CN108763960A

CN108763960A - Access authorization for resource management method and device

Info

Publication number: CN108763960A
Application number: CN201810564488.9A
Authority: CN
Inventors: 徐皓
Original assignee: Beijing Qihoo Technology Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2018-06-04
Filing date: 2018-06-04
Publication date: 2018-11-06

Abstract

The invention discloses a kind of access authorization for resource management method and devices.Wherein, this method includes：It is pre-configured with the user role corresponding to each terminal user；Determine the incidence relation between each resource information in preset resource data table and each permission control information in preset permissions data table；According to incidence relation, role-security information corresponding with the user role is configured for each user role；Wherein, role-security information includes：The corresponding resource information of the user role, and the corresponding permission of resource information corresponding with the user role control information.Using scheme provided by the invention, can not only to corresponding to each different role resource and its permission individually managed, and convenient for being managed collectively to the user of different role, improve the efficiency of user management.

Description

Access authorization for resource management method and device

Technical field

The present invention relates to field of computer technology, and in particular to a kind of access authorization for resource management method and device.

Background technology

Currently, with the development of science and technology, computer science and technology is widely used in every field. As the direction of management information system towards mostly application, multi-user continue to develop, the safety problem of system also gradually receives people Concern.And rights management is used as and ensures the indispensable component part of whole system data safety, in modern software system In possess consequence.Reliability, safety and the stability of rights management directly affect the normal operation of system.

For often some specific resource being directed to due to permission, in existing permission control mode, Usually the management object of the corresponding permission of each resource in application system property as a whole is managed.Example Such as, for the various menu formula resource for including in application, each menu permission corresponding with the menu is carried out respectively The management object of the permission for indicating the menu is obtained after binding.

But inventor has found in the implementation of the present invention, aforesaid way in the prior art at least exists as follows Defect：Since the corresponding permission of resource is managed as a management object, before carrying out permission control, It needs to know in advance the type and quantity of whole resources, and is directed to the corresponding permission of each resource distribution respectively, to will be each The corresponding permission of resource binds a management object.So, when needing the type and quantity to resource to adjust It is whole, or when modifying to the type of permission, then it needs to redefine between resource and its corresponding permission after adjustment Correspondence, and new management object is regenerated, and then need to rewrite program code to realize for new management pair The management of elephant operates.It can be seen that the autgmentability of existing way is poor, resource category can not be applied to and/or permission type is flexible In changeable application scenarios.

Invention content

In view of the above problems, it is proposed that the present invention overcoming the above problem in order to provide one kind or solves at least partly State the access authorization for resource management method and device of problem.

According to an aspect of the invention, there is provided access authorization for resource management method, including：

It is pre-configured with the user role corresponding to each terminal user；

Determine each resource information in preset resource data table and each permission in preset permissions data table Control the incidence relation between information；

According to the incidence relation, role-security information corresponding with the user role is configured for each user role；

Wherein, the role-security information includes：The corresponding resource information of the user role, and with the user role pair The corresponding permission control information of resource information answered

According to a further aspect of the present invention, access authorization for resource managing device is provided, including：

First configuration module, suitable for the user role being pre-configured with corresponding to each terminal user；

Determining module, each resource information being adapted to determine that in preset resource data table and preset permissions data table In each permission control information between incidence relation；

Second configuration module is suitable for, according to the incidence relation, configuring for each user role opposite with the user role The role-security information answered；

Wherein, the role-security information includes：The corresponding resource information of the user role, and with the user role pair The corresponding permission control information of resource information answered.

According to another aspect of the invention, a kind of electronic equipment is provided, including：Processor, memory, communication interface and Communication bus, processor, memory and communication interface complete mutual communication by communication bus；

Memory makes processor execute above-mentioned access authorization for resource management for storing an at least executable instruction, executable instruction The corresponding operation of method.

In accordance with a further aspect of the present invention, a kind of computer storage media is provided, at least one is stored in storage medium Executable instruction, executable instruction make processor execute such as the corresponding operation of above-mentioned access authorization for resource management method.

It, can be using resource and permission as two solely according to access authorization for resource management method disclosed by the invention and device Vertical management object is managed, and carries out pipe by the incidence relation between two management objects of access authorization for resource contingency table pair Reason, and by increasing Role Information in access authorization for resource contingency table, to which access authorization for resource contingency table is upgraded to role-security Table, so can to corresponding to each different role resource and its permission individually managed.In this approach, it if desired repaiies Change the type and quantity of resource and/or permission, the tables of data where corresponding management object only need to be accordingly changed, without weight New to determine new management object and rewrite control routine for new management object, therefore, rights management mode is flexible, can Autgmentability is stronger, is particularly suitable for the type and quantity of resource and permission and can not predefine, and needs in use flexibly The application scenarios of adjustment.And it can also realize following effect：It is managed collectively, improves convenient for the user to different role The efficiency of user management.For example, according to grade classification can be multiclass by user, it be directed to the corresponding angle per class user setting respectively Color, and the corresponding resource of corresponding configuration and its permission, to realize resource and its be able to access that the user of different role sees The effect that is all different of permission, provide convenience for the management of mass users, be particularly suitable for complicated multi-user and big number According in scene.

Above description is only the general introduction of technical solution of the present invention, in order to better understand the technical means of the present invention, And can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, below the special specific implementation mode for lifting the present invention.

Description of the drawings

By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are common for this field Technical staff will become clear.Attached drawing only for the purpose of illustrating preferred embodiments, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings：

Fig. 1 shows the flow diagram of the access authorization for resource configuration method based on tables of data of the embodiment of the present invention one；

Fig. 2 shows the flow diagrams of the access authorization for resource management method of the embodiment of the present invention two；

Fig. 3 shows the flow diagram of the access authorization for resource management method of the embodiment of the present invention three；

Fig. 4 shows the flow diagram of the application permission configuration method based on tables of data of the embodiment of the present invention four；

Fig. 5 is shown according to resource data table Res provided by the embodiments of the present application, permissions data table PermDef, resource power Limit the relation schematic diagram between contingency table RB；

Fig. 6 shows the functional block diagram of the access authorization for resource managing device of the embodiment of the present invention five；

Fig. 7 shows the structural schematic diagram of a kind of electronic equipment of the embodiment of the present invention six.

Specific implementation mode

The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Completely it is communicated to those skilled in the art.

Fig. 1 shows the flow diagram of the access authorization for resource configuration method based on tables of data of the embodiment of the present invention one.Such as Shown in Fig. 1, this method includes：

Step S101 is stored by preset permissions data table and is weighed by preset resource data table storage resource information Limit control information.

Wherein, for resource data table for storing various resource informations, which can be menu resource, data money Source, button resource, table resource, file resource, page elements resource etc. can also be it other than the resource for the above-mentioned type Its resource information.Permissions data table is for storing various permissions control information, wherein above-mentioned permission control information such as can be with For visible class permission, such as be visible control authority to some button, some picture on the page, can also be that readable class is weighed Limit, revises permission, access rights of menu etc. at the operating right of writeable class permission, function module to upper transmitting file, in addition to for Can also be other types of permission outside above-mentioned permission.

In order to make it easy to understand, Fig. 5 is shown according to resource data table Res provided by the embodiments of the present application, permissions data table Relation schematic diagram between PermDef, access authorization for resource contingency table RB.As shown in figure 5, resource data table Res can be with storage menu 1, the resource informations such as menu 2, table 1；Permissions data table PermDef can store visible permission, operable permission, read-only authority etc. Permission controls information.It is worth noting that, the resource data table Res, permissions data table PermDef shown in Fig. 5 are merely illustrative The type and quantity of schematic diagram, resource information and permission control information in actual conditions are usually more, and Fig. 5 is only simplified shows It is intended to.

Resource information and permission control information are stored can respectively by presetting resource data table, permissions data table respectively Get up, to make resource information and permission control information respectively as two mutually independent control objects, and then convenient for rear It is individually managed for two control objects in continuous step.

Step S102 passes through each resource information and power in preset access authorization for resource contingency table storage resource tables of data Limit the incidence relation between each permission control information in tables of data.

Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include Diversified forms.For example, can be that each resource information controls the one-to-one incidence relation of information difference with each permission, may be used also Think that multiple resource informations control the incidence relation of information corresponding to a permission or a resource information corresponds to multiple power The incidence relation of limit control information.By implement the step can be separately provided resource data table storage resource information and The permission control information association of permissions data table storage is got up, to two management object (i.e. resource informations and permission number It is believed that breath) between incidence relation be managed.

As shown in figure 5, access authorization for resource contingency table RB is for each resource information and permission in storage resource tables of data The incidence relation between each permission control information in tables of data.Above-mentioned incidence relation such as can be money as shown in Figure 5 The association of the incidence relation of menu 1 and visible permissions mapping in the permission contingency table RB of source, menu 2 and operable permissions mapping is closed System, the incidence relation of table 1 and read-only authority mapping.It is worth noting that, the access authorization for resource contingency table RB shown in above-mentioned Fig. 5 is only Simplified illustrative diagram.In actual conditions, access authorization for resource contingency table is likely more complexity.

Step S103 is the corresponding power of each resource information configuration in resource data table according to access authorization for resource contingency table Limit control information.

According to each resource information in access authorization for resource contingency table and each permission in permissions data table control information it Between incidence relation, can be that each resource information in resource data table configures corresponding permission and controls information, to realize pair The permission control effect answered.By the above-mentioned means, resource and permission can be managed as individual management object, And the correspondence between two management objects is determined by access authorization for resource contingency table, to realize the purpose convenient for extension.

In addition, in traditional rights management mode, due to the type and quantity and the corresponding power of each resource of resource Limit type can be known and immobilize in advance, therefore, resource and its corresponding permission be carried out pipe as a management object Reason is feasible.For example, in banking system, bank web page is divided into two versions of professional version and public version, respectively face To different grades of user, correspondingly, the resource of variety classes and quantity is separately included in the webpage of two versions, and each Resource and its corresponding permission are changeless：In professional version webpage comprising " transferring accounts ", " financing " and " inquire it is bright Carefully " three menus, and only include then " transferring accounts " this menu in public version webpage, correspondingly, by the various menu and its right The control authority answered is tied to a management object and is managed and is fully able to meet the needs of above-mentioned scene.Therefore, existing In mode, management object and its corresponding operation logic after binding are directly fixed in program code, if do not reprogram Words can not carry out any change to resource and permission.But inventor has found in the implementation of the present invention：Certain specific Application scenarios in, the type and quantity of menu can not often predefine, thereby increases and it is possible to the update of business dynamic change, Therefore, in the present embodiment, resource and its corresponding permission are split as two mutually independent management objects and carry out pipe respectively Reason, and established by access authorization for resource contingency table and safeguard the contact between two management objects.Further optionally, in order to just In modification, the operate interface for operating each tables of data is reserved in program code, will pass through corresponding operate interface It modifies to corresponding tables of data, to realize the purpose of the update based on tables of data and renewal authority configuration mode.

Optionally, in the present embodiment, further comprise following step S104 to step S106.

Step S104, according to receive resource updates request and/or permission update request, update resource data table and/ Or permissions data table.

Wherein, for carrying out various updates to the resource information in resource data table, permission update is asked for resource updates request It asks for carrying out various updates to the permission control information in permissions data table.The type of above-mentioned resource updates request includes following At least one of：Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information；Power The type of limit update request includes at least one of the following：The insertion type of information is controlled for being inserted into newly-increased permission, is used for Delete the deletion type for having had permission control information.Specifically, resource updates request and/or permission update request can be by default Command format is sent, for example, can be realized by way of inputting corresponding control command on control backstage by maintenance personnel.Or Person is intuitively managed for the ease of maintenance personnel, remains for operating the behaviour of each tables of data in advance in program code in advance Make interface：Resource updates interface for updating resource data table and the permission more new interface for renewal authority tables of data. Above-mentioned resource updates interface and permission more new interface can be arranged by a variety of realizations such as corresponding input frame, drop-down table, buttons In operation interface, in order to which maintenance personnel operates.Correspondingly, resource updates request is connect by preset resource updates interface It receives, permission update request updates interface by preset permission.It, will be according to the resource after receiving resource updates request Data content in the corresponding modification resource data table of update request；It similarly, will be according to the power after receiving permission update request Data content in the corresponding modification authority tables of data of limit update request.In addition, when this method is applied to big data scene, due to The type of resource and its permission is various, therefore, for the ease of management, can press resource data table and permissions data table respectively Be divided into multiple resource subdatasheets and permission subdatasheet according to default classifying rules, correspondingly, resource updates request and/ Or identified comprising corresponding tables of data in permission update request, quickly to determine subnumber to be updated according to tables of data mark According to the specific storage location of table.

For example, it is assumed that in a particular application, it may be necessary to the type and quantity of resource are changed, for example, for having resource Corresponding subordinate's child resource is set, such as further adds the resources such as second-level menu or control button under further menu, at this time Newly-increased resource information need to be only inputted by resource updates interface, to expand resource data table.It it may also be desirable to The type for controlling permission information refines, for example, the control authority of existing resource is directed to different types of subscriber segmentation It is a variety of, such as " checking user information " this menu resource, primary user, which is only capable of checking in user information, includes Telephone number, the behavior event that secondary user then can be to include in searching user's information, three-level user even can inquire use The detailed address for including in the information of family, at this point, newly-increased various permissions only, which need to be inputted, by permission more new interface controls information (example The permission such as checked the permission of behavior event, check detailed address), and by itself and corresponding menu resource in subsequent step It is associated.

Step S105 updates access authorization for resource contingency table according to updated resource data table and/or permissions data table.

Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from resource It limits to delete in contingency table and asks relevant data record with resource updates request and/or permission update；When resource updates request is When being inserted into type and/or permission update request to be inserted into type, is controlled and believed according to permission corresponding with the resource information of insertion Breath and/or resource information corresponding with the permission of insertion control information, add corresponding data in access authorization for resource contingency table Record.Such as by the newly-increased resource information of resource updates interface input after, then need further by newly-increased resource information with The incidence relation of its corresponding permission control information is added in access authorization for resource contingency table.For another example, when passing through permission more new interface After the newly-increased various permissions control information of input, need the association between the corresponding resource of the permission increased newly control information Relationship is added in access authorization for resource contingency table.

It is alternatively possible to which obtaining permission corresponding with the resource information being inserted by preset configuration interface controls information And/or resource information corresponding with the permission of insertion control information, corresponding data note is added in access authorization for resource contingency table Record.Wherein, above-mentioned configuration interface includes：The first kind for configuring corresponding permission control information for the resource information of insertion is matched Interface is set, and/or, for configuring interface for the second class of the permission control corresponding resource information of information configuration being inserted into.Wherein, Above-mentioned configuration interface can be the new with this of the automatic spring after user is by the newly-increased resource information of resource updates interface input The corresponding configuration interface of resource information of increasing, the configuration interface can voluntarily be inputted and be increased newly by user by way of input frame The corresponding permission of resource controls information, also permission corresponding with newly-increased resource can be selected to control by user by way of combobox Information.Above-mentioned resource updates interface can also replace with permission more new interface, and correspondingly, configuration interface can input and permission control The corresponding resource information of information processed.In short, related program code can be called quickly to change resource by configuring interface Data content in permission contingency table realizes the convenient matching between newly-increased resource and permission, to improve more new resources power Limit the efficiency of contingency table.

Step S106, according to updated access authorization for resource contingency table, be in resource data table with resource updates request and/or The relevant each corresponding permission of Web Service of permission update request controls information.

It is resource data according to updated access authorization for resource contingency table after being finished to the update of access authorization for resource contingency table Permission corresponding with resource updates request and/or the permission update relevant each Web Service of request controls information in table, So as to the authority configuration situation of each resource of adaptation.

In conclusion in the present embodiment, resource and permission are split as two independent tables of data and are managed, and Association between the two is established by access authorization for resource contingency table, and remains for operating the operation of each tables of data in advance in a program Interface (including resource updates interface mentioned above, permission more new interface and configuration interface), and the table knot of each tables of data Structure is fixed, correspondingly, is preset in program code for being visited tables of data according to the table structure of each tables of data The data table access sentence asked, since table structure immobilizes, data table access sentence can be directly fixed in program generation In code, when needing to change the content of tables of data, it need to only pass through the reserved operate interface for operating each tables of data Realize to the modification of table content (such as can be inputted by resource updates interface increase newly resource name and in Background scheduling it is corresponding Insert sentences realize resource addition operation), it can be seen that, data table access sentence is not necessarily to change with the update of table content, Therefore, it after resource or permission are changed, need to only be modified to corresponding tables of data by corresponding operate interface, entirely Program code is without carrying out any change, to improve the scalability of program.This kind of mode is particularly suitable for the big of complexity In data application scene, and it can not predefine or need in the type and quantity of resource and permission in the scene that dynamic adjusts It is especially suitable.

Fig. 2 shows the flow diagrams of the access authorization for resource management method of the embodiment of the present invention two.As shown in Fig. 2, the party Method includes：

Step S201 is stored by preset permissions data table and is weighed by preset resource data table storage resource information Limit control information.

The detail of this step can refer to the description of step S101 in embodiment one, and details are not described herein again.Pass through difference Default resource data table, permissions data table can respectively store resource information and permission control information, to make resource Information controls information respectively as two mutually independent control objects with permission, and then convenient for being directed to two in subsequent step Control object is individually managed.

Step S202 determines each resource information in resource data table and each permission control in permissions data table Incidence relation between information.

Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include Diversified forms.For example, can be that each resource information controls the one-to-one incidence relation of information difference with each permission, may be used also Think that multiple resource informations control the incidence relation of information corresponding to a permission or a resource information corresponds to multiple power The incidence relation of limit control information.By implement the step can be separately provided resource data table storage resource information and The permission control information association of permissions data table storage is got up.When it is implemented, can directly with reference in embodiment one about resource The part of permission contingency table determines above-mentioned incidence relation.

Step S203 configures user corresponding with the terminal user according to above-mentioned incidence relation for each terminal user Authority information.

Wherein, user right information includes：The corresponding resource information of the terminal user, and it is corresponding with the terminal user The corresponding permission of resource information controls information.When it is implemented, the user right information is equivalent to the money in embodiment one User information is further increased on the basis of the permission contingency table of source, which can be deposited by individual user's table Storage, i.e.,：Will be interrelated between user's table, resource data table and permissions data table three by user right information, It is determined and the corresponding each user of the resource and its corresponding authority information for each resource.By the above-mentioned means, energy It is enough to be managed user, resource and permission as individual management object, and determine three by user right information The correspondence between object is managed, to realize the purpose convenient for extension.

Optionally, in the present embodiment, further comprise following step S204 to step S106.

Step S204 stores the corresponding user right information of each terminal user by preset user right table.

Wherein, for storing above-mentioned user right information, which is equivalent to user's table, money user right table The tables of data that source data table and permissions data table three obtain after being associated.The user right table can be according to the use received Family update request is updated, and user updates request and sent by preset user more new interface；Wherein, user updates request Type include：It is inserted into type, deletes type, and/or modification type.Wherein, user's more new interface is mainly used for user's table In information be modified, such as add or delete user etc..

Step S205 is determined and is wrapped in user right table according to the user identifier for including in the permission inquiry request received The query result corresponding with permission inquiry request contained.

For example, when user terminal needs to access a certain resource, can to Rights Management System sending permission inquiry request, Query result corresponding with the user can be determined according to user identifier wherein included.Specifically, which can be with It is permission control information of the user for all resources, to the permission situation of the thorough search user；Alternatively, can also be The user controls information for the permission of specific resources, so that it is determined that whether the user has permission for specific resources execution pair The operation answered, at this time, it may be necessary to further include resource identification in permission inquiry request；Alternatively, can also further be looked into permission It askes comprising resource identification and permission control mark in request, to inquire whether the user has the right to execute for specific resources A certain permission, and then the processing such as let pass or intercept are executed to the respective operations of the user according to query result.

Step S206, according to receive resource updates request and/or permission update request, update resource data table and/ Or permissions data table；According to updated resource data table and/or permissions data table, updated with resource more in user right table The corresponding user right information of relevant each terminal user is asked in new request and/or permission update.

Wherein, resource updates request passes through preset power by preset resource updates interface, permission update request Limit update interface.About resource updates request and permission update request and resource updates interface and permission more new interface Detail can refer to the description of step S104 in embodiment one, and details are not described herein again.

Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from user It limits to delete in table and asks relevant data record with resource updates request and/or permission update；When resource updates request is insertion Type and/or permission update request for be inserted into type when, according to permission corresponding with the resource information of insertion control information and/ Or resource information corresponding with the permission of insertion control information, corresponding data record is added in user right table.It is optional Ground, can be obtained by preset configuration interface with the resource information corresponding permission control information being inserted into and/or with insertion Permission control the corresponding resource information of information, corresponding data record is added in user right table.Wherein, above-mentioned configuration Interface includes：The first kind for configuring corresponding permission control information for the resource information of insertion configures interface, and/or, it uses The second class that the corresponding resource information of information configuration is controlled in the permission for insertion configures interface.Update about user right table Mode can be directly with reference to the update mode about access authorization for resource contingency table in one S104 of embodiment, the setting side about configuration interface Formula can be directly with reference to the set-up mode about configuration interface in one S104 of embodiment, and details are not described herein again.

In conclusion in the present embodiment, by increasing relevant user in the access authorization for resource contingency table in embodiment one Information, to which access authorization for resource contingency table upgraded to user right table, and then can be to the money corresponding to each different user Source and its permission are individually managed.The present embodiment is one corresponding improvement embodiment of embodiment, and therefore, the present embodiment necessarily has There are whole advantages of embodiment one, on this basis, additionally it is possible to realize following effect：The type for the resource that different user is seen and Quantity may be different, and the type of the corresponding permission of resource may also be different, therefore, can be to each user by user right table Permission carry out flexible management.

Fig. 3 shows the flow diagram of the access authorization for resource management method of the embodiment of the present invention three.As shown in figure 3, the party Method includes：

Step S301 is pre-configured with the user role corresponding to each terminal user.

Wherein, terminal user is each user for including in application system, can specifically be stored by user's table.At this It in embodiment, is managed for the ease of the terminal user to magnanimity, is further provided with multiple user roles, including but unlimited In：Administrator, department manager A, the common employee of A departments, department manager B etc..In the present embodiment, give tacit consent to the terminal of same role The control authority of user is identical, and thus, it is possible to identical permission control mode is multiplexed into the use of magnanimity by role In family, to bring facility for the management of mass users.When it is implemented, can be configured in preset user role table each User role corresponding to terminal user stores the corresponding pass between terminal user and its user role by user role table System.

Step S302 is determined in each resource information and the preset permissions data table in preset resource data table Incidence relation between each permission control information.

Resource information and permission control information are stored can respectively by presetting resource data table, permissions data table respectively Get up, to make resource information and permission control information respectively as two mutually independent control objects, and then convenient for rear It is individually managed for two control objects in continuous step.When it is implemented, can refer in embodiment one about resource data Table, permissions data table and access authorization for resource contingency table etc. partly determine above-mentioned incidence relation, and details are not described herein again.

Step S303 configures role corresponding with the user role according to above-mentioned incidence relation for each user role Authority information.

Wherein, role-security information includes：The corresponding resource information of the user role, and it is corresponding with the user role The corresponding permission of resource information controls information.When it is implemented, the role-security information is equivalent to the money in embodiment one User role information is further increased on the basis of the permission contingency table of source, which can pass through individual role's table It is stored, i.e.,：It will be interrelated between role's table, resource data table and permissions data table three by role-security information Get up, is determined and the corresponding each role of the resource and its corresponding authority information for each resource.Pass through above-mentioned side Formula can be managed role, resource and permission as individual management object, and be determined by role-security information Correspondence between three management objects, to realize the purpose convenient for extension.

Optionally, in the present embodiment, further comprise following step S304 to step S306.

Step S304 stores the corresponding role-security information of each user role by preset role-security table.

Wherein, for storing above-mentioned role-security information, which is equivalent to role's table, money role-security table The tables of data that source data table and permissions data table three obtain after being associated.The role-security table can be according to the angle received Color update request is updated, and update of role request is sent by preset update of role interface；Wherein, update of role is asked Type include：It is inserted into type, deletes type, and/or modification type.Wherein, update of role interface is mainly used for diagonal color table In information be modified, such as add or delete role and its corresponding user etc..

Step S305, according to the user identifier for including in the permission inquiry request received, inquire in user role table with The corresponding user role of the user identifier；According to role-security table and user role corresponding with the user identifier, really Fixed corresponding query result.

For example, when user terminal needs to access a certain resource, can to Rights Management System sending permission inquiry request, User role corresponding with the user, and then basis can be determined according to user identifier wherein included and user role table Role-security table determines corresponding query result.Specifically, which can be role where the user for all The permission of resource controls information, to the permission situation of thorough search user place role；Alternatively, can also be the user institute Information is controlled for the permission of specific resources in role, so that it is determined that whether role where the user has permission for the specific money Source executes corresponding operation, at this time, it may be necessary to further include resource identification in permission inquiry request；Alternatively, can also be further Comprising resource identification and permission control mark in permission inquiry request, specific money is directed to inquire user place role Whether source has the right to execute a certain permission, and then is executed to the respective operations of the user according to query result and let pass or intercept etc. Reason.

Step S306, according to receive resource updates request and/or permission update request, update resource data table and/ Or permissions data table；According to updated resource data table and/or permissions data table, updated with resource more in role-security table The corresponding role-security information of relevant each user role is asked in new request and/or permission update.

Specifically, it when resource updates request is deletion type and/or permission update request is to delete type, is weighed from role It limits to delete in table and asks relevant data record with resource updates request and/or permission update；When resource updates request is insertion Type and/or permission update request for be inserted into type when, according to permission corresponding with the resource information of insertion control information and/ Or resource information corresponding with the permission of insertion control information, corresponding data record is added in role-security table.

It is alternatively possible to which obtaining permission corresponding with the resource information being inserted by preset configuration interface controls information And/or resource information corresponding with the permission of insertion control information, corresponding data record is added in role-security table.Its In, above-mentioned configuration interface includes：First kind configuration for configuring corresponding permission control information for the resource information of insertion connects Mouthful, and/or, for configuring interface for the second class of the permission control corresponding resource information of information configuration being inserted into.About role The update mode of authority list can be directly with reference to the update mode about access authorization for resource contingency table in one S104 of embodiment, about configuration The set-up mode of interface can be directly with reference to the set-up mode about configuration interface in one S104 of embodiment, and details are not described herein again.

In conclusion in the present embodiment, by increasing Role Information on the basis of embodiment two, to which resource be weighed Limit contingency table upgrades to role-security table, so can to corresponding to each different role resource and its permission individually managed Reason.The present embodiment is two corresponding improvement embodiment of embodiment, and therefore, the present embodiment necessarily has the whole of embodiment one, two Advantage, on this basis, additionally it is possible to realize following effect：It is managed collectively convenient for the user to different role, improves use The efficiency of family management.For example, according to grade classification can be multiclass by user, it be directed to the corresponding angle per class user setting respectively Color, and the corresponding resource of corresponding configuration and its permission, to realize resource and its be able to access that the user of different role sees The effect that is all different of permission, provide convenience for the management of mass users, be particularly suitable for complicated multi-user and big number According in scene.

Fig. 4 shows the flow diagram of the application permission configuration method based on tables of data of the embodiment of the present invention four.Such as Shown in Fig. 4, this method includes：

Step S401 is stored by preset permissions data table and is weighed by preset resource data table storage resource information Limit control information.

Step S402 determines each resource information in resource data table and each permission control in permissions data table Incidence relation between information.

Wherein, above-mentioned incidence relation is used to indicate contacting between resource information and permission control information, specifically may include Diversified forms.The resource information and permissions data table of the resource data table storage being separately provided can be deposited by implementing the step The permission control information association of storage is got up.When it is implemented, can directly with reference in embodiment one about access authorization for resource contingency table Part determines above-mentioned incidence relation.

Step S403, according to above-mentioned incidence relation and it is each application and the correspondence between each resource information, be Each application configuration applies corresponding application permission information with this.

Wherein, application permission information includes：This applies corresponding resource information, and applies corresponding resource information with this Corresponding permission controls information.Specifically, the corresponding application permission of each application can be stored by preset application permission table Information；Wherein, application permission table can ask be updated according to the application update received, and application update request passes through in advance If application more new interface send；Wherein, include using the type of update request：It is inserted into type, deletes type, and/or modification Type.

When it is implemented, on the basis of the application permission information is equivalent to the access authorization for resource contingency table in embodiment one into One step increases application message, which can be by individually being stored using table, i.e.,：It will by application permission information Using interrelated between table, resource data table and permissions data table three, determined and the money for each resource The corresponding each application in source and its corresponding authority information.By the above-mentioned means, can will apply, resource and permission are made respectively It is managed individually to manage object, and the correspondence between three management objects is determined by application permission information, from And realize the purpose convenient for extension.In addition to table, resource data table and three tables of data of permissions data table will be applied interrelated Realization method except, an application field can also be added directly in the access authorization for resource contingency table of embodiment one, for depositing Application message is stored up, in short, the present invention does not limit specific implementation details.

It can be seen that the main distinction between the present embodiment and above three embodiments is：It can be applied to comprehensive power It limits in management system, to manage the authority information of multiple applications simultaneously by same set of system.For example, for application one and Speech corresponds to resource A, resource B and resource C；For application two, correspond to resource A, resource C and resource D. It can be seen that resource A and resource C are existed simultaneously in two different applications, at this point, need to be only directed in application permission information Resource A and resource C adds the identification information about application one and application two simultaneously, thus by the corresponding association of resource Get up.

Optionally, in the present embodiment, further comprise following step S404 to step S406.

Step S404 stores the corresponding application permission information of each application by preset application permission table.

Wherein, for storing above application authority information, which is equivalent to application table, money application permission table The tables of data that source data table and permissions data table three obtain after being associated.Application permission table can be according to the application received Update request is updated, and application update request is sent by preset application more new interface；Wherein, using update request Type includes：It is inserted into type, deletes type, and/or modification type.Wherein, it is mainly used for in application table using more new interface Information be modified, such as add or delete application etc..

Step S405 is determined and is wrapped in application permission table according to the application identities for including in the permission inquiry request received The query result corresponding with permission inquiry request contained.

For example, when user terminal needs to access the resource in a certain application, it can be to Rights Management System sending permission Inquiry request the application to be accessed of determination and can be tied using corresponding inquiry with this according to application identities wherein included Fruit.Specifically, which can be permission control information of the user for all resources in application, to look into comprehensively Ask the permission situation of the user in this application；Alternatively, can also be permission control of the user for the specific resources in application Information processed, so that it is determined that whether the user has permission executes corresponding operation for the specific resources in the application, at this time, it may be necessary to Resource identification is further included in permission inquiry request；Alternatively, can also include further resource mark in permission inquiry request Know and permission control identifies, to inquire whether the user has the right to execute a certain permission for the specific resources in application, And then the processing such as let pass or intercept are executed to the respective operations of the user according to query result.

Step S406, according to receive resource updates request and/or permission update request, update resource data table and/ Or permissions data table；According to updated resource data table and/or permissions data table, updated with resource more in application permission table The corresponding application permission information of relevant each application is asked in new request and/or permission update.

Specifically, when resource updates request is deletion type and/or permission update request is to delete type, from application power It limits to delete in table and asks relevant data record with resource updates request and/or permission update；When resource updates request is insertion Type and/or permission update request for be inserted into type when, according to permission corresponding with the resource information of insertion control information and/ Or resource information corresponding with the permission of insertion control information, corresponding data record is added in application permission table.It is optional Ground, can be obtained by preset configuration interface with the resource information corresponding permission control information being inserted into and/or with insertion Permission control the corresponding resource information of information, corresponding data record is added in application permission table.Wherein, above-mentioned configuration Interface includes：The first kind for configuring corresponding permission control information for the resource information of insertion configures interface, and/or, it uses The second class that the corresponding resource information of information configuration is controlled in the permission for insertion configures interface.Update about application permission table Mode can be directly with reference to the update mode about access authorization for resource contingency table in one S104 of embodiment, the setting side about configuration interface Formula can be directly with reference to the set-up mode about configuration interface in one S104 of embodiment, and details are not described herein again.

In conclusion in the present embodiment, by increasing application message on the basis of embodiment one, to which resource be weighed Limit contingency table upgrades to application permission table, so can to corresponding to each different application resource and its permission individually managed Reason.The present embodiment is one corresponding improvement embodiment of embodiment, and therefore, necessarily the whole with embodiment one is excellent for the present embodiment Gesture, on this basis, additionally it is possible to realize following effect：The permission that multiple applications can be directed to simultaneously is managed, and avoids list Solely it is directed to the troublesome operation of the corresponding permission of each application and development.In addition, similar with embodiment one, the present embodiment will be applied, be provided Source and permission are split as three independent tables of data and are managed respectively, and are established between three by application permission table Association, and remain for operating the operate interface of each tables of data in advance in a program (except resource updates interface mentioned above, permission Further include applying more new interface outside more new interface and configuration interface), and the table structure of each tables of data (including applying table) is It is fixed, correspondingly, it is preset in program code for being accessed to tables of data according to the table structure of each tables of data Data table access sentence, since table structure immobilizes, data table access sentence can be directly fixed in program code In, it, only need to can be real by the reserved operate interface for operating each tables of data when needing to change the content of tables of data Now to the modification of table content, it can be seen that, therefore data table access sentence, works as application without being changed with the update of table content After modification (such as after newly-increased or one application of deletion), it need to only be modified to corresponding tables of data by corresponding operate interface , entire program code is without carrying out any change, to improve the scalability of program.It can be seen that the present embodiment In, other than by resource and permission separate management, it will also apply and individually be managed as an individual management object, from And the number of applications that whole system is applicable in can be neatly adjusted, it provides convenience for development.

In addition, any combinations can be carried out between aforementioned four embodiment in the present invention, i.e.,：It is corresponding in each embodiment Step can be applied to other each embodiments, and the present invention does not limit this.For example, in example IV, it can also be pre- First configure the user role corresponding to each terminal user；Then application permission information further comprises：It is corresponding with user role Resource information and its corresponding permission control information.Correspondingly, mentioned above reserved each for operating in a program The operate interface of tables of data is except resource updates interface mentioned above, permission more new interface, configuration interface and update is applied to connect Further include user's more new interface and the update of role interface in embodiment two, three except mouthful, correspondingly, aforementioned four is implemented The total data table mentioned in example, including user's table, Jiao Sebiao, user role table, using table etc., table structure is fixation , it can be modified by the data table access sentence being solidificated in program code, to realize the purpose being adjusted flexibly. Furthermore it is also possible to above-mentioned each tables of data is combined, for example, establishing an association summary table so that mentioned in the present invention It is interrelated between all tables of data corresponding to all management objects (user, role, application, resource and permission), into And realize the purpose of flexible management.

Fig. 6 shows the functional block diagram of the access authorization for resource managing device of the embodiment of the present invention five.As shown in fig. 6, the dress Set including:

First configuration module 61, suitable for the user role being pre-configured with corresponding to each terminal user；

Determining module 62, each resource information and preset permissions data being adapted to determine that in preset resource data table The incidence relation between each permission control information in table；

Second configuration module 63 is suitable for according to the incidence relation, for the configuration of each user role and the user role phase Corresponding role-security information；

Optionally, wherein second configuration module 63 is particularly adapted to：Each use is stored by preset role-security table The corresponding role-security information of family role；

Wherein, the role-security table can be updated according to the update of role request received, and the role is more New request is sent by preset update of role interface；Wherein, the type of the update of role request includes：It is inserted into type, deletes Except type, and/or modification type.

Optionally, wherein first configuration module 61 is particularly adapted to：Each end is configured in preset user role table User role corresponding to end subscriber；

Then second configuration module 63 is further adapted for：

According to the user identifier for including in the permission inquiry request received, inquire in the user role table with the user Identify corresponding user role；

According to the role-security table and the user role corresponding with the user identifier, corresponding inquiry is determined As a result.

Optionally, wherein described device further comprises update module 64, is suitable for：

According to the resource updates request and/or permission update request received, the resource data table and/or permission are updated Tables of data；

According to updated resource data table and/or permissions data table, update and the money in the role-security table The corresponding role-security information of relevant each user role is asked in source update request and/or permission update.

Optionally, wherein the type of the resource updates request includes at least one of the following：It is newly spent more money on for being inserted into The insertion type of source information, the deletion type for deleting existing resource information；

The type of the permission update request includes at least one of the following：Information is controlled for being inserted into newly-increased permission It is inserted into type, for deleting the deletion type for having had permission control information.

Optionally, wherein the resource updates request is asked by preset resource updates interface, the permission update It asks and interface is updated by preset permission.

Optionally, wherein the update module 64 is particularly adapted to：

When resource updates request be that delete type and/or permission update request be deletion type, from described It is deleted in role-security table and asks relevant data record with resource updates request and/or permission update；

When the resource updates request be inserted into type and/or the permission update request be insertion type when, according to The corresponding permission control information of resource information of insertion and/or resource information corresponding with the permission of insertion control information, Corresponding data record is added in the role-security table.

Optionally, wherein the update module 64 is particularly adapted to：：

By preset configuration interface obtain the permission control information corresponding with resource information that is being inserted into and/or with The permission of insertion controls the corresponding resource information of information, and corresponding data record is added in the role-security table；

Wherein, the configuration interface includes：The for configuring that corresponding permission controls information for the resource information of insertion One kind configuration interface, and/or, the second class configuration for controlling the corresponding resource information of information configuration for the permission of insertion connects Mouthful.

Fig. 7 shows the structural schematic diagram of a kind of electronic equipment of the embodiment of the present invention six, and the specific embodiment of the invention is simultaneously The specific implementation of electronic equipment is not limited.

As shown in fig. 7, the electronic equipment may include：Processor (processor) 702, communication interface (Communications Interface) 704, memory (memory) 706 and communication bus 708.

Wherein：

Processor 702, communication interface 704 and memory 706 complete mutual communication by communication bus 708.

Communication interface 704, for being communicated with the network element of miscellaneous equipment such as client or other servers etc..

Processor 702 can specifically be executed for executing program 710 in above-mentioned access authorization for resource management method embodiment Correlation step.

Specifically, program 710 may include program code, which includes computer-managed instruction.

Processor 702 may be central processor CPU or specific integrated circuit ASIC (Application Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention Road.The one or more processors that electronic equipment includes can be same type of processor, such as one or more CPU；Also may be used To be different types of processor, such as one or more CPU and one or more ASIC.

Memory 706, for storing program 710.Memory 706 may include high-speed RAM memory, it is also possible to further include Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.

Program 710 specifically can be used for so that processor 702 executes following operation：

It is pre-configured with the user role corresponding to each terminal user；

In a kind of optional mode, program 710 can specifically be further used for so that processor 702 executes following behaviour Make：

The corresponding role-security information of each user role is stored by preset role-security table；

The user role corresponding to each terminal user is configured in preset user role table；

Then after described the step of configuring role-security information corresponding with the user role for each user role, into One step includes：

Wherein, the type of the resource updates request includes at least one of the following：For being inserted into newly-increased resource information Insertion type, the deletion type for deleting existing resource information；

Wherein, the resource updates request is passed through by preset resource updates interface, the permission update request Preset permission updates interface.

Wherein, the resource information includes at least one of the following：Menu resource, data resource, button resource, table money Source；

The permission control information includes at least one of the following：It can be seen that class permission, readable class permission, writeable class are weighed Limit.

Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with teaching based on this.As described above, it constructs required by this kind of system Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can utilize various Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.

In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.

Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention：It is i.e. required to protect Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific implementation mode are expressly incorporated in the specific implementation mode, wherein each claim itself All as a separate embodiment of the present invention.

Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment Change and they are arranged in the one or more equipment different from the embodiment.It can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power Profit requires, abstract and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation It replaces.

In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed One of meaning mode can use in any combination.

The all parts embodiment of the present invention can be with hardware realization, or to run on one or more processors Software module realize, or realized with combination thereof.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) realize one in access authorization for resource managing device according to the ... of the embodiment of the present invention The some or all functions of a little or whole components.The present invention is also implemented as executing method as described herein Some or all equipment or program of device (for example, computer program and computer program product).Such realization The program of the present invention can may be stored on the computer-readable medium, or can be with the form of one or more signal.This The signal of sample can be downloaded from internet website and be obtained, and either provided on carrier signal or carried in any other forms For.

It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be by the same hardware branch To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and be run after fame Claim.

The invention also discloses：A1. a kind of access authorization for resource management method, including：

It is pre-configured with the user role corresponding to each terminal user；

A2. the method according to A1, wherein described to configure angle corresponding with the user role for each user role The step of color authority information, specifically includes：The corresponding role-security letter of each user role is stored by preset role-security table Breath；

A3. the method according to A2, wherein the step for being pre-configured with the user role corresponding to each terminal user Suddenly it specifically includes：The user role corresponding to each terminal user is configured in preset user role table；

A4. the method according to A2 or A3, wherein described that each user role is stored by preset role-security table After the step of corresponding role-security information, further comprise：

A5. the method according to A4, wherein the type of the resource updates request includes at least one of the following： Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information；

A6. the method according to A5, wherein the resource updates request passes through preset resource updates interface, The permission update request updates interface by preset permission.

A7. according to any methods of A4-A6, wherein described according to updated resource data table and/or permission number According to table, update and resource updates request and/or the relevant each user of permission update request in the role-security table The step of role's corresponding role-security information, specifically includes：

A8. the method according to A7, wherein according to permission corresponding with the resource information of insertion control information and/ Or resource information corresponding with the permission of insertion control information, add corresponding data record in the role-security table Step specifically includes：

A9. according to any methods of A1-A8, wherein the resource information includes at least one of the following：Menu Resource, data resource, button resource, table resource；

B10. a kind of access authorization for resource managing device, including：

B11. the device according to B10, wherein second configuration module is particularly adapted to：It is weighed by preset role It limits table and stores the corresponding role-security information of each user role；

B12. the device according to B11, wherein first configuration module is particularly adapted to：In preset user role The user role corresponding to each terminal user is configured in table；

Then second configuration module is further adapted for：

B13. the device according to B11 or B12, wherein described device further comprises update module, is suitable for：

B14. the device according to B13, wherein the type of resource updates request include it is following at least one It is a：Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information；

B15. the device according to B14, wherein the resource updates request is connect by preset resource updates interface It receives, the permission update request updates interface by preset permission.

B16. according to any devices of B13-B15, wherein the update module is particularly adapted to：

B17. the device according to B16, wherein the update module is particularly adapted to：：

B18. according to any devices of B10-B17, wherein the resource information includes at least one of the following： Menu resource, data resource, button resource, table resource；

C19. a kind of electronic equipment, including：Processor, memory, communication interface and communication bus, the processor, institute It states memory and the communication interface completes mutual communication by the communication bus；

The memory makes the processor execute such as storing an at least executable instruction, the executable instruction The corresponding operation of access authorization for resource management method described in any one of A1-A9.

D20. a kind of computer storage media is stored with an at least executable instruction in the storage medium, described to hold Row instruction makes processor execute the corresponding operation of access authorization for resource management method as described in any one of A1-A9.

Claims

1. a kind of access authorization for resource management method, including：

It is pre-configured with the user role corresponding to each terminal user；

Determine each resource information in preset resource data table and each permission control in preset permissions data table Incidence relation between information；

Wherein, the role-security information includes：The corresponding resource information of the user role, and it is corresponding with the user role The corresponding permission of resource information controls information.

2. according to the method described in claim 1, wherein, described is that the configuration of each user role is corresponding with the user role The step of role-security information, specifically includes：The corresponding role-security of each user role is stored by preset role-security table Information；

Wherein, the role-security table can be updated according to the update of role request received, and the update of role is asked It asks and is sent by preset update of role interface；Wherein, the type of the update of role request includes：It is inserted into type, deletes class Type, and/or modification type.

It is described to be pre-configured with the user role corresponding to each terminal user 3. according to the method described in claim 2, wherein Step specifically includes：The user role corresponding to each terminal user is configured in preset user role table；

Then after described the step of configuring role-security information corresponding with the user role for each user role, further Including：

According to the user identifier for including in the permission inquiry request received, inquire in the user role table with the user identifier Corresponding user role；

According to the role-security table and the user role corresponding with the user identifier, corresponding inquiry knot is determined Fruit.

4. according to the method in claim 2 or 3, wherein described to store each user angle by preset role-security table After the step of color corresponding role-security information, further comprise：

According to the resource updates request and/or permission update request received, the resource data table and/or permissions data are updated Table；

According to updated resource data table and/or permissions data table, updated with the resource more in the role-security table The corresponding role-security information of relevant each user role is asked in new request and/or permission update.

5. according to the method described in claim 4, wherein, the type of the resource updates request include it is following at least one It is a：Insertion type for being inserted into newly-increased resource information, the deletion type for deleting existing resource information；

The type of the permission update request includes at least one of the following：The insertion of information is controlled for being inserted into newly-increased permission Type has had permission the deletion type for controlling information for deleting.

6. according to the method described in claim 5, wherein, the resource updates request is connect by preset resource updates interface It receives, the permission update request updates interface by preset permission.

7. according to any methods of claim 4-6, wherein described according to updated resource data table and/or permission Tables of data, update and resource updates request and/or the relevant each use of permission update request in the role-security table The step of family role corresponding role-security information, specifically includes：

When resource updates request is deletion type and/or permission update request is to delete type, from the role It is deleted in authority list and asks relevant data record with resource updates request and/or permission update；

When the resource updates request be inserted into type and/or the permission update request be insertion type when, according to insertion Resource information corresponding permission control information and/or resource information corresponding with the permission of insertion control information, in institute It states and adds corresponding data record in role-security table.

8. a kind of access authorization for resource managing device, including：

In determining module, each resource information being adapted to determine that in preset resource data table and preset permissions data table Incidence relation between each permission control information；

Second configuration module is suitable for, according to the incidence relation, configuring for each user role corresponding with the user role Role-security information；

9. a kind of electronic equipment, including：Processor, memory, communication interface and communication bus, the processor, the storage Device and the communication interface complete mutual communication by the communication bus；

The memory makes the processor execute as right is wanted for storing an at least executable instruction, the executable instruction Ask the corresponding operation of access authorization for resource management method described in any one of 1-7.

10. a kind of computer storage media, an at least executable instruction, the executable instruction are stored in the storage medium Processor is set to execute the corresponding operation of access authorization for resource management method as described in any one of claim 1-7.