CN117150534B - Trusted DCS upper computer application access control method and system based on authority management - Google Patents
Trusted DCS upper computer application access control method and system based on authority management Download PDFInfo
- Publication number
- CN117150534B CN117150534B CN202311417321.7A CN202311417321A CN117150534B CN 117150534 B CN117150534 B CN 117150534B CN 202311417321 A CN202311417321 A CN 202311417321A CN 117150534 B CN117150534 B CN 117150534B
- Authority
- CN
- China
- Prior art keywords
- application
- node
- authority
- user
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 93
- 238000004883 computer application Methods 0.000 title claims abstract description 38
- 230000008569 process Effects 0.000 claims abstract description 33
- 238000004590 computer program Methods 0.000 claims description 18
- 230000006870 function Effects 0.000 claims description 17
- 238000003860 storage Methods 0.000 claims description 16
- 238000012795 verification Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 230000006872 improvement Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 239000007787 solid Substances 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000004031 devitrification Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000007711 solidification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a trusted DCS (distributed control system) upper computer application access control method and system based on authority management, which belong to the technical field of upper computer access control and comprise the following steps: receiving an application permission request, and configuring a responsibility area configuration file at an upper computer engineer station node; setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes; placing the user, the node and the application under a newly-built process according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same process; and storing the application operation authority and synchronizing the application operation authority to other nodes of the system through a file synchronization service management process. The invention realizes multimode and refined authority management to ensure the safety and stability of the application of the DCS upper computer.
Description
Technical Field
The invention relates to the technical field of access control of an upper computer, in particular to a trusted DCS upper computer application access control method and system based on authority management.
Background
The Distributed Control System (DCS) of the power plant has complex composition and multiple functions, and the functional area, the responsibility area and the operation authority are divided by combining the actual requirements of the power plant.
The trusted DCS controller has a trusted computing function, and can perform trusted verification on a bootstrap program, an operating system kernel, an application program, a configuration file, a process and the like so as to ensure the credibility of the software and hardware environment of the controller. The trusted verification is an access control means, if an important program or file in the system is tampered and the verification is not trusted, the program is forbidden to be executed, and the file is forbidden to be accessed, if the program is a necessary program for running the system, the system can not be started normally, so that when the situation occurs, a recovery method is needed to eliminate the influence of the system which is caused by the un-trusted program.
Access control is an important mechanism for protecting the safety of DCS upper computer application. The traditional DCS upper computer application access control method can not limit the application operation authorities of different nodes by limiting the authorities of login users, has no check relation among users, nodes and applications, and cannot effectively protect the safety of the DCS upper computer application once the login users have problems.
Disclosure of Invention
Aiming at the defects, the invention provides a trusted DCS upper computer application access control method and system based on authority management; the method realizes multimode and refined authority management to ensure the safety and stability of the application of the DCS upper computer.
In order to achieve the above purpose, the invention adopts the following technical means:
the first aspect of the present invention provides a trusted DCS upper computer application access control method based on rights management, comprising:
receiving an application permission request, configuring a responsibility area configuration file at a node of an upper computer engineer station, modifying an application configuration table in a system database, starting check options of a user, a node and an application, starting a permission management tool and starting a responsibility area configuration file check function;
setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes;
placing the user, the node and the application under a newly-built process according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same process;
and storing the application operation authority and synchronizing the application operation authority to other nodes of the system through a file synchronization service management process.
As a further improvement of the invention, the responsibility area configuration file is to add user responsibility areas, node responsibility areas and application responsibility areas in the authority management tool.
As a further improvement of the invention, the application configuration table in the system database is modified by setting the attribute of the check_ userManager, check _appmanager and the check_nodemanager of the global configuration table in the system database.
As a further improvement of the invention, the setting of the operation authority of the upper computer application and each node according to the application authority request comprises:
the specific operation authority of the upper computer application is divided into three role authorities of an administrator, an operator and an engineer, wherein the authority levels are sequentially from high to low: engineers, administrators, and operators;
the authority setting of each node is to give each node system authority, application operation authority, remote control remote regulation authority and operable DPU authority.
As a further improvement of the present invention, the role division and setting of the operable nodes for all the users includes:
dividing users into three types of administrators, operators and engineers according to roles;
and setting the user operable node according to the role, and performing corresponding operation on the operable node after setting.
As a further improvement of the invention, in the newly-built working procedures for binding the operation authorities of users, nodes and applications, each working procedure binds a plurality of nodes, a plurality of users and a plurality of application operation authorities.
As a further improvement of the invention, the storing of the application operation authority is to store the application operation authority as a file format, and a subsequent user can read the file format to obtain the application operation authority of each node when operating the application by any node.
The second aspect of the present invention provides a trusted DCS host application access control system based on rights management, comprising:
the receiving configuration module is used for receiving an application permission request, configuring a responsibility area configuration file at a node of an upper computer engineer station, modifying an application configuration table in a system database, starting check options of a user, a node and an application, starting a permission management tool and starting a responsibility area configuration file check function;
the setting dividing module is used for setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes;
the placement configuration module is used for placing the user, the node and the application under a newly-built procedure according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same procedure;
and the storage synchronization module is used for storing the application operation authority and synchronizing the application operation authority to other nodes of the system through the file synchronization service management process.
The third aspect of the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the trusted DCS upper computer application access control method based on rights management when executing the computer program.
A fourth aspect of the present invention provides a computer readable storage medium storing a computer program, where the computer program when executed by a processor implements the trusted DCS upper computer application access control method based on rights management.
Compared with the prior art, the invention has the following beneficial effects:
according to the access control method, the node configuration is carried out on the upper computer according to the permission request, the application configuration table is further modified, the verification function is started, the setting is carried out according to the node and the role, the diagonal color is divided, the permission is configured according to the working procedure situation after the division, the multi-application control can be more accurately and safely carried out, and the application access security control is realized. Different application operation authorities are set for different nodes, and verification relations among users, nodes and applications are established, so that multimode and refined authority management is realized to ensure the safety and stability of DCS upper computer applications.
Drawings
FIG. 1 is a flow chart of a trusted DCS upper computer application access control method based on rights management;
FIG. 2 is a specific flowchart of an application access control method of a trusted DCS upper computer based on rights management in the embodiment of the invention;
FIG. 3 is a trusted DCS upper computer application access control system based on rights management provided by the invention;
fig. 4 is a schematic diagram of an electronic device according to the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.
Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Term interpretation:
the access control is to provide a set of methods to identify, organize and host all functions in the system, organize and host all data, and then provide a simple and unique interface, one end of which is the application system and one end of which is the authority engine. The rights engine only answers: who has the right to perform a certain action (movement, calculation) on a certain resource. The only results returned are: with, without, rights engine anomalies.
DPU (Data Processing Unit) is an abbreviation for data processing unit, which is a special purpose hardware device or circuit board for high performance computing, data acceleration and data processing tasks. The DPU can work cooperatively with a Central Processing Unit (CPU) to speed up data processing and improve system performance.
DPU permissions refer to permissions to configure and manage a DPU.
As shown in fig. 1, a first object of the present invention is to provide a trusted DCS host application access control method based on rights management, which includes the following steps:
s1, receiving an application permission request, configuring a responsibility area configuration file at a node of an upper computer engineer station, modifying an application configuration table in a system database, starting verification options of a user, a node and an application, starting a permission management tool and starting a responsibility area configuration file verification function;
s2, setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes;
s3, placing the user, the node and the application under a newly-built process according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same process;
s4, storing the application operation authority and synchronizing the application operation authority to other nodes of the system through a file synchronization service management process.
The trusted DCS application access control method based on the authority management can perform application configuration of a database according to a user request, then perform role division according to the user and finally configure the authority of the corresponding node of the user, and can solve the problem that the existing application access control method cannot set different application operation authorities for different nodes and establish verification relations among the user, the nodes and the applications, thereby realizing multi-mode and fine authority management to ensure the safety and the stability of the DCS application.
The present invention will be described in detail with reference to the following examples:
referring to fig. 2, a trusted DCS upper computer application access control method based on rights management specifically includes the following steps:
s1, configuring an aormanager.xml responsibility area configuration file at an upper computer operator station node;
in one embodiment, when the path of the configuration file of the aormnager. Xml responsibility area is users/ems/solid/devitrification/etc/mmi/init, the configuration is performed on the aormnager. Xml file, so as to increase three kinds of authority settings of the user responsibility area, the node responsibility area and the application responsibility area in the authority management tool.
S2, subsequently modifying an application configuration table in a system database, starting verification options of users, nodes and applications, subsequently starting a right management tool and starting a responsibility area verification function;
in one embodiment, the application configuration table in the system database is modified, and the invention sets the check_ userManager, check _appmanager and check_nodemanager attributes of the global configuration table in the system database, and in particular the application management library.
S3, setting the operation authorities of the upper computer application and each node according to the application authority request, performing role division on all users according to the application authority request, and setting the operable nodes, and after the setting is completed, creating a plurality of working procedures for binding the operation authorities of the users, the nodes and the application based on the role division and the operable nodes;
in one embodiment, the rights management tool can only be operated by a super administrator user who has the highest rights to the system; setting the right of the diagonal operation, the method can be divided into three role rights of an administrator, an operator and an engineer according to the specific operation rights given to the upper computer application by different roles, wherein the right grades are sequentially from high to low: engineers, administrators, and operators;
the user and the application of the invention are expressed differently, and the application is a process or program actually running in the system; the user is account information for logging in by starting an application or a program in the system.
In one embodiment, the node operation authority is set, which means that each node system authority, application operation authority, remote control remote regulation authority, operable DPU authority and the like are given.
S4, placing the user, the node and the application under a specific procedure according to the application permission request, wherein a certain user in the system can only perform application operation permission on the application at a certain node when the user, the node and the application are divided into the same procedure;
users are divided according to roles, and can only be divided into three types of administrators, operators and engineers;
setting user operable nodes, if the user operable nodes are not set, enabling a default user to operate on all the nodes, and after the user operable nodes are set, enabling corresponding operations on the selected nodes;
in one embodiment, the new process binds the operation rights of users, nodes and applications, wherein the upper limit of the number of processes is 128, and each process can bind a plurality of nodes, a plurality of users and a plurality of application operation rights;
in one embodiment, a user in the system may only have application operating rights to an application at a node when the user, node, and application are placed under the same process.
S5, after the setting is completed, storing and exiting to realize the trusted DCS upper computer application access control operation based on the authority management;
the storage operation stores the authority management configuration of the user, the node and the application under the files of users/ems/solid/reployment/etc/manager in the format of xml file, and synchronizes the files to other nodes of the system through the file synchronization service management process, and the follow-up user can read the xml file to acquire the application operation authority of each node when any node operates the application.
The access control method is applied to the DCS upper computer based on authority management, so that the specific functional areas of the power plant can be divided, the safety of the DCS system is improved, potential safety hazards caused by manual misoperation are avoided, and the safe operation of the power plant is ensured.
As shown in fig. 3, the present invention further provides a trusted DCS upper computer application access control system based on rights management, including:
the receiving configuration module is used for receiving an application permission request, configuring a responsibility area configuration file at a node of an upper computer engineer station, modifying an application configuration table in a system database, starting check options of a user, a node and an application, starting a permission management tool and starting a responsibility area configuration file check function;
the setting dividing module is used for setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes;
the placement configuration module is used for placing the user, the node and the application under a newly-built procedure according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same procedure;
and the storage synchronization module is used for storing the application operation authority and synchronizing the application operation authority to other nodes of the system through the file synchronization service management process.
As shown in fig. 4, the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the trusted DCS upper computer application access control method based on rights management when executing the computer program.
The trusted DCS upper computer application access control method based on authority management comprises the following steps:
s1, receiving an application permission request, configuring a responsibility area configuration file at a node of an upper computer engineer station, modifying an application configuration table in a system database, starting verification options of a user, a node and an application, starting a permission management tool and starting a responsibility area configuration file verification function;
s2, setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes;
s3, placing the user, the node and the application under a newly-built process according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same process;
s4, storing the application operation authority and synchronizing the application operation authority to other nodes of the system through a file synchronization service management process.
In some implementations, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText TransferProtocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the trusted DCS upper computer application access control method based on the authority management when being executed by a processor.
The trusted DCS upper computer application access control method based on authority management comprises the following steps:
s1, receiving an application permission request, configuring a responsibility area configuration file at a node of an upper computer engineer station, modifying an application configuration table in a system database, starting verification options of a user, a node and an application, starting a permission management tool and starting a responsibility area configuration file verification function;
s2, setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes;
s3, placing the user, the node and the application under a newly-built process according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same process;
s4, storing the application operation authority and synchronizing the application operation authority to other nodes of the system through a file synchronization service management process.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (8)
1. The trusted DCS upper computer application access control method based on authority management is characterized by comprising the following steps of:
receiving an application permission request, configuring a responsibility area configuration file at a node of an upper computer engineer station, modifying an application configuration table in a system database, starting check options of a user, a node and an application, starting a permission management tool and starting a responsibility area configuration file check function;
setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes;
placing the user, the node and the application under a newly-built process according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same process;
storing the application operation authority and synchronizing the application operation authority to other nodes of the system through a file synchronization service management process;
the responsibility area configuration file is to add a user responsibility area, a node responsibility area and an application responsibility area in the authority management tool;
the setting of the operation authority of the upper computer application and each node according to the application authority request comprises the following steps:
the specific operation authority of the upper computer application is divided into three role authorities of an administrator, an operator and an engineer, wherein the authority levels are sequentially from high to low: engineers, administrators, and operators;
the authority setting of each node is to give each node system authority, application operation authority, remote control remote regulation authority and operable DPU authority.
2. The trusted DCS application access control method based on rights management as claimed in claim 1, wherein: the modifying the application configuration table in the system database is to set the attribute of the check_ userManager, check _appmanager and the check_nodemanager of the global configuration table in the system database.
3. The trusted DCS application access control method based on rights management as claimed in claim 1, wherein: the role division of all users and the setting of the operable nodes comprise the following steps:
dividing users into three types of administrators, operators and engineers according to roles;
and setting the user operable node according to the role, and performing corresponding operation on the operable node after setting.
4. The trusted DCS application access control method based on rights management as claimed in claim 1, wherein: and in the newly-built processes for binding the operation authorities of the users, the nodes and the applications, each process binds a plurality of operation authorities of the nodes, the users and the applications.
5. The trusted DCS application access control method based on rights management as claimed in claim 1, wherein: the storing of the application operation authority is to store the application operation authority as a file format, and when a subsequent user operates the application at any node, the file format can be read to obtain the application operation authority of each node.
6. A trusted DCS application access control system based on rights management, the trusted DCS application access control method based on rights management as claimed in any one of claims 1 to 5, comprising:
the receiving configuration module is used for receiving an application permission request, configuring a responsibility area configuration file at a node of an upper computer engineer station, modifying an application configuration table in a system database, starting check options of a user, a node and an application, starting a permission management tool and starting a responsibility area configuration file check function;
the setting dividing module is used for setting the upper computer application and the operation authorities of all the nodes according to the application authority request, performing role division on all the users and setting the operable nodes, and creating a plurality of working procedures for binding the user, the node and the operation authorities of the application based on the role division and the operable nodes;
the placement configuration module is used for placing the user, the node and the application under a newly-built procedure according to the application permission request, and configuring the application operation permission of the user at the corresponding node when the user, the node and the application are divided into the same procedure;
and the storage synchronization module is used for storing the application operation authority and synchronizing the application operation authority to other nodes of the system through the file synchronization service management process.
7. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the rights management based trusted DCS upper computer application access control method of any of claims 1-5 when the computer program is executed.
8. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, implements the rights management based trusted DCS upper application access control method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311417321.7A CN117150534B (en) | 2023-10-30 | 2023-10-30 | Trusted DCS upper computer application access control method and system based on authority management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311417321.7A CN117150534B (en) | 2023-10-30 | 2023-10-30 | Trusted DCS upper computer application access control method and system based on authority management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117150534A CN117150534A (en) | 2023-12-01 |
| CN117150534B true CN117150534B (en) | 2024-01-30 |
Family
ID=88910451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311417321.7A Active CN117150534B (en) | 2023-10-30 | 2023-10-30 | Trusted DCS upper computer application access control method and system based on authority management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117150534B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117784744B (en) * | 2024-02-28 | 2024-05-14 | 西安热工研究院有限公司 | Trust-based DCS upper computer application access control method, equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110086872A (en) * | 2019-04-29 | 2019-08-02 | 新奥数能科技有限公司 | A kind of data processing method and system of SCADA system |
| CN112118224A (en) * | 2020-08-12 | 2020-12-22 | 北京大学 | Trusted mechanism authority management method and system for big data block chain |
| CN115766618A (en) * | 2022-09-27 | 2023-03-07 | 江苏银承网络科技股份有限公司 | Resource allocation system of multiple servers |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9223807B2 (en) * | 2012-09-13 | 2015-12-29 | International Business Machines Corporation | Role-oriented database record field security model |
-
2023
- 2023-10-30 CN CN202311417321.7A patent/CN117150534B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110086872A (en) * | 2019-04-29 | 2019-08-02 | 新奥数能科技有限公司 | A kind of data processing method and system of SCADA system |
| CN112118224A (en) * | 2020-08-12 | 2020-12-22 | 北京大学 | Trusted mechanism authority management method and system for big data block chain |
| CN115766618A (en) * | 2022-09-27 | 2023-03-07 | 江苏银承网络科技股份有限公司 | Resource allocation system of multiple servers |
Non-Patent Citations (2)
| Title |
|---|
| Exploitation of DevOps concepts for the ASDEX Upgrade DCS;B. Sieglin等;《Fusion Engineering and Design》;全文 * |
| 基于角色的访问权限控制在电力MIS中的应用;高巍;荆心;雷聚超;;国外电子测量技术(02);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117150534A (en) | 2023-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107637042B (en) | Custom communication channel for application deployment | |
| CN117150534B (en) | Trusted DCS upper computer application access control method and system based on authority management | |
| CN110012096B (en) | Mobile client service update management method, device and system | |
| JP6045134B2 (en) | Parallel workload simulation for application performance testing | |
| CN111026723B (en) | Big data cluster management control method and device, computer equipment and storage medium | |
| KR20140033056A (en) | Automating cloud service reconnections | |
| US11831495B2 (en) | Hierarchical cloud computing resource configuration techniques | |
| CN109005198A (en) | A kind of controller attack protection security strategy generation method and system | |
| CN114706690B (en) | Method and system for sharing GPU (graphics processing Unit) by Kubernetes container | |
| CN113010897A (en) | Cloud computing security management method and system | |
| CN111352706A (en) | Data access method, device, equipment and storage medium | |
| CN111131474A (en) | Method, device and medium for managing user protocol based on block chain | |
| CN113312669B (en) | Password synchronization method, device and storage medium | |
| CN112559118A (en) | Application data migration method and device, electronic equipment and storage medium | |
| CN106936643B (en) | Equipment linkage method and terminal equipment | |
| CN115604103A (en) | Configuration method and device of cloud computing system, storage medium and electronic equipment | |
| CN106357704A (en) | Method and device for invoking service on basis of development environments | |
| CN115766618A (en) | Resource allocation system of multiple servers | |
| US11295399B2 (en) | Well exploration, service and production appliance architecture | |
| MVP et al. | Microsoft System Center 2012 R2 Operations Manager Cookbook | |
| CN113300852B (en) | Service management method and platform, computer device and computer readable storage medium | |
| US11240107B1 (en) | Validation and governance of a cloud computing platform based datacenter | |
| EP2774046B1 (en) | Selective roaming lists | |
| Luoma | Multi-tenant hybrid cloud architecture | |
| Glowinski et al. | Security analysis of a cloud backup service based on a smart site failover |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |