CN108629166A - A kind of user right various dimensions multiple management method of information system - Google Patents
A kind of user right various dimensions multiple management method of information system Download PDFInfo
- Publication number
- CN108629166A CN108629166A CN201810389655.0A CN201810389655A CN108629166A CN 108629166 A CN108629166 A CN 108629166A CN 201810389655 A CN201810389655 A CN 201810389655A CN 108629166 A CN108629166 A CN 108629166A
- Authority
- CN
- China
- Prior art keywords
- information system
- dimension
- user
- permission
- managed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 claims abstract description 6
- 230000007246 mechanism Effects 0.000 claims description 20
- 238000005516 engineering process Methods 0.000 claims description 6
- 238000004519 manufacturing process Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 4
- 239000002994 raw material Substances 0.000 claims description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 239000010985 leather Substances 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to field of information management, and disclose a kind of user right various dimensions multiple management method of information system.This method includes:S1:For information system to be managed, the permission of the information system is divided from multiple dimensions, and each dimension includes multiple levels, setting user accesses the permission type of information system to be managed;S2:For different users, the corresponding permission type of each submodule from the different each dimensions of dimension set;S3:User logs in information system to be managed, accesses information system to be managed according to the permission of the different dimensions of step S2 settings, the various dimensions multiple management of user right is realized with this.Through the invention, it realizes the multi-level rights management of management system multidimensional, improves enterprise management efficiency, improve working efficiency.
Description
Technical field
The invention belongs to field of information management, multistage more particularly, to a kind of user right various dimensions of information system
Management method.
Background technology
In recent years, the extensive use of computer and internet and development just push industrial expansion and change from every side
Leather, production efficiency that it can not only improve and reduction production cost, while again technical support is provided for the information system management of enterprise.
To adapt to safety requirements, Information Management System in the process of development, needs the user right and operable data model to system
It encloses and is bound, be thus related to the management of user right.
But it is certain that stringent enterprise, module permission is required to be difficult to meet the permission of information system for information system security
Regulatory requirement, it is therefore desirable to limit its permission from the multiple ranks of multiple dimensions, and with the combination permission of the multiple ranks of multiple dimensions
As the final permission of user, therefore, there is the user authority management problem of the information system of complicated permission for user, just need
Various dimensions multistage is carried out to user right to define, could meet the needs of real system, wherein various dimensions according to actual conditions
Multistage can be expanded according to actual conditions.
Invention content
For the disadvantages described above or Improvement requirement of the prior art, the present invention provides a kind of user right of information system is more
Dimension multiple management method, by carrying out the setting of the multi-level user right of various dimensions, mesh to information system to be managed
Be the management of user right is carried out from different dimension, thus solve the technology of the multi-level information system management hardly possible of various dimensions
Problem.
To achieve the above object, it is proposed, according to the invention, provide a kind of user right various dimensions multiple management of information system
Method, which is characterized in that this method includes the following steps:
S1:For information system to be managed, the permission of the information system is divided from multiple dimensions, and each dimension
Including multiple levels, setting user accesses the permission type of information system to be managed, wherein the multiple dimension includes according to work(
Function module dimension, the mechanism dimension according to different mechanism sets and the dimension of the content according to different content settings that can be divided
Degree;
S2:For different users, from the corresponding user's of each level in the different each dimensions of dimension set
Permission type obtains permission type of the user for each dimension of information system to be managed with this;
S3:User logs in information system to be managed, and letter to be managed is accessed according to the permission of the different dimensions of step S2 settings
Breath system realizes the various dimensions multiple management of user right with this.
Preferably for the function module dimension, each submodule therein is assigned to module I D, for distinguishing difference
Function module quick access is realized with this.
Preferably, the permission type includes management, four type of typing, browsing and lack of competence.
Preferably, multiple levels in the mechanism dimension according in enterprise where information system to be managed employee up and down
Grade relationship setting.
Preferably, multiple levels of the content dimension include raw material, product, manufacturing technology, detection content.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, can obtain down and show
Beneficial effect:
1, the present invention limits user right from each rank of multiple dimensions, and each dimension is set separately, avoids permission and set
Fixed confusion, particularly, mechanism dimension limit user to different institutions rank data, and content dimension limits different content rank
Data;
2, multiple dimensions provided by the invention can be expanded according to actual demand, have scalability;In addition, each dimension
Degree can be defined the data permission of each rank, and the rank number of plies can constantly be extended according to actual demand, to
Data area is accessed according to particular user to it to be defined.
Description of the drawings
Fig. 1 is the information management system user right various dimensions multiple management constructed by preferred embodiment according to the invention
Flow chart;
Fig. 2 is the information management system user right various dimensions multistage signal constructed by preferred embodiment according to the invention
Figure.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below
It does not constitute a conflict with each other and can be combined with each other.
The present invention proposes one kind and carrying out various dimensions multistage authority management method for user, for being carried out to information system
User authority management, to realize the multi-level management of the various dimensions of user right." various dimensions are multistage " particular content is as follows:
(1) module dimension:Information system is generally divided into multiple ranks such as level-one, two level for the setting of module, needs pair
User is bound the permission of modules at different levels.
(2) mechanism dimension:There is relationship between superior and subordinate, the user right for belonging to different institutions rank to need root for mechanism in enterprise
It is accordingly defined according to the rank of mechanism.
(3) content dimension:For certain form of enterprise, the contents such as material, product, manufacturing technology, detection technique are usual
It is made of multiple levels, user needs to be bound each content level permission when accessing corresponding contents.
The administration authority of data is made of three parts --- and module permission, mechanism permission and content rights are united by permission
One judgement can control the access profile of data.
In the mechanism of multi-layer, parent body possesses the data administration authority of its all affiliated institutions, you can to access
All data of all Lower Establishments --- certain user has the data administration authority of parent body, if not indicating affiliated institutions
Data administration authority then has the data administration authority of the whole affiliated institutions of mechanism simultaneously;If indicating, the user does not have certain
The administration authority of a affiliated institutions then only has the data administration authority of other affiliated institutions in addition to corresponding affiliated institutions.Instead
It, the data administration authority that certain user does not have parent body does not have if not indicating the data administration authority of affiliated institutions
The data administration authority of the parent body;If indicating, the user has the data management administration authority of certain Lower Establishment, only has
There is the data administration authority of corresponding affiliated institutions.
The content-data rights management of multi-layer is similar with multi-layer organization data rights management.
And in the module of multi-layer, user could have its subordinate only in the data administration authority with higher level's module
The data administration authority of module.
Fig. 1 is the information management system user right various dimensions multiple management constructed by preferred embodiment according to the invention
Flow chart, as shown in Figure 1, a kind of information management system user right various dimensions multiple management method, the method comprising the steps of such as
Under:
S1:Permission type defines;
Fig. 2 is the information management system user right various dimensions multistage signal constructed by preferred embodiment according to the invention
Figure, as shown in Fig. 2, for information system to be managed, is classified as module dimension, mechanism dimension and content dimension, Mei Gewei
Degree includes multilayer, and every layer includes multiple submodule, and different permission types is set according to different types of user, such as:Browsing,
Typing, management and lack of competence, each permission type correspond to different authority credentials.Wherein, for multiple sub- work(in module dimension
Energy module, is unfavorable for fast accessing, by the module I D of each function module, for distinguishing since each function module name is long
Different function module, to define permission of the user to module according to module I D.
S2:User authority setting;
User right is configured respectively according to different dimensions, dimension includes:Module, mechanism and content dimension, but
It is not limited only to above several dimensions.Wherein, permission type of the different users to module I D is established, different user is obtained with this
Module permission, for module authorization code user for the permission of function module, user can only access its had authority module
Data;Mechanism authorization code user limits the machine that user can be accessed for the permission of mechanism according to the hierarchical relationship of mechanism
The data of structure;And content rights represent permission of the user for contents such as material, product, detection technique, manufacturing technologies, limit and use
The content rights that family can be accessed.
S3:User right obtains;
When users log on, module, the permission of three dimensions of mechanism and content possessed by login user are obtained.According to mould
Block authority credentials shows all modules with permission of the user, and according to mechanism and content rights, judges its access modules
The data of had permission.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to
The limitation present invention, all within the spirits and principles of the present invention made by all any modification, equivalent and improvement etc., should all include
Within protection scope of the present invention.
Claims (5)
1. a kind of user right various dimensions multiple management method of information system, which is characterized in that this method includes the following steps:
S1:For information system to be managed, the permission of the information system is divided from multiple dimensions, and each dimension includes
Multiple levels, setting user access the permission type of information system to be managed, wherein the multiple dimension includes being drawn according to function
Function module dimension, the mechanism dimension according to different mechanism sets and the content dimension according to different content settings divided;
S2:For different users, from the permission of the corresponding user of each level in the different each dimensions of dimension set
Type obtains permission type of the user for each dimension of information system to be managed with this;
S3:User logs in information system to be managed, and information system to be managed is accessed according to the permission of the different dimensions of step S2 settings
System, the various dimensions multiple management of user right is realized with this.
2. a kind of user right various dimensions multiple management method of information system as described in claim 1, which is characterized in that right
In the function module dimension, each submodule therein is assigned to module I D, for distinguishing different function modules with this reality
It is now quick to access.
3. a kind of user right various dimensions multiple management method of information system as claimed in claim 1 or 2, feature exist
In the permission type includes management, four type of typing, browsing and lack of competence.
4. a kind of user right various dimensions multiple management method of information system as described in any one of claims 1-3, special
Sign is that multiple levels in the mechanism dimension are set according to the relationship between superior and subordinate of employee in enterprise where information system to be managed
It is fixed.
5. a kind of user right various dimensions multiple management method of information system according to any one of claims 1-4, special
Sign is that multiple levels of the content dimension include raw material, product, manufacturing technology, detection content.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810389655.0A CN108629166A (en) | 2018-04-27 | 2018-04-27 | A kind of user right various dimensions multiple management method of information system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810389655.0A CN108629166A (en) | 2018-04-27 | 2018-04-27 | A kind of user right various dimensions multiple management method of information system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108629166A true CN108629166A (en) | 2018-10-09 |
Family
ID=63694744
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810389655.0A Pending CN108629166A (en) | 2018-04-27 | 2018-04-27 | A kind of user right various dimensions multiple management method of information system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108629166A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109885609A (en) * | 2019-01-31 | 2019-06-14 | 平安科技(深圳)有限公司 | Based on combined data area control method, device and storage medium |
CN110688676A (en) * | 2019-09-27 | 2020-01-14 | 北京字节跳动网络技术有限公司 | User information visibility control method, device, equipment and storage medium |
CN110727930A (en) * | 2019-10-12 | 2020-01-24 | 北京推想科技有限公司 | Authority control method and device |
CN110807201A (en) * | 2019-10-31 | 2020-02-18 | 珠海格力电器股份有限公司 | Multi-dimensional data authority management system and method |
CN112214792A (en) * | 2020-09-29 | 2021-01-12 | 浪潮云信息技术股份公司 | Authority management method and tool based on cockroachDB database |
CN115208689A (en) * | 2022-08-08 | 2022-10-18 | 北京雪诺科技有限公司 | Access control method, device and equipment based on zero trust |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1960252A (en) * | 2006-06-30 | 2007-05-09 | 南京联创科技股份有限公司 | Multidimension object access control method based on roles |
CN102354356A (en) * | 2011-09-29 | 2012-02-15 | 用友软件股份有限公司 | Data authority management device and method |
CN104537488A (en) * | 2014-12-29 | 2015-04-22 | 中国南方电网有限责任公司 | Enterprise-level information system function authority unified management method |
-
2018
- 2018-04-27 CN CN201810389655.0A patent/CN108629166A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1960252A (en) * | 2006-06-30 | 2007-05-09 | 南京联创科技股份有限公司 | Multidimension object access control method based on roles |
CN102354356A (en) * | 2011-09-29 | 2012-02-15 | 用友软件股份有限公司 | Data authority management device and method |
CN104537488A (en) * | 2014-12-29 | 2015-04-22 | 中国南方电网有限责任公司 | Enterprise-level information system function authority unified management method |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109885609A (en) * | 2019-01-31 | 2019-06-14 | 平安科技(深圳)有限公司 | Based on combined data area control method, device and storage medium |
CN109885609B (en) * | 2019-01-31 | 2024-05-07 | 平安科技(深圳)有限公司 | Data range control method, device and storage medium based on combination |
CN110688676A (en) * | 2019-09-27 | 2020-01-14 | 北京字节跳动网络技术有限公司 | User information visibility control method, device, equipment and storage medium |
CN110727930A (en) * | 2019-10-12 | 2020-01-24 | 北京推想科技有限公司 | Authority control method and device |
CN110807201A (en) * | 2019-10-31 | 2020-02-18 | 珠海格力电器股份有限公司 | Multi-dimensional data authority management system and method |
CN112214792A (en) * | 2020-09-29 | 2021-01-12 | 浪潮云信息技术股份公司 | Authority management method and tool based on cockroachDB database |
CN115208689A (en) * | 2022-08-08 | 2022-10-18 | 北京雪诺科技有限公司 | Access control method, device and equipment based on zero trust |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108629166A (en) | A kind of user right various dimensions multiple management method of information system | |
CN101714172B (en) | Search method of index structure supporting access control | |
Yang et al. | Differential privacy in data publication and analysis | |
KR101419828B1 (en) | Composite term index for graph data | |
CN100456311C (en) | System and method for actualizing content-based file system security | |
Yu et al. | Compressed accessibility map: Efficient access control for XML | |
CN102231693A (en) | Method and apparatus for managing access authority | |
CN101316273A (en) | Distributed safety memory system | |
US11048753B2 (en) | Flexible record definitions for semi-structured data in a relational database system | |
CN101673287A (en) | SQL sentence generation method and system | |
WO2007002412A3 (en) | Systems and methods for retrieving data | |
US20110016151A1 (en) | Method and apparatus for privilege control in docbase management system | |
CN101075254A (en) | Autonomous access control method for row-level data of database table | |
CN101674334A (en) | Access control method of network storage equipment | |
CN102542069B (en) | XML (Extensible Makeup Language) document access control method and system for XML database system | |
CN110968894B (en) | Fine granularity access control scheme for game service data | |
CN104516912A (en) | Dynamic data storage method and device | |
WO2003030032A3 (en) | An index structure to access hierarchical data in a relational database system | |
CN113508383A (en) | Container-centric access control on database objects | |
CN107729370A (en) | Micro services multi-data source connects implementation method | |
CN109710248A (en) | A kind of building method based on Web exploitation sub-module frame | |
CN104717206B (en) | A kind of Internet of Things resource access right control method and system | |
CN112000851A (en) | Key value model, document model and graph model data unified storage method | |
CN103218433A (en) | Method and module for managing metadata applied to random access | |
CN107562521A (en) | A kind of method for managing resource and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181009 |
|
RJ01 | Rejection of invention patent application after publication |