CN111159729A - Authority control method, device and storage medium - Google Patents

Authority control method, device and storage medium Download PDF

Info

Publication number
CN111159729A
CN111159729A CN201911282601.5A CN201911282601A CN111159729A CN 111159729 A CN111159729 A CN 111159729A CN 201911282601 A CN201911282601 A CN 201911282601A CN 111159729 A CN111159729 A CN 111159729A
Authority
CN
China
Prior art keywords
authority
data
target
function
accessed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911282601.5A
Other languages
Chinese (zh)
Inventor
周亮
李磊
郑光远
盛永夫
黄江斌
廖丽丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Hangzhou Information Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201911282601.5A priority Critical patent/CN111159729A/en
Publication of CN111159729A publication Critical patent/CN111159729A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The embodiment of the invention relates to the technical field of computers, and discloses an authority control method. In the invention, a data access request containing resource information to be accessed, which is sent by a requester, is received; acquiring a target function authority corresponding to a resource to be accessed; when the role corresponding to the requester has the target function right, inquiring the first corresponding relation table and/or the second corresponding relation table, and acquiring the target row data authority and/or the target column data authority when the role has the target function right; and inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority. The invention also provides an authority control device and a computer readable storage medium. The invention can control the access authority of the row data or the column data when the access control is carried out based on the role.

Description

Authority control method, device and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a permission control method, a permission control device and a computer readable storage medium.
Background
Almost all systems at present involve the control of authority, such as controlling system function display or controlling system data display, so that different users can browse different contents through the authority control, data privacy is protected, and data leakage is avoided.
A common access control method in the prior art is Role-Based access control (RBAC), where the RBAC associates all resources (e.g., operation permissions on system data) with a Role, and provides an intermediate layer between a user and the resources, that is, the Role associates the resources by the Role, and the user performs permission control in a manner of associating the Role with the user, and once the user is assigned a proper Role, the user has all the operation permissions of the Role. The RBAC can perform fast user authority management (such as user authority allocation and user authority change), however, the inventors found that, when performing data authority control, the RBAC cannot perform authority control on access to row data or column data in a data table, that is, cannot perform authority control on a data range or a field range.
Disclosure of Invention
An object of embodiments of the present invention is to provide an authority control method, an authority control device, and a computer-readable storage medium, which can perform authority control on access to row data or column data when performing access control based on a role.
In order to solve the above technical problem, an embodiment of the present invention provides an authority control method, where the method includes:
receiving a data access request sent by a requester, wherein the data access request contains information of resources to be accessed;
acquiring a target function authority corresponding to the resource to be accessed by inquiring a preset corresponding relation table of the resource and the function authority;
when the role corresponding to the requester has the target function authority, inquiring a first corresponding relation table and/or a second corresponding relation table to obtain a target row data authority and/or a target column data authority when the role has the target function authority, wherein the first corresponding relation table is a role, function authority and row data authority corresponding relation table, and the second corresponding relation table is a role, function authority and column data authority corresponding relation table;
and inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority.
Preferably, the querying a target data table corresponding to the information of the resource to be accessed according to the target row data authority and/or the target column data authority to obtain data permitted to be accessed by the target row data authority and/or the target column data authority includes:
acquiring an authority code of the target row data authority;
and inquiring and acquiring the row data matched with the authority codes in the target data table corresponding to the resource information to be accessed.
Preferably, the querying a target data table corresponding to the information of the resource to be accessed according to the target row data authority and/or the target column data authority to obtain data permitted to be accessed by the target row data authority and/or the target column data authority includes:
acquiring column fields corresponding to the target column data authority;
and inquiring and acquiring the column data of the column fields in the target data table corresponding to the resource information to be accessed.
Preferably, the querying and obtaining the line data matched with the authority code in the target data table corresponding to the resource information to be accessed includes:
acquiring data codes of row data in a target data table corresponding to the resource information to be accessed;
and inquiring and acquiring the row data of the data codes containing the authority codes as the row data matched with the authority codes.
Preferably, the method further comprises:
acquiring a role corresponding to the requester;
acquiring a function permission list of the role;
judging whether the target function authority exists in the function authority list or not;
and if the target function permission exists in the function permission list, determining that the role corresponding to the requester has the target function permission.
Preferably, before the querying the first corresponding relationship table and/or the second corresponding relationship table and acquiring the target row data authority and/or the target column data authority when the role has the target function authority, the method further includes:
judging whether the control state of the row data authority and/or the control state of the column data authority are/is an opening state;
if the control state of the row data authority is an opening state, executing the operation of inquiring the first corresponding relation table;
and if the control state of the row data authority is the opening state, executing the operation of inquiring the second corresponding relation table.
Preferably, after determining whether the control state of the row data authority and/or the control state of the column data authority is an on state, the method further includes:
and if the control state of the row data authority and the control state of the column data authority are both closed states, acquiring a target data table corresponding to the resource information to be accessed, and returning the target data table to the requester.
An embodiment of the present invention further provides an authority control apparatus, including:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a data access request sent by a requester, and the data access request comprises information of resources to be accessed;
the function authority acquisition module is used for acquiring the target function authority corresponding to the resource to be accessed by inquiring a preset resource and function authority corresponding relation table;
a row and column permission obtaining module, configured to, when a role corresponding to the requestor has the target function permission, query a first correspondence table and/or a second correspondence table, and obtain a target row data permission and/or a target column data permission when the role has the target function permission, where the first correspondence table is a correspondence table between the role, the function permission, and the row data permission, and the second correspondence table is a correspondence table between the role, the function permission, and the column data permission;
and the data acquisition module is used for inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority.
An embodiment of the present invention also provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; the storage stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to execute the authority control method.
Embodiments of the present invention also provide a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described entitlement control.
The method comprises the steps of receiving a data access request sent by a requester, wherein the data access request comprises information of resources to be accessed; acquiring a target function authority corresponding to the resource to be accessed by inquiring a preset corresponding relation table of the resource and the function authority; when the role corresponding to the requester has the target function authority, inquiring a first corresponding relation table and/or a second corresponding relation table to obtain a target row data authority and/or a target column data authority when the role has the target function authority, wherein the first corresponding relation table is a role, function authority and row data authority corresponding relation table, and the second corresponding relation table is a role, function authority and column data authority corresponding relation table; and inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority. When the role corresponding to the requester has the target function authority, the corresponding relation table of the role, the function authority and the row data authority and/or the corresponding relation table of the role, the function authority and the column data authority are/is inquired, the target row data authority and/or the target column data authority when the role has the target function authority are/is obtained, and then the data in the target data table can be accessed in the range of the target row data authority and/or the target column data authority, so that the purpose of performing authority control on the access of row data or column data when the access control is performed based on the role is realized, the authority is controlled in a finer granularity during the data access, and the security during the data access is improved.
Furthermore, whether the first relation table and/or the second relation table are inquired to obtain the target row authority and/or the target column authority is determined by judging whether the control state of the row data authority and/or the control state of the column data authority are in an opening state, and the flexibility of authority control can be improved.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
Fig. 1 is a schematic flow chart of a method for controlling authority according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a permission control module according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an internal structure of an electronic device according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments.
A first embodiment of the present invention relates to an authority control method. The following detailed description of the present embodiments is provided for ease of understanding and is not intended to limit the scope of the present embodiments.
Referring to fig. 1, fig. 1 is a flowchart illustrating an authorization control method according to an embodiment. The authority control method in the embodiment comprises the following steps:
s1, receiving a data access request sent by a requester, wherein the data access request contains information of a resource to be accessed.
In this embodiment, the requesting party may be a client of the application.
The data access request may be a request for accessing a certain interface of the back end (i.e. the server end), and the data access request may also be an http request. The resource information to be accessed may be an address of a site to be accessed.
For example, a web request sent by a client is received, and resource information to be accessed contained in the web request is a url to be accessed.
And S2, acquiring the target function authority corresponding to the resource to be accessed by inquiring a preset corresponding relation table of the resource and the function authority.
In this embodiment, the preset corresponding relationship table of the resource and the function permission is pre-stored, for example, the corresponding relationship table of the resource and the function permission is a table pre-stored locally.
The relationship between the resource to be accessed and the function authority is stored in a preset corresponding relationship table of the resource and the function authority, the relationship table can reflect the authority which the resource to be accessed needs to have when being accessed, and correspondingly, the relationship table can also reflect which resources to be accessed can be accessed when a certain function authority is available.
As shown in table 1, table 1 is an example of a preset correspondence table between resources and function permissions.
url_1 function right_1
url_2 function right_1
url_3 function right_2
... ...
url_n function right_1
TABLE 1
In table 1, url _2, and url _3.. url _ n in the left list represent resources, and the right side function right _1 and function right _2 represent function rights, and as can be seen from fig. 2, if the information of the resource to be accessed is url _1, the corresponding function right is function right _ 1.
In this embodiment, the right is allocated to each resource to be accessed, which is beneficial to accurately performing right management and control.
S3, when the role corresponding to the requester has the target function authority, inquiring a first corresponding relation table and/or a second corresponding relation table to obtain the target row data authority and/or the target column data authority when the role has the target function authority, wherein the first corresponding relation table is a role, function authority and row data authority corresponding relation table, and the second corresponding relation table is a role, function authority and column data authority corresponding relation table.
In this embodiment, one or more roles may be assigned to the requester in advance, and different functional permissions may also be assigned to each role, so that role-based permission control is implemented for the requester, which is beneficial to efficiently performing permission management for the requester.
Preferably, after receiving a data request sent by a requester, or after acquiring a target function permission corresponding to a resource to be accessed, the method further includes:
acquiring a role corresponding to the requester;
acquiring a function permission list of the role;
judging whether the target function authority exists in the function authority list or not;
and if the target function permission exists in the function permission list, determining that the role corresponding to the requester has the target function permission.
In this embodiment, the obtained function permission list of the role includes all the function permissions owned by the role.
In an optional embodiment, the function permission owned by the role corresponding to the requester is obtained by querying a role-function permission correspondence table.
For example, if the role corresponding to the requester is role _1, and the function right list corresponding to the role _1 includes function right _1, function right _2, and function right _3, it is determined that role _1 has the function right of function right _3.
In this embodiment, whether the role corresponding to the requestor has the authority to access the resource to be accessed may be determined by determining whether the target function authority exists in the function authority list, that is, whether the requestor has the authority to access the resource to be accessed may be determined.
In an optional embodiment, if the target function permission does not exist in the function permission list, indicating that the role corresponding to the requester does not have the permission to access the resource to be accessed, that is, the requester does not have the permission to access the resource, sending feedback information that the requester is not allowed to access to the requester.
In this embodiment, when the role corresponding to the requestor has the target function right, that is, after it is determined that the requestor has the right to access the resource to be accessed, the first corresponding relationship table and/or the second corresponding relationship table are/is queried, and the target row data right and/or the target column data right when the role has the target function right are/is obtained.
As shown in table 2, table 2 is an example of a first correspondence table and a second correspondence table.
role_a function right_1 row data right_1
role_a function right_2 row data right_2
role_b function right_1 row data right_1
TABLE 2(1)
role_a function right_1 col data right_2
role_a function right_2 col data right_3
role_b function right_1 col data right_2
TABLE 2(2)
In table 2, (1) is an exemplary diagram of the first correspondence table, and (2) is an exemplary diagram of the second correspondence table. As can be seen from table 2, each kind of function permission has a corresponding row data permission and a corresponding column data permission, and each kind of role corresponds to a different function permission, so that the row data permission and the column data permission corresponding to each kind of role can be obtained through the first relation table and the second relation table.
Preferably, before querying the first corresponding relation table and/or the second corresponding relation table, the method further comprises:
judging whether the control state of the row data authority and/or the control state of the column data authority are/is an opening state;
if the control state of the row data authority is an opening state, executing the operation of inquiring the first corresponding relation table;
and if the control state of the row data authority is the opening state, executing the operation of inquiring the second corresponding relation table.
In this embodiment, which one of the relationship tables is to be queried and what data access right is to be obtained is determined by judging the control state of the row data right and the control state of the column data right, so that the flexibility of data right management and control can be improved.
In the embodiment, when the control state of the row data authority is an open state and the control state of the column data authority is a closed state, the first corresponding relation table is inquired, and the target row data authority when the role has the target function authority is obtained; when the control state of the row data authority is in a closed state and the control state of the column data authority is in an open state, inquiring a second corresponding relation table and acquiring the target column data authority when the role has the target function authority; and when the control state of the row data authority is an open state and the control state of the column data authority is also an open state, inquiring the first corresponding relation table and the second corresponding relation table, and acquiring the target row data authority and the target column data authority when the role has the target function authority.
Preferably, after determining whether the control state of the row data authority and/or the control state of the column data authority is an on state, the method further includes:
and if the control state of the row data authority and the control state of the column data authority are both closed states, acquiring a target data table corresponding to the resource information to be accessed, and returning the target data table to the requester.
In this embodiment, when the control state of the row data authority and the control state of the column data authority are both in the closed state, it indicates that authority control over the row data or the column data is not performed, and the target data table corresponding to the resource information to be accessed is directly returned.
In another optional embodiment of the present invention, a first control for row data authority control and a second control for column data authority control may be preset in the user operation interface, and an authority administrator is permitted to perform operations on the first control and the second control, so that when authority control is performed, the control state of row data authority may be determined by detecting the state of the first control, and the control state of column data authority may be determined by detecting the state of the second control.
And S4, inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority.
In this embodiment, the target data table corresponding to the information of the resource to be accessed is a data table to be queried when the resource to be accessed is accessed.
In this embodiment, data query may be performed only according to the target row data authority, or only according to the target column data authority, or according to both the target row data authority and the target column data authority.
Preferably, when data query is performed according to the target row data authority and the target column data authority, the data query is performed according to the target row data authority, and then the data query is performed according to the target column data authority, so that the data can be acquired more quickly.
According to the method and the device, data are acquired according to the target row data authority and the column data authority, data which are not in the authority range of the requester are not acquired, data safety of the target data table can be protected, in addition, the requester is distributed with roles for management and control, the authorities of the requester do not need to be changed one by one when the number of the requester is large or the authorities are changed, and the efficiency of management and control of the column data authority and the row data authority is improved.
In an optional embodiment, the target row data authority identifies which rows in the target data table can be accessed, and the target column data authority identifies which columns in the target data table can be accessed, so that when data query is performed, only data of the rows and columns which are allowed to be accessed are obtained and returned to the requester.
For example, the target data table is a table containing user identity information and transaction information, wherein the target data table contains column fields of name, phone, money, age, and ID num. And when the target row data authority identifier returns row data with age larger than the preset age and the target column data authority identifier accesses column data of three columns in front of the field name, acquiring and returning data of rows with age larger than the preset age and three columns in front of the column field in the target data table to the requester when inquiring is carried out based on the target row data authority and the target column data authority.
Preferably, the querying a target data table corresponding to the information of the resource to be accessed according to the target row data authority and/or the target column data authority to obtain data permitted to be accessed by the target row data authority and/or the target column data authority includes:
acquiring an authority code of the target row data authority;
and inquiring and acquiring the row data matched with the authority codes in the target data table corresponding to the resource information to be accessed.
In this embodiment, the target row data authority has a corresponding authority code, for example, the authority code is 10, which indicates that the previous 10 rows are returned, and then the row data of the previous 10 rows in the target data table is queried and acquired.
Preferably, the querying and obtaining the line data matched with the authority code in the target data table corresponding to the resource information to be accessed includes:
acquiring data codes of row data in a target data table corresponding to the resource information to be accessed;
and inquiring and acquiring the row data of the data codes containing the authority codes as the row data matched with the authority codes.
In this embodiment, there is a corresponding data encoding for each row of data.
In this embodiment, matching the authority code and the data code may be complete matching, retrieving matching, or fuzzy matching.
For example, the authority code corresponding to the target row data authority is 001, and the data code of the data row is 001, 001 × 002, 002 × 002.
When the authority code is completely matched with the data code, only the data code of the data line is acquired as the line data of 001.
When the authority code is matched with the data code in a retrieval mode, the data code of the data line is obtained to be line data of 001, 001 x.
When the authority code is fuzzy-matched with the data code, the data code of the data line is obtained as the line data of 001, 001 × b.
Through this embodiment, can be in the scope that the line data authority permits, acquire many row data fast, be favorable to improving the efficiency that data acquireed.
Preferably, the querying a target data table corresponding to the information of the resource to be accessed according to the target row data authority and/or the target column data authority to obtain data permitted to be accessed by the target row data authority and/or the target column data authority includes:
acquiring column fields corresponding to the target column data authority;
and inquiring and acquiring the column data of the column fields in the target data table corresponding to the resource information to be accessed.
In this embodiment, the column field corresponding to the target column data authority refers to a field that the target column data authority permits to access.
For example, the target data table is a table containing user identity information and a transaction system, wherein the target data table contains column fields of name, phone, money, age, and ID num. And when the column fields corresponding to the target column data authority are the name and the phone, inquiring and acquiring the data of which the fields are the name and the phone in the target data table.
In the embodiment of the invention, a data access request sent by a requester is received, wherein the data access request comprises information of resources to be accessed; acquiring a target function authority corresponding to the resource to be accessed by inquiring a preset corresponding relation table of the resource and the function authority; when the role corresponding to the requester has the target function authority, inquiring a first corresponding relation table and/or a second corresponding relation table to obtain a target row data authority and/or a target column data authority when the role has the target function authority, wherein the first corresponding relation table is a role, function authority and row data authority corresponding relation table, and the second corresponding relation table is a role, function authority and column data authority corresponding relation table; and inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority. When the role corresponding to the requester has the target function authority, the corresponding relation table of the role, the function authority and the row data authority and/or the corresponding relation table of the role, the function authority and the column data authority are/is inquired, the target row data authority and/or the target column data authority when the role has the target function authority are/is obtained, and then the data in the target data table can be accessed in the range of the target row data authority and/or the target column data authority, so that the purpose of performing authority control on the access of row data or column data when the access control is performed based on the role is realized, the authority is controlled in a finer granularity during the data access, and the security during the data access is improved.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a permission control module according to an embodiment of the present invention. The authority control module in the present embodiment includes:
a receiving module 10, configured to receive a data access request sent by a requester, where the data access request includes information of a resource to be accessed;
the function authority acquiring module 20 is configured to acquire a target function authority corresponding to the resource to be accessed by querying a preset resource and function authority correspondence table;
a row and column permission obtaining module 30, configured to, when a role corresponding to the requestor has the target function permission, query a first correspondence table and/or a second correspondence table, and obtain a target row data permission and/or a target column data permission when the role has the target function permission, where the first correspondence table is a correspondence table between the role, the function permission, and the row data permission, and the second correspondence table is a correspondence table between the role, the function permission, and the column data permission;
and the data acquisition module 40 is configured to query a target data table corresponding to the resource information to be accessed according to the target row data permission and/or the target column data permission, and obtain data that the target row data permission and/or the target column data permission are permitted to access.
The module provided in the device provided by the application can perform authority control on access to row data or column data based on the authority control method (the same technical means) and role-based access control, and the module can achieve the same technical effect as the method embodiment in specific operation, namely, the authority is controlled at a finer granularity in data access, so that the security in data access is improved.
The invention also provides electronic equipment. Fig. 3 is a schematic diagram of an internal structure of an electronic device according to an embodiment of the present invention.
In the present embodiment, the electronic device 1 may be a PC (Personal Computer), a terminal device such as a smart phone, a tablet Computer, and a mobile Computer, or may be a server. The electronic device 1 comprises at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
The memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, for example a hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in hard disk provided on the electronic device 1, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as a code of the right control program 01, but also to temporarily store data that has been output or is to be output.
Processor 12, which in some embodiments may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip, is configured to execute program codes or process data stored in memory 11, such as executing right control program 01.
The communication bus 13 is used to realize connection communication between these components.
The network interface 14 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), and is typically used to establish a communication link between the electronic device 1 and other electronic devices.
Optionally, the electronic device 1 may further comprise a user interface, the user interface may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and optionally the user interface may also comprise a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
Fig. 3 shows only the electronic device 1 with the components 11-14 and the entitlement control program 01, and it will be understood by those skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
In the embodiment of the electronic device 1 shown in fig. 3, the memory 11 stores therein an authorization control program 01; the processor 12, when executing the entitlement control program 01 stored in the memory 11, implements the following steps:
step one, receiving a data access request sent by a requester, wherein the data access request comprises information of resources to be accessed.
In this embodiment, the requesting party may be a client of the application.
The data access request may be a request for accessing a certain interface of the back end (i.e. the server end), and the data access request may also be an http request. The resource information to be accessed may be an address of a site to be accessed.
For example, a web request sent by a client is received, and resource information to be accessed contained in the web request is a url to be accessed.
And step two, acquiring the target function authority corresponding to the resource to be accessed by inquiring a preset corresponding relation table of the resource and the function authority.
In this embodiment, the preset corresponding relationship table of the resource and the function permission is pre-stored, for example, the corresponding relationship table of the resource and the function permission is a table pre-stored locally.
The relationship between the resource to be accessed and the function authority is stored in a preset corresponding relationship table of the resource and the function authority, the relationship table can reflect the authority which the resource to be accessed needs to have when being accessed, and correspondingly, the relationship table can also reflect which resources to be accessed can be accessed when a certain function authority is available.
As shown in table 1, table 1 is an example of a preset correspondence table between resources and function permissions.
url_1 function right_1
url_2 function right_1
url_3 function right_2
... ...
url_n function right_1
TABLE 1
In table 1, url _2, and url _3.. url _ n in the left list represent resources, and the right side function right _1 and function right _2 represent function rights, and as can be seen from fig. 2, if the information of the resource to be accessed is url _1, the corresponding function right is function right _ 1.
In this embodiment, the right is allocated to each resource to be accessed, which is beneficial to accurately performing right management and control.
And thirdly, when the role corresponding to the requester has the target function authority, inquiring a first corresponding relation table and/or a second corresponding relation table to obtain the target row data authority and/or the target column data authority when the role has the target function authority, wherein the first corresponding relation table is a role, function authority and row data authority corresponding relation table, and the second corresponding relation table is a role, function authority and column data authority corresponding relation table.
In this embodiment, one or more roles may be assigned to the requester in advance, and different functional permissions may also be assigned to each role, so that role-based permission control is implemented for the requester, which is beneficial to efficiently performing permission management for the requester.
Preferably, after receiving a data request sent by a requester, or after acquiring a target function permission corresponding to a resource to be accessed, the following steps are further performed:
acquiring a role corresponding to the requester;
acquiring a function permission list of the role;
judging whether the target function authority exists in the function authority list or not;
and if the target function permission exists in the function permission list, determining that the role corresponding to the requester has the target function permission.
In this embodiment, the obtained function permission list of the role includes all the function permissions owned by the role.
In an optional embodiment, the function permission owned by the role corresponding to the requester is obtained by querying a role-function permission correspondence table.
For example, if the role corresponding to the requester is role _1, and the function right list corresponding to the role _1 includes function right _1, function right _2, and function right _3, it is determined that role _1 has the function right of function right _3.
In this embodiment, whether the role corresponding to the requestor has the authority to access the resource to be accessed may be determined by determining whether the target function authority exists in the function authority list, that is, whether the requestor has the authority to access the resource to be accessed may be determined.
In an optional embodiment, if the target function permission does not exist in the function permission list, indicating that the role corresponding to the requester does not have the permission to access the resource to be accessed, that is, the requester does not have the permission to access the resource, sending feedback information that the requester is not allowed to access to the requester.
In this embodiment, when the role corresponding to the requestor has the target function right, that is, after it is determined that the requestor has the right to access the resource to be accessed, the first corresponding relationship table and/or the second corresponding relationship table are/is queried, and the target row data right and/or the target column data right when the role has the target function right are/is obtained.
As shown in table 2, table 2 is an example of a first correspondence table and a second correspondence table.
role_a function right_1 row data right_1
role_a function right_2 row data right_2
role_b function right_1 row data right_1
TABLE 2(1)
role_a function right_1 col data right_2
role_a function right_2 col data right_3
role_b function right_1 col data right_2
TABLE 2(2)
In table 2, (1) is an exemplary diagram of the first correspondence table, and (2) is an exemplary diagram of the second correspondence table. As can be seen from table 2, each kind of function permission has a corresponding row data permission and a corresponding column data permission, and each kind of role corresponds to a different function permission, so that the row data permission and the column data permission corresponding to each kind of role can be obtained through the first relation table and the second relation table.
Preferably, before querying the first corresponding relation table and/or the second corresponding relation table, the method further comprises:
judging whether the control state of the row data authority and/or the control state of the column data authority are/is an opening state;
if the control state of the row data authority is an opening state, executing the operation of inquiring the first corresponding relation table;
and if the control state of the row data authority is the opening state, executing the operation of inquiring the second corresponding relation table.
In this embodiment, which one of the relationship tables is to be queried and what data access right is to be obtained is determined by judging the control state of the row data right and the control state of the column data right, so that the flexibility of data right management and control can be improved.
In the embodiment, when the control state of the row data authority is an open state and the control state of the column data authority is a closed state, the first corresponding relation table is inquired, and the target row data authority when the role has the target function authority is obtained; when the control state of the row data authority is in a closed state and the control state of the column data authority is in an open state, inquiring a second corresponding relation table and acquiring the target column data authority when the role has the target function authority; and when the control state of the row data authority is an open state and the control state of the column data authority is also an open state, inquiring the first corresponding relation table and the second corresponding relation table, and acquiring the target row data authority and the target column data authority when the role has the target function authority.
Preferably, after determining whether the control state of the row data authority and/or the control state of the column data authority is an on state, the method further includes:
and if the control state of the row data authority and the control state of the column data authority are both closed states, acquiring a target data table corresponding to the resource information to be accessed, and returning the target data table to the requester.
In this embodiment, when the control state of the row data authority and the control state of the column data authority are both in the closed state, it indicates that authority control over the row data or the column data is not performed, and the target data table corresponding to the resource information to be accessed is directly returned.
In another optional embodiment of the present invention, a first control for row data authority control and a second control for column data authority control may be preset in the user operation interface, and an authority administrator is permitted to perform operations on the first control and the second control, so that when authority control is performed, the control state of row data authority may be determined by detecting the state of the first control, and the control state of column data authority may be determined by detecting the state of the second control.
And fourthly, inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority.
In this embodiment, the target data table corresponding to the information of the resource to be accessed is a data table to be queried when the resource to be accessed is accessed.
In this embodiment, data query may be performed only according to the target row data authority, or only according to the target column data authority, or according to both the target row data authority and the target column data authority.
Preferably, when data query is performed according to the target row data authority and the target column data authority, the data query is performed according to the target row data authority, and then the data query is performed according to the target column data authority, so that the data can be acquired more quickly.
According to the method and the device, data are acquired according to the target row data authority and the column data authority, data which are not in the authority range of the requester are not acquired, data safety of the target data table can be protected, in addition, the requester is distributed with roles for management and control, the authorities of the requester do not need to be changed one by one when the number of the requester is large or the authorities are changed, and the efficiency of management and control of the column data authority and the row data authority is improved.
In an optional embodiment, the target row data authority identifies which rows in the target data table can be accessed, and the target column data authority identifies which columns in the target data table can be accessed, so that when data query is performed, only data of the rows and columns which are allowed to be accessed are obtained and returned to the requester.
For example, the target data table is a table containing user identity information and transaction information, wherein the target data table contains column fields of name, phone, money, age, and ID num. And when the target row data authority identifier returns row data with age larger than the preset age and the target column data authority identifier accesses column data of three columns in front of the field name, acquiring and returning data of rows with age larger than the preset age and three columns in front of the column field in the target data table to the requester when inquiring is carried out based on the target row data authority and the target column data authority.
Preferably, the querying a target data table corresponding to the information of the resource to be accessed according to the target row data authority and/or the target column data authority to obtain data permitted to be accessed by the target row data authority and/or the target column data authority includes:
acquiring an authority code of the target row data authority;
and inquiring and acquiring the row data matched with the authority codes in the target data table corresponding to the resource information to be accessed.
In this embodiment, the target row data authority has a corresponding authority code, for example, the authority code is 10, which indicates that the previous 10 rows are returned, and then the row data of the previous 10 rows in the target data table is queried and acquired.
Preferably, the querying and obtaining the line data matched with the authority code in the target data table corresponding to the resource information to be accessed includes:
acquiring data codes of row data in a target data table corresponding to the resource information to be accessed;
and inquiring and acquiring the row data of the data codes containing the authority codes as the row data matched with the authority codes.
In this embodiment, there is a corresponding data encoding for each row of data.
In this embodiment, matching the authority code and the data code may be complete matching, retrieving matching, or fuzzy matching.
For example, the authority code corresponding to the target row data authority is 001, and the data code of the data row is 001, 001 × 002, 002 × 002.
When the authority code is completely matched with the data code, only the data code of the data line is acquired as the line data of 001.
When the authority code is matched with the data code in a retrieval mode, the data code of the data line is obtained to be line data of 001, 001 x.
When the authority code is fuzzy-matched with the data code, the data code of the data line is obtained as the line data of 001, 001 × b.
Through this embodiment, can be in the scope that the line data authority permits, acquire many row data fast, be favorable to improving the efficiency that data acquireed.
Preferably, the querying a target data table corresponding to the information of the resource to be accessed according to the target row data authority and/or the target column data authority to obtain data permitted to be accessed by the target row data authority and/or the target column data authority includes:
acquiring column fields corresponding to the target column data authority;
and inquiring and acquiring the column data of the column fields in the target data table corresponding to the resource information to be accessed.
In this embodiment, the column field corresponding to the target column data authority refers to a field that the target column data authority permits to access.
For example, the target data table is a table containing user identity information and a transaction system, wherein the target data table contains column fields of name, phone, money, age, and ID num. And when the column fields corresponding to the target column data authority are the name and the phone, inquiring and acquiring the data of which the fields are the name and the phone in the target data table.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
Furthermore, an embodiment of the present invention further provides a computer-readable storage medium, where an authority control program is stored on the computer-readable storage medium, where the authority control program is executable by one or more processors to implement the following operations:
receiving a data access request sent by a requester, wherein the data access request contains information of resources to be accessed;
acquiring a target function authority corresponding to the resource to be accessed by inquiring a preset corresponding relation table of the resource and the function authority;
when the role corresponding to the requester has the target function authority, inquiring a first corresponding relation table and/or a second corresponding relation table to obtain a target row data authority and/or a target column data authority when the role has the target function authority, wherein the first corresponding relation table is a role, function authority and row data authority corresponding relation table, and the second corresponding relation table is a role, function authority and column data authority corresponding relation table;
and inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority.
It should be noted that the above-mentioned numbers of the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A method of rights control, the method comprising:
receiving a data access request sent by a requester, wherein the data access request contains information of resources to be accessed;
acquiring a target function authority corresponding to the resource to be accessed by inquiring a preset corresponding relation table of the resource and the function authority;
when the role corresponding to the requester has the target function authority, inquiring a first corresponding relation table and/or a second corresponding relation table to obtain a target row data authority and/or a target column data authority when the role has the target function authority, wherein the first corresponding relation table is a role, function authority and row data authority corresponding relation table, and the second corresponding relation table is a role, function authority and column data authority corresponding relation table;
and inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority.
2. The method for controlling authority according to claim 1, wherein the step of querying a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data that the target row data authority and/or the target column data authority is permitted to access comprises:
acquiring an authority code of the target row data authority;
and inquiring and acquiring the row data matched with the authority codes in the target data table corresponding to the resource information to be accessed.
3. The method for controlling authority according to claim 1, wherein the step of querying a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data that the target row data authority and/or the target column data authority is permitted to access comprises:
acquiring column fields corresponding to the target column data authority;
and inquiring and acquiring the column data of the column fields in the target data table corresponding to the resource information to be accessed.
4. The method for controlling authority according to claim 2, wherein the querying and obtaining the line data matched with the authority code in the target data table corresponding to the resource information to be accessed includes:
acquiring data codes of row data in a target data table corresponding to the resource information to be accessed;
and inquiring and acquiring the row data of the data codes containing the authority codes as the row data matched with the authority codes.
5. The method of entitlement control in accordance with any of claims 1 to 4, characterized in that the method further comprises:
acquiring a role corresponding to the requester;
acquiring a function permission list of the role;
judging whether the target function authority exists in the function authority list or not;
and if the target function permission exists in the function permission list, determining that the role corresponding to the requester has the target function permission.
6. The method for controlling authority according to any one of claims 1 to 4, wherein before the querying the first corresponding relationship table and/or the second corresponding relationship table and obtaining the target row data authority and/or the target column data authority when the role has the target function authority, the method further comprises:
judging whether the control state of the row data authority and/or the control state of the column data authority are/is an opening state;
if the control state of the row data authority is an opening state, executing the operation of inquiring the first corresponding relation table;
and if the control state of the row data authority is the opening state, executing the operation of inquiring the second corresponding relation table.
7. The method of claim 6, wherein after determining whether the control state of the row data right and/or the control state of the column data right is an on state, the method further comprises:
and if the control state of the row data authority and the control state of the column data authority are both closed states, acquiring a target data table corresponding to the resource information to be accessed, and returning the target data table to the requester.
8. An entitlement control device, characterized in that said device comprises:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a data access request sent by a requester, and the data access request comprises information of resources to be accessed;
the function authority acquisition module is used for acquiring the target function authority corresponding to the resource to be accessed by inquiring a preset resource and function authority corresponding relation table;
a row and column permission obtaining module, configured to, when a role corresponding to the requestor has the target function permission, query a first correspondence table and/or a second correspondence table, and obtain a target row data permission and/or a target column data permission when the role has the target function permission, where the first correspondence table is a correspondence table between the role, the function permission, and the row data permission, and the second correspondence table is a correspondence table between the role, the function permission, and the column data permission;
and the data acquisition module is used for inquiring a target data table corresponding to the resource information to be accessed according to the target row data authority and/or the target column data authority to obtain data which is allowed to be accessed by the target row data authority and/or the target column data authority.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the entitlement control method of any of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the entitlement control method of any one of claims 1 to 7.
CN201911282601.5A 2019-12-13 2019-12-13 Authority control method, device and storage medium Pending CN111159729A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911282601.5A CN111159729A (en) 2019-12-13 2019-12-13 Authority control method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911282601.5A CN111159729A (en) 2019-12-13 2019-12-13 Authority control method, device and storage medium

Publications (1)

Publication Number Publication Date
CN111159729A true CN111159729A (en) 2020-05-15

Family

ID=70556932

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911282601.5A Pending CN111159729A (en) 2019-12-13 2019-12-13 Authority control method, device and storage medium

Country Status (1)

Country Link
CN (1) CN111159729A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112100641A (en) * 2020-11-09 2020-12-18 成都掌控者网络科技有限公司 Multi-dimensional authorization method, system, equipment and storage medium
CN115102770A (en) * 2022-06-24 2022-09-23 平安普惠企业管理有限公司 Resource access method, device and equipment based on user permission and storage medium

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572630A (en) * 2009-05-22 2009-11-04 中兴通讯股份有限公司 Privilege management system and method based on objects
CN102447677A (en) * 2010-09-30 2012-05-09 北大方正集团有限公司 Resource access control method, system and equipment
CN102567675A (en) * 2012-02-15 2012-07-11 合一网络技术(北京)有限公司 User authority management method and system in business system
CN107403106A (en) * 2017-07-18 2017-11-28 北京计算机技术及应用研究所 Database fine-grained access control method based on terminal user
CN107506658A (en) * 2017-07-10 2017-12-22 上海最会保网络科技有限公司 A kind of user authority management system and method
CN107808103A (en) * 2017-11-13 2018-03-16 北京中电普华信息技术有限公司 The control method and control device of a kind of data permission
US20180131703A1 (en) * 2013-04-03 2018-05-10 Salesforce.Com, Inc. System, method and computer program product for managing access to systems, products, and data based on information associated with a physical location of a user
CN108462685A (en) * 2017-12-29 2018-08-28 国网电动汽车服务有限公司 Based on binary electric vehicle data interconnection intercommunication authority control method and system
CN109587151A (en) * 2018-12-13 2019-04-05 泰康保险集团股份有限公司 Access control method, device, equipment and computer readable storage medium
CN109783581A (en) * 2018-11-30 2019-05-21 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium
CN110414257A (en) * 2018-04-26 2019-11-05 中移(苏州)软件技术有限公司 A kind of data access method and server
CN111027093A (en) * 2019-11-22 2020-04-17 贝壳技术有限公司 Access right control method and device, electronic equipment and storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572630A (en) * 2009-05-22 2009-11-04 中兴通讯股份有限公司 Privilege management system and method based on objects
CN102447677A (en) * 2010-09-30 2012-05-09 北大方正集团有限公司 Resource access control method, system and equipment
CN102567675A (en) * 2012-02-15 2012-07-11 合一网络技术(北京)有限公司 User authority management method and system in business system
US20180131703A1 (en) * 2013-04-03 2018-05-10 Salesforce.Com, Inc. System, method and computer program product for managing access to systems, products, and data based on information associated with a physical location of a user
CN107506658A (en) * 2017-07-10 2017-12-22 上海最会保网络科技有限公司 A kind of user authority management system and method
CN107403106A (en) * 2017-07-18 2017-11-28 北京计算机技术及应用研究所 Database fine-grained access control method based on terminal user
CN107808103A (en) * 2017-11-13 2018-03-16 北京中电普华信息技术有限公司 The control method and control device of a kind of data permission
CN108462685A (en) * 2017-12-29 2018-08-28 国网电动汽车服务有限公司 Based on binary electric vehicle data interconnection intercommunication authority control method and system
CN110414257A (en) * 2018-04-26 2019-11-05 中移(苏州)软件技术有限公司 A kind of data access method and server
CN109783581A (en) * 2018-11-30 2019-05-21 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium
CN109587151A (en) * 2018-12-13 2019-04-05 泰康保险集团股份有限公司 Access control method, device, equipment and computer readable storage medium
CN111027093A (en) * 2019-11-22 2020-04-17 贝壳技术有限公司 Access right control method and device, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112100641A (en) * 2020-11-09 2020-12-18 成都掌控者网络科技有限公司 Multi-dimensional authorization method, system, equipment and storage medium
CN115102770A (en) * 2022-06-24 2022-09-23 平安普惠企业管理有限公司 Resource access method, device and equipment based on user permission and storage medium

Similar Documents

Publication Publication Date Title
US20200089718A1 (en) Inferred user identity in content distribution
US20140068085A1 (en) Controlling access to resources by hosted entities
CN111191221B (en) Configuration method and device of authority resources and computer readable storage medium
CN110457363B (en) Query method, device and storage medium based on distributed database
CN103620602A (en) Persistent key access to a resource in a collection
CN103597494A (en) Method and device for managing digital usage rights of documents
CN108173839B (en) Authority management method and system
US11019493B2 (en) System and method for user authorization
EP3471010A1 (en) Generic runtime protection for transactional data
CN111008348A (en) Anti-crawler method, terminal, server and computer readable storage medium
US10650153B2 (en) Electronic document access validation
CN105488125A (en) Page access method and apparatus
CN111159729A (en) Authority control method, device and storage medium
CN111460496A (en) Permission configuration method based on user role, electronic device and storage medium
CN102882834A (en) Access control method and device
CN110750765B (en) Service system, front-end page control method thereof, computer device, and storage medium
CN113282591A (en) Authority filtering method and device, computer equipment and storage medium
CN109871715B (en) Access method and device of distributed storage file and storage medium
WO2023202618A1 (en) Data sending method and apparatus
CN116186649A (en) Cross-system access method, device, computer equipment and storage medium
CN115203672A (en) Information access control method and device, computer equipment and medium
CN107430619B (en) System for associating related digital assets
CN114266072A (en) Authority distribution control method and device, electronic equipment and storage medium
CN114417281A (en) Method and device for responding permission request, computer equipment and storage medium
CN105519069A (en) Data processing system, center apparatus and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200515

RJ01 Rejection of invention patent application after publication