CN108416230A - A kind of data access method based on data isolation model - Google Patents
A kind of data access method based on data isolation model Download PDFInfo
- Publication number
- CN108416230A CN108416230A CN201810246186.7A CN201810246186A CN108416230A CN 108416230 A CN108416230 A CN 108416230A CN 201810246186 A CN201810246186 A CN 201810246186A CN 108416230 A CN108416230 A CN 108416230A
- Authority
- CN
- China
- Prior art keywords
- data
- access
- role
- data access
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of data access methods based on data isolation model,It distinguishes the service database range that variant hierarchical organization has been isolated using data isolation model,And the access role of corresponding data access rights is established for different data business,For the sub- role of different operation task creation corresponding data access rights,And the data access authority that sub- role has is built using the attaching relation between sub- role and access role,In the organizational hierarchy structure for meeting multi-layer between variant hierarchical organization to the different demands of data traffic management while,Not only ensure the data isolation between the service database range of different levels tissue,And it also can ensure that the access rights authorizing secure between the service database range of different levels tissue,Reach simplified to access rights design in turn and access privilege control security requirement takes into account,To provide better safety guarantee different from the operation task execution under data service.
Description
Technical field
The present invention relates to big data information security management technical fields, and in particular to a kind of number based on data isolation model
According to access method.
Background technology
Currently, generation information technology and manufacturing industry depth integration, it is positive to cause new round industry transformation.China's manufacturing industry is wanted
Using the intelligence manufacture for being based on " internet+manufacturing industry " as main direction, comprehensive integration level is improved, the development road of conservation culture is walked
Road.Information technology Internet-based rapidly develops the IT application process for greatly accelerating manufacturing business.Building waste resource
Change is intended to convert building waste and other waste resources to renewable resource by orienting harmlessness disposing, and deep processing is at more
Kind end product, creates a kind of new Mode of Circular.Construction refuse resource is related to building full industrial chain, supply chain and valence
It is worth chain, the intelligent level for also needing " internet+" to promote resource regeneration, recycle is construction refuse resource item
Mesh popularization provides important opportunity and development space.By implementing the ERP system of grouping of the world economy, generation, fortune from building waste
Defeated, disposition, the quality surveillance of recycling to terminal regeneration product are digitized management to full industrial chain, carry out in region
Building waste Resources Prediction is analyzed, allotment in real time and monitoring, with accurate judgement and holds industry development state, implementation is precisely matched
It sets, dynamic management, improves the synthesized competitiveness of full industrial chain.With construction refuse resource industry intelligent development quickening and
The development of Internet information technique, the information management system based on Web become the mainstream of enterprise information management system exploitation,
Information security issue also becomes focus of attention, and is managed to user right, is one of guarantee information system safety
Important means.Access control is for the defensive measure gone beyond one's commission using system resource, it passes through the behavior of user in limitation system
And operation, ensure that system resource controllably, is legally used, is a kind of key technology for ensureing enterprise information security.
Access control based roles(Role-based Access Control, RBAC)Model is at present in large-scale quotient
The safety access control method of industry system maturation application.It completes authorizing and taking for user right by distributing and cancelling role
Disappear, and role's allocation rule is provided.Safety manager defines various roles as needed, and suitable access right is arranged
Limit, and user is designated as different roles again according to its responsibility and qualifications and record of service.Authorization due to RBAC models and mandate
Model it is easy to maintain efficiently, therefore as the ideal chose of Permission Management Model under open environment.
However, for grouping of the world economy company for the demand of data traffic management, the access control of existing based role
Simulation(That is RBAC model)But cannot have good applicability.Since grouping of the world economy company often has the organized layer of multi-layer
Level structure, in organizational hierarchy structure between variant hierarchical organization, the not only attaching relation with upper and lower level, and also it is different
Not only independence had been emphasized between hierarchical organization but also has emphasized relevance, therefore had also been deposited between the service database range of different levels tissue
It in ownership, the relationship of intersection, but needs to have independent, isolation access rights limitation and requires so that ERP system
(Enterprise Resource Planning, Enterprise Resources Plan)Rights management have complexity and dynamic;And show
RBAC model in be all static, i.e., access of each role in service database range for the control of access rights
Permission is, if directly applying existing RBAC model under the ERP system of grouping of the world economy company, to be easy for leading by static settings
Cause asks that permission is difficult to adapt to the access rights demand of the service database range of different levels tissue by the role of static cost control, leads
Access mechanism is caused rigid or permission granularity occur inadequate(That is rhetorical question permission minimum zone is inadequate);And if to meet variant layer
To the different demands of data traffic management between grade tissue, just need to build a large amount of role under existing RBAC model, and
Can cause many roles data access authority exist intersect, not only so that role establish workload it is huge, but also be easy because
The cross-cutting issue of data access authority between different role and cause role distribute error, cause data access authority distribution improperly
Problem is unfavorable for effective control to data isolation and access rights authorizing secure.
Therefore, how the demand for grouping of the world economy company to data traffic management provides applicable data access authority control
Scheme, and ensure the data isolation between the service database range of different levels tissue and access rights authorizing secure,
It is to have problem to be solved.
Invention content
Aiming at the above shortcomings existing in the prior art, the purpose of the present invention is to provide one kind being based on data isolation model
Data access method, to data between variant hierarchical organization in the organizational hierarchy structure to solve how to meet multi-layer
The different demands of service management and ensure the data isolation between the service database range of different levels tissue and access right
The problem of limiting authorizing secure.
To achieve the above object, the system solution that present invention use can be following:
A kind of data access method based on data isolation model, including:
According to the limitation of the service database range of variant hierarchical organization in the organizational hierarchy structure of data traffic management, structure
Data isolation model for distinguishing isolation different business database range, to distinguish isolation using the data isolation model
The service database range of variant hierarchical organization;
Limitation requirement according to different data business in data traffic management to data access authority in service database, difference needle
Has the access role of corresponding data access rights to each data service structure;Also according to the difference behaviour in different data business
Make limitation requirement of the task to data access authority in service database, is directed to respectively in each data service and has execution accordingly
Each access role of operation task permission, the data for having execution corresponding operating task that structure belongs to the access role are visited
Ask the sub- role of permission;Also, build each access role and its role-security label of sub- role;
In data access, isolation limitation institute is distinguished using the data isolation model according to the hierarchical organization accessed belonging to user
The service database range of access, and be the access user configuration phase according to the data service or/and operation task accessed
Corresponding role-security label, and then realized according to the corresponding access role of role-security label configured or/and sub- role
To accessing the data access authority control of user.
In the above-mentioned data access method based on data isolation model, preferably, the data traffic management
Organizational hierarchy structure is tree;
The data access range and all operationss of total data business are corresponded in the root node hierarchical organization of organizational hierarchy structure
The data access range of task;Remaining each hierarchical organization, then from the corresponding data of father node hierarchical organization of corresponding hierarchical organization
The data access range for the data service that corresponding hierarchical organization is able to access that is screened in business, and is determined in each data service
The corresponding data access range of different operation task, and then the corresponding variant data service of determining corresponding hierarchical organization is to data
Limitation requirement of the variant operation task to data access profile in access profile and each data service.
In the above-mentioned data access method based on data isolation model, preferably, each access role institute
The data access authority having is that the access role accesses minimum data access profile necessary to its corresponding data service
Data access authority.
In the above-mentioned data access method based on data isolation model, preferably, each sub- role has
The total data access rights of its standby access role belonged to, and it is also equipped at least one access role that it is belonged to institute not
The data access authority having.
In the above-mentioned data access method based on data isolation model, preferably, in data access, distinguishing
After isolation limits accessed service database range, the role of access role corresponding to the data service first according to access weighs
Label is limited, to access the data access authority that user assigns corresponding access role, carries out the permission control of data access;When and
Only when the operation task in executing data service and corresponding operating task are activated execution, just appointed according to corresponding operation
The role-security label of the corresponding sub- role of business configuration, to access the data access authority that user assigns corresponding sub- role, into
The permission of row data access controls;When operation task in data service is finished, then corresponding operation is withdrawn immediately and is appointed
The role-security label of the corresponding sub- role of business, revocation access data access authority of the user to corresponding sub- role, and with the son
The permission that the data access authority for the access role that role is belonged to carries out data access to accessing user controls.
Compared with the prior art, the invention has the advantages that:
1, the present invention is based on the data access methods of data isolation model, and variant layer has been isolated using the differentiation of data isolation model
The service database range of grade tissue, and for different data business establish the access role of corresponding data access rights, be directed to
The sub- role of different operation task creation corresponding data access rights, and utilize the attaching relation between sub- role and access role
Build the data access authority that sub- role has, in the organizational hierarchy structure for meeting multi-layer variant hierarchical organization it
Between to the different demands of data traffic management while, between the service database range for not only ensuring different levels tissue
Data isolation, and avoiding the different access role and avoid structure greatly that structure mass data access rights repeat
Under the premise of measuring the sub- role that data access authority has intersection, additionally it is possible to ensure the service database range of different levels tissue
Between access rights authorizing secure, and then reached to access rights design simplify and access privilege control security requirement
Take into account.
2, the present invention is based on the data access methods of data isolation model, additionally it is possible to by executing operation in data service
The flexible allocation of the task of data access authority when to(for) access role and sub- role controls so that configures and grasps in system administration
Make tasks execution phases to prevent the expansion of user's access permission and generate fraud, for different from the behaviour under data service
Better safety guarantee is provided as task execution.
Description of the drawings
Fig. 1 is that the present invention is based on the framework schematic diagrames of the data access method of data isolation model.
Specific implementation mode
Be directed to demand of the grouping of the world economy company to data traffic management, due in the organizational hierarchy structure of its multi-layer it is each not
There are different demands to data traffic management between hierarchical organization, for this purpose, the present invention provides one kind being based on data isolation mould
The data access method of type, this method comprises the following steps:
Step A:According to the limit of the service database range of variant hierarchical organization in the organizational hierarchy structure of data traffic management
System, data isolation model of the structure for distinguishing isolation different business database range, to utilize the data isolation model
Distinguish the service database range that variant hierarchical organization is isolated;
Step B:Limitation requirement according to different data business in data traffic management to data access authority in service database,
It is directed to the access role that each data service structure has corresponding data access rights respectively;Also according in different data business
Limitation requirement of the different operation task to data access authority in service database, is directed to have in each data service respectively and hold
Each access role of row corresponding operating task right, structure belong to having for the access role and execute corresponding operating task
The sub- role of data access authority;Also, build each access role and its role-security label of sub- role;
Step C:In data access, according to access user belonging to hierarchical organization using the data isolation model distinguish every
The service database range accessed from limitation, and according to the data service or/and operation task accessed, used for the access
Family configures corresponding role-security label, and then according to the corresponding access role of role-security label or/and son configured
Role realizes the data access authority control to accessing user.
In the present invention is based on the data access method of data isolation model, due to distinguishing isolation using data isolation model
The service database range of variant hierarchical organization is needed in data access according to the hierarchical organization accessed belonging to user
Isolation is distinguished using data isolation model and limits accessed service database range, therefore ensure that the industry of different levels tissue
Data isolation between database range of being engaged in.And under the premise of ensuring data isolation, for the number of grouping of the world economy company
For service management demand, often there is identical data service in the data traffic management of different levels tissue, only not
With hierarchical organization, corresponding service database range is different, therefore identical in the requirement of the data traffic management of different levels tissue
The service database object that data service is accessed is different, allows in this way, in the data traffic management of different levels tissue
Independent data access control is executed using identical access role for identical data service, there is feasibility;Cause
This, when establishing access role, there is no need to distinguish the difference for the service database range for considering different levels tissue, it is only necessary to
Limitation requirement of the different data business to data access authority in service database in data traffic management is considered, to be directed to respectively
Each data service structure has the access role of corresponding data access rights, that is to say, that is even directed to different levels
The service database range of tissue, according to different data business to service database the limitation of data access authority require structure
It, can be no longer if the access role for having the data access authority of corresponding data business has existed when building access role
It repeats to build;In this way, avoiding to repeat for the data traffic management structure mass data access rights of different levels tissue
Different access role.Moreover, in the present invention is based on the data access method of data isolation model, also according to different numbers
Limitation requirement according to the different operation task in business to data access authority in service database, is directed to each data industry respectively
Have each access role for executing corresponding operating task right in business, construct belong to the access role have execution phase
Answer the sub- role of the data access authority of operation task;When it is implemented, can design each sub- role is provided with its institute
The total data access rights of the access role of ownership, and it is also equipped with what its at least one access role belonged to did not had
Data access authority, certainly, the data access authority that its access role belonged to that every sub- role has does not have is answered
When being that the sub- role executes data access authority necessary to its corresponding operation task;Since in this way so that each data industry
The relations of distribution of the data access authority of execution different operation task between different sub- roles, which are also more prone to distinguish, in business distinguishes
Analysis, and due to can to avoid data access authority repeat different access role largely exist, successively premised on, then utilizing
Attaching relation between sub- role and access role builds the data access authority that sub- role has, also just significantly
There is asking for the sub- role intersected in the data traffic management structure mass data access rights evaded for different levels tissue
Topic.As a result, in data access, isolation is being distinguished using the data isolation model according to the hierarchical organization accessed belonging to user
After the accessed service database range of limitation, according to the data service or/and operation task accessed, match to access user
Corresponding role-security label is set, it is real further according to the corresponding access role of role-security label configured or/and sub- role
Now to the data access authority control of access user, in the organizational hierarchy structure for meeting multi-layer between variant hierarchical organization
While to the different demands of data traffic management, the number between the service database range of different levels tissue is not only ensured
According to isolation, and avoiding the different access role and avoid structure largely that structure mass data access rights repeat
Data access authority exist intersect sub- role under the premise of, additionally it is possible to ensure different levels tissue service database range it
Between access rights authorizing secure, and then reached to design access rights and simplify and access privilege control security requirement
It takes into account.
In the present invention is based on the data access method of data isolation model, the sequence between above-mentioned step A, step B
There is no limit can mutually exchange;Step C then needs to rely on step A and step B and is carried out.
For grouping of the world economy company, in organizational hierarchy structure between variant hierarchical organization, often there are levels
The attaching relation of grade, is directed to such organizational hierarchy structure type, and the organizational hierarchy structure of data traffic management should be set
It is calculated as tree;And in the root node hierarchical organization of organizational hierarchy structure, it is exactly often the parent company of group company, therefore group
The root node hierarchical organization of tissue layer level structure should correspond to the data access range and all operationss task of total data business
Data access range;And remaining each hierarchical organization, due to having the attaching relation of upper and lower level with his father's node hierarchical organization,
Therefore except remaining each hierarchical organization of root node hierarchical organization, the father node hierarchical organization from corresponding hierarchical organization should be designed as
The data access range for the data service that corresponding hierarchical organization is able to access that is screened in corresponding data service, and is determined per number
According to the corresponding data access range of different operation task in business, and then determine the corresponding variant data of corresponding hierarchical organization
Limitation requirement of the business to the variant operation task in data access profile and each data service to data access profile.
Such data access range distinguishes isolation design mode, more disclosure satisfy that grouping of the world economy company to the data of data traffic management every
From property regulatory requirement.
In specific implementation, if in order to provide better safety guarantee, such as machine in some cases for task execution
The processing etc. of confidential information, the then data access rights having in each access role of design are prescribed a time limit, and the access role can be designed
Only have a data access authority of minimum data access profile necessary to accessing its corresponding data service, and remaining demand
Data access authority, this can be realized by the sub- role of its ownership.On the other hand, in order to which the data for improving task execution are pacified
Full guard, can also be first according to access after distinguishing isolation and limiting accessed service database range in data access
Data service corresponding to access role role-security label, assign the data access of corresponding access role to access user
Permission carries out the permission control of data access;And if only if the operation task and corresponding operating task in executing data service
Be activated execution when, the role-security label of corresponding sub- role is just configured according to corresponding operation task, is assigned to access user
The data access authority for giving corresponding sub- role carries out the permission control of data access;Operation task in data service is held
When row finishes, then the role-security label of sub- role corresponding to corresponding operation task is withdrawn immediately, revocation accesses user to phase
The data access authority for the access role answered the data access authority of sub- role, and belonged to the sub- role to access user into
The permission of row data access controls.Since in this way, before executing operation task, the operation times has been executed even if accessing user and possessing
The qualification of business can not also obtain actual data access authority, only after operation task is activated, the number of corresponding sub- role
It is just really granted to according to access rights and accesses user;And after operation task terminates, the data access authority of corresponding sub- role is then
It is retracted immediately so that access user and have the data access authority executed needed for the operation task no longer, and only have and work as
The data access authority that access role corresponding to preceding place data service has, i.e. minimum number necessary to the data service
According to the data access authority of access profile, in this way since, prevent visit in system administration configuration and operation tasks execution phases
It asks the expansion of user right and generates fraud, to provide better peace different from the operation task execution under data service
All risk insurance hinders.
In conclusion the present invention is based on the data access method of data isolation model, using data isolation model distinguish every
Service database range from variant hierarchical organization, and it is directed to the visit that different data business establishes corresponding data access rights
Ask role, for the sub- role of different operation task creation corresponding data access rights, and using sub- role and access role it
Between attaching relation build the data access authority that sub- role has, in the organizational hierarchy structure for meeting multi-layer it is each not
While between hierarchical organization to the different demands of data traffic management, the business datum of different levels tissue is not only ensured
Data isolation between the range of library, and avoid structure mass data access rights repeat different access role and
Under the premise of avoiding the sub- role that structure mass data access rights have intersection, additionally it is possible to ensure the industry of different levels tissue
Access rights authorizing secure between database range of being engaged in, and then reached and simplified and access rights control is designed to access rights
Security requirement processed takes into account;And the present invention is based on the data access methods of data isolation model, additionally it is possible to by data industry
The flexible allocation of the business of data access authority when executing operation task in to(for) access role and sub- role controls so that in system
Management configuration and operation task execution stage prevent the expansion of user's access permission and generate fraud, to be different from counting
Better safety guarantee is provided according to the operation task execution under business.
Finally illustrate, the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although with reference to reality
Example is applied to describe the invention in detail, it will be understood by those of ordinary skill in the art that, it can be to the technical side of the present invention
Case is modified or replaced equivalently, and without departing from the objective and range of technical solution of the present invention, should all be covered in the present invention
Right in.
Claims (5)
1. a kind of data access method based on data isolation model, which is characterized in that including:
According to the limitation of the service database range of variant hierarchical organization in the organizational hierarchy structure of data traffic management, structure
Data isolation model for distinguishing isolation different business database range, to distinguish isolation using the data isolation model
The service database range of variant hierarchical organization;
Limitation requirement according to different data business in data traffic management to data access authority in service database, difference needle
Has the access role of corresponding data access rights to each data service structure;Also according to the difference behaviour in different data business
Make limitation requirement of the task to data access authority in service database, is directed to respectively in each data service and has execution accordingly
Each access role of operation task permission, the data for having execution corresponding operating task that structure belongs to the access role are visited
Ask the sub- role of permission;Also, build each access role and its role-security label of sub- role;
In data access, isolation limitation institute is distinguished using the data isolation model according to the hierarchical organization accessed belonging to user
The service database range of access, and be the access user configuration phase according to the data service or/and operation task accessed
Corresponding role-security label, and then realized according to the corresponding access role of role-security label configured or/and sub- role
To accessing the data access authority control of user.
2. the data access method according to claim 1 based on data isolation model, which is characterized in that the data service
The organizational hierarchy structure of management is tree;
The data access range and all operationss of total data business are corresponded in the root node hierarchical organization of organizational hierarchy structure
The data access range of task;Remaining each hierarchical organization, then from the corresponding data of father node hierarchical organization of corresponding hierarchical organization
The data access range for the data service that corresponding hierarchical organization is able to access that is screened in business, and is determined in each data service
The corresponding data access range of different operation task, and then the corresponding variant data service of determining corresponding hierarchical organization is to data
Limitation requirement of the variant operation task to data access profile in access profile and each data service.
3. the data access method according to claim 1 based on data isolation model, which is characterized in that each access
The data access authority that role has is that the access role accesses minimum data access necessary to its corresponding data service
The data access authority of range.
4. the data access method according to claim 1 based on data isolation model, which is characterized in that each sub- angle
Color is provided with the total data access rights for the access role that it is belonged to, and is also equipped at least one access angle that it is belonged to
The data access authority that color does not have.
5. the data access method according to claim 1 based on data isolation model, which is characterized in that in data access
When, after distinguishing isolation and limiting accessed service database range, angle is accessed corresponding to the data service first according to access
The role-security label of color carries out the power of data access to access the data access authority that user assigns corresponding access role
Limit control;And if only if when the operation task in executing data service and corresponding operating task are activated execution, just according to phase
The role-security label of the corresponding sub- role of operation task configuration answered, the data that corresponding sub- role is assigned to access user are visited
It asks permission, carries out the permission control of data access;When operation task in data service is finished, then withdraw immediately corresponding
Operation task corresponding to sub- role role-security label, revocation accesses data access authority of the user to corresponding sub- role,
And the data access authority of the access role belonged to the sub- role carries out the permission control of data access to accessing user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810246186.7A CN108416230B (en) | 2018-03-23 | 2018-03-23 | Data access method based on data isolation model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810246186.7A CN108416230B (en) | 2018-03-23 | 2018-03-23 | Data access method based on data isolation model |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108416230A true CN108416230A (en) | 2018-08-17 |
| CN108416230B CN108416230B (en) | 2019-12-20 |
Family
ID=63132343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810246186.7A Active CN108416230B (en) | 2018-03-23 | 2018-03-23 | Data access method based on data isolation model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108416230B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109460675A (en) * | 2018-10-26 | 2019-03-12 | 温州博盈科技有限公司 | A kind of enterprise information security management method |
| CN109829331A (en) * | 2018-12-28 | 2019-05-31 | 金螳螂家装电子商务(苏州)有限公司 | A kind of data managing method based on finishing chain employee unified rights |
| CN110175437A (en) * | 2019-04-11 | 2019-08-27 | 全球能源互联网研究院有限公司 | It is a kind of for access terminal authorization control method, apparatus and host terminal |
| CN110188517A (en) * | 2018-12-14 | 2019-08-30 | 浙江宇视科技有限公司 | A kind of the user account number login method and device of based role mode |
| CN110516450A (en) * | 2019-07-23 | 2019-11-29 | 平安科技(深圳)有限公司 | Data acquisition authority control method, electronic device and computer readable storage medium |
| CN110569657A (en) * | 2019-09-10 | 2019-12-13 | 北京字节跳动网络技术有限公司 | Data access method, device, equipment and storage medium |
| CN111079182A (en) * | 2019-12-18 | 2020-04-28 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and storage medium |
| CN113407929A (en) * | 2021-02-05 | 2021-09-17 | 北京理工大学 | Access authorization method and system for research and development design resources |
| CN114567504A (en) * | 2022-03-07 | 2022-05-31 | 福建天晴在线互动科技有限公司 | Dynamic permission cross management method and system based on web architecture |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8181230B2 (en) * | 2008-06-30 | 2012-05-15 | International Business Machines Corporation | System and method for adaptive approximating of a user for role authorization in a hierarchical inter-organizational model |
| CN104331776A (en) * | 2014-11-18 | 2015-02-04 | 国家电网公司 | Electric power data application management platform |
| CN104537488A (en) * | 2014-12-29 | 2015-04-22 | 中国南方电网有限责任公司 | Enterprise-level information system function authority unified management method |
| CN106407823A (en) * | 2016-09-26 | 2017-02-15 | 中国科学院计算技术研究所 | A multi-granularity and multi-intensity access control method and system |
| CN107506655A (en) * | 2017-08-08 | 2017-12-22 | 北京盛华安信息技术有限公司 | Data permission distributes the method with access control |
-
2018
- 2018-03-23 CN CN201810246186.7A patent/CN108416230B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8181230B2 (en) * | 2008-06-30 | 2012-05-15 | International Business Machines Corporation | System and method for adaptive approximating of a user for role authorization in a hierarchical inter-organizational model |
| CN104331776A (en) * | 2014-11-18 | 2015-02-04 | 国家电网公司 | Electric power data application management platform |
| CN104537488A (en) * | 2014-12-29 | 2015-04-22 | 中国南方电网有限责任公司 | Enterprise-level information system function authority unified management method |
| CN106407823A (en) * | 2016-09-26 | 2017-02-15 | 中国科学院计算技术研究所 | A multi-granularity and multi-intensity access control method and system |
| CN107506655A (en) * | 2017-08-08 | 2017-12-22 | 北京盛华安信息技术有限公司 | Data permission distributes the method with access control |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109460675A (en) * | 2018-10-26 | 2019-03-12 | 温州博盈科技有限公司 | A kind of enterprise information security management method |
| CN110188517A (en) * | 2018-12-14 | 2019-08-30 | 浙江宇视科技有限公司 | A kind of the user account number login method and device of based role mode |
| CN109829331A (en) * | 2018-12-28 | 2019-05-31 | 金螳螂家装电子商务(苏州)有限公司 | A kind of data managing method based on finishing chain employee unified rights |
| CN110175437A (en) * | 2019-04-11 | 2019-08-27 | 全球能源互联网研究院有限公司 | It is a kind of for access terminal authorization control method, apparatus and host terminal |
| CN110516450A (en) * | 2019-07-23 | 2019-11-29 | 平安科技(深圳)有限公司 | Data acquisition authority control method, electronic device and computer readable storage medium |
| CN110516450B (en) * | 2019-07-23 | 2023-06-20 | 平安科技(深圳)有限公司 | Data acquisition authority management and control method, electronic device and computer readable storage medium |
| CN110569657A (en) * | 2019-09-10 | 2019-12-13 | 北京字节跳动网络技术有限公司 | Data access method, device, equipment and storage medium |
| CN110569657B (en) * | 2019-09-10 | 2021-10-29 | 北京字节跳动网络技术有限公司 | Data access method, device, equipment and storage medium |
| CN111079182A (en) * | 2019-12-18 | 2020-04-28 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and storage medium |
| CN113407929A (en) * | 2021-02-05 | 2021-09-17 | 北京理工大学 | Access authorization method and system for research and development design resources |
| CN114567504A (en) * | 2022-03-07 | 2022-05-31 | 福建天晴在线互动科技有限公司 | Dynamic permission cross management method and system based on web architecture |
| CN114567504B (en) * | 2022-03-07 | 2023-08-25 | 福建天晴在线互动科技有限公司 | Dynamic authority cross management method and system based on web architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108416230B (en) | 2019-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108416230A (en) | A kind of data access method based on data isolation model | |
| US8127132B2 (en) | Method and apparatus for executing industrial manufacture | |
| CN100565447C (en) | The method and the inking device that are used for monitor procedure control and manufacturing information system application program | |
| CN106250782B (en) | A kind of data permission control method and device based on SQL statement parsing | |
| CN109981552B (en) | Authority distribution method and device | |
| JP5623271B2 (en) | Information processing apparatus, authority management method, program, and recording medium | |
| CN110472886A (en) | A kind of data governing system based on block chain | |
| CN109308582A (en) | A kind of manufacturing execution system framework based on modularization Yu serviceization | |
| US20070079355A1 (en) | Data perspectives in controller system and production management systems | |
| US20080208374A1 (en) | Testing utilizing controller engine instances | |
| CN105844142A (en) | Safe centralized management and control method of database account | |
| CN104125219A (en) | Centralized identity and management method aiming at electric power information system | |
| CN106325883A (en) | Development method and system for industry business area information system | |
| CN105184144A (en) | Multi-system privilege management method | |
| CN110580148B (en) | Integration-oriented EPC project management platform | |
| CN106372469A (en) | Process-based database permission automated management system meeting international auditing standards | |
| CN109831529A (en) | A kind of integrated architecture of cloud chain number | |
| Wu et al. | The Internet of Things enabled shop floor scheduling and process control method based on Petri nets | |
| RU2006144646A (en) | METHOD FOR DOCUMENT-ORIENTED ADAPTIVE SECURITY MANAGEMENT | |
| CN103942474B (en) | Method for controlling permission three-dimensional model system in software project management process | |
| CN102902916A (en) | Authority control method universal for application programs | |
| CN116628681A (en) | Authority management method and system based on upper computer monitoring control software | |
| CN111966977B (en) | Resource management system of IAM platform | |
| CN103984907B (en) | Data safety maintenance system based on ERP | |
| CN108874370B (en) | Construction method of building financial Internet integrated system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |