, the user has the maintenance authority of the maintenance group.
6. The label library-based rights management method of claim 5, wherein: the maintenance authority comprises data modification and deletion.
7. A rights management system based on a label library applying the method of any of claims 1 to 6, characterized by: the method comprises the steps of label, user role, authority, data instance and maintenance group; the set of tags constitutes a tag library; the user role is associated with the tag library; the authority comprises an access authority and a maintenance authority, and the authority is associated with the tag library; the data instance has the tag; the maintenance group is used for classified management of the data instance.
8. The tag library-based rights management system of claim 7, wherein: the tags comprise a system tag, an application tag and a custom tag.
9. The tag library-based rights management system of claim 7, wherein: the system further comprises an organization mechanism, wherein the organization mechanism is a department organization where the user is located and establishes an organization user relationship with the user.
10. The tag library-based rights management system of claim 9, wherein: the system also comprises a job, wherein the job is information of the job undertaken by the user in the department organization; the authority indicates the scope of data access with the role.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810019976.1A CN108229206B (en) | 2018-01-09 | 2018-01-09 | Authority management method and system based on label library |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810019976.1A CN108229206B (en) | 2018-01-09 | 2018-01-09 | Authority management method and system based on label library |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108229206A CN108229206A (en) | 2018-06-29 |
| CN108229206B true CN108229206B (en) | 2021-08-24 |
Family
ID=62640486
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810019976.1A Active CN108229206B (en) | 2018-01-09 | 2018-01-09 | Authority management method and system based on label library |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108229206B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109522751B (en) * | 2018-12-17 | 2021-08-03 | 泰康保险集团股份有限公司 | Access right control method and device, electronic equipment and computer readable medium |
| CN111832849A (en) * | 2019-04-15 | 2020-10-27 | 泰康保险集团股份有限公司 | Business logic generation method and device, electronic equipment and computer readable medium |
| CN110348184B (en) * | 2019-05-28 | 2021-04-06 | 石化盈科信息技术有限责任公司 | Industrial cloud-based permission resource configuration method, system and storage medium |
| CN110263021B (en) * | 2019-06-25 | 2022-07-26 | 浪潮卓数大数据产业发展有限公司 | Theme library generation method based on personalized label system |
| CN111797424A (en) * | 2019-11-26 | 2020-10-20 | 北京京东尚科信息技术有限公司 | Method and device for processing request |
| CN111475784B (en) * | 2020-04-03 | 2023-05-05 | 深圳集智数字科技有限公司 | Authority management method and device |
| CN111698326B (en) * | 2020-06-12 | 2023-01-31 | 北京百度网讯科技有限公司 | Method and device for determining cost attribution of cloud service resources |
| CN111914282B (en) * | 2020-08-18 | 2021-10-08 | 广州威尔森信息科技有限公司 | File management analysis method and system |
| CN112000849A (en) * | 2020-08-21 | 2020-11-27 | 河南中原消费金融股份有限公司 | Unified label library management method, device, equipment and storage medium |
| CN113660203B (en) * | 2021-07-09 | 2023-03-24 | 北京达佳互联信息技术有限公司 | Anchor account processing method, device and system, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101546261A (en) * | 2008-10-10 | 2009-09-30 | 华中科技大学 | Secure web page tag library system supported by multiple strategies |
| CN102307185A (en) * | 2011-06-27 | 2012-01-04 | 北京大学 | Data isolation method used in storage cloud |
| CN104156660A (en) * | 2014-08-28 | 2014-11-19 | 东南大学 | Android permission fine-grained access control method based on operating environment state |
| CN104376237A (en) * | 2013-08-13 | 2015-02-25 | 中国科学院沈阳自动化研究所 | Safety control method and safety control system for information in production procedures |
| CN106506521A (en) * | 2016-11-28 | 2017-03-15 | 腾讯科技(深圳)有限公司 | resource access control method and device |
| CN107506655A (en) * | 2017-08-08 | 2017-12-22 | 北京盛华安信息技术有限公司 | Data permission distributes the method with access control |
-
2018
- 2018-01-09 CN CN201810019976.1A patent/CN108229206B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101546261A (en) * | 2008-10-10 | 2009-09-30 | 华中科技大学 | Secure web page tag library system supported by multiple strategies |
| CN102307185A (en) * | 2011-06-27 | 2012-01-04 | 北京大学 | Data isolation method used in storage cloud |
| CN104376237A (en) * | 2013-08-13 | 2015-02-25 | 中国科学院沈阳自动化研究所 | Safety control method and safety control system for information in production procedures |
| CN104156660A (en) * | 2014-08-28 | 2014-11-19 | 东南大学 | Android permission fine-grained access control method based on operating environment state |
| CN106506521A (en) * | 2016-11-28 | 2017-03-15 | 腾讯科技(深圳)有限公司 | resource access control method and device |
| CN107506655A (en) * | 2017-08-08 | 2017-12-22 | 北京盛华安信息技术有限公司 | Data permission distributes the method with access control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108229206A (en) | 2018-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108229206B (en) | Authority management method and system based on label library | |
| CN111459985B (en) | Identification information processing method and device | |
| CN108563734B (en) | System information query method, device, computer equipment and storage medium | |
| WO2019024496A1 (en) | Enterprise recommendation method and application server | |
| CN101464894B (en) | Data query method and system | |
| CN104794123A (en) | Method and device for establishing NoSQL database index for semi-structured data | |
| CN104991955A (en) | Method and system for automatically constructing template library | |
| CN108733810B (en) | Address data matching method and device | |
| CN112183036A (en) | Format document generation method, device, equipment and storage medium | |
| CN114722137A (en) | Security policy configuration method and device based on sensitive data identification and electronic equipment | |
| CN112307052B (en) | Data management method, service system, terminal and storage medium | |
| CN110851663B (en) | Method and device for managing metadata | |
| CN103036910A (en) | Method and device for controlling user web access behaviors | |
| CN108876314B (en) | Career professional ability traceable method and platform | |
| CN113221535B (en) | Information processing method, device, computer equipment and storage medium | |
| CN113434588B (en) | Data mining analysis method and device based on mobile communication ticket | |
| CN111897898B (en) | Configuration method and device for equipment position of Internet of things and computer equipment | |
| CN105721586A (en) | Information intelligent distribution device, method and system | |
| CN108108444B (en) | Enterprise business unit self-adaptive system and implementation method thereof | |
| CN111159285B (en) | Enterprise cross-system retrieval method based on distributed index service deployment | |
| CN115102770A (en) | Resource access method, device and equipment based on user permission and storage medium | |
| CN114861076A (en) | Information processing method, information processing device, computer equipment and storage medium | |
| CN113672618A (en) | Metadata table-based multi-tenant data processing method and device | |
| CN103631779A (en) | Word recommending system based on socialized dictionary | |
| US11170164B2 (en) | System and method for cell comparison between spreadsheets |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |