CN101227285B - System and method for dynamic controlling terminal user authority - Google Patents

System and method for dynamic controlling terminal user authority Download PDF

Info

Publication number
CN101227285B
CN101227285B CN2008100570989A CN200810057098A CN101227285B CN 101227285 B CN101227285 B CN 101227285B CN 2008100570989 A CN2008100570989 A CN 2008100570989A CN 200810057098 A CN200810057098 A CN 200810057098A CN 101227285 B CN101227285 B CN 101227285B
Authority
CN
China
Prior art keywords
user
authority
subordinate
list
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008100570989A
Other languages
Chinese (zh)
Other versions
CN101227285A (en
Inventor
方兴建
周衍坚
杨健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2008100570989A priority Critical patent/CN101227285B/en
Publication of CN101227285A publication Critical patent/CN101227285A/en
Application granted granted Critical
Publication of CN101227285B publication Critical patent/CN101227285B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a system and a method for dynamically controlling the authority extent of terminal users, wherein the system comprises a database module which is used to set and story user detailed statements, tacit authority extent tables and concrete user authority extent tables, a service management module which is used to additionally arrange subordinate users for registered users and/or realize that higher authority users distribute the authority extent to the subordinate users through the story user detailed statements, the tacit authority extent tables and the concrete user authority extent tables, an authority extent control module which is used to read the tacit authority extent tables and the concrete user authority extent tables of the registered users, obtain corresponding authority extent, and control the authority extent for the registered users according to user grades and the authority extent of the registered user. The invention can flexibly arrange tacit user grades and the authority extent and dynamically add a plurality of subordinate users, the higher authority users can distribute the authority extent to the subordinate users and control the authority extent.

Description

A kind of system and method for dynamic control terminal user right
Technical field
The present invention relates to the terminal user authority control technology, particularly relate to a kind of system and method for dynamic control terminal user right.
Background technology
Along with the Internet rapid network development, the multimedia terminal product also enters the ordinary people man along with the expansion of network, has brought the facility of each side such as work, amusement, life for increasing people.People also begin the facility that the enjoy network multimedia service provides when obtaining a large amount of information by network data service, as the networking telephone, video conference, Web TV etc.Because the network multimedia business has and contains much information, interactive strong, cheap advantage also becomes the irreplaceable means of communications of industry such as contemporary society's industry, commerce, education gradually.
In the environment for use of gateway, need to support a plurality of users to operating, each user has different authorities, such as, in one family type gateway, need to be provided with provider customer, the head of a family or landlord user, child or tenant user.Other user of each grade need distribute different authorities, and the provider customer has the highest authority, can check and be provided with all parameters, can distribute authority for the user of subordinate; The head of a family or landlord user have certain authority, and these authorities are subjected to provider customer's configuration, can check and the configuration section parameter, can newly-built new child or tenant user, can distribute authority for child or tenant user; Child or tenant user's authority is subjected to the head of a family or landlord user's configuration, can check and the configuration section parameter.
When the user logins, terminal obtains this user's Permission Levels (such as operator, the head of a family or landlord, child or tenant) according to user's name, and concrete authority, such as, operator can dispose family's monitoring, and the head of a family or landlord can check but can not dispose family's monitoring that child or tenant can not check family's monitoring can not be set, this authority can be to adopt system default, also can be to be distributed by higher level user.
In actual environment, how many levels the user divides is indefinite, in little application scenarios, can have only two-stage user role (operator and head of a family user or head of a family user and child user), even can have only the one-level user; And in big application scenarios, three grades of users can be arranged then, even level Four user, or multi-stage user more.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of system and method for dynamic control terminal user right, is used for the control to the unlimited classification of the user of terminal, user right distribution and terminal authority.
To achieve these goals, the invention provides a kind of system of dynamic control terminal user right, it is characterized in that, comprising:
Database module is used for being provided with and storing user's detail list, default privilege table, particular user authority list;
User management module connects described database module, is used for by described user's detail list, described default privilege table, described particular user authority list, for login user is set up the user of subordinate and/or realized the right assignment of higher level user to the user of subordinate;
The control of authority module, connect described database module, described user management module, be used to read default privilege table, the particular user authority list of described login user, obtain corresponding authority, according to the user class and the described authority of described login user described login user is carried out control of authority again.
The system of described dynamic control terminal user right, wherein, when setting up the user of subordinate for described login user, described user management module increases a corresponding record in described user's detail list, the authority of described login user is added 1, and be empty particular user authority list entirely for the user of this subordinate creates an entry.
The system of described dynamic control terminal user right, wherein, when deletion described login user, described higher level user and/or the described user of subordinate, described user management module is deleted corresponding record in described user's detail list, and deletes corresponding particular user authority list.
The system of described dynamic control terminal user right, wherein, described user management module realizes the right assignment of described higher level user to the described user of subordinate by the mode that increases record in the described user's of subordinate particular user authority list.
The system of described dynamic control terminal user right, wherein, described control of authority module obtains described user class according to the user name of described login user, read described default privilege table and obtain the default action authority of described login user described terminal, and when in the described particular user authority list record of appointed function being arranged, there is the record of appointed function to cover the default privilege of described login user with this.
To achieve these goals, the invention provides a kind of method of dynamic control terminal user right, it is characterized in that, comprising:
Subscriber's meter is provided with step, is used for being provided with and storing user's detail list, default privilege table, particular user authority list;
The user management step is used for by described user's detail list, described default privilege table, described particular user authority list, for login user is set up the user of subordinate and/or realized the right assignment of higher level user to the user of subordinate;
The control of authority step is used to read default privilege table, the particular user authority list of described login user, obtains corresponding authority, according to the user class and the described authority of described login user described login user is carried out control of authority again.
The method of described dynamic control terminal user right wherein, in the described user management step, further comprises:
When being described login user when setting up the user of subordinate, in described user's detail list, increase a corresponding record, the authority of described login user is added 1, and be the step of empty particular user authority list entirely for the user of this subordinate creates an entry.
The method of described dynamic control terminal user right wherein, in the described user management step, further comprises:
When deletion described login user, described higher level user and/or the described user of subordinate, the corresponding record of deletion in described user's detail list, and the step of deleting corresponding particular user authority list.
The method of described dynamic control terminal user right wherein, in the described user management step, further comprises:
Realize the step of described higher level user by the mode that in the described user's of subordinate particular user authority list, increases record to the described user's of subordinate right assignment.
The method of described dynamic control terminal user right wherein, in the described control of authority step, further comprises:
User name according to described login user obtains described user class, read described default privilege table and obtain the default action authority of described login user described terminal, and when in the described particular user authority list record of appointed function being arranged, there is the record of appointed function to cover the step of the default privilege of described login user with this.
Useful technique effect of the present invention:
Compared with prior art, the present invention supports the unlimited classification of user in theory, can flexible configuration when version is issued the user class and the authority of acquiescence, higher level user can dynamically increase a plurality of new users of subordinate in actual use, higher level user can distribute the user's of subordinate authority, and terminal can be carried out control of authority according to the rank and the corresponding authority of login user.
The following several aspects of advantage imbody of the present invention:
1) supports the unlimited classification of user in theory;
2) configured in advance user before the support user is dispatched from the factory;
3) support dynamically to Add User;
4) support the user right dynamic-configuration;
5) in family's gateway application scene, provide the solution of protection user privacy.
Describe the present invention below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.
Description of drawings
Fig. 1 is the system construction drawing of dynamic control terminal user right of the present invention;
Fig. 2 is the embodiment of protection user private information of the present invention;
Fig. 3 is configured in advance user embodiment before of the present invention the dispatching from the factory;
Fig. 4 is an another embodiment of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments technical scheme of the present invention is made further more detailed description.
As shown in Figure 1, be the system construction drawing of dynamic control terminal user right of the present invention.This system 100 comprises: database module 10, user management module 20, control of authority module 30.
Database module 10 is used for being provided with and storing user's detail list, default privilege table, particular user authority list;
1) user's detail list
This table is used to write down all users' essential information; When Adding User, then in this table, increase by one; When the deletion user, then need corresponding record deletion, field is as follows:
A1) right: Permission Levels, the scope of value are from 0~n, and it is high more to be worth more little rank;
A2) usemame: user name;
A3) password: password.
2) default privilege table
This table is used to write down the function of all supports of terminal, and the default privilege situation of this function, and field is as follows:
B1) functionname: function title;
B2) setauth: authority is set, is worth and is n, the authority of this function of configuration is only just arranged smaller or equal to other user of n level;
B3) viewauth: check authority, be worth and be n only the authority of checking this function is just arranged smaller or equal to other user of n level.
3) particular user authority list
Each user has a particular user authority list, that is, every newly-built user can create a particular user authority list; When user of deletion, the pairing particular user authority list of this user also can be deleted, and the user in the particular user authority list need have consistency with the user in user's detail list, and field is as follows:
C1) functionname: the function title has consistency with the default privilege table;
C2) setauth: be worth and be that yes or no, yes represent to have the authority of this function of configuration, no represents do not have;
C3) viewauth: be worth and be yes or no, yes represents to have the authority of checking this function, and no represents do not have.
User management module 20 is used for being responsible for increasing new user and higher level user distributes authority to the user of subordinate.
When user management module 20 increases new user, current login user can increase a user of subordinate newly, but do not allow to bypass the immediate leadership, that is to say that 0 grade of user can only increase 1 grade of user newly, can not increase 2 grades of users newly, after the newly-increased user, just increase a record in user's detail list newly, user right adds 1 for active user's authority, and creates a particular user authority list, this table is initialized as sky, that is to say that the authority that Adds User adopts default privilege.
Carry out user right when user management module 20 and divide timing, all higher level users distribute authority can for the direct user of subordinate, the user of this subordinate can be the user who is created by other user at the same level, right assignment mainly is to the authority of the user of subordinate appointment to concrete certain feature operation, add corresponding record this moment in the user's of this subordinate particular user authority list, thereby cover the authority of acquiescence.Divide timing carrying out user right, the distribution authority that do not allow to bypass the immediate leadership can only be distributed authority for 1 grade of user as 0 grade of user, can not distribute authority for 2 grades of users.
Higher level user can not distribute the authority that surpasses oneself for the user of subordinate.But may have such demand in actual use, can not check and be provided with the privately owned configuration of terminal such as operator, but the head of a family or landlord user can, therefore can be earlier in the default privilege table authority of this function be set to-1, promptly, which other user of level does not have operation permission, dispose a rank then and be the role of 0 user representative operator, do not create this user's particular user authority list, just adopt the authority of acquiescence, dispose a rank again and be 1 user, represent the head of a family or landlord's role, in this user's particular user authority list, open the authority of this function again.
Control of authority module 30 is used for when the user logins, and obtains this user's user name, and obtains user class according to user name; Read the default privilege table, obtain the default action authority of this user, and then read this user's particular user authority list,, then cover the default privilege of control of authority module 30 in this table if the record of certain function is arranged to the terminal all functions.
The control of authority module of all terminals and the authority situation that has been written into compare, if do not have corresponding authority then will not respond.
Adopt this system 100 can realize that the unlimited classification of dynamic user, user right distribute and the terminal control of authority, terminal can be all end products, the terminal of the support multi-user configuration operation of particularly the sort of family type or enterprise.
As shown in Figure 2, be the embodiment of protection user private information of the present invention.This embodiment has provided the embodiment of protection user private information, specifically comprises the steps:
Step S201 creates user's detail list on terminal before dispatching from the factory;
In this step, create two default users, an admin is as operator's leading subscriber, rank be 0, one public as common gateway user, rank is 1;
Step S202 creates the default privilege table, and the default privilege of the function of the user's private information that needs protection is set to-1, and any like this other user of level can not use this function, sees Table 1;
Table 1
functionname Setauth Viewauth
wireless -1 -1
According to the setting of each field in the table 1, the wireless function is given tacit consent to any rank user and all can not be operated as can be known.
Step S203 creates admin user's particular user authority list, and the content in this table is empty, and expression admin user is a default privilege to the authority of wireless;
Step S204 creates public user's particular user authority list, adds record in this table, makes public user to visit, and sees Table 2;
Table 2
functionname setauth viewauth
wireless yes yes
According to the setting of each field in the table 2, public user has the authority that is provided with and checks wireless as can be known.
Step S205, the back control of authority of dispatching from the factory, when admin user logined, control of authority module 30 obtained admin user's concrete power limit, when its visit wireless, will be refused by terminal; When public user logined, control of authority module 30 obtained public user's concrete power limit, when its visit wireless, will be allowed by terminal.
In Fig. 2, between step S201, the step S202, the ordinal relation between step S203, the step S204 does not have strict restriction.
As shown in Figure 3, be configured in advance user embodiment before of the present invention the dispatching from the factory; The prior customization procedure of authority before this embodiment has described and dispatched from the factory during 1 user of configured in advance specifically comprises the steps:
Step S301 creates a default user user, and rank is 0, and password is 1234, sees Table 3;
Table 3
right username password
0 user 1234
Step S302 creates the default privilege table, and each function can customize in advance, but need close the authority of subordinate's user management, does not just allow to create the user of subordinate;
Step S303 just has only a user after dispatching from the factory, and can not create any user of subordinate, and this user's authority is subjected to the control of prior customizes rights.
As shown in Figure 4, be another embodiment of the present invention.This embodiment has provided execution mode in the ordinary course of things, specifically comprises the steps:
Step S401, the configuration effort that dispatches from the factory is just created user's detail list in terminal before dispatching from the factory, default user is arranged if desired, then adds corresponding detailed in this table.Create the default privilege table, enumerate the function of all supports of terminal, the minimum user class that provides this function to support;
Step S402 logins with the username and password of acquiescence;
In this step, after login, the user can revise password;
Step S403, terminal obtains its Permission Levels and concrete authority according to the title of login user, and to the follow-up setting of this user, check etc. that operation controls;
Step S404, if authority permission, this user can create a user user1 of subordinate, terminal thinks that new user's rank is that the rank of current login user adds 1 so, and in user's detail list, increase this record, create this user, create a particular user authority list, the entry in this table is empty;
Step S405 for the user of this subordinate distributes corresponding authority, and increases corresponding entry at the user's of this subordinate particular user authority list;
Step S406, in the particular user authority list, a plurality of users are added in circulation;
Step S407, the user of subordinate logins terminal, and its authority is subjected to the control of terminal;
Step S408, higher level user delete the user of subordinate, the corresponding record of deletion in user's detail list, the deletion user's of subordinate particular user authority list.
In Fig. 4, the ordinal relation between step S404, step S405, step S406, step S407, the step S408 does not have strict restriction.
The present invention proposes a kind of method of supporting the unlimited classification of dynamic user, user right distribution and terminal control of authority, can be under various application scenarioss the dynamic-configuration rank that Adds User, and supporting the multi-level access terminal of multi-user, the user to login carries out control of authority then.
The present invention supports the unlimited classification of user in theory, can flexible configuration when version is issued the user class and the user right of acquiescence, higher level user can dynamically increase a plurality of new users of subordinate in actual use, higher level user can distribute the user's of subordinate authority, and terminal can be carried out control of authority according to the rank and the corresponding authority of login user.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.

Claims (4)

1. the system of a dynamic control terminal user right is characterized in that, comprising:
Database module is used for being provided with and storing user's detail list, default privilege table, particular user authority list;
User management module connects described database module, is used for by described user's detail list, described default privilege table, described particular user authority list, for login user is set up the user of subordinate and/or realized the right assignment of higher level user to the user of subordinate; Wherein, when setting up the user of subordinate for described login user, described user management module increases a corresponding record in described user's detail list, the described user's of subordinate authority is that the authority of described login user adds 1, and is empty particular user authority list entirely for the user of this subordinate creates an entry; Described user management module realizes the right assignment of described higher level user to the described user of subordinate by the mode that increases record in the described user's of subordinate particular user authority list;
The control of authority module, connect described database module, described user management module, be used to read default privilege table, the particular user authority list of described login user, obtain corresponding authority, according to the user class and the described authority of described login user described login user is carried out control of authority again; Wherein, described control of authority module obtains described user class according to the user name of described login user, read described default privilege table and obtain the default action authority of described login user described terminal, and when in the described particular user authority list record of appointed function being arranged, there is the record of appointed function to cover the default privilege of described login user with this.
2. the system of dynamic control terminal user right according to claim 1, it is characterized in that, when deletion described login user, described higher level user and/or the described user of subordinate, described user management module is deleted corresponding record in described user's detail list, and deletes corresponding particular user authority list.
3. the method for a dynamic control terminal user right is characterized in that, comprising:
Subscriber's meter is provided with step, is used for being provided with and storing user's detail list, default privilege table, particular user authority list;
The user management step is used for by described user's detail list, described default privilege table, described particular user authority list, for login user is set up the user of subordinate and/or realized the right assignment of higher level user to the user of subordinate; When setting up the user of subordinate for described login user, described user management module increases a corresponding record in described user's detail list, the described user's of subordinate authority is that the authority of described login user adds 1, and is empty particular user authority list entirely for the user of this subordinate creates an entry; Described user management module realizes the right assignment of described higher level user to the described user of subordinate by the mode that increases record in the described user's of subordinate particular user authority list;
The control of authority step is used to read default privilege table, the particular user authority list of described login user, obtains corresponding authority, according to the user class and the described authority of described login user described login user is carried out control of authority again; Wherein, described control of authority module obtains described user class according to the user name of described login user, read described default privilege table and obtain the default action authority of described login user described terminal, and when in the described particular user authority list record of appointed function being arranged, there is the record of appointed function to cover the default privilege of described login user with this.
4. the method for dynamic control terminal user right according to claim 3 is characterized in that, in the described user management step, further comprises:
When deletion described login user, described higher level user and/or the described user of subordinate, the corresponding record of deletion in described user's detail list, and the step of deleting corresponding particular user authority list.
CN2008100570989A 2008-01-29 2008-01-29 System and method for dynamic controlling terminal user authority Active CN101227285B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008100570989A CN101227285B (en) 2008-01-29 2008-01-29 System and method for dynamic controlling terminal user authority

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008100570989A CN101227285B (en) 2008-01-29 2008-01-29 System and method for dynamic controlling terminal user authority

Publications (2)

Publication Number Publication Date
CN101227285A CN101227285A (en) 2008-07-23
CN101227285B true CN101227285B (en) 2010-07-14

Family

ID=39859057

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008100570989A Active CN101227285B (en) 2008-01-29 2008-01-29 System and method for dynamic controlling terminal user authority

Country Status (1)

Country Link
CN (1) CN101227285B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101894231A (en) * 2010-07-19 2010-11-24 上海三零卫士信息安全技术有限公司 Permission expansion control system and method thereof
CN102663044A (en) * 2012-03-28 2012-09-12 福建榕基软件股份有限公司 Method and device for creating search base and method and device for full-text search with authorities
CN103593602A (en) * 2012-08-14 2014-02-19 深圳中兴网信科技有限公司 User authorization management method and system
CN103065074B (en) * 2012-12-14 2016-03-16 北京思特奇信息技术股份有限公司 A kind of method of carrying out URL control of authority based on fine granularity
CN106453290A (en) * 2016-09-29 2017-02-22 广州鹤互联网科技有限公司 Signature initiating user management method and device
CN107292668A (en) * 2017-06-23 2017-10-24 济南卡巢网络科技有限公司 Based on App towards businessman and the electronics member system and management method of consumer
CN107452240B (en) * 2017-08-04 2020-11-10 北京谦仁科技有限公司 Interactive courseware-based interaction method and system
CN107657182B (en) * 2017-10-18 2020-12-01 成都索贝数码科技股份有限公司 Method for enhancing reliability of media data authority control
CN108376214A (en) * 2018-02-12 2018-08-07 深圳市沃特沃德股份有限公司 Right management method, device and vehicle-mounted background system
CN108765649A (en) * 2018-05-14 2018-11-06 吴东辉 Electronic lock control method and device and system
CN109656452B (en) * 2018-12-18 2020-08-11 珠海格力电器股份有限公司 Parameter setting permission changing method in touch screen interface

Also Published As

Publication number Publication date
CN101227285A (en) 2008-07-23

Similar Documents

Publication Publication Date Title
CN101227285B (en) System and method for dynamic controlling terminal user authority
Malmodin et al. Life cycle assessment of ICT: Carbon footprint and operational electricity use from the operator, national, and subscriber perspective in Sweden
US9451096B2 (en) Integrated service identity for different types of information exchange services
CN103391273A (en) Method and device for controlling access authority of internet website user information
CN102968599A (en) User-defined access control system and method based on resource publisher
KR20140043474A (en) Intelligent parental controls for wireless devices
US8166535B2 (en) Universal media firewall
EP2587852B1 (en) System and method for wireless device configuration
CN102279948A (en) Contact information merger and duplicate resolution
CN102902733A (en) Information push method, device and system based on content subscription
CN103065074A (en) Uniform Resource Locator (URL) authority control method based on fine granularity
CN102307215A (en) Method for peer-to-peer (p2p) communication
CN102638567A (en) Multi-application cloud storage platform and cloud storage terminal
CN101090548A (en) Method for implementing multi-virtual identify of one mobile phone number in mobile immediate communication
CN107944254A (en) Authority configuring method, application server and the computer-readable recording medium of system
CN102831503A (en) Building visual talkback integrated management system and implementing method thereof
KR101044343B1 (en) Cloud disk sharing system
CN105207989B (en) A kind of work system and its control method of various dimensions user
CN108737371A (en) Hive data access control methods, server and computer storage media
CN111724134A (en) Role authorization method and system of conference management system
US11134392B2 (en) Method and device for managing extender nodes for a wireless device
CN204465725U (en) Based on the visual talk back entrance guard system of standard communication protocol
CN105938576A (en) Android-system-based employment management system for colleges and universities
US20150381743A1 (en) System and Method for Dynamic Creation of Distribution Network Software Applications
CN105450498A (en) User relationship management method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant