CN108763960A - Access authorization for resource management method and device - Google Patents
Access authorization for resource management method and device Download PDFInfo
- Publication number
- CN108763960A CN108763960A CN201810564488.9A CN201810564488A CN108763960A CN 108763960 A CN108763960 A CN 108763960A CN 201810564488 A CN201810564488 A CN 201810564488A CN 108763960 A CN108763960 A CN 108763960A
- Authority
- CN
- China
- Prior art keywords
- resource
- role
- permission
- information
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of access authorization for resource management method and devices.Wherein, this method includes:It is pre-configured with the user role corresponding to each terminal user;Determine the incidence relation between each resource information in preset resource data table and each permission control information in preset permissions data table;According to incidence relation, role-security information corresponding with the user role is configured for each user role;Wherein, role-security information includes:The corresponding resource information of the user role, and the corresponding permission of resource information corresponding with the user role control information.Using scheme provided by the invention, can not only to corresponding to each different role resource and its permission individually managed, and convenient for being managed collectively to the user of different role, improve the efficiency of user management.
Description
Technical field
The present invention relates to field of computer technology, and in particular to a kind of access authorization for resource management method and device.
Background technology
Currently, with the development of science and technology, computer science and technology is widely used in every field.
As the direction of management information system towards mostly application, multi-user continue to develop, the safety problem of system also gradually receives people
Concern.And rights management is used as and ensures the indispensable component part of whole system data safety, in modern software system
In possess consequence.Reliability, safety and the stability of rights management directly affect the normal operation of system.
For often some specific resource being directed to due to permission, in existing permission control mode,
Usually the management object of the corresponding permission of each resource in application system property as a whole is managed.Example
Such as, for the various menu formula resource for including in application, each menu permission corresponding with the menu is carried out respectively
The management object of the permission for indicating the menu is obtained after binding.
But inventor has found in the implementation of the present invention, aforesaid way in the prior art at least exists as follows
Defect:Since the corresponding permission of resource is managed as a management object, before carrying out permission control,
It needs to know in advance the type and quantity of whole resources, and is directed to the corresponding permission of each resource distribution respectively, to will be each
The corresponding permission of resource binds a management object.So, when needing the type and quantity to resource to adjust
It is whole, or when modifying to the type of permission, then it needs to redefine between resource and its corresponding permission after adjustment
Correspondence, and new management object is regenerated, and then need to rewrite program code to realize for new management pair
The management of elephant operates.It can be seen that the autgmentability of existing way is poor, resource category can not be applied to and/or permission type is flexible
In changeable application scenarios.
Invention content
In view of the above problems, it is proposed that the present invention overcoming the above problem in order to provide one kind or solves at least partly
State the access authorization for resource management method and device of problem.
According to an aspect of the invention, there is provided access authorization for resource management method, including:
It is pre-configured with the user role corresponding to each terminal user;
Determine each resource information in preset resource data table and each permission in preset permissions data table
Control the incidence relation between information;
According to the incidence relation, role-security information corresponding with the user role is configured for each user role;
Wherein, the role-security information includes:The corresponding resource information of the user role, and with the user role pair
The corresponding permission control information of resource information answered
According to a further aspect of the present invention, access authorization for resource managing device is provided, including:
First configuration module, suitable for the user role being pre-configured with corresponding to each terminal user;
Determining module, each resource information being adapted to determine that in preset resource data table and preset permissions data table
In each permission control information between incidence relation;
Second configuration module is suitable for, according to the incidence relation, configuring for each user role opposite with the user role
The role-security information answered;
Wherein, the role-security information includes:The corresponding resource information of the user role, and with the user role pair
The corresponding permission control information of resource information answered.
According to another aspect of the invention, a kind of electronic equipment is provided, including:Processor, memory, communication interface and
Communication bus, processor, memory and communication interface complete mutual communication by communication bus;
Memory makes processor execute above-mentioned access authorization for resource management for storing an at least executable instruction, executable instruction
The corresponding operation of method.
In accordance with a further aspect of the present invention, a kind of computer storage media is provided, at least one is stored in storage medium
Executable instruction, executable instruction make processor execute such as the corresponding operation of above-mentioned access authorization for resource management method.
It, can be using resource and permission as two solely according to access authorization for resource management method disclosed by the invention and device
Vertical management object is managed, and carries out pipe by the incidence relation between two management objects of access authorization for resource contingency table pair
Reason, and by increasing Role Information in access authorization for resource contingency table, to which access authorization for resource contingency table is upgraded to role-security
Table, so can to corresponding to each different role resource and its permission individually managed.In this approach, it if desired repaiies
Change the type and quantity of resource and/or permission, the tables of data where corresponding management object only need to be accordingly changed, without weight
New to determine new management object and rewrite control routine for new management object, therefore, rights management mode is flexible, can
Autgmentability is stronger, is particularly suitable for the type and quantity of resource and permission and can not predefine, and needs in use flexibly
The application scenarios of adjustment.And it can also realize following effect:It is managed collectively, improves convenient for the user to different role
The efficiency of user management.For example, according to grade classification can be multiclass by user, it be directed to the corresponding angle per class user setting respectively
Color, and the corresponding resource of corresponding configuration and its permission, to realize resource and its be able to access that the user of different role sees
The effect that is all different of permission, provide convenience for the management of mass users, be particularly suitable for complicated multi-user and big number
According in scene.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technical means of the present invention,
And can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific implementation mode for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are common for this field
Technical staff will become clear.Attached drawing only for the purpose of illustrating preferred embodiments, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the flow diagram of the access authorization for resource configuration method based on tables of data of the embodiment of the present invention one;
Fig. 2 shows the flow diagrams of the access authorization for resource management method of the embodiment of the present invention two;
Fig. 3 shows the flow diagram of the access authorization for resource management method of the embodiment of the present invention three;
Fig. 4 shows the flow diagram of the application permission configuration method based on tables of data of the embodiment of the present invention four;
Fig. 5 is shown according to resource data table Res provided by the embodiments of the present application, permissions data table PermDef, resource power
Limit the relation schematic diagram between contingency table RB;
Fig. 6 shows the functional block diagram of the access authorization for resource managing device of the embodiment of the present invention five;
Fig. 7 shows the structural schematic diagram of a kind of electronic equipment of the embodiment of the present invention six.
Specific implementation mode
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Fig. 1 shows the flow diagram of the access authorization for resource configuration method based on tables of data of the embodiment of the present invention one.Such as
Shown in Fig. 1, this method includes:
Step S101 is stored by preset permissions data table and is weighed by preset resource data table storage resource information
Limit control information.
Wherein, for resource data table for storing various resource informations, which can be menu resource, data money
Source, button resource, table resource, file resource, page elements resource etc. can also be it other than the resource for the above-mentioned type
Its resource information.Permissions data table is for storing various permissions control information, wherein above-mentioned permission control information such as can be with
For visible class permission, such as be visible control authority to some button, some picture on the page, can also be that readable class is weighed
Limit, revises permission, access rights of menu etc. at the operating right of writeable class permission, function module to upper transmitting file, in addition to for
Can also be other types of permission outside above-mentioned permission.
In order to make it easy to understand, Fig. 5 is shown according to resource data table Res provided by the embodiments of the present application, permissions data table
Relation schematic diagram between PermDef, access authorization for resource contingency table RB.As shown in figure 5, resource data table Res can be with storage menu
1, the resource informations such as menu 2, table 1;Permissions data table PermDef can store visible permission, operable permission, read-only authority etc.
Permission controls information.It is worth noting that, the resource data table Res, permissions data table PermDef shown in Fig. 5 are merely illustrative
The type and quantity of schematic diagram, resource information and permission control information in actual conditions are usually more, and Fig. 5 is only simplified shows
It is intended to.
Resource information and permission control information are stored can respectively by presetting resource data table, permissions data table respectively
Get up, to make resource information and permission control information respectively as two mutually independent control objects, and then convenient for rear
It is individually managed for two control objects in continuous step.
Step S102 passes through each resource information and power in preset access authorization for resource contingency table storage resource tables of data
Limit the incidence relation between each permission control information in tables of data.
Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include
Diversified forms.For example, can be that each resource information controls the one-to-one incidence relation of information difference with each permission, may be used also
Think that multiple resource informations control the incidence relation of information corresponding to a permission or a resource information corresponds to multiple power
The incidence relation of limit control information.By implement the step can be separately provided resource data table storage resource information and
The permission control information association of permissions data table storage is got up, to two management object (i.e. resource informations and permission number
It is believed that breath) between incidence relation be managed.
As shown in figure 5, access authorization for resource contingency table RB is for each resource information and permission in storage resource tables of data
The incidence relation between each permission control information in tables of data.Above-mentioned incidence relation such as can be money as shown in Figure 5
The association of the incidence relation of menu 1 and visible permissions mapping in the permission contingency table RB of source, menu 2 and operable permissions mapping is closed
System, the incidence relation of table 1 and read-only authority mapping.It is worth noting that, the access authorization for resource contingency table RB shown in above-mentioned Fig. 5 is only
Simplified illustrative diagram.In actual conditions, access authorization for resource contingency table is likely more complexity.
Step S103 is the corresponding power of each resource information configuration in resource data table according to access authorization for resource contingency table
Limit control information.
According to each resource information in access authorization for resource contingency table and each permission in permissions data table control information it
Between incidence relation, can be that each resource information in resource data table configures corresponding permission and controls information, to realize pair
The permission control effect answered.By the above-mentioned means, resource and permission can be managed as individual management object,
And the correspondence between two management objects is determined by access authorization for resource contingency table, to realize the purpose convenient for extension.
In addition, in traditional rights management mode, due to the type and quantity and the corresponding power of each resource of resource
Limit type can be known and immobilize in advance, therefore, resource and its corresponding permission be carried out pipe as a management object
Reason is feasible.For example, in banking system, bank web page is divided into two versions of professional version and public version, respectively face
To different grades of user, correspondingly, the resource of variety classes and quantity is separately included in the webpage of two versions, and each
Resource and its corresponding permission are changeless:In professional version webpage comprising " transferring accounts ", " financing " and " inquire it is bright
Carefully " three menus, and only include then " transferring accounts " this menu in public version webpage, correspondingly, by the various menu and its right
The control authority answered is tied to a management object and is managed and is fully able to meet the needs of above-mentioned scene.Therefore, existing
In mode, management object and its corresponding operation logic after binding are directly fixed in program code, if do not reprogram
Words can not carry out any change to resource and permission.But inventor has found in the implementation of the present invention:Certain specific
Application scenarios in, the type and quantity of menu can not often predefine, thereby increases and it is possible to the update of business dynamic change,
Therefore, in the present embodiment, resource and its corresponding permission are split as two mutually independent management objects and carry out pipe respectively
Reason, and established by access authorization for resource contingency table and safeguard the contact between two management objects.Further optionally, in order to just
In modification, the operate interface for operating each tables of data is reserved in program code, will pass through corresponding operate interface
It modifies to corresponding tables of data, to realize the purpose of the update based on tables of data and renewal authority configuration mode.
Optionally, in the present embodiment, further comprise following step S104 to step S106.
Step S104, according to receive resource updates request and/or permission update request, update resource data table and/
Or permissions data table.
Wherein, for carrying out various updates to the resource information in resource data table, permission update is asked for resource updates request
It asks for carrying out various updates to the permission control information in permissions data table.The type of above-mentioned resource updates request includes following
At least one of:Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information;Power
The type of limit update request includes at least one of the following:The insertion type of information is controlled for being inserted into newly-increased permission, is used for
Delete the deletion type for having had permission control information.Specifically, resource updates request and/or permission update request can be by default
Command format is sent, for example, can be realized by way of inputting corresponding control command on control backstage by maintenance personnel.Or
Person is intuitively managed for the ease of maintenance personnel, remains for operating the behaviour of each tables of data in advance in program code in advance
Make interface:Resource updates interface for updating resource data table and the permission more new interface for renewal authority tables of data.
Above-mentioned resource updates interface and permission more new interface can be arranged by a variety of realizations such as corresponding input frame, drop-down table, buttons
In operation interface, in order to which maintenance personnel operates.Correspondingly, resource updates request is connect by preset resource updates interface
It receives, permission update request updates interface by preset permission.It, will be according to the resource after receiving resource updates request
Data content in the corresponding modification resource data table of update request;It similarly, will be according to the power after receiving permission update request
Data content in the corresponding modification authority tables of data of limit update request.In addition, when this method is applied to big data scene, due to
The type of resource and its permission is various, therefore, for the ease of management, can press resource data table and permissions data table respectively
Be divided into multiple resource subdatasheets and permission subdatasheet according to default classifying rules, correspondingly, resource updates request and/
Or identified comprising corresponding tables of data in permission update request, quickly to determine subnumber to be updated according to tables of data mark
According to the specific storage location of table.
For example, it is assumed that in a particular application, it may be necessary to the type and quantity of resource are changed, for example, for having resource
Corresponding subordinate's child resource is set, such as further adds the resources such as second-level menu or control button under further menu, at this time
Newly-increased resource information need to be only inputted by resource updates interface, to expand resource data table.It it may also be desirable to
The type for controlling permission information refines, for example, the control authority of existing resource is directed to different types of subscriber segmentation
It is a variety of, such as " checking user information " this menu resource, primary user, which is only capable of checking in user information, includes
Telephone number, the behavior event that secondary user then can be to include in searching user's information, three-level user even can inquire use
The detailed address for including in the information of family, at this point, newly-increased various permissions only, which need to be inputted, by permission more new interface controls information (example
The permission such as checked the permission of behavior event, check detailed address), and by itself and corresponding menu resource in subsequent step
It is associated.
Step S105 updates access authorization for resource contingency table according to updated resource data table and/or permissions data table.
Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from resource
It limits to delete in contingency table and asks relevant data record with resource updates request and/or permission update;When resource updates request is
When being inserted into type and/or permission update request to be inserted into type, is controlled and believed according to permission corresponding with the resource information of insertion
Breath and/or resource information corresponding with the permission of insertion control information, add corresponding data in access authorization for resource contingency table
Record.Such as by the newly-increased resource information of resource updates interface input after, then need further by newly-increased resource information with
The incidence relation of its corresponding permission control information is added in access authorization for resource contingency table.For another example, when passing through permission more new interface
After the newly-increased various permissions control information of input, need the association between the corresponding resource of the permission increased newly control information
Relationship is added in access authorization for resource contingency table.
It is alternatively possible to which obtaining permission corresponding with the resource information being inserted by preset configuration interface controls information
And/or resource information corresponding with the permission of insertion control information, corresponding data note is added in access authorization for resource contingency table
Record.Wherein, above-mentioned configuration interface includes:The first kind for configuring corresponding permission control information for the resource information of insertion is matched
Interface is set, and/or, for configuring interface for the second class of the permission control corresponding resource information of information configuration being inserted into.Wherein,
Above-mentioned configuration interface can be the new with this of the automatic spring after user is by the newly-increased resource information of resource updates interface input
The corresponding configuration interface of resource information of increasing, the configuration interface can voluntarily be inputted and be increased newly by user by way of input frame
The corresponding permission of resource controls information, also permission corresponding with newly-increased resource can be selected to control by user by way of combobox
Information.Above-mentioned resource updates interface can also replace with permission more new interface, and correspondingly, configuration interface can input and permission control
The corresponding resource information of information processed.In short, related program code can be called quickly to change resource by configuring interface
Data content in permission contingency table realizes the convenient matching between newly-increased resource and permission, to improve more new resources power
Limit the efficiency of contingency table.
Step S106, according to updated access authorization for resource contingency table, be in resource data table with resource updates request and/or
The relevant each corresponding permission of Web Service of permission update request controls information.
It is resource data according to updated access authorization for resource contingency table after being finished to the update of access authorization for resource contingency table
Permission corresponding with resource updates request and/or the permission update relevant each Web Service of request controls information in table,
So as to the authority configuration situation of each resource of adaptation.
In conclusion in the present embodiment, resource and permission are split as two independent tables of data and are managed, and
Association between the two is established by access authorization for resource contingency table, and remains for operating the operation of each tables of data in advance in a program
Interface (including resource updates interface mentioned above, permission more new interface and configuration interface), and the table knot of each tables of data
Structure is fixed, correspondingly, is preset in program code for being visited tables of data according to the table structure of each tables of data
The data table access sentence asked, since table structure immobilizes, data table access sentence can be directly fixed in program generation
In code, when needing to change the content of tables of data, it need to only pass through the reserved operate interface for operating each tables of data
Realize to the modification of table content (such as can be inputted by resource updates interface increase newly resource name and in Background scheduling it is corresponding
Insert sentences realize resource addition operation), it can be seen that, data table access sentence is not necessarily to change with the update of table content,
Therefore, it after resource or permission are changed, need to only be modified to corresponding tables of data by corresponding operate interface, entirely
Program code is without carrying out any change, to improve the scalability of program.This kind of mode is particularly suitable for the big of complexity
In data application scene, and it can not predefine or need in the type and quantity of resource and permission in the scene that dynamic adjusts
It is especially suitable.
Fig. 2 shows the flow diagrams of the access authorization for resource management method of the embodiment of the present invention two.As shown in Fig. 2, the party
Method includes:
Step S201 is stored by preset permissions data table and is weighed by preset resource data table storage resource information
Limit control information.
The detail of this step can refer to the description of step S101 in embodiment one, and details are not described herein again.Pass through difference
Default resource data table, permissions data table can respectively store resource information and permission control information, to make resource
Information controls information respectively as two mutually independent control objects with permission, and then convenient for being directed to two in subsequent step
Control object is individually managed.
Step S202 determines each resource information in resource data table and each permission control in permissions data table
Incidence relation between information.
Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include
Diversified forms.For example, can be that each resource information controls the one-to-one incidence relation of information difference with each permission, may be used also
Think that multiple resource informations control the incidence relation of information corresponding to a permission or a resource information corresponds to multiple power
The incidence relation of limit control information.By implement the step can be separately provided resource data table storage resource information and
The permission control information association of permissions data table storage is got up.When it is implemented, can directly with reference in embodiment one about resource
The part of permission contingency table determines above-mentioned incidence relation.
Step S203 configures user corresponding with the terminal user according to above-mentioned incidence relation for each terminal user
Authority information.
Wherein, user right information includes:The corresponding resource information of the terminal user, and it is corresponding with the terminal user
The corresponding permission of resource information controls information.When it is implemented, the user right information is equivalent to the money in embodiment one
User information is further increased on the basis of the permission contingency table of source, which can be deposited by individual user's table
Storage, i.e.,:Will be interrelated between user's table, resource data table and permissions data table three by user right information,
It is determined and the corresponding each user of the resource and its corresponding authority information for each resource.By the above-mentioned means, energy
It is enough to be managed user, resource and permission as individual management object, and determine three by user right information
The correspondence between object is managed, to realize the purpose convenient for extension.
Optionally, in the present embodiment, further comprise following step S204 to step S106.
Step S204 stores the corresponding user right information of each terminal user by preset user right table.
Wherein, for storing above-mentioned user right information, which is equivalent to user's table, money user right table
The tables of data that source data table and permissions data table three obtain after being associated.The user right table can be according to the use received
Family update request is updated, and user updates request and sent by preset user more new interface;Wherein, user updates request
Type include:It is inserted into type, deletes type, and/or modification type.Wherein, user's more new interface is mainly used for user's table
In information be modified, such as add or delete user etc..
Step S205 is determined and is wrapped in user right table according to the user identifier for including in the permission inquiry request received
The query result corresponding with permission inquiry request contained.
For example, when user terminal needs to access a certain resource, can to Rights Management System sending permission inquiry request,
Query result corresponding with the user can be determined according to user identifier wherein included.Specifically, which can be with
It is permission control information of the user for all resources, to the permission situation of the thorough search user;Alternatively, can also be
The user controls information for the permission of specific resources, so that it is determined that whether the user has permission for specific resources execution pair
The operation answered, at this time, it may be necessary to further include resource identification in permission inquiry request;Alternatively, can also further be looked into permission
It askes comprising resource identification and permission control mark in request, to inquire whether the user has the right to execute for specific resources
A certain permission, and then the processing such as let pass or intercept are executed to the respective operations of the user according to query result.
Step S206, according to receive resource updates request and/or permission update request, update resource data table and/
Or permissions data table;According to updated resource data table and/or permissions data table, updated with resource more in user right table
The corresponding user right information of relevant each terminal user is asked in new request and/or permission update.
Wherein, resource updates request passes through preset power by preset resource updates interface, permission update request
Limit update interface.About resource updates request and permission update request and resource updates interface and permission more new interface
Detail can refer to the description of step S104 in embodiment one, and details are not described herein again.
Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from user
It limits to delete in table and asks relevant data record with resource updates request and/or permission update;When resource updates request is insertion
Type and/or permission update request for be inserted into type when, according to permission corresponding with the resource information of insertion control information and/
Or resource information corresponding with the permission of insertion control information, corresponding data record is added in user right table.It is optional
Ground, can be obtained by preset configuration interface with the resource information corresponding permission control information being inserted into and/or with insertion
Permission control the corresponding resource information of information, corresponding data record is added in user right table.Wherein, above-mentioned configuration
Interface includes:The first kind for configuring corresponding permission control information for the resource information of insertion configures interface, and/or, it uses
The second class that the corresponding resource information of information configuration is controlled in the permission for insertion configures interface.Update about user right table
Mode can be directly with reference to the update mode about access authorization for resource contingency table in one S104 of embodiment, the setting side about configuration interface
Formula can be directly with reference to the set-up mode about configuration interface in one S104 of embodiment, and details are not described herein again.
In conclusion in the present embodiment, by increasing relevant user in the access authorization for resource contingency table in embodiment one
Information, to which access authorization for resource contingency table upgraded to user right table, and then can be to the money corresponding to each different user
Source and its permission are individually managed.The present embodiment is one corresponding improvement embodiment of embodiment, and therefore, the present embodiment necessarily has
There are whole advantages of embodiment one, on this basis, additionally it is possible to realize following effect:The type for the resource that different user is seen and
Quantity may be different, and the type of the corresponding permission of resource may also be different, therefore, can be to each user by user right table
Permission carry out flexible management.
Fig. 3 shows the flow diagram of the access authorization for resource management method of the embodiment of the present invention three.As shown in figure 3, the party
Method includes:
Step S301 is pre-configured with the user role corresponding to each terminal user.
Wherein, terminal user is each user for including in application system, can specifically be stored by user's table.At this
It in embodiment, is managed for the ease of the terminal user to magnanimity, is further provided with multiple user roles, including but unlimited
In:Administrator, department manager A, the common employee of A departments, department manager B etc..In the present embodiment, give tacit consent to the terminal of same role
The control authority of user is identical, and thus, it is possible to identical permission control mode is multiplexed into the use of magnanimity by role
In family, to bring facility for the management of mass users.When it is implemented, can be configured in preset user role table each
User role corresponding to terminal user stores the corresponding pass between terminal user and its user role by user role table
System.
Step S302 is determined in each resource information and the preset permissions data table in preset resource data table
Incidence relation between each permission control information.
Resource information and permission control information are stored can respectively by presetting resource data table, permissions data table respectively
Get up, to make resource information and permission control information respectively as two mutually independent control objects, and then convenient for rear
It is individually managed for two control objects in continuous step.When it is implemented, can refer in embodiment one about resource data
Table, permissions data table and access authorization for resource contingency table etc. partly determine above-mentioned incidence relation, and details are not described herein again.
Step S303 configures role corresponding with the user role according to above-mentioned incidence relation for each user role
Authority information.
Wherein, role-security information includes:The corresponding resource information of the user role, and it is corresponding with the user role
The corresponding permission of resource information controls information.When it is implemented, the role-security information is equivalent to the money in embodiment one
User role information is further increased on the basis of the permission contingency table of source, which can pass through individual role's table
It is stored, i.e.,:It will be interrelated between role's table, resource data table and permissions data table three by role-security information
Get up, is determined and the corresponding each role of the resource and its corresponding authority information for each resource.Pass through above-mentioned side
Formula can be managed role, resource and permission as individual management object, and be determined by role-security information
Correspondence between three management objects, to realize the purpose convenient for extension.
Optionally, in the present embodiment, further comprise following step S304 to step S306.
Step S304 stores the corresponding role-security information of each user role by preset role-security table.
Wherein, for storing above-mentioned role-security information, which is equivalent to role's table, money role-security table
The tables of data that source data table and permissions data table three obtain after being associated.The role-security table can be according to the angle received
Color update request is updated, and update of role request is sent by preset update of role interface;Wherein, update of role is asked
Type include:It is inserted into type, deletes type, and/or modification type.Wherein, update of role interface is mainly used for diagonal color table
In information be modified, such as add or delete role and its corresponding user etc..
Step S305, according to the user identifier for including in the permission inquiry request received, inquire in user role table with
The corresponding user role of the user identifier;According to role-security table and user role corresponding with the user identifier, really
Fixed corresponding query result.
For example, when user terminal needs to access a certain resource, can to Rights Management System sending permission inquiry request,
User role corresponding with the user, and then basis can be determined according to user identifier wherein included and user role table
Role-security table determines corresponding query result.Specifically, which can be role where the user for all
The permission of resource controls information, to the permission situation of thorough search user place role;Alternatively, can also be the user institute
Information is controlled for the permission of specific resources in role, so that it is determined that whether role where the user has permission for the specific money
Source executes corresponding operation, at this time, it may be necessary to further include resource identification in permission inquiry request;Alternatively, can also be further
Comprising resource identification and permission control mark in permission inquiry request, specific money is directed to inquire user place role
Whether source has the right to execute a certain permission, and then is executed to the respective operations of the user according to query result and let pass or intercept etc.
Reason.
Step S306, according to receive resource updates request and/or permission update request, update resource data table and/
Or permissions data table;According to updated resource data table and/or permissions data table, updated with resource more in role-security table
The corresponding role-security information of relevant each user role is asked in new request and/or permission update.
Wherein, resource updates request passes through preset power by preset resource updates interface, permission update request
Limit update interface.About resource updates request and permission update request and resource updates interface and permission more new interface
Detail can refer to the description of step S104 in embodiment one, and details are not described herein again.
Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from role
It limits to delete in table and asks relevant data record with resource updates request and/or permission update;When resource updates request is insertion
Type and/or permission update request for be inserted into type when, according to permission corresponding with the resource information of insertion control information and/
Or resource information corresponding with the permission of insertion control information, corresponding data record is added in role-security table.
It is alternatively possible to which obtaining permission corresponding with the resource information being inserted by preset configuration interface controls information
And/or resource information corresponding with the permission of insertion control information, corresponding data record is added in role-security table.Its
In, above-mentioned configuration interface includes:First kind configuration for configuring corresponding permission control information for the resource information of insertion connects
Mouthful, and/or, for configuring interface for the second class of the permission control corresponding resource information of information configuration being inserted into.About role
The update mode of authority list can be directly with reference to the update mode about access authorization for resource contingency table in one S104 of embodiment, about configuration
The set-up mode of interface can be directly with reference to the set-up mode about configuration interface in one S104 of embodiment, and details are not described herein again.
In conclusion in the present embodiment, by increasing Role Information on the basis of embodiment two, to which resource be weighed
Limit contingency table upgrades to role-security table, so can to corresponding to each different role resource and its permission individually managed
Reason.The present embodiment is two corresponding improvement embodiment of embodiment, and therefore, the present embodiment necessarily has the whole of embodiment one, two
Advantage, on this basis, additionally it is possible to realize following effect:It is managed collectively convenient for the user to different role, improves use
The efficiency of family management.For example, according to grade classification can be multiclass by user, it be directed to the corresponding angle per class user setting respectively
Color, and the corresponding resource of corresponding configuration and its permission, to realize resource and its be able to access that the user of different role sees
The effect that is all different of permission, provide convenience for the management of mass users, be particularly suitable for complicated multi-user and big number
According in scene.
Fig. 4 shows the flow diagram of the application permission configuration method based on tables of data of the embodiment of the present invention four.Such as
Shown in Fig. 4, this method includes:
Step S401 is stored by preset permissions data table and is weighed by preset resource data table storage resource information
Limit control information.
The detail of this step can refer to the description of step S101 in embodiment one, and details are not described herein again.Pass through difference
Default resource data table, permissions data table can respectively store resource information and permission control information, to make resource
Information controls information respectively as two mutually independent control objects with permission, and then convenient for being directed to two in subsequent step
Control object is individually managed.
Step S402 determines each resource information in resource data table and each permission control in permissions data table
Incidence relation between information.
Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include
Diversified forms.The resource information and permissions data table of the resource data table storage being separately provided can be deposited by implementing the step
The permission control information association of storage is got up.When it is implemented, can directly with reference in embodiment one about access authorization for resource contingency table
Part determines above-mentioned incidence relation.
Step S403, according to above-mentioned incidence relation and it is each application and the correspondence between each resource information, be
Each application configuration applies corresponding application permission information with this.
Wherein, application permission information includes:This applies corresponding resource information, and applies corresponding resource information with this
Corresponding permission controls information.Specifically, the corresponding application permission of each application can be stored by preset application permission table
Information;Wherein, application permission table can ask be updated according to the application update received, and application update request passes through in advance
If application more new interface send;Wherein, include using the type of update request:It is inserted into type, deletes type, and/or modification
Type.
When it is implemented, on the basis of the application permission information is equivalent to the access authorization for resource contingency table in embodiment one into
One step increases application message, which can be by individually being stored using table, i.e.,:It will by application permission information
Using interrelated between table, resource data table and permissions data table three, determined and the money for each resource
The corresponding each application in source and its corresponding authority information.By the above-mentioned means, can will apply, resource and permission are made respectively
It is managed individually to manage object, and the correspondence between three management objects is determined by application permission information, from
And realize the purpose convenient for extension.In addition to table, resource data table and three tables of data of permissions data table will be applied interrelated
Realization method except, an application field can also be added directly in the access authorization for resource contingency table of embodiment one, for depositing
Application message is stored up, in short, the present invention does not limit specific implementation details.
It can be seen that the main distinction between the present embodiment and above three embodiments is:It can be applied to comprehensive power
It limits in management system, to manage the authority information of multiple applications simultaneously by same set of system.For example, for application one and
Speech corresponds to resource A, resource B and resource C;For application two, correspond to resource A, resource C and resource D.
It can be seen that resource A and resource C are existed simultaneously in two different applications, at this point, need to be only directed in application permission information
Resource A and resource C adds the identification information about application one and application two simultaneously, thus by the corresponding association of resource
Get up.
Optionally, in the present embodiment, further comprise following step S404 to step S406.
Step S404 stores the corresponding application permission information of each application by preset application permission table.
Wherein, for storing above application authority information, which is equivalent to application table, money application permission table
The tables of data that source data table and permissions data table three obtain after being associated.Application permission table can be according to the application received
Update request is updated, and application update request is sent by preset application more new interface;Wherein, using update request
Type includes:It is inserted into type, deletes type, and/or modification type.Wherein, it is mainly used for in application table using more new interface
Information be modified, such as add or delete application etc..
Step S405 is determined and is wrapped in application permission table according to the application identities for including in the permission inquiry request received
The query result corresponding with permission inquiry request contained.
For example, when user terminal needs to access the resource in a certain application, it can be to Rights Management System sending permission
Inquiry request the application to be accessed of determination and can be tied using corresponding inquiry with this according to application identities wherein included
Fruit.Specifically, which can be permission control information of the user for all resources in application, to look into comprehensively
Ask the permission situation of the user in this application;Alternatively, can also be permission control of the user for the specific resources in application
Information processed, so that it is determined that whether the user has permission executes corresponding operation for the specific resources in the application, at this time, it may be necessary to
Resource identification is further included in permission inquiry request;Alternatively, can also include further resource mark in permission inquiry request
Know and permission control identifies, to inquire whether the user has the right to execute a certain permission for the specific resources in application,
And then the processing such as let pass or intercept are executed to the respective operations of the user according to query result.
Step S406, according to receive resource updates request and/or permission update request, update resource data table and/
Or permissions data table;According to updated resource data table and/or permissions data table, updated with resource more in application permission table
The corresponding application permission information of relevant each application is asked in new request and/or permission update.
Wherein, resource updates request passes through preset power by preset resource updates interface, permission update request
Limit update interface.About resource updates request and permission update request and resource updates interface and permission more new interface
Detail can refer to the description of step S104 in embodiment one, and details are not described herein again.
Specifically, when resource updates request is deletion type and/or permission update request is to delete type, from application power
It limits to delete in table and asks relevant data record with resource updates request and/or permission update;When resource updates request is insertion
Type and/or permission update request for be inserted into type when, according to permission corresponding with the resource information of insertion control information and/
Or resource information corresponding with the permission of insertion control information, corresponding data record is added in application permission table.It is optional
Ground, can be obtained by preset configuration interface with the resource information corresponding permission control information being inserted into and/or with insertion
Permission control the corresponding resource information of information, corresponding data record is added in application permission table.Wherein, above-mentioned configuration
Interface includes:The first kind for configuring corresponding permission control information for the resource information of insertion configures interface, and/or, it uses
The second class that the corresponding resource information of information configuration is controlled in the permission for insertion configures interface.Update about application permission table
Mode can be directly with reference to the update mode about access authorization for resource contingency table in one S104 of embodiment, the setting side about configuration interface
Formula can be directly with reference to the set-up mode about configuration interface in one S104 of embodiment, and details are not described herein again.
In conclusion in the present embodiment, by increasing application message on the basis of embodiment one, to which resource be weighed
Limit contingency table upgrades to application permission table, so can to corresponding to each different application resource and its permission individually managed
Reason.The present embodiment is one corresponding improvement embodiment of embodiment, and therefore, necessarily the whole with embodiment one is excellent for the present embodiment
Gesture, on this basis, additionally it is possible to realize following effect:The permission that multiple applications can be directed to simultaneously is managed, and avoids list
Solely it is directed to the troublesome operation of the corresponding permission of each application and development.In addition, similar with embodiment one, the present embodiment will be applied, be provided
Source and permission are split as three independent tables of data and are managed respectively, and are established between three by application permission table
Association, and remain for operating the operate interface of each tables of data in advance in a program (except resource updates interface mentioned above, permission
Further include applying more new interface outside more new interface and configuration interface), and the table structure of each tables of data (including applying table) is
It is fixed, correspondingly, it is preset in program code for being accessed to tables of data according to the table structure of each tables of data
Data table access sentence, since table structure immobilizes, data table access sentence can be directly fixed in program code
In, it, only need to can be real by the reserved operate interface for operating each tables of data when needing to change the content of tables of data
Now to the modification of table content, it can be seen that, therefore data table access sentence, works as application without being changed with the update of table content
After modification (such as after newly-increased or one application of deletion), it need to only be modified to corresponding tables of data by corresponding operate interface
, entire program code is without carrying out any change, to improve the scalability of program.It can be seen that the present embodiment
In, other than by resource and permission separate management, it will also apply and individually be managed as an individual management object, from
And the number of applications that whole system is applicable in can be neatly adjusted, it provides convenience for development.
In addition, any combinations can be carried out between aforementioned four embodiment in the present invention, i.e.,:It is corresponding in each embodiment
Step can be applied to other each embodiments, and the present invention does not limit this.For example, in example IV, it can also be pre-
First configure the user role corresponding to each terminal user;Then application permission information further comprises:It is corresponding with user role
Resource information and its corresponding permission control information.Correspondingly, mentioned above reserved each for operating in a program
The operate interface of tables of data is except resource updates interface mentioned above, permission more new interface, configuration interface and update is applied to connect
Further include user's more new interface and the update of role interface in embodiment two, three except mouthful, correspondingly, aforementioned four is implemented
The total data table mentioned in example, including user's table, Jiao Sebiao, user role table, using table etc., table structure is fixation
, it can be modified by the data table access sentence being solidificated in program code, to realize the purpose being adjusted flexibly.
Furthermore it is also possible to above-mentioned each tables of data is combined, for example, establishing an association summary table so that mentioned in the present invention
It is interrelated between all tables of data corresponding to all management objects (user, role, application, resource and permission), into
And realize the purpose of flexible management.
Fig. 6 shows the functional block diagram of the access authorization for resource managing device of the embodiment of the present invention five.As shown in fig. 6, the dress
Set including:
First configuration module 61, suitable for the user role being pre-configured with corresponding to each terminal user;
Determining module 62, each resource information and preset permissions data being adapted to determine that in preset resource data table
The incidence relation between each permission control information in table;
Second configuration module 63 is suitable for according to the incidence relation, for the configuration of each user role and the user role phase
Corresponding role-security information;
Wherein, the role-security information includes:The corresponding resource information of the user role, and with the user role pair
The corresponding permission control information of resource information answered.
Optionally, wherein second configuration module 63 is particularly adapted to:Each use is stored by preset role-security table
The corresponding role-security information of family role;
Wherein, the role-security table can be updated according to the update of role request received, and the role is more
New request is sent by preset update of role interface;Wherein, the type of the update of role request includes:It is inserted into type, deletes
Except type, and/or modification type.
Optionally, wherein first configuration module 61 is particularly adapted to:Each end is configured in preset user role table
User role corresponding to end subscriber;
Then second configuration module 63 is further adapted for:
According to the user identifier for including in the permission inquiry request received, inquire in the user role table with the user
Identify corresponding user role;
According to the role-security table and the user role corresponding with the user identifier, corresponding inquiry is determined
As a result.
Optionally, wherein described device further comprises update module 64, is suitable for:
According to the resource updates request and/or permission update request received, the resource data table and/or permission are updated
Tables of data;
According to updated resource data table and/or permissions data table, update and the money in the role-security table
The corresponding role-security information of relevant each user role is asked in source update request and/or permission update.
Optionally, wherein the type of the resource updates request includes at least one of the following:It is newly spent more money on for being inserted into
The insertion type of source information, the deletion type for deleting existing resource information;
The type of the permission update request includes at least one of the following:Information is controlled for being inserted into newly-increased permission
It is inserted into type, for deleting the deletion type for having had permission control information.
Optionally, wherein the resource updates request is asked by preset resource updates interface, the permission update
It asks and interface is updated by preset permission.
Optionally, wherein the update module 64 is particularly adapted to:
When resource updates request be that delete type and/or permission update request be deletion type, from described
It is deleted in role-security table and asks relevant data record with resource updates request and/or permission update;
When the resource updates request be inserted into type and/or the permission update request be insertion type when, according to
The corresponding permission control information of resource information of insertion and/or resource information corresponding with the permission of insertion control information,
Corresponding data record is added in the role-security table.
Optionally, wherein the update module 64 is particularly adapted to::
By preset configuration interface obtain the permission control information corresponding with resource information that is being inserted into and/or with
The permission of insertion controls the corresponding resource information of information, and corresponding data record is added in the role-security table;
Wherein, the configuration interface includes:The for configuring that corresponding permission controls information for the resource information of insertion
One kind configuration interface, and/or, the second class configuration for controlling the corresponding resource information of information configuration for the permission of insertion connects
Mouthful.
Fig. 7 shows the structural schematic diagram of a kind of electronic equipment of the embodiment of the present invention six, and the specific embodiment of the invention is simultaneously
The specific implementation of electronic equipment is not limited.
As shown in fig. 7, the electronic equipment may include:Processor (processor) 702, communication interface
(Communications Interface) 704, memory (memory) 706 and communication bus 708.
Wherein:
Processor 702, communication interface 704 and memory 706 complete mutual communication by communication bus 708.
Communication interface 704, for being communicated with the network element of miscellaneous equipment such as client or other servers etc..
Processor 702 can specifically be executed for executing program 710 in above-mentioned access authorization for resource management method embodiment
Correlation step.
Specifically, program 710 may include program code, which includes computer-managed instruction.
Processor 702 may be central processor CPU or specific integrated circuit ASIC (Application
Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention
Road.The one or more processors that electronic equipment includes can be same type of processor, such as one or more CPU;Also may be used
To be different types of processor, such as one or more CPU and one or more ASIC.
Memory 706, for storing program 710.Memory 706 may include high-speed RAM memory, it is also possible to further include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.
Program 710 specifically can be used for so that processor 702 executes following operation:
It is pre-configured with the user role corresponding to each terminal user;
Determine each resource information in preset resource data table and each permission in preset permissions data table
Control the incidence relation between information;
According to the incidence relation, role-security information corresponding with the user role is configured for each user role;
Wherein, the role-security information includes:The corresponding resource information of the user role, and with the user role pair
The corresponding permission control information of resource information answered.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
The corresponding role-security information of each user role is stored by preset role-security table;
Wherein, the role-security table can be updated according to the update of role request received, and the role is more
New request is sent by preset update of role interface;Wherein, the type of the update of role request includes:It is inserted into type, deletes
Except type, and/or modification type.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
The user role corresponding to each terminal user is configured in preset user role table;
Then after described the step of configuring role-security information corresponding with the user role for each user role, into
One step includes:
According to the user identifier for including in the permission inquiry request received, inquire in the user role table with the user
Identify corresponding user role;
According to the role-security table and the user role corresponding with the user identifier, corresponding inquiry is determined
As a result.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
According to the resource updates request and/or permission update request received, the resource data table and/or permission are updated
Tables of data;
According to updated resource data table and/or permissions data table, update and the money in the role-security table
The corresponding role-security information of relevant each user role is asked in source update request and/or permission update.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
Wherein, the type of the resource updates request includes at least one of the following:For being inserted into newly-increased resource information
Insertion type, the deletion type for deleting existing resource information;
The type of the permission update request includes at least one of the following:Information is controlled for being inserted into newly-increased permission
It is inserted into type, for deleting the deletion type for having had permission control information.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
Wherein, the resource updates request is passed through by preset resource updates interface, the permission update request
Preset permission updates interface.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
When resource updates request be that delete type and/or permission update request be deletion type, from described
It is deleted in role-security table and asks relevant data record with resource updates request and/or permission update;
When the resource updates request be inserted into type and/or the permission update request be insertion type when, according to
The corresponding permission control information of resource information of insertion and/or resource information corresponding with the permission of insertion control information,
Corresponding data record is added in the role-security table.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
By preset configuration interface obtain the permission control information corresponding with resource information that is being inserted into and/or with
The permission of insertion controls the corresponding resource information of information, and corresponding data record is added in the role-security table;
Wherein, the configuration interface includes:The for configuring that corresponding permission controls information for the resource information of insertion
One kind configuration interface, and/or, the second class configuration for controlling the corresponding resource information of information configuration for the permission of insertion connects
Mouthful.
In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour
Make:
Wherein, the resource information includes at least one of the following:Menu resource, data resource, button resource, table money
Source;
The permission control information includes at least one of the following:It can be seen that class permission, readable class permission, writeable class are weighed
Limit.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, it constructs required by this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific implementation mode are expressly incorporated in the specific implementation mode, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in the one or more equipment different from the embodiment.It can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, abstract and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization, or to run on one or more processors
Software module realize, or realized with combination thereof.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) realize one in access authorization for resource managing device according to the ... of the embodiment of the present invention
The some or all functions of a little or whole components.The present invention is also implemented as executing method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).Such realization
The program of the present invention can may be stored on the computer-readable medium, or can be with the form of one or more signal.This
The signal of sample can be downloaded from internet website and be obtained, and either provided on carrier signal or carried in any other forms
For.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be by the same hardware branch
To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and be run after fame
Claim.
The invention also discloses:A1. a kind of access authorization for resource management method, including:
It is pre-configured with the user role corresponding to each terminal user;
Determine each resource information in preset resource data table and each permission in preset permissions data table
Control the incidence relation between information;
According to the incidence relation, role-security information corresponding with the user role is configured for each user role;
Wherein, the role-security information includes:The corresponding resource information of the user role, and with the user role pair
The corresponding permission control information of resource information answered.
A2. the method according to A1, wherein described to configure angle corresponding with the user role for each user role
The step of color authority information, specifically includes:The corresponding role-security letter of each user role is stored by preset role-security table
Breath;
Wherein, the role-security table can be updated according to the update of role request received, and the role is more
New request is sent by preset update of role interface;Wherein, the type of the update of role request includes:It is inserted into type, deletes
Except type, and/or modification type.
A3. the method according to A2, wherein the step for being pre-configured with the user role corresponding to each terminal user
Suddenly it specifically includes:The user role corresponding to each terminal user is configured in preset user role table;
Then after described the step of configuring role-security information corresponding with the user role for each user role, into
One step includes:
According to the user identifier for including in the permission inquiry request received, inquire in the user role table with the user
Identify corresponding user role;
According to the role-security table and the user role corresponding with the user identifier, corresponding inquiry is determined
As a result.
A4. the method according to A2 or A3, wherein described that each user role is stored by preset role-security table
After the step of corresponding role-security information, further comprise:
According to the resource updates request and/or permission update request received, the resource data table and/or permission are updated
Tables of data;
According to updated resource data table and/or permissions data table, update and the money in the role-security table
The corresponding role-security information of relevant each user role is asked in source update request and/or permission update.
A5. the method according to A4, wherein the type of the resource updates request includes at least one of the following:
Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information;
The type of the permission update request includes at least one of the following:Information is controlled for being inserted into newly-increased permission
It is inserted into type, for deleting the deletion type for having had permission control information.
A6. the method according to A5, wherein the resource updates request passes through preset resource updates interface,
The permission update request updates interface by preset permission.
A7. according to any methods of A4-A6, wherein described according to updated resource data table and/or permission number
According to table, update and resource updates request and/or the relevant each user of permission update request in the role-security table
The step of role's corresponding role-security information, specifically includes:
When resource updates request be that delete type and/or permission update request be deletion type, from described
It is deleted in role-security table and asks relevant data record with resource updates request and/or permission update;
When the resource updates request be inserted into type and/or the permission update request be insertion type when, according to
The corresponding permission control information of resource information of insertion and/or resource information corresponding with the permission of insertion control information,
Corresponding data record is added in the role-security table.
A8. the method according to A7, wherein according to permission corresponding with the resource information of insertion control information and/
Or resource information corresponding with the permission of insertion control information, add corresponding data record in the role-security table
Step specifically includes:
By preset configuration interface obtain the permission control information corresponding with resource information that is being inserted into and/or with
The permission of insertion controls the corresponding resource information of information, and corresponding data record is added in the role-security table;
Wherein, the configuration interface includes:The for configuring that corresponding permission controls information for the resource information of insertion
One kind configuration interface, and/or, the second class configuration for controlling the corresponding resource information of information configuration for the permission of insertion connects
Mouthful.
A9. according to any methods of A1-A8, wherein the resource information includes at least one of the following:Menu
Resource, data resource, button resource, table resource;
The permission control information includes at least one of the following:It can be seen that class permission, readable class permission, writeable class are weighed
Limit.
B10. a kind of access authorization for resource managing device, including:
First configuration module, suitable for the user role being pre-configured with corresponding to each terminal user;
Determining module, each resource information being adapted to determine that in preset resource data table and preset permissions data table
In each permission control information between incidence relation;
Second configuration module is suitable for, according to the incidence relation, configuring for each user role opposite with the user role
The role-security information answered;
Wherein, the role-security information includes:The corresponding resource information of the user role, and with the user role pair
The corresponding permission control information of resource information answered.
B11. the device according to B10, wherein second configuration module is particularly adapted to:It is weighed by preset role
It limits table and stores the corresponding role-security information of each user role;
Wherein, the role-security table can be updated according to the update of role request received, and the role is more
New request is sent by preset update of role interface;Wherein, the type of the update of role request includes:It is inserted into type, deletes
Except type, and/or modification type.
B12. the device according to B11, wherein first configuration module is particularly adapted to:In preset user role
The user role corresponding to each terminal user is configured in table;
Then second configuration module is further adapted for:
According to the user identifier for including in the permission inquiry request received, inquire in the user role table with the user
Identify corresponding user role;
According to the role-security table and the user role corresponding with the user identifier, corresponding inquiry is determined
As a result.
B13. the device according to B11 or B12, wherein described device further comprises update module, is suitable for:
According to the resource updates request and/or permission update request received, the resource data table and/or permission are updated
Tables of data;
According to updated resource data table and/or permissions data table, update and the money in the role-security table
The corresponding role-security information of relevant each user role is asked in source update request and/or permission update.
B14. the device according to B13, wherein the type of resource updates request include it is following at least one
It is a:Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information;
The type of the permission update request includes at least one of the following:Information is controlled for being inserted into newly-increased permission
It is inserted into type, for deleting the deletion type for having had permission control information.
B15. the device according to B14, wherein the resource updates request is connect by preset resource updates interface
It receives, the permission update request updates interface by preset permission.
B16. according to any devices of B13-B15, wherein the update module is particularly adapted to:
When resource updates request be that delete type and/or permission update request be deletion type, from described
It is deleted in role-security table and asks relevant data record with resource updates request and/or permission update;
When the resource updates request be inserted into type and/or the permission update request be insertion type when, according to
The corresponding permission control information of resource information of insertion and/or resource information corresponding with the permission of insertion control information,
Corresponding data record is added in the role-security table.
B17. the device according to B16, wherein the update module is particularly adapted to::
By preset configuration interface obtain the permission control information corresponding with resource information that is being inserted into and/or with
The permission of insertion controls the corresponding resource information of information, and corresponding data record is added in the role-security table;
Wherein, the configuration interface includes:The for configuring that corresponding permission controls information for the resource information of insertion
One kind configuration interface, and/or, the second class configuration for controlling the corresponding resource information of information configuration for the permission of insertion connects
Mouthful.
B18. according to any devices of B10-B17, wherein the resource information includes at least one of the following:
Menu resource, data resource, button resource, table resource;
The permission control information includes at least one of the following:It can be seen that class permission, readable class permission, writeable class are weighed
Limit.
C19. a kind of electronic equipment, including:Processor, memory, communication interface and communication bus, the processor, institute
It states memory and the communication interface completes mutual communication by the communication bus;
The memory makes the processor execute such as storing an at least executable instruction, the executable instruction
The corresponding operation of access authorization for resource management method described in any one of A1-A9.
D20. a kind of computer storage media is stored with an at least executable instruction in the storage medium, described to hold
Row instruction makes processor execute the corresponding operation of access authorization for resource management method as described in any one of A1-A9.
Claims (10)
1. a kind of access authorization for resource management method, including:
It is pre-configured with the user role corresponding to each terminal user;
Determine each resource information in preset resource data table and each permission control in preset permissions data table
Incidence relation between information;
According to the incidence relation, role-security information corresponding with the user role is configured for each user role;
Wherein, the role-security information includes:The corresponding resource information of the user role, and it is corresponding with the user role
The corresponding permission of resource information controls information.
2. according to the method described in claim 1, wherein, described is that the configuration of each user role is corresponding with the user role
The step of role-security information, specifically includes:The corresponding role-security of each user role is stored by preset role-security table
Information;
Wherein, the role-security table can be updated according to the update of role request received, and the update of role is asked
It asks and is sent by preset update of role interface;Wherein, the type of the update of role request includes:It is inserted into type, deletes class
Type, and/or modification type.
It is described to be pre-configured with the user role corresponding to each terminal user 3. according to the method described in claim 2, wherein
Step specifically includes:The user role corresponding to each terminal user is configured in preset user role table;
Then after described the step of configuring role-security information corresponding with the user role for each user role, further
Including:
According to the user identifier for including in the permission inquiry request received, inquire in the user role table with the user identifier
Corresponding user role;
According to the role-security table and the user role corresponding with the user identifier, corresponding inquiry knot is determined
Fruit.
4. according to the method in claim 2 or 3, wherein described to store each user angle by preset role-security table
After the step of color corresponding role-security information, further comprise:
According to the resource updates request and/or permission update request received, the resource data table and/or permissions data are updated
Table;
According to updated resource data table and/or permissions data table, updated with the resource more in the role-security table
The corresponding role-security information of relevant each user role is asked in new request and/or permission update.
5. according to the method described in claim 4, wherein, the type of the resource updates request include it is following at least one
It is a:Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information;
The type of the permission update request includes at least one of the following:The insertion of information is controlled for being inserted into newly-increased permission
Type has had permission the deletion type for controlling information for deleting.
6. according to the method described in claim 5, wherein, the resource updates request is connect by preset resource updates interface
It receives, the permission update request updates interface by preset permission.
7. according to any methods of claim 4-6, wherein described according to updated resource data table and/or permission
Tables of data, update and resource updates request and/or the relevant each use of permission update request in the role-security table
The step of family role corresponding role-security information, specifically includes:
When resource updates request is deletion type and/or permission update request is to delete type, from the role
It is deleted in authority list and asks relevant data record with resource updates request and/or permission update;
When the resource updates request be inserted into type and/or the permission update request be insertion type when, according to insertion
Resource information corresponding permission control information and/or resource information corresponding with the permission of insertion control information, in institute
It states and adds corresponding data record in role-security table.
8. a kind of access authorization for resource managing device, including:
First configuration module, suitable for the user role being pre-configured with corresponding to each terminal user;
In determining module, each resource information being adapted to determine that in preset resource data table and preset permissions data table
Incidence relation between each permission control information;
Second configuration module is suitable for, according to the incidence relation, configuring for each user role corresponding with the user role
Role-security information;
Wherein, the role-security information includes:The corresponding resource information of the user role, and it is corresponding with the user role
The corresponding permission of resource information controls information.
9. a kind of electronic equipment, including:Processor, memory, communication interface and communication bus, the processor, the storage
Device and the communication interface complete mutual communication by the communication bus;
The memory makes the processor execute as right is wanted for storing an at least executable instruction, the executable instruction
Ask the corresponding operation of access authorization for resource management method described in any one of 1-7.
10. a kind of computer storage media, an at least executable instruction, the executable instruction are stored in the storage medium
Processor is set to execute the corresponding operation of access authorization for resource management method as described in any one of claim 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810564488.9A CN108763960A (en) | 2018-06-04 | 2018-06-04 | Access authorization for resource management method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810564488.9A CN108763960A (en) | 2018-06-04 | 2018-06-04 | Access authorization for resource management method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108763960A true CN108763960A (en) | 2018-11-06 |
Family
ID=64002453
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810564488.9A Pending CN108763960A (en) | 2018-06-04 | 2018-06-04 | Access authorization for resource management method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108763960A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110064201A (en) * | 2019-04-28 | 2019-07-30 | 北京字节跳动网络技术有限公司 | A kind of control method of role-security, device, electronic equipment and storage medium |
CN110287723A (en) * | 2019-05-21 | 2019-09-27 | 北京达佳互联信息技术有限公司 | Resource information determines method, apparatus, electronic equipment and storage medium |
CN110290112A (en) * | 2019-05-30 | 2019-09-27 | 平安科技(深圳)有限公司 | Authority control method, device, computer equipment and storage medium |
CN111191251A (en) * | 2018-11-14 | 2020-05-22 | 中移(杭州)信息技术有限公司 | Data authority control method, device and storage medium |
CN111193905A (en) * | 2019-12-24 | 2020-05-22 | 视联动力信息技术股份有限公司 | Monitoring resource allocation method and device and readable storage medium |
CN111400170A (en) * | 2020-02-29 | 2020-07-10 | 中国平安人寿保险股份有限公司 | Data permission testing method and device |
CN112100585A (en) * | 2020-08-19 | 2020-12-18 | 北京小米移动软件有限公司 | Authority management method, device and storage medium |
CN112583877A (en) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | Resource information processing method and device, storage medium and electronic equipment |
CN112635034A (en) * | 2020-12-30 | 2021-04-09 | 微医云(杭州)控股有限公司 | Service authority system, authority distribution method, electronic device and storage medium |
WO2021098275A1 (en) * | 2019-11-22 | 2021-05-27 | 支付宝(杭州)信息技术有限公司 | Smart graph computing-based privacy resource permission control method and apparatus, and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104573478A (en) * | 2014-11-20 | 2015-04-29 | 深圳市远行科技有限公司 | User authority management system of Web application |
CN106156603A (en) * | 2016-06-24 | 2016-11-23 | 浙江万朋教育科技股份有限公司 | A kind of realization manages console module mandate and the system and method for rights management |
CN107707572A (en) * | 2017-11-21 | 2018-02-16 | 国云科技股份有限公司 | A kind of WEB safety access control methods of based role |
-
2018
- 2018-06-04 CN CN201810564488.9A patent/CN108763960A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104573478A (en) * | 2014-11-20 | 2015-04-29 | 深圳市远行科技有限公司 | User authority management system of Web application |
CN106156603A (en) * | 2016-06-24 | 2016-11-23 | 浙江万朋教育科技股份有限公司 | A kind of realization manages console module mandate and the system and method for rights management |
CN107707572A (en) * | 2017-11-21 | 2018-02-16 | 国云科技股份有限公司 | A kind of WEB safety access control methods of based role |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111191251A (en) * | 2018-11-14 | 2020-05-22 | 中移(杭州)信息技术有限公司 | Data authority control method, device and storage medium |
CN110064201A (en) * | 2019-04-28 | 2019-07-30 | 北京字节跳动网络技术有限公司 | A kind of control method of role-security, device, electronic equipment and storage medium |
CN110287723A (en) * | 2019-05-21 | 2019-09-27 | 北京达佳互联信息技术有限公司 | Resource information determines method, apparatus, electronic equipment and storage medium |
CN110290112A (en) * | 2019-05-30 | 2019-09-27 | 平安科技(深圳)有限公司 | Authority control method, device, computer equipment and storage medium |
CN110290112B (en) * | 2019-05-30 | 2022-08-12 | 平安科技(深圳)有限公司 | Authority control method and device, computer equipment and storage medium |
CN112583877A (en) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | Resource information processing method and device, storage medium and electronic equipment |
CN112583877B (en) * | 2019-09-30 | 2022-11-22 | 北京国双科技有限公司 | Resource information processing method and device, storage medium and electronic equipment |
WO2021098275A1 (en) * | 2019-11-22 | 2021-05-27 | 支付宝(杭州)信息技术有限公司 | Smart graph computing-based privacy resource permission control method and apparatus, and device |
CN111193905B (en) * | 2019-12-24 | 2022-11-01 | 视联动力信息技术股份有限公司 | Monitoring resource allocation method and device and readable storage medium |
CN111193905A (en) * | 2019-12-24 | 2020-05-22 | 视联动力信息技术股份有限公司 | Monitoring resource allocation method and device and readable storage medium |
CN111400170A (en) * | 2020-02-29 | 2020-07-10 | 中国平安人寿保险股份有限公司 | Data permission testing method and device |
CN112100585A (en) * | 2020-08-19 | 2020-12-18 | 北京小米移动软件有限公司 | Authority management method, device and storage medium |
CN112635034A (en) * | 2020-12-30 | 2021-04-09 | 微医云(杭州)控股有限公司 | Service authority system, authority distribution method, electronic device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108763960A (en) | Access authorization for resource management method and device | |
CN108776756A (en) | Access authorization for resource management method and device | |
US11093257B2 (en) | Resource configuration based on dynamic group membership | |
CN108830101A (en) | Application permission configuration method and device based on tables of data | |
US8776011B2 (en) | Method and apparatus for managing components of application enablement suite | |
US9172621B1 (en) | Unified account metadata management | |
CN107077388A (en) | System and method for providing end-to-end life cycle in multi-tenant application server environment | |
CN107077389A (en) | For using system and method during global operation in multi-tenant application server environment | |
CN111460506A (en) | Data access control method and device | |
US11212171B1 (en) | Customer self-service cloud application provisioning | |
CN112925647A (en) | Cloud edge coordination system, and control method and device of cluster resources | |
US8180894B2 (en) | System and method for policy-based registration of client devices | |
Boschi et al. | RabbitMQ cookbook | |
CN101727475B (en) | Method, device and system for acquiring database access process | |
US20160149854A1 (en) | Framework for Application to Application Interworking in the M2M World | |
CN104520821A (en) | Dynamic directory controls | |
CN108804944A (en) | Access authorization for resource configuration method based on tables of data and device | |
US20230153289A1 (en) | Application driven data change conflict handling system | |
US10855540B2 (en) | System and method for policy based networked application management | |
CN116566656A (en) | Resource access method, device, equipment and computer storage medium | |
CN111736807B (en) | Tenant function customization method and device and tenant-based office system | |
CN111488199B (en) | Method, device, equipment and medium for creating virtual machine | |
US10911371B1 (en) | Policy-based allocation of provider network resources | |
JP6947129B2 (en) | Management device and network management method | |
Juuti | Definition and implementation of general-purpose iot cloud backend |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181106 |
|
RJ01 | Rejection of invention patent application after publication |