CN109756557B - User authority server and service method and system based on user authority - Google Patents

User authority server and service method and system based on user authority Download PDF

Info

Publication number
CN109756557B
CN109756557B CN201811406515.6A CN201811406515A CN109756557B CN 109756557 B CN109756557 B CN 109756557B CN 201811406515 A CN201811406515 A CN 201811406515A CN 109756557 B CN109756557 B CN 109756557B
Authority
CN
China
Prior art keywords
user
node
opc
authority
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811406515.6A
Other languages
Chinese (zh)
Other versions
CN109756557A (en
Inventor
杨耕田
侯丽丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BYD Co Ltd
Original Assignee
BYD Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BYD Co Ltd filed Critical BYD Co Ltd
Priority to CN201811406515.6A priority Critical patent/CN109756557B/en
Publication of CN109756557A publication Critical patent/CN109756557A/en
Application granted granted Critical
Publication of CN109756557B publication Critical patent/CN109756557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a user authority server, a service method and a service system based on user authority, wherein the method comprises the following steps: receiving an information acquisition request sent by user authority service equipment according to an authority service requirement through an OPC UA browsing interface; determining node data information corresponding to the information acquisition request in an OPC UA node space, and feeding back the node data information to user authority service equipment; receiving an authority service request input by user authority service equipment according to node data information through an OPC UA method call interface, and determining a method node corresponding to the authority service request in an OPC UA node space; and logging in the user authority service unit according to the method node so that the user authority service unit executes the method corresponding to the method node to provide the corresponding user authority service. Therefore, the decoupling among the modules related to the user authority service is realized, the system workload is reduced, and the flexibility of the system and the reliability and scalability of the user authority service are improved.

Description

User authority server and service method and system based on user authority
Technical Field
The invention relates to the technical field of rail communication, in particular to a user authority server, a service method and a service system based on user authority.
Background
The rail transit comprehensive monitoring system is a unified computer integrated platform which is constructed on the basis of modern network technology, computer technology, automation and information technology, and exchanges information with each access system in an integrated interconnection mode by adopting a general open hardware interface and a software communication protocol, so that the centralized monitoring function of each professional device and the information sharing and coordination interaction function among the systems are finally realized. The user authority service is an important component of the integrated monitoring system, and is used for providing unified user authority access control for modules such as a configuration tool, a Human Machine Interface (HMI), a real-time service, a historical service and the like, and ensuring the safety of system access.
In the related art, a Common Object Request Broker Architecture (CORBA) technology is adopted in the integrated monitoring system as a system service bus, a user permission service of the system service bus is usually realized by adopting a CORBA-based technology, the user login, permission verification and other services are realized by utilizing a CORBA-based remote Object service technology, the user permission service is realized by adopting the CORBA-based technology, different interfaces are required to be customized among various service modules (including modules such as a configuration tool, a Human Machine Interface (HMI), a real-time service and a history service) according to different manufacturers and production platforms, the workload is large, and the flexibility is low.
disclosure of Invention
The invention provides a user authority server, a service method and a service system based on user authority, and aims to solve the technical problems that in the prior art, the coupling degree of each module of the user authority service is high, and the system needs to customize a corresponding communication interface based on equipment provided by different manufacturers, so that the workload is high and the flexibility is low.
An embodiment of one aspect of the present invention provides a service method based on user rights, including the following steps: receiving an information acquisition request sent by user authority service equipment according to an authority service requirement through an OPC UA browsing interface; determining node data information corresponding to the information acquisition request in an OPC UA node space, and feeding back the node data information to the user authority service equipment through the OPC UA browsing interface; receiving an authority service request input by the user authority service equipment according to the node data information through an OPC UA method call interface, and determining a method node corresponding to the authority service request in the OPC UA node space; and logging in a user authority service unit according to the method node so as to enable the user authority service unit to execute a method corresponding to the method node to provide the user authority service corresponding to the authority service request.
Another embodiment of the present invention provides a user right server, including: the receiving module is used for receiving an information acquisition request sent by user authority service equipment according to the authority service requirement through an OPC UA (OLE for process control user interface) browsing interface; a first determining module, configured to determine node data information corresponding to the information acquisition request in an OPC UA node space; the feedback module is used for feeding the node data information back to the user authority service equipment through the OPC UA browsing interface; a second determining module, configured to receive, through an OPC UA method call interface, an authority service request input by the user authority service device according to the node data information, and determine a method node in the OPC UA node space corresponding to the authority service request; and the execution module is used for logging in a user authority service unit according to the method node so as to enable the user authority service unit to execute the method corresponding to the method node and provide the user authority service corresponding to the authority service request.
In another embodiment of the present invention, a user right-based service system is provided, which includes a user right service device and a user right server, wherein the user right server includes an OPC UA service unit and a user right service unit, the user right server is configured to execute the user right-based service method according to the first embodiment, the OPC UA service unit is communicatively connected to the user right service unit, and the user right service device is communicatively connected to the OPC UA service unit through an OPC UA standard interface provided by the OPC UA service unit.
The technical scheme disclosed by the invention has the following beneficial effects:
The method comprises the steps that an OPC UA browsing interface is used for receiving an information acquisition request sent by user authority service equipment according to an authority service requirement, node data information corresponding to the information acquisition request is determined in an OPC UA node space, the node data information is fed back to the user authority service equipment through the OPC UA browsing interface, further, the OPC UA method calling interface is used for receiving an authority service request input by the user authority service equipment according to the node data information, a method node corresponding to the authority service request in the OPC UA node space is determined, and finally, the user authority service unit is logged in a user authority service unit according to the method node so as to enable the user authority service unit to execute a method corresponding to the method node and provide corresponding user authority service. Therefore, the decoupling among the modules related to the user authority service is realized, the system workload is reduced, and the flexibility of the system and the reliability and scalability of the user authority service are improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
Fig. 1 is a schematic view of an application scenario of a user right-based service method according to the prior art;
FIG. 2 is a diagram illustrating an application scenario of a user right-based service method according to an embodiment of the present invention;
FIG. 3 is a flow diagram of a method for user rights based services in accordance with one embodiment of the present invention;
FIG. 4 is a flow diagram of a method for user rights based services in accordance with a specific embodiment of the present invention;
FIG. 5 is a schematic diagram of a user rights server according to one embodiment of the present invention;
Fig. 6 is a schematic structural diagram of a user authority server according to another embodiment of the present invention;
fig. 7 is a schematic structural diagram of a user right-based service system according to an embodiment of the present invention.
Detailed Description
reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
a user right server, a user right-based service method and a user right-based service system according to an embodiment of the present invention will be described with reference to the accompanying drawings.
Before explaining the technical scheme of the invention, in order to facilitate the technical personnel of the invention to understand the invention, some technical terms related to the invention are explained and explained herein:
an open platform communication Unified Architecture (OLE for Process Control Unified Architecture, OPC UA), which is an industrial automation Control protocol standard proposed by the OPC foundation, adopts a typical C/S (Client/Server) mode. OPC UA provides a secure, reliable and vendor-independent transfer of raw data and preprocessed information from the manufacturing level to the production Planning or ERP (Enterprise Resource Planning) level. Because OPC UA is vendor independent, the variability between different vendors is blurred.
Human Machine Interface (HMI): also called human-machine interface. A human-machine interface (also called user interface or user interface) is a medium for interaction and information exchange between a system and a user, and it implements conversion between an internal form of information and a human-acceptable form. Human-machine interfaces exist in all fields participating in human-machine information exchange.
Common Object Request Broker Architecture (CORBA): a standard Object Management Group (OMG) specification for a standard Object-oriented application system to address the interconnection of hardware and software systems in a distributed processing environment.
as analyzed above, in the prior art, as shown in fig. 1, when performing the user permission service, the CORBA technology is directly used for communication interaction with the interface of the corresponding server, for example, a client where the user permission service device such as an HMI and a configuration tool is located needs to compile different communication interfaces according to different manufacturers of the device related to the user permission service to perform coupling connection with the client, so that the workload is large and the flexibility is low.
the invention provides a comprehensive monitoring user authority service system based on OPC UA, which is characterized in that OPC UA has the technical characteristics of providing a unified architecture function, and based on the property that OPC UA is independent of manufacturers, user authority service related equipment is decoupled from a real-time server, a history server, an HMI and the like through OPC UA bus, the data storage is realized by adopting database technology in the system, user authority services such as user management, role management, login and logout, authority verification and the like are realized by adopting an independent logic layer, and OPC UA standard interfaces, such as browsing interface, read-write interface, method calling and the like, are provided for the external client to provide access for the external client.
The technical solution provided by the present invention is specifically shown in fig. 2, a database is used to provide data storage service, the database may be a relational database or a lightweight database, etc. for storing relational data related to each user, such as user information data, user password, user authority configuration, log and audit information, etc., in addition, based on a user authority service unit, core service implementation related to users and authorities is supported, for example, and mainly includes functions in user management (add, modify, deactivate, enable), role management (add, modify, delete, authority add and delete), user login, logout, authority verification, log and behavior audit, etc., wherein, according to the standard of OPC UA, a unified node space implemented service is provided to an external device, a user node tree, a role node tree, etc. can be created inside, all the user nodes and corresponding method nodes under the user node tree comprise method nodes such as login, logout, addition, deletion, deactivation, log recording, authority verification and the like. Adding all role nodes and corresponding method nodes under a role node tree, wherein the role nodes comprise method nodes such as newly added roles, modified roles, deleted roles and authority management, and OPC UA node space adopts interfaces such as OPC UA standard browsing interface, read-write interface and method call to provide access to external equipment in a unified manner.
Specifically, fig. 3 is a flowchart of a service method based on user rights according to an embodiment of the present invention, as shown in fig. 3, the method includes:
Step 101, receiving an information acquisition request sent by a user authority service device according to an authority service requirement through an OPC UA browsing interface.
The user right service device may include a configuration tool, a history server, a real-time server, an HMI, and the like.
It should be understood that, in order to facilitate the user authority service device to intuitively know information related to its authority service requirement, the OPC UA provides a browsing interface to receive an information acquisition request sent by the user authority service device based on the authority service requirement, where when the authority service requirement is a new requirement of a user, the corresponding information acquisition request may include an acquisition request for acquiring information of all user nodes, so that the user authority service device determines whether a new user node already exists or not according to the information of all user nodes, and the like.
In practical applications, a node space of the OPC UA needs to be constructed so as to provide the OPC UA standard interface based on the functions implemented by the node space.
In an embodiment of the present invention, user information, user right information, and right management method information are obtained, where the user information, the user right information, and the right management method information may be stored in a related server or a database, where the user information reflects a user login name, a user password, and the like, the user right information includes user administrator rights, general user rights, and the like, and the right management method information includes management method information for a user, such as adding a user, modifying a user, deleting a user, managing rights, and the like, where the right management method, the user information, and the user right information have a reference relationship according to the user to whom the right management method belongs. The modeling of OPC UA is actually a reference from node to node, a node can belong to different node classes according to different uses, the most important node class objects, variables and methods in OPC UA. An object may possess variables and methods and may trigger user rights management events.
In the embodiment of the present invention, based on the creation principle of the above node space, based on OPC UA, user information, user right information, and right management method information are loaded into the node space in a node manner, and an OPC UA standard interface is established in which the node space and the user right service device perform communication interaction. The user name in the user information is used as an object node, the authority information of the user information and the like are used as variable nodes (attribute nodes), the authority management is used as a method node, and the method node meets the requirement that the user authority service equipment requests a corresponding user authority service unit to execute a corresponding method according to an input authority service request and returns an execution result.
And 102, determining node data information corresponding to the information acquisition request in an OPC UA node space, and feeding back the node data information to the user authority service equipment through an OPC UA browsing interface.
Specifically, after receiving the information acquisition request, based on the composition structure of the OPC UA node space, node data information corresponding to the information acquisition request, such as a node ID, node attribute information, and the like, is determined in the OPC UA node space, and then the node data information is fed back to the user authority service device based on the OPC UA browsing interface, so that the user authority service device executes a corresponding user authority service based on the node data information.
in some possible embodiments, when the user permission service device is a configuration tool and the permission service requirement is a new user requirement, when the OPC UA browsing interface receives an acquisition request of all user information sent based on the requirement, node data information of all user nodes, such as user names, user permissions, and the like of the user nodes, is determined in the OPC UA node space, and then the node data information is fed back to the user permission service device based on the OPC UA browsing interface, and if it is found based on the node data information that the user to be newly added does not have a corresponding node in the node space, detailed information of a new user, such as a user name, and the like, recorded by the user in the configuration tool is received, so as to further provide the new user permission service.
in other possible embodiments, when the user permission service device is an HMI and the permission service requirement is a user login requirement, when the OPC UA browsing interface receives a login user node information acquisition request sent based on the requirement, detailed node data information such as a user node ID corresponding to the login user is determined in the OPC UA node space, and the detailed node data information is fed back to the HMI, so that the HMI logs in the login user based on the node data information, and the like.
And 103, receiving an authority service request input by the user authority service equipment according to the node data information through the OPC UA method call interface, and determining a method node corresponding to the authority service request in the OPC UA node space.
Here, the OPC UA method CALL interface may be understood as a CALL interface often referred to in the art.
Specifically, after the node data information is acquired, the user authority service device sends an authority service request based on an OPC UA method call interface, where the authority service request includes parameters required for implementing the authority service request, for example, when the user login request is implemented, the authority service request includes a user name, a user login password, and the like, and further, based on an execution principle of an OPC UA node space, determines a method node corresponding to the authority service request in the OPC UA node space, for example, determines a user new method node corresponding to the user new request, and for example, determines a login method node under a login user corresponding to the user login request.
and 104, logging in the user authority service unit according to the method node so that the user authority service unit executes the method corresponding to the method node to provide the user authority service corresponding to the user full authority service request.
Specifically, the user authority service unit logs in to the user authority service unit according to the method node, so that the user authority service unit realizes related authority service, and executes the user authority service corresponding to the method node, for example, functions in the aspects of user management (adding, modifying, stopping and starting), role management (adding, modifying, deleting, authority adding and deleting), user login, logout, authority verification, log, behavior audit and the like, wherein in order to facilitate the user authority service equipment to perform the next operation, after the user authority service unit executes the method corresponding to the method node to provide the corresponding user authority service, the execution result is fed back to the user authority service equipment through an OPC interface called by a UA method.
In the embodiment of the invention, the user authority service unit is used as an independent logic layer to realize the core service of user authority management, and the user authority service unit completes the service of the corresponding user authority based on the information interaction with the database.
In some possible embodiments, when the authority service request is a user addition request and the user authority service device is a configuration tool, the information acquisition request includes an information acquisition request of all user nodes, the node data information includes node data information (including node names, node IDs, and the like of all user nodes) of all user nodes, after the configuration tool acquires the node data information, an administrator may determine whether a new user already exists based on a node name and a node ID already existing in a current node space, and if not, the new user information input by the administrator, including a user name of the new user, is received on an interface provided by the configuration tool.
And then, the configuration tool sends a user new-adding request based on an OPC UA method calling interface, after receiving the user new-adding request input by the configuration tool according to the node data information of all user nodes through the OPC UA method calling interface, determines a new user method node corresponding to the user new-adding request in the OPCUA node space, logs in a user authority service unit according to the new user method node, and enables the user authority service unit to execute a new user method to newly establish the user information of the new user in a database.
in other possible embodiments, when the authority service request is a user login request and the user authority service device is a device including a human-computer interface, the information acquisition request includes a target login user node information acquisition request, the node data information includes node data information (including a node ID, a node name, and the like of the target login user) of a target login user node, and the human-computer interface sends the target login user login request to the method invocation interface of the OPC UA based on the node data information, such as the node ID, the node name, and the like of the target login user, where the login request of the target login user includes a login password of the target login user input by a relevant operator.
After receiving a target login user login request input by equipment comprising a human-computer interface according to node data information of a target login user node through an OPC UA method calling interface, determining a user login method node corresponding to the target login user login request in an OPC UA node space, logging in a user permission service unit according to the user login method node, enabling the user permission service unit to execute a user login method to inquire a system password of the target login user in a database, and controlling the user permission service unit to feed back an authentication result according to a comparison result of the inquired system password of the target login user and the user login password. And when the system password is inconsistent with the user login password, the fed back verification result is that the verification is passed.
In still other possible embodiments, when the rights service request is a target user rights verification request and the user rights service device is a history server, the information acquisition request includes a target user node information acquisition request, the node data information corresponding to the target user node information acquisition request determined in the node space includes node data information of a target user node (including an ID of the target user node, etc.), and further, after receiving the node data information such as the node ID of the target node, the history server sends the user rights verification request through the OPC UA method call interface, where the user rights verification request in this embodiment refers to verifying whether the current target node has a certain user operation right, for example, when the current user is downloading a file, the corresponding user operation right is downloading right, for example, when the user is deleting the file, the corresponding user operation authority is the authority for deleting the file.
After receiving a target user authority verification request input by a history server according to node data information of a target user node through an OPC UA method calling interface, wherein the target user authority service request comprises a target user identifier and the operation authority of the target user, determining a user authority verification method node corresponding to the target user authority verification request in an OPC UA node space, logging in a user authority service unit according to the user authority verification method node to enable the user authority service unit to execute a user authority verification method, inquiring authority information of the target user from a database according to the target user identifier, controlling the user authority service unit to feed back an authority certificate result according to the inquired authority information of the target user and a comparison result of user operation authority verification, and when the authority information of the target user comprises the user operation authority according to the target user identifier, and feeding back a result of passing the authority verification, and feeding back a result of failing the authority verification when the authority information of the target user does not include the user operation authority according to the target user identification. Therefore, the service method based on the user authority of the embodiment of the invention adopts the OPC UA technology as a set of reliable standard for data exchange between applications in an industrial system, the OPC UA can enable data exchange between different operating systems and devices of different manufacturers, and has the characteristics of strong safety, high availability, scalability and the like Scalability, the reliability and applicability of the integrated monitoring system are greatly improved, the information intercommunication linkage between the integrated monitoring system and the external user authority equipment is easier to realize, the service adopts a standard OPC UA standard interface, the external user authority equipment which accords with OPC UA can be called conveniently as long as the external user authority equipment accords with OPC UA, the system integration among all modules of the service system based on the user authority is convenient to realize, the scalability of the service system based on the user authority is also greatly improved, and the user authority service system is realized by adopting OPC UA technology, so that the technical architecture of the whole integrated monitoring system is unified.
In order to enable those skilled in the art to more clearly understand the execution flow of the service method based on user permissions in the embodiment of the present invention, the following description takes user permission service devices as a configuration tool and an HMI, and permission service requirements as user new and user login respectively as examples, and the description is as follows:
As shown in fig. 4, when there is a requirement for an authority service of a new user, an information acquisition request sent by a configuration tool is received based on an OPC UA browsing interface, node data information of all nodes is determined in an OPC UA node space, and the node data information of all nodes is fed back to the configuration tool, if it is known that there is no user node to be added in a current node, an administrator inputs detailed information of the new user on an interface provided by the configuration tool, and further, an OPC UA method call interface is called, an authority service request including the detailed information of the new user is input, a new method node of the user is called through the OPC UA method call interface, the user is added to the system, that is, the node logs in a user authority service unit based on the new method of the user, so that the user authority service unit executes a new user adding method, and a database stores the new user detailed information, and further, based on an OPC UA method calling interface or a notification interface and the like, feeding back a message of successful addition to the configuration tool.
Continuing to refer to fig. 4, the HMI system provides a system login interface for an operator, the operator inputs a user name and a password, the HMI invokes a browsing interface of the OPC UA, obtains detailed node data of the user in a node space, such as a node ID, according to the user name, the HMI invokes a login method node of the user node through the OPC UA method invocation interface, sends an authority service request, wherein the authority service request includes the password input by the operator, and the like, the login method node of the OPC UA logs in a user authority service unit, the user authority service unit initiates a query operation to the database, obtains a system password of the user, verifies the user input password and the system password, returns a verification result, and the HMI performs subsequent operations after receiving the user login result.
To sum up, the service method based on user rights according to the embodiment of the present invention receives, through the OPC UA browsing interface, an information acquisition request sent by the user rights service device according to a rights service requirement, determines node data information corresponding to the information acquisition request in the OPC UA node space, and feeds back the node data information to the user rights service device through the OPC UA browsing interface, and further, receives, through the OPC UA method invocation interface, a rights service request input by the user rights service device according to the node data information, and determines a method node corresponding to the rights service request in the OPC UA node space, and finally, logs in to the user rights service unit according to the method node, so that the user rights service unit executes a method corresponding to the method node to provide a corresponding user rights service. Therefore, the decoupling among the modules related to the user authority service is realized, and the reliability and the scalability of the user authority service are improved.
In order to implement the foregoing embodiment, the present invention further provides a user right server, and fig. 5 is a schematic structural diagram of the user right server according to an embodiment of the present invention, as shown in fig. 5, the user right server includes: a receiving module 110, a first determining module 120, a feedback module 130, a second determining module 140, and an executing module 150.
The receiving module 110 is configured to receive, through the OPC UA browsing interface, an information obtaining request sent by the user authority service device according to the authority service requirement.
A first determining module 120, configured to determine node data information corresponding to the information obtaining request in an OPC UA node space.
And the feedback module 130 is configured to feed back the node data information to the user right service device through the OPC UA browsing interface.
In an embodiment of the present invention, the feedback module 130 is further configured to, after logging in the user right service unit according to the method node to enable the user right service unit to execute the method corresponding to the method node to provide the corresponding user right service, feed back an execution result to the user right service device through the OPC UA method call interface. The second determining module 140 is configured to receive, through the OPC UA method call interface, an authority service request input by the user authority service device according to the node data information, and determine a method node corresponding to the authority service request in the OPC UA node space.
and the execution module 150 is configured to log in to the user permission service unit according to the method node, so that the user permission service unit executes the method corresponding to the method node to provide the user permission service corresponding to the permission service request.
in an embodiment of the present invention, when the authority service request is a user addition request, the executing module 150 is specifically configured to log in to the user authority service unit according to the node of the new user method, so that the user authority service unit executes the new user method to newly create user information of the new user in the database.
In an embodiment of the present invention, when the permission service request is a user login request and the user permission service device is a device including a human-computer interface, the information acquisition request includes a node information acquisition request of a target login user, the node data information includes node data information of the target login user node, and the execution module 150 is specifically configured to log in the user permission service unit according to the user login method node, so that the user permission service unit executes the user login method to query the database for the system password of the target login user, and controls the user permission service unit to feed back an authentication result according to a comparison result of the queried system password of the target login user and the login password of the target login user.
in one embodiment of the present invention, as shown in fig. 6, on the basis of fig. 5, the user right server further comprises an obtaining module 160 and an interface creating module 170, wherein,
the obtaining module 160 is configured to obtain user information, user right information, and right management method information.
the interface creating module 170 is configured to load the user information, the user right information, and the right management method information into the node space in a node manner based on the OPC UA, and establish an OPC UA standard interface where the node space performs communication interaction with the user right service device.
It should be noted that the foregoing description focuses on the description of the user right-based service method embodiment, and is also applicable to the user right server in the embodiment of the present invention, and the implementation principle is similar, and is not described herein again.
To sum up, the user authority server according to the embodiment of the present invention receives an information acquisition request sent by a user authority service device according to an authority service requirement through an OPC UA browsing interface, determines node data information corresponding to the information acquisition request in an OPC UA node space, and feeds back the node data information to the user authority service device through the OPC UA browsing interface, and further receives an authority service request input by the user authority service device according to the node data information through an OPC UA method invocation interface, and determines a method node corresponding to the authority service request in the OPC UA node space, and finally logs in to a user authority service unit according to the method node, so that the user authority service unit executes a method corresponding to the method node to provide a corresponding user authority service. Therefore, the decoupling among the modules related to the user authority service is realized, and the reliability and the scalability of the user authority service are improved.
in order to implement the above embodiment, the present invention further provides a service system based on user rights, as shown in fig. 7, the system includes: the user right server 100 and the user right service device 200, wherein the user right server 100 includes an OPC UA service unit 110 and a user right service unit 120, the user right server 100 is configured to execute the service method based on user right described in the above embodiment, the OPC UA service unit 110 is connected to the user right service unit 120, and the user right service device 200 is communicatively connected to the OPC UA service unit 110 through an OPC UA standard interface provided by the OPC UA service unit 110.
it should be noted that the foregoing embodiments focused on the service method based on user rights are also applicable to the embodiment of the service system based on user rights, and the implementation principle and technical effects thereof are not described herein again.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. If implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
the storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (13)

1. a service method based on user authority is applied to a user authority server and comprises the following steps:
receiving an information acquisition request sent by user authority service equipment according to an authority service requirement through an OPC UA browsing interface;
Determining node data information corresponding to the information acquisition request in an OPC UA node space, and feeding back the node data information to the user authority service equipment through the OPC UA browsing interface;
Receiving an authority service request input by the user authority service equipment according to the node data information through an OPC UA method call interface, and determining a method node corresponding to the authority service request in the OPC UA node space;
And logging in a user authority service unit according to the method node so as to enable the user authority service unit to execute a method corresponding to the method node to provide the user authority service corresponding to the authority service request.
2. The method of claim 1, wherein before receiving the information acquisition request sent by the user right service device according to the right service requirement through the OPC UA browsing interface, the method further comprises:
Acquiring user information, user authority information and authority management method information;
and loading the user information, the user authority information and the authority management method information into an OPC UA node space in a node mode based on an OPC UA standard, and establishing an OPC UA standard interface for performing communication interaction between the OPC UA node space and the user authority service equipment, wherein the OPC UA standard interface comprises an OPC UA browsing interface and an OPC UA method calling interface.
3. The method of claim 1, wherein when the permission service request is a user addition request and the user permission service device is a configuration tool, the information acquisition request comprises an all-user node information acquisition request, the node data information comprises node data information of all user nodes,
The receiving, by the OPC UA method call interface, the authority service request input by the user authority service device according to the node data information, and determining a method node in the OPC UA node space corresponding to the authority service request includes:
And receiving a user newly-added request input by the configuration tool according to the node data information of all the user nodes through the OPC UA method calling interface, wherein the user newly-added request comprises user information of a newly-added user, and determining a newly-added user method node corresponding to the user newly-added request in the OPC UA node space.
4. the method of claim 3,
the logging-in to a user authority service unit according to the method node so as to enable the user authority service unit to execute the method corresponding to the method node to provide corresponding user authority service comprises the following steps:
And logging in the user authority service unit according to the newly added user method node so that the user authority service unit executes a newly added user method to newly build user information of the newly added user into a database.
5. the method of claim 1, wherein when the permission service request is a user login request and the user permission service device is a device including a human-machine interface, then the information acquisition request comprises a target login user node information acquisition request, and the node data information comprises node data information of the target login user node,
the receiving, by the OPC UA method call interface, the authority service request input by the user authority service device according to the node data information, and determining a method node in the OPC UA node space corresponding to the authority service request includes:
And receiving a target login user login request input by the equipment comprising the human-computer interface according to the node data information of the target login user node through the OPC UA method call interface, wherein the target login user login request comprises a login password of a target login user, and determining a user login method node corresponding to the target login user login request in the OPC UA node space.
6. the method of claim 5, wherein the logging in to the user authority service unit according to the method node to make the user authority service unit execute the method corresponding to the method node to provide the corresponding user authority service comprises:
and logging in the user authority service unit according to the user login method node, so that the user authority service unit executes a user login method to inquire a system password of a target login user in a database, and controls the user authority service unit to feed back an authentication result according to a comparison result of the inquired system password of the target login user and the login password of the target login user.
7. The method of claim 1, wherein when the permission service request is a target user permission verification request and the user permission service device is a history server, then the information acquisition request comprises a target user node information acquisition request, the node data information comprises node data information of the target user node,
the receiving, by the OPC UA method call interface, the authority service request input by the user authority service device according to the node data information, and determining a method node in the OPC UA node space corresponding to the authority service request includes:
And receiving a target user authority verification request input by the history server according to the node data information of the target user node through the OPC UA method call interface, wherein the target user authority service request comprises a target user identifier and a target user operation authority, and determining a user authority verification method node corresponding to the target user authority verification request in the OPC UA node space.
8. the method of claim 7, wherein the logging in to the user authority service unit according to the method node to make the user authority service unit perform the method corresponding to the method node to provide the corresponding user authority service comprises:
And logging in the user authority service unit according to the user authority verification method node so that the user authority service unit executes a user authority verification method, so as to inquire the authority information of the target user from a database according to the target user identification, and control the user authority service unit to feed back an authority ticket result according to the inquired authority information of the target user and the comparison result of the user operation authority verification.
9. The method of claim 1, wherein after the node logs in to a user authority service unit according to the method to make the user authority service unit execute the method corresponding to the method node to provide the corresponding user authority service, further comprising:
and feeding back an execution result to the user authority service equipment through the OPC UA method call interface.
10. a user rights server, comprising:
The receiving module is used for receiving an information acquisition request sent by user authority service equipment according to the authority service requirement through an OPC UA (OLE for process control user interface) browsing interface;
A first determining module, configured to determine node data information corresponding to the information acquisition request in an OPC UA node space;
The feedback module is used for feeding the node data information back to the user authority service equipment through the OPC UA browsing interface;
a second determining module, configured to receive, through an OPC UA method call interface, an authority service request input by the user authority service device according to the node data information, and determine a method node in the OPC UA node space corresponding to the authority service request;
And the execution module is used for logging in a user authority service unit according to the method node so as to enable the user authority service unit to execute the method corresponding to the method node to provide the user authority service corresponding to the authority service request.
11. The user rights server of claim 10, further comprising:
the acquisition module is used for acquiring user information, user authority information and authority management method information;
And the interface creating module is used for loading the user information, the user authority information and the authority management method information into a node space in a node mode based on OPC UA and establishing an OPC UA standard interface for communication interaction between the node space and the user authority service equipment, wherein the OPC UA standard interface comprises an OPC UA browsing interface and an OPC UA method calling interface.
12. the user right server of claim 10, wherein the feedback module is further configured to feed back an execution result to the user right service device through the OPC UA method call interface after the node logs in to the user right service unit according to the method to cause the user right service unit to execute the method corresponding to the method node to provide the corresponding user right service.
13. A user right-based service system, comprising a user right service device and a user right server, wherein the user right server comprises an OPC UA service unit and a user right service unit, the user right server is configured to execute the user right-based service method according to any one of claims 1 to 9, the OPC UA service unit is communicatively connected to the user right service unit, and the user right service device is communicatively connected to the OPC UA service unit through an OPC UA standard interface provided by the OPC UA service unit.
CN201811406515.6A 2018-11-23 2018-11-23 User authority server and service method and system based on user authority Active CN109756557B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811406515.6A CN109756557B (en) 2018-11-23 2018-11-23 User authority server and service method and system based on user authority

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811406515.6A CN109756557B (en) 2018-11-23 2018-11-23 User authority server and service method and system based on user authority

Publications (2)

Publication Number Publication Date
CN109756557A CN109756557A (en) 2019-05-14
CN109756557B true CN109756557B (en) 2019-12-10

Family

ID=66403368

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811406515.6A Active CN109756557B (en) 2018-11-23 2018-11-23 User authority server and service method and system based on user authority

Country Status (1)

Country Link
CN (1) CN109756557B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159693B (en) * 2019-12-28 2022-11-29 西安精雕软件科技有限公司 Electronic equipment permission verification method, device and system and readable medium
CN111651639B (en) * 2020-04-27 2023-06-23 宁波吉利汽车研究开发有限公司 Address space management method, device, equipment and medium
CN114390100B (en) * 2020-10-21 2023-07-11 沈阳中科数控技术股份有限公司 Working method of OPC UA server based on numerical control system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070891A (en) * 2017-03-10 2017-08-18 腾讯科技(深圳)有限公司 Service calling method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103738369B (en) * 2013-12-26 2015-10-28 北京交控科技有限公司 Based on the ATS equipment and system of OPC UA technology
CN104168268B (en) * 2014-07-24 2016-01-20 广东电网有限责任公司电力科学研究院 A kind of power network object access control apparatus that can realize grid model data security configuration and access
US10649414B2 (en) * 2015-03-27 2020-05-12 Bühler AG Adaptive cross plant control and steering system, and corresponding method thereof
CN106550052A (en) * 2016-12-08 2017-03-29 南京富岛信息工程有限公司 A kind of data acquisition unit and method based on OPC UA
CN108459574A (en) * 2018-03-27 2018-08-28 重庆邮电大学 It is a kind of that system is managed based on the semantic field device information with OPC UA

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070891A (en) * 2017-03-10 2017-08-18 腾讯科技(深圳)有限公司 Service calling method and device

Also Published As

Publication number Publication date
CN109756557A (en) 2019-05-14

Similar Documents

Publication Publication Date Title
US20240040006A1 (en) Provisioning multiple network resources
US8255409B2 (en) Systems and methods for generating a change log for files in a managed network
CN109756557B (en) User authority server and service method and system based on user authority
US8365261B2 (en) Implementing organization-specific policy during establishment of an autonomous connection between computer resources
TW200525938A (en) Remote system administration using command line environment
CN111327613B (en) Distributed service authority control method and device and computer readable storage medium
CN110289965B (en) Application program service management method and device
CN109743349B (en) File management method, system and equipment based on rail transit
CN101730099A (en) Terminal management method based on authority control and device
US11681517B2 (en) Robotic process automation system with distributed download
EP4035327A1 (en) Template-based onboarding of internet-connectible devices
CN101548263B (en) Method and system for modeling options for opaque management data for a user and/or an owner
CN110278223B (en) Video monitoring system and management method of video monitoring resources
US20230362252A1 (en) IoT Licensing Platform and Architecture
US9430416B2 (en) Pattern-based service bus architecture using activity-oriented services
CN116305218B (en) Data link tracking and data updating method, device and data management system
CN109672754A (en) SaaSization platform
CN116614323B (en) Cloud storage enterprise network management method and system based on Rclone
CN116846880A (en) Equipment monitoring method, device, computer equipment and readable storage medium
JP3143919B2 (en) Communication parameter management method
CN115827377A (en) Accelerator equipment monitoring system based on EPICS
CN115981816A (en) Task management method, device, storage medium and equipment
CN117555584A (en) Interface configuration and calling method, device, equipment and storage medium
JP2003132164A (en) Maintenance system on the basis of maintenance contract

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant