CN116708011A - Zone-based permission control method, device and system - Google Patents

Zone-based permission control method, device and system Download PDF

Info

Publication number
CN116708011A
CN116708011A CN202310907090.1A CN202310907090A CN116708011A CN 116708011 A CN116708011 A CN 116708011A CN 202310907090 A CN202310907090 A CN 202310907090A CN 116708011 A CN116708011 A CN 116708011A
Authority
CN
China
Prior art keywords
user
information
region
authority
role
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310907090.1A
Other languages
Chinese (zh)
Inventor
张万萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202310907090.1A priority Critical patent/CN116708011A/en
Publication of CN116708011A publication Critical patent/CN116708011A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a region-based permission control method, device and system. The method is applied to the server and comprises the following steps: responding to a login request of a registered user, and acquiring login information and user information of the registered user; determining a login access region according to the login information; inquiring corresponding region authority information through a region authority table based on the access region and the user information; under the condition that the corresponding regional authority information is inquired, the regional authority information is configured to the user so that the user can log in, and therefore enterprise management cost is reduced, and meanwhile system authority control flexibility is improved.

Description

Zone-based permission control method, device and system
Technical Field
The application belongs to the technical field of authority control, and particularly relates to an authority control method based on a region, an authority control device based on the region and an authority control system based on the region.
Background
The business of many large enterprises is distributed throughout the places, and when the enterprises introduce security devices, the situation that some areas of business are insufficient to deploy one security device alone is very common. The current mainstream processing mode is that the security software application supports the creation of a plurality of systems, each region creates a subsystem independently, and each subsystem is independent. The processing mode only needs to be deployed in the headquarter, but as the service systems of all regions are independent, the headquarter service system cannot control the service system operation condition of all regions, and the personnel workload is increased, for example, the headquarter service system issues a notification, the service systems of all regions need to be issued respectively, so that the work becomes repeated and complicated in an intangible way, and the timeliness and the accuracy of the notification are reduced.
Disclosure of Invention
The present application has been made to solve the above-mentioned problems occurring in the prior art. The application aims to provide a region-based permission control method, device and system, which can control the system operation permission of a user based on the access region of the user, realize that the same role and even the same user can control the access permissions of different regions without perception for the same system, and enable the system to be more intelligent in permission control and more flexible.
According to a first aspect of the present application, there is provided an area-based authority control method applied to a server, including: responding to a login request of a registered user, and acquiring login information and user information of the registered user; determining a login access region according to the login information; inquiring corresponding region authority information through a region authority table based on the access region and the user information; and under the condition that the corresponding region authority information is inquired, configuring the region authority information to the user so as to enable the user to log in.
According to a second aspect of the present application, there is provided an area-based rights control unit including: the acquisition module is configured to respond to a login request of a registered user and acquire login information and user information of the registered user; an access region determining module configured to determine an access region for login according to the login information; the inquiring module is configured to inquire corresponding region authority information through a region authority table based on the access region and the user information; and the configuration module configures the regional authority information to the user under the condition that the corresponding regional authority information is queried, so that the user can log in.
According to a third aspect of the present application, there is provided an area-based rights control system, including: a client including an operation section in which a user can perform an authorization operation; the system management module is used for responding to a login request of a registered user, acquiring login information and user information of the registered user, determining a login access region according to the login information, inquiring corresponding region authority information through a region authority table based on the access region and the user information, and configuring the region authority information to the user under the condition that the corresponding region authority information is inquired so as to enable the user to realize login.
According to the application, the operation authority of each role in each region can be pre-configured, when a registered user initiates a login request, the region-level authority of the registered user which is matched with the access region and is pre-configured is queried according to the access region of the registered user, and the authorized operation is displayed to the registered user according to the configured authority, so that the enterprise management cost is reduced, and meanwhile, the control flexibility of the system authority and the intelligent degree of the system are improved.
Drawings
FIG. 1 is a flow chart of a zone-based rights control method in accordance with one embodiment of the application;
FIG. 2 is a schematic diagram of a registered user list, a rights list, a region list, a role rights list, and stored contents of the region rights list according to an embodiment of the present application;
FIG. 3 is a flow chart of a zone-based rights control method in accordance with one embodiment of the application;
FIG. 4 is a flow chart of responding to a registration user login request according to one embodiment of the present application;
FIG. 5 is a block diagram of a zone-based rights control unit in accordance with an embodiment of the application;
FIG. 6 is a block diagram of a zone-based entitlement control system in accordance with an embodiment of the present application;
fig. 7 is a schematic flow chart of an application of the embodiment of the application, taking an operation and maintenance audit system as an example.
Detailed Description
In order to enable those skilled in the art to better understand the technical scheme of the present application, the present application will be described in detail with reference to the accompanying drawings and specific embodiments.
It should be understood that various modifications may be made to the embodiments of the application herein. Therefore, the above description is not to be taken as limiting the application, but merely as exemplifications of embodiments. Other modifications within the scope and spirit of the application will occur to persons of ordinary skill in the art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and, together with a general description of the application given above, and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the application will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It is also to be understood that, although the application has been described with reference to some specific examples, those skilled in the art can certainly realize many other equivalent forms of the application.
The above and other aspects, features and advantages of the present application will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application in unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.
The method for controlling the authority based on the region is applied to a server of an operation and maintenance auditing system. The method may control the user rights based on an access area where the registered user initiates the login request, which may be determined by login information acquired in response to the login request of the registered user.
Fig. 1 is a flowchart of a zone-based rights control method according to an embodiment of the present application, as shown in fig. 1, the method includes the steps of:
s101: and responding to the login request of the registered user, and acquiring login information and user information of the registered user.
The login information includes information about an access area where the user initiates the login request, for example, an IP address of a user terminal where the user initiates the login request. The user information of the registered user includes information capable of confirming the user role information.
S102: determining a login access region according to login information;
for example, referring to fig. 6, which is a block diagram of a zone-based rights control system according to an embodiment of the present application, the system management module 201 invokes a third party API (Application Programming Interface ) to obtain zone information of a zone where a registered user initiating a login request is located, based on an IP address of a user terminal where the registered user initiates the login request, so as to determine an access zone of the registered user.
S103: inquiring corresponding region authority information through a region authority table based on the access region and the user information;
illustratively, the user role information is validated in the registered user list based on the acquired user information. As shown in fig. 2, at least user information and user character information of the user-configured character are stored in the registered user list. The region authority table stores the authority of each role in each region. When the regional authority information corresponding to the character information corresponding to the user character information is found in the regional authority table, the process proceeds to step S104.
S104: and under the condition that the corresponding region authority information is inquired, the region authority information is configured to the user so as to enable the user to log in.
The region authority information is returned to the user terminal, and the user terminal operates the operation authority displayed to the user according to the returned region authority information, and configures, adjusts or updates the authority information related to the region of the user. In other words, on the user terminal, the operation corresponding to the operation authority included in the region authority information can be displayed to the user, so as to obtain the operation content authorized by the region authority information.
According to the region-based authority control method, the region-level authority of the registered user which is matched with the access region and is configured in advance can be queried according to the access region of the registered user when the registered user initiates a login request by pre-configuring the operable authority of each role in each region. On the other hand, the authorized operation may be presented to the registered user according to the rights of the relevant configuration. Therefore, the enterprise management cost can be reduced, and the control flexibility of the system authority and the intelligent degree of the system can be improved.
In some embodiments, the user information includes at least one role configured for the registered user.
In an exemplary embodiment, at least one role is configured for a registered user, and in response to a login request of the registered user, user role information in user information of the registered user is obtained from a registered user list, and is used for subsequently querying regional authorities corresponding to the role information in a regional authority table. Based on the inventive concept, those skilled in the art can want to realize multi-role configuration, flexibility and intelligent login of multi-address distribution users by properly combining technologies of role identification, clustering, virtual roles/virtual addresses and the like for multi-role users in some embodiments.
In some embodiments, the zone permission table is configured to: in the region authority table, a region, a character, and region authority information possessed by the character are stored in a corresponding manner.
Illustratively, in the zone authority table, the roles and the zone authority information they have are stored in a corresponding manner, as shown in fig. 2, in the zone authority table, each piece of zone authority information includes a unique identifier of a role, namely a role ID (role ID), a unique identifier of a zone, namely a zone ID (region ID), and authority IDs (limit IDs) of all the authorities that the role has in the zone, wherein the authority IDs are unique identifiers that each authority has. The region ID in the region authority list is obtained from the region list, and the authority ID is obtained from the authority list. Specifically, the zone list stores zone names of all zones having settable zone rights, and each zone name has a unique identification, i.e., a zone ID. The authority list stores authority names of all authorities that a user can operate through the user terminal. In some preferred embodiments, each rights name may have a unique identification, or rights ID. When the region authority list is set, for each role, on one hand, the region ID of the region with the region authority can be obtained from the region list; on the one hand, the right IDs of all the rights possessed by the role in the regions with the regional rights can be obtained from the right list, and all the rights possessed by the regions with the regional rights are correspondingly configured to the regions with the regional rights. In some embodiments, the zone ID, the role ID, and the rights ID may be stored in a corresponding manner.
In some embodiments, the zone-based permission control method of the application embodiment further includes querying, according to a role configured by the registered user, role permission information corresponding to the role by using a role permission table, and configuring the role permission information to the user, so that the user can log in.
Fig. 3 is a second flowchart of a zone-based rights control method according to an embodiment of the present application, as shown in fig. 3, the method includes the following steps:
the steps of S101 to S103 may be combined with the foregoing and refer to fig. 1.
S105, under the condition that the corresponding region authority information is not queried, querying the role authority information corresponding to the role by utilizing a role authority table according to the role configured by the registered user, and configuring the role authority information to the user so as to enable the user to log in.
Illustratively, based on the user role information in the registered user information, the role authority corresponding to the role configured by the user is queried in the role authority table, the queried role authority information is returned to the user terminal, and the user terminal displays the operation authority to the user for control according to the returned role authority information. In other words, operations corresponding to all rights of the character set by the user, namely all operation contents which can be performed by the character, are displayed to the user on the user terminal.
In some embodiments, the role authority table is configured to: in the role authority table, roles configured by the user and role authority information possessed by the roles are stored in a corresponding manner.
In some embodiments, the rights in the role rights information table for a role include all rights in the zone rights information table for the role.
In the role authority table, the role configured by the user and the role authority information possessed by the role are stored in a corresponding mode, and each piece of role authority information comprises a name of one role, a unique identifier of the role, namely a role ID, and authority IDs of all the authorities possessed by the role, wherein the authority IDs are unique identifiers possessed by each authority.
In some embodiments, the rights in the role rights information table for a role include all rights in the zone rights information table for the role.
For example, since the authority in the region authority information table is a region-level authority after region restriction is performed on the authority of the character in the character authority information table, the authority in the character authority information table of one character includes all the authorities in the region authority information table of the character. Therefore, when the regional authority information corresponding to the role configured by the registered user is not found in the regional authority information table, the role authority information of the role configured by the registered user is queried according to the role authority information table.
In some embodiments, in response to a registered user login request, it may be verified whether the user initiating the login request is a registered user by user information obtained from in response to the user's login request. Fig. 4 is a flowchart of responding to a login request of a registered user according to an embodiment of the present application, as shown in fig. 4, including the following steps:
s1011, responding to the login request of the user and acquiring the user information of the user.
Illustratively, user information of a user is obtained in response to a login request from the client terminal by the user.
S1012, when the user information is found in the registered user list, the login request is used as a registered user login request.
Illustratively, the user information is searched in the registered user list, and when the user information that matches the user information acquired at the time of responding to the login request is found in the registered user list, the login request of the user for which the user information is found in the registered user list is regarded as the registered user login request, and the process proceeds to step S102. Based on the inventive concept of the present application, those skilled in the art can appreciate that, in some embodiments, the present application may further implement a mechanism for ensuring a user to log in safely by properly combining technologies such as disabling, repeating verification, and providing a virtual login interface.
In some embodiments, the user information includes an account number and a password of the user, and the account number and the password of the registered user are stored in the registered user list.
For example, as shown in fig. 2, in the registered user list, for each registered user, a registered user name, an account number, a password of the registered user, and a role ID corresponding to the role configured by the user are stored in a corresponding manner.
In some embodiments of the present application, as shown in fig. 5, which is a block diagram of a zone-based rights control device according to an embodiment of the present application, the embodiment of the present application provides a zone-based rights control device 10, which may be applied in an operation and maintenance auditing system, for example, and may be combined with fig. 6, which is a block diagram of a zone-based rights control system according to an embodiment of the present application, and fig. 7, which is a schematic flow chart of an application of an embodiment of the present application, taking the operation and maintenance auditing system as an example. The rights control apparatus 10 of the embodiment of the present application includes an acquisition module 101, an access region determination module 102, a query module 103, and a configuration module 104. The acquisition module 101 is configured to acquire login information and user information of a registered user in response to a registered user login request. The access region determination module 102 is configured to determine the logged-in access region based on the login information. The query module 103 is configured to query corresponding region authority information through the region authority table based on the access region and the user information. The configuration module 104 configures the regional authority information to the user under the condition that the corresponding regional authority information is queried, so that the user can log in. The above-described authority control method can be executed by the authority control device 10, and the authority control device 10 is configured to acquire login information and user information of a registered user in response to a login request of the registered user, determine a login access region based on the login information, and query corresponding region authority information through a region authority table based on the access region and the user information. And under the condition that the corresponding region authority information is inquired, configuring the region authority information to the user so as to enable the user to log in.
In some embodiments, the rights control device 10 further comprises a database 105, at least a region rights table is stored in the database 105, and the region rights table is configured such that, among the region rights tables, regions, the roles, and region rights information it has are stored in a corresponding manner. In some embodiments, the database 105 further stores a registered user list and/or a role authority information table, where an account number and a password of the registered user and a role configured for the registered user are stored, and the role authority table is configured such that in the role authority table, a role configured by the user and role authority information possessed by the role are stored in a corresponding manner.
In some embodiments of the present application, a zone-based entitlement control system is provided, which in the present application may be, for example, an operation and maintenance auditing system. Fig. 6 is a block diagram of a zone-based entitlement control system in accordance with an embodiment of the present application. As shown in fig. 6, the rights control system includes a client 202, a system management module 201, and a storage 203. The client 202 includes an operation section 204 in which a user can perform an authorization operation. The system management module 201 responds to a login request of a registered user, acquires login information and user information of the registered user, determines a login access region according to the login information, queries corresponding region authority information through a region authority table based on the access region and the user information, and configures the region authority information to the user under the condition that the corresponding region authority information is queried, so that the user realizes login. The storage terminal 203 has a database 205, and at least the region authority information table is stored in the database 205. In the region authority table, the region, the roles, and the region authority information thereof are stored in a corresponding manner.
Fig. 7 is a schematic flow chart of an application of the embodiment of the application, taking an operation and maintenance audit system as an example. With reference to fig. 7, a flow of the zone-based rights control method of various embodiments of the present application will be described using an operation and maintenance auditing system as an example. As shown in fig. 7, the flow of the operation and maintenance auditing system includes steps S201 to S210.
In step S201, a character is created and the authority of the character in each region is configured. Specifically, the operation unit 204 creates roles, configures the rights of each created role in each region, and transmits the result of configuring the region rights to the system management module 201.
In step S202, the character authority information of each region is stored in the region authority table. Specifically, the system management module 201 acquires the region ID of the region to which the authority is to be set from the region list, and stores each created character, the authority of the character in each region, in the database 205 in a corresponding manner as a region authority table.
In step S203, a new user is created and roles are assigned. Specifically, the user creates a user account by the operation unit 204, registers the user account as a registered user, assigns the character created in step S201 to the registered user corresponding to the created user account, and transmits the result of assigning the character to the system management module 201.
In step S204, the user information is stored in the registered user list. Specifically, the system management module 201 stores the user information of the registered user in the database 205 as a registered user list. The user information comprises an account number and a password of the user. Roles assigned to the respective registered users are also stored in the registered user list, and user information is stored in a corresponding manner with the assigned roles.
In step S205, the user initiates a login request with user information. Specifically, the user inputs an account number and a password through the operation unit 204, and thus initiates a login request to the system management module 201 by carrying user information with the client 202.
In step S206, the user is authenticated based on the user information. Specifically, the system management module 201 refers to the registered user list stored in the database 205 according to the account number and password in the user information included in the login request. When user information consistent with the account number password in the user information contained in the login request is queried in the registered user list, the user initiating the login request is authenticated as the registered user.
In step S207, the third party API acquisition request is called according to the user request information. Specifically, the system management module 201 invokes a third party API (Application Programming Interface ) based on the IP address of the client 202 from which the registered user initiates the login request, to obtain the region information of the region where the registered user initiates the login request, thereby determining the access region of the registered user.
In step S208, the owned region authority is queried based on the user role and region information. Specifically, the system management module 201 queries the region authority table for the region authority owned by the user' S role in the access region, based on the role configured by the registered user stored in the registered user list and the access region of the registered user determined in step S207.
In step S209, the regional rights are returned to the client. Specifically, the system management module 201 returns the regional authority owned by the user's role in the access region, which is queried in the regional authority table in the database 205, to the client 202.
In step S210, the operable content is displayed according to the geographical rights. Specifically, the client 202 presents the user with operable content at the client 202 according to the received regional rights.
The zone-based authority control method, the zone-based authority control device and the zone-based authority control system solve the problem of controlling the authority of different regional personnel of an enterprise to access the same enterprise system, and flexibly control the authority by accessing the region. For example, a headquarter administrator of an enterprise A has device restart rights, and a subsection administrator of B has system view rights only. In addition, the application provides a permission control method for controlling the user operation permission according to the user access region, and the system automatically distributes the user operation permission according to the access region, so that the different accessible resources of the users in different regions are realized. The application realizes the control of the user operation rights in different regions under the condition that the user does not feel, so that enterprises do not need to separately deploy services in each region and create independent subsystems, and maintain the independent control rights of multiple sets of services. The system supports intelligent allocation of user access rights according to regional dimensions, the same role of the same system and even the same user can operate differently as long as the user accesses the regional different login systems, flexibility of rights control is improved, the intelligent degree of enterprise management is improved, and meanwhile the operation cost of the enterprise is reduced.
The above description is intended to be illustrative and not limiting, and variations, modifications, alternatives, and variations of the above embodiments may be made by those of ordinary skill in the art within the scope of the present disclosure. Also, the above examples (or one or more aspects thereof) may be used in combination with each other, and it is contemplated that the embodiments may be combined with each other in various combinations or permutations.

Claims (12)

1. A zone-based rights control method, applied to a server, comprising:
responding to a login request of a registered user, and acquiring login information and user information of the registered user;
determining a login access region according to the login information;
inquiring corresponding region authority information through a region authority table based on the access region and the user information;
and under the condition that the corresponding region authority information is inquired, configuring the region authority information to the user so as to enable the user to log in.
2. The zone-based rights control method of claim 1, wherein the user information includes: at least one role configured for the registered user.
3. The zone-based rights control method of claim 2, wherein the zone rights table is configured to: in the region authority table, the region, the roles, and the region authority information thereof are stored in a corresponding manner.
4. The zone-based rights control method of claim 2, further comprising:
and under the condition that the regional authority information is not queried, querying role authority information corresponding to the role by utilizing a role authority table according to the role configured by the registered user, and configuring the role authority information to the user so as to enable the user to log in.
5. The zone-based rights control method of claim 4, wherein the role rights table is configured to: in the role authority table, the role configured by the user and role authority information possessed by the role are stored in a corresponding manner.
6. A zone-based rights control method as defined in claim 5, wherein,
the rights in the role rights information table of one role comprise all rights in the region rights information table of the role.
7. The zone-based rights control method of claim 1, wherein responding to a registered user login request comprises:
responding to a login request of a user, and acquiring user information of the user;
and taking the login request as the login request of the registered user under the condition that the user information is found in the registered user list.
8. The zone-based rights control method of claim 7, wherein the user information includes an account number and a password of the user, and the registered user list stores the account number and the password of the registered user.
9. An area-based rights control apparatus, comprising:
the acquisition module is configured to respond to a login request of a registered user and acquire login information and user information of the registered user;
an access region determining module configured to determine an access region for login according to the login information;
the inquiring module is configured to inquire corresponding region authority information through a region authority table based on the access region and the user information;
and the configuration module configures the regional authority information to the user under the condition that the corresponding regional authority information is queried, so that the user can log in.
10. A zone-based rights control unit as in claim 9, further comprising:
the database is at least stored with the region authority table, and the region authority table is configured as follows: in the region authority table, regions, roles, and region authority information possessed by the regions, roles, and region authority information are stored in a corresponding manner.
11. A zone-based entitlement control system, comprising:
the client side provides an interactive operation interface for a user;
the system management module is used for responding to a login request of a registered user, acquiring login information and user information of the registered user, determining a login access region according to the login information, inquiring corresponding region authority information through a region authority table based on the access region and the user information, and configuring the region authority information to the user under the condition that the corresponding region authority information is inquired so as to enable the user to realize login.
12. A zone-based rights control system as in claim 11, further comprising:
the storage end is provided with a database at least storing the region authority information table, and the region authority table is configured to: in the region authority table, regions, roles, and region authority information possessed by the regions, roles, and region authority information are stored in a corresponding manner.
CN202310907090.1A 2023-07-21 2023-07-21 Zone-based permission control method, device and system Pending CN116708011A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310907090.1A CN116708011A (en) 2023-07-21 2023-07-21 Zone-based permission control method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310907090.1A CN116708011A (en) 2023-07-21 2023-07-21 Zone-based permission control method, device and system

Publications (1)

Publication Number Publication Date
CN116708011A true CN116708011A (en) 2023-09-05

Family

ID=87843562

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310907090.1A Pending CN116708011A (en) 2023-07-21 2023-07-21 Zone-based permission control method, device and system

Country Status (1)

Country Link
CN (1) CN116708011A (en)

Similar Documents

Publication Publication Date Title
US6023464A (en) Auto-provisioning of user equipment
CN107342992B (en) System authority management method and device and computer readable storage medium
CA2803839C (en) Online service access controls using scale out directory features
CN111698228B (en) System access authority granting method, device, server and storage medium
US9852206B2 (en) Computer relational database method and system having role based access control
US9286475B2 (en) Systems and methods for enforcement of security profiles in multi-tenant database
US7962596B2 (en) Automated provisioning system
US7698445B2 (en) Client agents for obtaining attributes from unavailable clients
CN108259422B (en) Multi-tenant access control method and device
CN109474632B (en) Method, apparatus, system, and medium for authenticating and managing rights of user
JP6921831B2 (en) Associating user accounts with corporate workspaces
US20030005308A1 (en) Method and system for globally restricting client access to a secured web site
JP4746053B2 (en) Apparatus and method for controlling personal data
JP2002041454A (en) Network system, terminal management system and its method, data processing method, recording medium and internet service providing method
TW202123713A (en) Consent management system with check-in and synchronization process
CN110971566A (en) Account unified management method, system and computer readable storage medium
CN101741558A (en) Method for realizing uniform identity authentication
US11457075B2 (en) Authorization and content management in authorized profiles based on associated standardized hierarchical identification
CN101997931A (en) Position information acquiring method and equipment
US20100058466A1 (en) Systems and methods for providing security for software applications
CN116708011A (en) Zone-based permission control method, device and system
KR100931688B1 (en) Method and system for providing group communication service using group identifier
US20130086623A1 (en) Systems and methods for establishing isolation between content hosting services executing on common support server
KR101538737B1 (en) Method for IP allocation in DHCP
CN111191251A (en) Data authority control method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination