CN108268790A - The configuration method and device of data permission - Google Patents
The configuration method and device of data permission Download PDFInfo
- Publication number
- CN108268790A CN108268790A CN201611261597.0A CN201611261597A CN108268790A CN 108268790 A CN108268790 A CN 108268790A CN 201611261597 A CN201611261597 A CN 201611261597A CN 108268790 A CN108268790 A CN 108268790A
- Authority
- CN
- China
- Prior art keywords
- role
- user
- permission
- data
- data permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000004048 modification Effects 0.000 claims description 25
- 238000012986 modification Methods 0.000 claims description 25
- 238000005516 engineering process Methods 0.000 abstract description 4
- 230000008859 change Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 12
- 238000007726 management method Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 8
- 238000003860 storage Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000012508 change request Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000000739 chaotic effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010297 mechanical methods and process Methods 0.000 description 1
- 230000005226 mechanical processes and functions Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses the configuration methods and device of a kind of data permission, are related to field of computer technology, and main purpose is flexibly data permission to be configured.The method includes:Role-security table is obtained, the correspondence between role and data permission is included in the role-security table, presets preferential role for user configuration, the data permission preset in preferential role is higher than the data permission in institute user corresponding angles color authority list.Present invention is mainly used for the configurations of data permission.
Description
Technical field
The present invention relates to field of computer technology, the configuration method and device of especially a kind of data permission.
Background technology
Used by the current enterprise in information system, whether which kind of service application, in order to realize to its Information Number
According to protection, authority management module is all indispensable system element, and permission in itself be directed to different user's operations
It is divided into function privilege and data permission two types again, only the two is effective simultaneously, and the business of user can be just smoothed out.Work(
Can permission refer to " establishments ", " importings ", " deactivate/enabling " etc. and there is currently the unrelated operations of business datum to limit, and data
Permission mainly includes limiting " inquiry ", " modification ", " deletion " dependent on the operation of specific data content.And a user may
It is related to mass data, the permission of each data is different, and administrative staff are difficult to confirm the data permission that each user should assign.
The prior art can according to the demand of business by some in business it is indivisible, need to allow what user was used together
Function is combined into a permission set and carries out unified authorization, and authority set here is collectively referred to as role, user is defined by role
It is allowed to use which function and which data is accessed, flexibly to be coordinated permission.Since certain different users are in industry
Need that there is identical data permission in business, then these different users have general character on specific transactions, can be used as abstract
User authorized to carry out permission, can be user-friendly by allowing abstract user's figure
In practical applications, for having for the user of more special access right demand, by the way of above-mentioned authority configuration
It is difficult effective progress rights management, for example, when needing that some user is increased or changes new permission, in order to avoid changing
The permission of other users, it will usually assign the permission new role.However, as the permission for increasing or changing increases, can generate
Largely there is the role of simple permission, flexibly data permission can not be configured.
Invention content
In view of the above problems, it is proposed that the present invention overcomes the above problem in order to provide one kind or solves at least partly
The configuration method and device of a kind of data permission of problem are stated, flexibly data permission can be configured.
On the one hand, the present invention provides a kind of configuration method of data permission, including:
Role-security table is obtained, the correspondence between role and data permission is included in the role-security table;
Preferential role is preset for user configuration, the data permission preset in preferential role is higher than institute user corresponding angles color
Data permission in authority list.
Further, it is described preset preferential role for the user configuration after, the method further includes:
User group is created, multiple users with same role are included in the user group;
It is configured for the user group and presets preferential role, the data permission preset in preferential role is higher than the user
Data permission in the corresponding role's authority list of group.
Further, the method further includes:
When receiving permission modification instruction, the data permission carried in being instructed according to the permission modification is to described default
Data permission in preferential role changes.
Further, the data permission carried in the instruction according to the permission modification presets preferential role to described
In data permission change after, the method further includes:
Receive the operational order of user;
Judge whether user or the user group belonging to user have the data permission carried in the operational order;
If so, performing the data permission carried in the operational order, otherwise, prompt do not have data manipulation permission.
On the other hand, the present invention provides a kind of configuration device of data permission, including:
Acquiring unit for obtaining role-security table, includes in the role-security table between role and data permission
Correspondence;
First dispensing unit, for presetting preferential role, the data permission preset in preferential role for user configuration
The data permission in role's authority list is corresponded to higher than the user.
Further, described device further includes:
For creating user group, multiple users with same role are included in the user group for creating unit;
Second dispensing unit presets preferential role, the number preset in preferential role for being configured for the user group
According to permission data permission in role's authority list is corresponded to higher than the user group.
Further, described device further includes:
Changing unit, for the data when receiving permission modification instruction, carried in being instructed according to the permission modification
Permission changes the data permission in the default preferential role.
Further, described device further includes:
Receiving unit, for receiving the operational order of user;
Whether judging unit, the user group for judging user or belonging to user have the number carried in the operational order
According to permission;
Judging unit, if having what is carried in the operational order specifically for the user group for judging user or belonging to user
Data permission then performs the data permission carried in the operational order;
Judging unit, if being specifically additionally operable to judge user or the user group belonging to user does not have in the operational order and takes
The data permission of band, then prompting do not have data manipulation permission.
By above-mentioned technical proposal, the configuration method and device of a kind of data permission provided by the invention obtain use first
The corresponding role-security table in family presets preferential role for user configuration, which is higher than user
Other permissions.Relative to the configuration method of existing data permission, the embodiment of the present invention for user configuration by presetting preferentially
Role so that the data permission in permission modification instruction is only effective to user, so as to preferentially perform the number preset in preferential role
According to permission so that can realize flexible configuration to data permission without increasing excessive role, improve user to specific
The change request of data permission.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific embodiment for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this field
Technical staff will become clear.Attached drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows a kind of configuration method flow diagram of data permission provided in an embodiment of the present invention;
Fig. 2 shows the schematic diagrames of user role authority list provided in an embodiment of the present invention;
Fig. 3 shows the configuration method flow diagram of another data permission provided in an embodiment of the present invention;
Fig. 4 shows the schematic diagram of another user role authority list provided in an embodiment of the present invention;
Fig. 5 shows a kind of configuration device structure diagram of data permission provided in an embodiment of the present invention;
Fig. 6 shows the configuration device structure diagram of another data permission provided in an embodiment of the present invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
An embodiment of the present invention provides a kind of configuration method of data permission, as shown in Figure 1, specific steps include:
101st, role-security table is obtained.
Wherein, can be comprising the correspondence between the role and data permission that user is possessed in role-security table
Classification Managements are carried out to multiple users for possessing similar permission, define role, such as system manager, administrator's isogonism
Color, as shown in Fig. 2, can clearly show the corresponding role of each user and the corresponding data of each role from Fig. 2
Permission, concrete operations person of the user for application system here, user can possess the authority information of oneself, such as authorized user
To the operation information of data, such as the inquiry to data, modification or deletion operation, the angle that is recorded in role-security table here
Relationship between color and permission is typically the relationship of multi-to-multi, and a role can possess multiple data permissions, a data power
Limit can also belong to and multiple roles simultaneously.
102nd, preferential role is preset for user configuration.
Wherein, it is the role with prioritized data permission to preset preferential role, this presets the data permission in preferential role
Data permission in role-security table corresponding higher than user has highest data permission priority.Since user is using
During data permission carries out data manipulation, it will usually there is a situation where to need to change data permission, as to table 1
Data query permission is deleted, and increases the data query permission to table 2, and the delete operation permission of certain data in database 1 is carried out
Delete etc., therefore, in order to ensure that changed data operating right can be performed preferentially, usually preferentially perform this and preset preferential angle
Data permission in color, in order to which subsequently data manipulation can be carried out according to the data permission after change.
It is every here it should be noted that since different user may all there is a possibility that change data permission at any time
A user configuration presets preferential role, and to ensure when user is when carrying out data manipulation, system can be according to default preferential role
Judge whether user has the permission of the data manipulation, the data preset in preferential role are preferentially performed if having permission and are weighed
Limit so that operating system during operation can the corresponding data permission of flexible configuration, excessive role will not be increased newly, kept away
Exempt from the phenomenon that role is chaotic occur.
It can be seen that a kind of configuration method of data permission provided in an embodiment of the present invention with reference to above-mentioned realization method,
The corresponding role-security table of user is obtained first, preferential role is preset for user configuration, this presets the data power in preferential role
Limit for height in other permissions of user,.Relative to the configuration method of existing data permission, the embodiment of the present invention for user by matching
Put default preferential role so that the data permission in permission modification instruction is only effective to user, default preferential so as to preferentially perform
Data permission in role so that can realize flexible configuration to data permission without increasing excessive role, improve
The change request of user for specific data permission.
Below in order to which a kind of configuration method of data permission proposed by the present invention is explained in more detail, especially for obtaining
The corresponding role-security table in family is taken, the embodiment of the present invention additionally provides the configuration method of another data permission, such as Fig. 3 institutes
Show, the specific steps of this method include:
201st, role-security table is obtained.
Wherein, can be comprising the correspondence between the role and data permission that user is possessed in role-security table
Classification Managements are carried out to multiple users for possessing similar permission, define role, such as system manager, administrator's isogonism
Color.Since record has the corresponding data permission of role in the Role Information of user, each data permission here be a string about
The number set, such as:100200300, wherein, 100 represent a library A, and 200 represent a Table A, and 300 represent insert power
Limit further obtains the corresponding role-security table of user by Role Information.
It should be noted that system can have and only have there are one power user, which has all data
Operating right, and the power user can be that other users distribute role, and the rule of permission is set for role, and system can be with
With multiple administrators, which can be role possessed by other users allocation managing person, be set for role
Its fixed possessed rules of competence.
202nd, preferential role is preset for user configuration.
For the data permission highest priority in the default preferential role of the embodiment of the present invention, it is primarily adapted for use in frequent change
The complicated user of more data permission, by can preferentially be performed in default preferential role for user configuration preset priority role
Data permission, so as to preferably realize the management to data permission.
203rd, user group is created.
It wherein, can be comprising between the role and data permission that user group is possessed in the corresponding role-security table of user group
Correspondence, for convenience management is synchronized to multiple users, pass through according to have same role multiple users establishment
User group, it is convenient that the user with same role manage simultaneously.
204th, preferential role is preset for user group configuration.
For the embodiment of the present invention, specially user group is configured described in the mode and step 204 of preset priority role
Mode is identical, and this will not be repeated here.It should be noted that a user may belong to multiple user groups, a group can have multiple
User, after user group is configured with default preferential role, the user group it is all with enjoy per family this preset preferential role in
Data permission.
If it should be noted that user have to multiple data permissions of same tables of data or as user or
When data permission in the role that person's user group is configured is different, standard is limited to highest weight, for example, user has table
1 checks permission, the also modification authority with 1 place database of table, then the user has checking permission and repairing for table 1 simultaneously
Change permission.
In addition, after user group is deleted, the customer relationship in the user group is deleted simultaneously, but delete operation does not influence
The corresponding Role Information of user in user group.
205th, when receiving permission modification instruction, the data permission carried in being instructed according to the permission modification is to described
The data permission preset in preferential role changes.
For the embodiment of the present invention, since special circumstances need to change user right, correspondence database is such as changed
Either the checking of tables of data, change or other data permissions, since data permission may change other users after change
Data permission is unfavorable for the management of data permission, therefore changed data permission cannot be assigned to other roles, the present invention
Embodiment preferentially performs changed data permission by the default preferential role being configured, and is answered with realizing often changing permission
Use mixedly the rights management of family or user group, it should be noted that all users or user group are each equipped with one and belong to here
The user or the default preferential role of user group, when reception asks permission modification to instruct, this presets the priority in preferential role
Higher than the priority of other data permissions so that the data permission of change can be performed preferentially, be improved to special data permission
The feasibility of change.
206th, the operational order of user is received.
207th, judge whether user or the user group belonging to user have the data permission carried in the operational order.
It should be noted that the data permission carried in being instructed according to permission modification is to presetting the data in preferential role
After permission changes, since the operational order corresponding to different data permissions and the corresponding operation object of the instruction have
Institute is different, and the embodiment of the present invention filters out the operation object with data permission to exclude other operation objects first, then
Judge whether user or the user group belonging to user have the data permission carried in operational order, so as to convenient to data permission
It is managed.
Here operation object carries out the object of data manipulation, such as tables of data, database or report for user, only right
User or user group show the operation object with data permission, so as to carry out data to operation object as user or user group
During operation, it can be judged by recording the correspondence between role and data permission in the corresponding role-security table of user
Whether user has the permission for performing the data manipulation.
If 208a, judging that user or the user group belonging to user have the data permission carried in the operational order,
Perform the data permission carried in the operational order.
When the user group for judging user or belonging to user has the data permission carried in operational order, illustrate user
Or the role that the user group belonging to user possesses has the permission for performing the data manipulation, then can perform the data manipulation.
If step 208b corresponding with step 208a, judge that user or the user group belonging to user do not have the operation
The data permission carried in instruction, then prompting do not have data manipulation permission.
Similarly, when the user group for judging user or belonging to user does not have the data permission carried in operational order,
Illustrate user or role that the user group belonging to user possesses does not have the permission for performing the data manipulation, then cannot perform the number
According to operation, further user is prompted not have data manipulation permission.
Following realization methods can be included but is not limited to for the concrete application scene of the embodiment of the present invention:It obtains first
The identity of user a, user b and user c, according to the identity of user inquire database in user a, user b and
The Role Information of user c, further obtains the corresponding role-security tables of user a, which includes role 1 and role
2 and 2 corresponding data permission of role 1 and role, the permission that table 1 is inquired, table 1 is changed and table 2 is changed is specifically included, is used
The corresponding role-security tables of family b, the role-security table include role 2 and role 4 and role 2 and 4 corresponding data of role
Permission specifically includes the permission that table 1 is changed, table 2 is changed and table 3 is all, the corresponding role-security tables of user c, role power
Limit table includes role 3 and role 4 and role 3 and 4 corresponding data permission of role, specifically includes that table 2 is inquired, table 2 is changed
And the permission that table 3 is all, get the corresponding role-security table of user as shown in figure 4, further for user a, user b and
Default preferential role is respectively configured in user c, when receive permission modification instruction for user's a deletions table 1 inquire permission, user c
The permission that table 2 is changed is deleted, further the data permission of change is configured in preferential role is preset, and this presets preferential angle
Data manipulation in color is prior to user's others data permission, so as to preferentially perform use when user a performs the data manipulation
Family a deletes the permission of the inquiry of table 1 and user c deletes the permission that table 2 is changed, further preferential to presetting according to alteration command
After data permission in role changes, judge whether user a has the permission inquired table 1, due to changed data
Permission deletes the permission of the inquiry of table 1 for user a, then illustrates that user a does not have the data permission, then prompting does not have data manipulation
Permission.
In actual mechanical process, for having for the user of more special access right, the configuration side of existing data permission
Method can generate the role largely with simple permission by way of increasing role for special access right, be unfavorable for the pipe of data permission
Reason, the configuration method of another kind data permission provided in an embodiment of the present invention, by being configured for each user or user group
One preset preferential role, this preset preferential role in data permission highest priority so that change specified permission when
Wait, whole change permissions is realized in preferential role is preset, it is not necessary to increase new role, can effectively realize to user or
The management of person's user group data permission.
Further, the specific implementation as method shown in Fig. 1, the embodiment of the present invention provide a kind of configuration of data permission
Device, the device embodiment is corresponding with preceding method embodiment, and for ease of reading, the present apparatus is not in preceding method embodiment
Detail content repeated one by one, it should be understood that the device in the present embodiment can correspond to realize preceding method embodiment
In full content, as shown in figure 5, described device includes:
Acquiring unit 31 can be used for obtaining role-security table, and role is included in the role-security table and is weighed with data
Correspondence between limit;
First dispensing unit 32 can be used for presetting preferential role, the number preset in preferential role for user configuration
According to permission higher than the data permission in the corresponding role-security table of the user;
A kind of configuration device of data permission provided in an embodiment of the present invention obtains the corresponding role-security of user first
Table presets preferential role for user configuration, which is higher than other permissions of user.Relative to
The configuration method of existing data permission, the embodiment of the present invention for user configuration by presetting preferential role so that permission modification
Data permission in instruction is only effective to user, so as to preferentially perform the data permission preset in preferential role so that without increasing
Add excessive role that can realize the flexible configuration to data permission, improving the change of user for specific data permission needs
It asks.
Further, as shown in fig. 6, described device further includes:
Creating unit 33 can be used for creating user group, multiple users with same role included in the user group;
Second dispensing unit 34 can be used for being configured for the user group and preset preferential role, described to preset preferential role
In data permission correspond to data permission in role's authority list higher than the user group.
Changing unit 35 can be used for, when receiving permission modification instruction, carrying in being instructed according to the permission modification
Data permission to it is described preset preferential role in data permission change.
Receiving unit 36 can be used for receiving the operational order of user;
Judging unit 37, can be used for judging user or whether the user group belonging to user has in the operational order and take
The data permission of band;
Further, the judging unit 37, if specifically can be used for judging, user or the user group belonging to user have
The data permission carried in the operational order then performs the data permission carried in the operational order;
The judging unit 37, if specifically can be also used for judging, user or the user group belonging to user do not have the behaviour
The data permission carried in instructing, then prompting do not have data manipulation permission.
The configuration device of another kind data permission provided by the invention, by being configured one for each user or user group
A to preset preferential role, this presets the data permission highest priority in preferential role so that when specified permission is changed,
Whole change permissions is realized in preferential role is preset, it is not necessary to increase new role, can effectively realize to user or
The management of user group data permission.
The configuration device of the data permission includes processor and memory, above-mentioned acquiring unit 31, the first dispensing unit
32 and 33 grade of changing unit as program unit storage in memory, performed by processor stored in memory above-mentioned
Program unit realizes corresponding function.
Comprising kernel in processor, gone in memory to transfer corresponding program unit by kernel.Kernel can set one
Or more, manpower is saved by adjusting kernel parameter, can flexibly data permission be configured.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/
Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flashRAM), memory includes at least one storage
Chip.
Present invention also provides a kind of computer program products, first when being performed on data processing equipment, being adapted for carrying out
The program code of beginningization there are as below methods step:Role-security table is obtained, is weighed in the role-security table comprising role and data
Correspondence between limit presets preferential role for user configuration, and the data permission preset in preferential role is higher than used
Family corresponds to the data permission in role's authority list.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the application
Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the application
The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application is with reference to the flow according to the method for the embodiment of the present application, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real
The device of function specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps are performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or
The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/
Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flashRAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, CD-ROM read-only memory (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic tape cassette, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, available for storing the information that can be accessed by a computing device.It defines, calculates according to herein
Machine readable medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It these are only embodiments herein, be not limited to the application.To those skilled in the art,
The application can have various modifications and variations.All any modifications made within spirit herein and principle, equivalent replacement,
Improve etc., it should be included within the scope of claims hereof.
Claims (8)
1. a kind of configuration method of data permission, which is characterized in that including:
Role-security table is obtained, the correspondence between role and data permission is included in the role-security table;
Preferential role is preset for user configuration, the data permission preset in preferential role is higher than institute user corresponding angles color permission
Data permission in table.
2. according to the method described in claim 1, it is characterized in that, it is described for the user configuration preset preferential role it
Afterwards, the method further includes:
User group is created, multiple users with same role are included in the user group;
It is configured for the user group and presets preferential role, the data permission preset in preferential role is higher than the user group pair
Answer the data permission in role-security table.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
When receiving permission modification instruction, the data permission carried in being instructed according to the permission modification is to described default preferential
Data permission in role changes.
4. method according to any one of claim 1-3, which is characterized in that instructed described according to the permission modification
After the data permission of middle carrying changes the data permission preset in preferential role, the method further includes:
Receive the operational order of user;
Judge whether user or the user group belonging to user have the data permission carried in the operational order;
If so, performing the data permission carried in the operational order, otherwise, prompt do not have data manipulation permission.
5. a kind of configuration device of data permission, which is characterized in that including:
Acquiring unit for obtaining role-security table, includes pair between role and data permission in the role-security table
It should be related to;
First dispensing unit, for presetting preferential role for user configuration, the data permission preset in preferential role is higher than
The user corresponds to the data permission in role's authority list.
6. device according to claim 5, which is characterized in that described device further includes:
For creating user group, multiple users with same role are included in the user group for creating unit;
Second dispensing unit presets preferential role for being configured for the user group, the data power preset in preferential role
Limit for height corresponds to the data permission in role's authority list in the user group.
7. device according to claim 6, which is characterized in that described device further includes:
Changing unit, for the data permission when receiving permission modification instruction, carried in being instructed according to the permission modification
Data permission in the default preferential role is changed.
8. according to the device described in any one of claim 5-7, which is characterized in that described device further includes:
Receiving unit, for receiving the operational order of user;
Whether judging unit, the user group for judging user or belonging to user have the data carried in the operational order power
Limit;
Judging unit, if there are the data carried in the operational order specifically for the user group for judging user or belonging to user
Permission then performs the data permission carried in the operational order;
Judging unit, if being specifically additionally operable to judge, user or the user group belonging to user do not have what is carried in the operational order
Data permission, then prompting do not have data manipulation permission.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611261597.0A CN108268790A (en) | 2016-12-30 | 2016-12-30 | The configuration method and device of data permission |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611261597.0A CN108268790A (en) | 2016-12-30 | 2016-12-30 | The configuration method and device of data permission |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108268790A true CN108268790A (en) | 2018-07-10 |
Family
ID=62754954
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611261597.0A Pending CN108268790A (en) | 2016-12-30 | 2016-12-30 | The configuration method and device of data permission |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108268790A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112487830A (en) * | 2020-11-09 | 2021-03-12 | 文思海辉智科科技有限公司 | Translation memory library operation execution method and device, computer equipment and storage medium |
CN112528249A (en) * | 2020-12-18 | 2021-03-19 | 杭州立思辰安科科技有限公司 | Authority management method and device suitable for network security management platform |
CN112905962A (en) * | 2021-03-04 | 2021-06-04 | 深圳市航顺芯片技术研发有限公司 | Method for protecting program codes in MCU, intelligent terminal and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101674334A (en) * | 2009-09-30 | 2010-03-17 | 华中科技大学 | Access control method of network storage equipment |
CN101714172A (en) * | 2009-11-13 | 2010-05-26 | 华中科技大学 | Index structure supporting access control and search method thereof |
CN102567675A (en) * | 2012-02-15 | 2012-07-11 | 合一网络技术(北京)有限公司 | User authority management method and system in business system |
US20130160076A1 (en) * | 2010-09-22 | 2013-06-20 | Nec Corporation | Access authority generation device |
CN104112085A (en) * | 2013-04-19 | 2014-10-22 | 阿里巴巴集团控股有限公司 | Data permission control method and device for application system clusters |
CN105373726A (en) * | 2014-08-18 | 2016-03-02 | 南京普爱射线影像设备有限公司 | User authority management system |
CN106126569A (en) * | 2016-06-17 | 2016-11-16 | 南京乐运乐科技有限公司 | A kind of rapid data method of servicing and system |
-
2016
- 2016-12-30 CN CN201611261597.0A patent/CN108268790A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101674334A (en) * | 2009-09-30 | 2010-03-17 | 华中科技大学 | Access control method of network storage equipment |
CN101714172A (en) * | 2009-11-13 | 2010-05-26 | 华中科技大学 | Index structure supporting access control and search method thereof |
US20130160076A1 (en) * | 2010-09-22 | 2013-06-20 | Nec Corporation | Access authority generation device |
CN102567675A (en) * | 2012-02-15 | 2012-07-11 | 合一网络技术(北京)有限公司 | User authority management method and system in business system |
CN104112085A (en) * | 2013-04-19 | 2014-10-22 | 阿里巴巴集团控股有限公司 | Data permission control method and device for application system clusters |
CN105373726A (en) * | 2014-08-18 | 2016-03-02 | 南京普爱射线影像设备有限公司 | User authority management system |
CN106126569A (en) * | 2016-06-17 | 2016-11-16 | 南京乐运乐科技有限公司 | A kind of rapid data method of servicing and system |
Non-Patent Citations (2)
Title |
---|
文骁一: "一种基于改进RBAC模型的权限管理系统", 《硅谷》 * |
王瑞琴 等: "基于差异的多级角色授权模型研究及实现", 《上海理工大学学报》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112487830A (en) * | 2020-11-09 | 2021-03-12 | 文思海辉智科科技有限公司 | Translation memory library operation execution method and device, computer equipment and storage medium |
CN112487830B (en) * | 2020-11-09 | 2024-05-28 | 文思海辉智科科技有限公司 | Translation memory operation execution method and device, computer equipment and storage medium |
CN112528249A (en) * | 2020-12-18 | 2021-03-19 | 杭州立思辰安科科技有限公司 | Authority management method and device suitable for network security management platform |
CN112905962A (en) * | 2021-03-04 | 2021-06-04 | 深圳市航顺芯片技术研发有限公司 | Method for protecting program codes in MCU, intelligent terminal and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2020200073B2 (en) | Method and apparatus for multi-tenancy secrets management | |
US7424586B2 (en) | Data processing method with restricted data arrangement, storage area management method, and data processing system | |
CN103262494B (en) | Method and system to the cross-domain Identity Management of the safety on line supply of equipment framework based on white list | |
CN113287112B (en) | Auditing data protection compliance of cloud services using blockchain techniques | |
KR102386096B1 (en) | Encoding of volumetric data to support trusted transactional delivery | |
US20180268159A1 (en) | Method and System for Policy Based Real Time Data File Access Control | |
CN108268790A (en) | The configuration method and device of data permission | |
US7730179B2 (en) | System and method for policy-based registration of client devices | |
US9043456B2 (en) | Identity data management system for high volume production of product-specific identity data | |
MX2012009022A (en) | Generic feature licensing framework. | |
US9305146B2 (en) | License management device, license management system, license management method, and program | |
EP3084590A1 (en) | Controlling access to a software application | |
US20180173886A1 (en) | Collaborative Database to Promote Data Sharing, Synchronization, and Access Control | |
CN111753326B (en) | Container cloud platform cloud storage resource encryption method, system and medium | |
CN114691355A (en) | Cloud platform construction method, electronic equipment and computer readable storage medium | |
CN111131474A (en) | Method, device and medium for managing user protocol based on block chain | |
CN106776991B (en) | Engineering data filling method based on Internet | |
CN114358771A (en) | Information sharing system based on block chain | |
JP2007004610A (en) | Complex access approval method and device | |
CN106603509B (en) | Enterprise document management method | |
EP2667564A1 (en) | Method and system for enabling multi-level policies enforcement | |
JP2005234909A (en) | Upload type information distribution system, its method, user device, and program for the same | |
CN111881427B (en) | Authorization method and device in railway engineering management system | |
Dixit et al. | ‘Heterogeneous-cloud for improving cloud data security | |
Katzer et al. | Office 365 compliance and data loss prevention |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing Applicant after: BEIJING GRIDSUM TECHNOLOGY Co.,Ltd. Address before: 100086 Beijing city Haidian District Shuangyushu Area No. 76 Zhichun Road cuigongfandian 8 layer A Applicant before: BEIJING GRIDSUM TECHNOLOGY Co.,Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180710 |