CN102096785A - Authority control method and device - Google Patents
Authority control method and device Download PDFInfo
- Publication number
- CN102096785A CN102096785A CN2011100454763A CN201110045476A CN102096785A CN 102096785 A CN102096785 A CN 102096785A CN 2011100454763 A CN2011100454763 A CN 2011100454763A CN 201110045476 A CN201110045476 A CN 201110045476A CN 102096785 A CN102096785 A CN 102096785A
- Authority
- CN
- China
- Prior art keywords
- authority
- role
- descriptor
- data
- credentials
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides an authority control method and device which can be used for flexibly setting the user-defined authority. The authority control method comprises the following steps: pre-registering and storing authority description information of a user-defined authority; storing the authority value of the user-defined authority set for a role corresponding to one data by virtue of application software; searching the authority value of the role relative to the data according to the corresponding request of one role corresponding to one data; and analyzing and determining whether the current role has the authority according to the authority description information.
Description
Technical field
The present invention relates to the file processing field, relate in particular to a kind of authority control method and device.
Background technology
In the prior art, document file library system is for factors such as safety, itself have certain default access, as check document, check catalogue etc., but these authorities all are simple two-value authorities, can't satisfy application increased requirement with rapid changepl. never-ending changes and improvements, print the umber authority such as being beyond expression and show number of watermarks authority etc.
Even more important thing though the mode of present self-defined authority is stored in the document file library system, when judging authority, all is that application software is at first obtained corresponding authority information from document file library system, and is judged by application software at every turn.In this case, document file library system can't be understood the implication of self-defined authority itself as just storage tool.Simultaneously, under the situation, the usable range of self-defined authority has also strict control like this, that is, the authority of which application software definition can only be judged by himself.For instance, application software A has defined authority a in document library, and at this moment only application software A could understand authority a, and authority a is only effective to using software A; When a certain role passes through application software B access document storehouse system, because application software B can't understand authority a, can not judge, so authority a is invalid to using software B to authority a.That is to say that the method for prior art makes self-defined authority only effective to specific program, rather than all can use the program in the document storehouse effective.
Secondly, because document file library system itself has a large amount of operations, make that the authority that is in outside application software setting will be very difficult with original authority perfect cooperation.For example, application software A is provided with a self-defined authority a, but has the variation of 5 authorities all can have influence on self-defined authority a in the document file library system in the default access, and application software A just must detect the variation of 5 authorities constantly so, the as easy as rolling off a log authority that occurs is judged careless mistake, and the system that makes starts a leak.
For this reason, need press for a kind of authority control method, can overcome the above problems simultaneously.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of authority control method and device, and self-defined authority can be set more flexibly.
In order to address the above problem, the embodiment of the invention provides a kind of authority control method, comprising:
Registered in advance is also preserved the authority descriptor of a self-defined authority;
Preservation is that a role sets the authority credentials to the described self-defined authority of data by application software;
According to the corresponding operating request of a role to data, search the authority credentials of described role at described data, and according to the analysis of authority descriptor and judge whether current role has authority.
Wherein, described authority descriptor comprises:
Authority name is used for the described self-defined authority of unique sign;
Data type is used to indicate the data type of authority credentials;
The authority comparison algorithm is used to define the implication of authority numerical value; And/or
Authority effect algorithm is used to describe the influence of this authority to other authorities.
Wherein, described authority descriptor further comprises:
The default value of authority under unauthorized state.
Wherein, adopt preset algorithm mode or embedding script mode to describe described authority comparison algorithm, authority effect algorithm.
The embodiment of the invention also provides a kind of control of authority device, comprising:
First module is used to preserve the authority descriptor of a self-defined authority;
Second module, being used to preserve by application software is that a role sets the authority credentials to the described self-defined authority of data;
Three module is used for the corresponding operating request to data according to a role, searches the authority credentials of described role at described data, and according to the analysis of authority descriptor and judge whether current role has authority.
Wherein, further comprise:
Four module is used for the judged result according to three module, carries out corresponding operation; Or refusal is carried out corresponding operation.
By the technical scheme that the embodiment of the invention provides, technical scheme of the present invention can be provided with all kinds of self-defined authorities according to various demands, and the determination methods for all kinds of self-defined authorities is provided.Utilize this mode, make document file library system to understand and resolve authority according to the authority descriptor, thereby making authority judges, finally can be so that the authority of an application software definition, do not do under any corresponding situation about realizing still effective at Another Application software, make that can share various self-defining special authorities between different application software limits, and improves system extension.In addition, even in triangular web, self-defined authority definition becomes the some of document file library system, make the application software need be in each module to frequent not the testing of authority, both alleviated the difficulty of applied software development, also make self-defined authority and document library preset authority simultaneously and combine closely, reduced the authority leak of system.
Description of drawings
Figure 1 shows that the schematic flow sheet of a kind of authority setting method that one embodiment of the invention provides;
Figure 2 shows that the schematic flow sheet of the authority setting method that another embodiment of the present invention provides.
Embodiment
Below in conjunction with drawings and Examples technical scheme of the present invention is described in detail.
Need to prove that if do not conflict, each feature among the embodiment of the invention and the embodiment can mutually combine, all within protection scope of the present invention.In addition, can in computer system, carry out in the step shown in the process flow diagram of accompanying drawing such as a set of computer-executable instructions, and, though there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.
The embodiment of the invention provides a kind of authority setting method, and this method can be applicable in the document file library system, and wherein document file library system is for providing the first floor system of document data operation, and application software is the upper layer application system around the document file library system functional development.As shown in Figure 1, this method comprises the steps:
Step 101: provide a self-defined authority descriptor registration a self-defined authority; Specifically, the descriptor of authority is by constituting as the lower part:
Authority name: be used for this authority of unique sign, can obtain/be provided with the authority credentials of this authority by this title;
The data type of authority: be used to indicate the data type of authority credentials, as integer, character type, date type etc.; Such as for printing the umber authority, data type can be an integer; For term of validity authority, data type can be the date type;
The authority comparison algorithm is described: the implication of definition authority numerical value; Such as, when the umber authority was printed in definition, the authority comparison algorithm can be: the umber value was greater than 0 o'clock, and expression has print right, otherwise does not have print right;
Authority effect arthmetic statement: be used to describe the effect behind this authority setting, as influence to other authorities.
Illustrate, if the authority effect algorithm of self-defining printing umber authority is: authority credentials is 0 to show there is not print right; So, even certain role has print right, when this role's printing umber authority authority credentials was 0, this role did not still possess print right.
In an embodiment of the present invention, the descriptor of authority can also comprise: the default value under the unauthorized situation is defined in when authority not being set role's operating right; If can define: when not giving any print right, mean that this role does not have any authority to some roles; Perhaps also can define: when not giving any print right, mean that this role has the one or many print right some roles.For instance, for printing the umber authority, default value can be 0, i.e. expression is not authorized and just do not had print right; Also can be 9999, i.e. it be exactly unconfined printing that expression is not authorized.
Document file library system can mainly utilize authority comparison algorithm and authority effect algorithm in follow-up authority is judged.
Document file library system is only preserved authority credentials information in the prior art, exactly because what store in the present invention's document file library system is the authority descriptor, makes document file library system be appreciated that the authority implication.
It will be appreciated by those skilled in the art that: this step promptly can be to initiate by application software, registers to document file library system; Also can be directly to register voluntarily by document file library system.
In an embodiment of the present invention, can in system, preset, preserve multiple different authority comparison algorithm and/or authority effect algorithm in advance, every kind of algorithm all has unique identification, directly adopts unique identification to describe authority comparison algorithm and/or authority effect algorithm like this in the authority descriptor.
In another embodiment of the present invention, can also be to adopt the embedding script mode to describe authority comparison algorithm and/or authority effect algorithm.As using javascript, scripts such as perl are realized an authority comparison algorithm and/or authority effect algorithm by the special interface mode, adopt this to embed script describing authority comparison algorithm and/or authority effect algorithm in described descriptor.
Step 102: by application software is that a certain role sets the authority to a certain data, specifically, is the role and gives authority credentials at certain data; Document file library system is preserved this authority credentials.
Step 103: according to operation requests (role is at the operation requests of a certain data), search the corresponding authority value of role at these data, and according to the analysis of authority descriptor and judge whether current role has authority.
Here, the application software of the application software of transmit operation request and setting corresponding authority descriptor can be identical or different.
When receiving the operation requests of application software, search relevant authority credentials, and relevant authority descriptor; Judge whether to have associated rights according to authority comparison algorithm in authority credentials and the authority descriptor and/or authority effect algorithm.As a rule, if authority credentials meets the rule in authority comparison algorithm and/or the authority effect algorithm, then has corresponding operating right.
Step 104: if authority is arranged then carry out corresponding operating according to operation requests; Otherwise the corresponding operation of refusal.
After having adopted the method for present embodiment, can realize that a plurality of application software share self-defined authority.
It will be understood by those skilled in the art that above method not only can be applied to document file library system, can also be applied to other platform softwares.
Below be that example further specifies embodiment of the invention authority control method with self-defined printing umber authority.In this example, print umber and be meant the quantity that allows the user to print, as shown in Figure 2, this method comprises the steps:
Step 201: application software A registers self-defined authority p.
Step 202: document file library system is stored the descriptor of self-defined authority p, and is specific as follows:
Authority name: print the umber authority;
Type: integer;
Comparison algorithm: use and preset algorithm, specifically, authority credentials>0 expression has print right, otherwise is no print right;
Effect algorithm: use and preset algorithm, specifically, promptly do not have print right if authority is set;
Default value: 0, promptly acquiescence does not allow to print.
When step 203: application software A authorizes role R,, the authority credentials of self-defined authority p is set to role R specified documents D.Such as the authority credentials of role R at the authority p of document D can be set is 5.
Step 204: document file library system is preserved the authority credentials of role R at the authority p of document D according to being provided with of application software A.
Step 205: application software B uses role R to login, and sends the document library operation requests, and document D is printed.
Step 206: document file library system at first can travel through all authorities, finds whether printing umber authority can have influence on print right effective; Document file library system further obtains authority credentials and the printing umber authority descriptor of role R at the authority p of document D, and rights of using comparison algorithm (promptly>0) is verified authority credentials, if draw authority credentials greater than 0 through judgement, show that then role R has print right to document D, jump to step 208, otherwise carry out step 207.Such as, if role R is 5 o'clock at the authority credentials of the authority p of document D, because 5>0, so this moment, role R had print right to document D.
Step 207: the operation of prompting lack of competence, process ends.
Step 208: document file library system is handled the print request of application software B, the beginning printing.Behind every printing portion role R is deducted 1 to the authority credentials of the printing umber authority of document D.
One embodiment of the invention also provides a kind of control of authority device, and this device comprises:
First module is used to preserve the authority descriptor of self-defined authority;
Second module, being used to preserve by application software is that a certain role sets the authority credentials to a certain data;
Three module is used for finding corresponding authority credentials and corresponding authority descriptor according to operation requests; And judge according to authority comparison algorithm in the authority descriptor and/or authority effect algorithm whether current role has authority;
Four module is used for the judged result according to three module, carries out corresponding operation; Or refusal is carried out corresponding operation.
In this embodiment, the existing functional module of each module of this device in can multiplexing document file library system.First module can be used as and offers application software is set the descriptor of authority in document file library system a interface.In this embodiment, described second module can also be used for when receiving application software to a role Authorized operation, finds the descriptor of corresponding authority according to this Authorized operation, preserves this role's authority credentials in this descriptor.Other realizes that details can be identical with embodiment one, two.
Obviously, those skilled in the art should be understood that, each above-mentioned module or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the memory storage and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection domain of claim of the present invention.
Claims (6)
1. an authority control method is characterized in that, comprising:
Registered in advance is also preserved the authority descriptor of a self-defined authority;
Preservation is that a role sets the authority credentials to the described self-defined authority of data by application software;
According to the corresponding operating request of a role to data, search the authority credentials of described role at described data, and according to the analysis of authority descriptor and judge whether current role has authority.
2. the method for claim 1 is characterized in that, described authority descriptor comprises:
Authority name is used for the described self-defined authority of unique sign;
Data type is used to indicate the data type of authority credentials;
The authority comparison algorithm is used to define the implication of authority numerical value; And/or
Authority effect algorithm is used to describe the influence of this authority to other authorities.
3. method as claimed in claim 2 is characterized in that, described authority descriptor further comprises:
The default value of authority under unauthorized state.
4. method as claimed in claim 2 is characterized in that, adopts the preset algorithm mode or embeds script mode and describe described authority comparison algorithm, authority effect algorithm.
5. a control of authority device is characterized in that, comprising:
First module is used to preserve the authority descriptor of a self-defined authority;
Second module, being used to preserve by application software is that a role sets the authority credentials to the described self-defined authority of data;
Three module is used for the corresponding operating request to data according to a role, searches the authority credentials of described role at described data, and according to the analysis of authority descriptor and judge whether current role has authority.
6. device as claimed in claim 5 is characterized in that, further comprises:
Four module is used for the judged result according to three module, carries out corresponding operation; Or refusal is carried out corresponding operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100454763A CN102096785B (en) | 2011-02-24 | 2011-02-24 | Authority control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100454763A CN102096785B (en) | 2011-02-24 | 2011-02-24 | Authority control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102096785A true CN102096785A (en) | 2011-06-15 |
| CN102096785B CN102096785B (en) | 2012-12-19 |
Family
ID=44129875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100454763A Active CN102096785B (en) | 2011-02-24 | 2011-02-24 | Authority control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102096785B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105426769A (en) * | 2015-10-30 | 2016-03-23 | 歌尔声学股份有限公司 | Role permission dynamic control method and system |
| CN106874351A (en) * | 2016-12-27 | 2017-06-20 | 浙江宇视科技有限公司 | A kind of authority control method and equipment |
| CN104657656B (en) * | 2015-03-06 | 2017-11-14 | 中国银行股份有限公司 | A kind of manipulation method of controlling security and device based on banking system |
| CN108600167A (en) * | 2018-03-19 | 2018-09-28 | 中国电子科技集团公司第三十研究所 | A kind of communication device and method of the network watermark based on OpenFlow |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505899A (en) * | 2001-08-09 | 2004-06-16 | ���µ�����ҵ��ʽ���� | Integrated right management for intellectual property management and protection system |
| JP2004192262A (en) * | 2002-12-10 | 2004-07-08 | Fuji Photo Film Co Ltd | Document data access restriction device and method |
| CN1851724A (en) * | 2005-07-13 | 2006-10-25 | 华为技术有限公司 | Business data operation coutrol method and business system |
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN1971576A (en) * | 2006-12-08 | 2007-05-30 | 华中科技大学 | On-line digital copyright management method and its management server |
| CN101369296A (en) * | 2007-08-14 | 2009-02-18 | 北京书生国际信息技术有限公司 | Method and system for implementing off-line printing limitation |
| CN101405760A (en) * | 2004-10-04 | 2009-04-08 | 康坦夹德控股股份有限公司 | Authority providing and awarding system and method for using shared status variable |
| CN101539922A (en) * | 2008-03-18 | 2009-09-23 | 北京书生国际信息技术有限公司 | Method for realizing authority of document library system |
| CN101645126A (en) * | 2009-09-07 | 2010-02-10 | 浪潮集团山东通用软件有限公司 | Method for controlling service-oriented authorization access based on RBAC model extension |
| CN101847197A (en) * | 2009-03-24 | 2010-09-29 | 上海任登信息科技有限公司 | Method for controlling document access authority |
| CN101859352A (en) * | 2009-04-09 | 2010-10-13 | 北京书生国际信息技术有限公司 | Method, system, application software and platform software for controlling authority |
-
2011
- 2011-02-24 CN CN2011100454763A patent/CN102096785B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505899A (en) * | 2001-08-09 | 2004-06-16 | ���µ�����ҵ��ʽ���� | Integrated right management for intellectual property management and protection system |
| JP2004192262A (en) * | 2002-12-10 | 2004-07-08 | Fuji Photo Film Co Ltd | Document data access restriction device and method |
| CN101405760A (en) * | 2004-10-04 | 2009-04-08 | 康坦夹德控股股份有限公司 | Authority providing and awarding system and method for using shared status variable |
| CN1851724A (en) * | 2005-07-13 | 2006-10-25 | 华为技术有限公司 | Business data operation coutrol method and business system |
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN1971576A (en) * | 2006-12-08 | 2007-05-30 | 华中科技大学 | On-line digital copyright management method and its management server |
| CN101369296A (en) * | 2007-08-14 | 2009-02-18 | 北京书生国际信息技术有限公司 | Method and system for implementing off-line printing limitation |
| CN101539922A (en) * | 2008-03-18 | 2009-09-23 | 北京书生国际信息技术有限公司 | Method for realizing authority of document library system |
| CN101847197A (en) * | 2009-03-24 | 2010-09-29 | 上海任登信息科技有限公司 | Method for controlling document access authority |
| CN101859352A (en) * | 2009-04-09 | 2010-10-13 | 北京书生国际信息技术有限公司 | Method, system, application software and platform software for controlling authority |
| CN101645126A (en) * | 2009-09-07 | 2010-02-10 | 浪潮集团山东通用软件有限公司 | Method for controlling service-oriented authorization access based on RBAC model extension |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104657656B (en) * | 2015-03-06 | 2017-11-14 | 中国银行股份有限公司 | A kind of manipulation method of controlling security and device based on banking system |
| CN105426769A (en) * | 2015-10-30 | 2016-03-23 | 歌尔声学股份有限公司 | Role permission dynamic control method and system |
| CN105426769B (en) * | 2015-10-30 | 2018-01-26 | 歌尔股份有限公司 | The dynamic control method and system of role-security |
| CN106874351A (en) * | 2016-12-27 | 2017-06-20 | 浙江宇视科技有限公司 | A kind of authority control method and equipment |
| CN106874351B (en) * | 2016-12-27 | 2021-04-20 | 浙江宇视科技有限公司 | Authority control method and equipment |
| CN108600167A (en) * | 2018-03-19 | 2018-09-28 | 中国电子科技集团公司第三十研究所 | A kind of communication device and method of the network watermark based on OpenFlow |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102096785B (en) | 2012-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108564339B (en) | Account management method, device, terminal equipment and storage medium | |
| US8392987B2 (en) | Web page safety judgment system | |
| CN102739663A (en) | Detection method and scanning engine of web pages | |
| CN112703496B (en) | Content policy based notification to application users regarding malicious browser plug-ins | |
| CN102724187A (en) | Method and device for safety detection of universal resource locators | |
| CN103309985B (en) | For business service registration and dissemination method and the system thereof of service register center | |
| CN102096785B (en) | Authority control method and device | |
| CN104125258A (en) | Page Jump method, terminal, server and system | |
| US10127388B1 (en) | Identifying visually similar text | |
| CN106550031A (en) | The method and device of data backup | |
| CN102917049A (en) | Method for showing information of visited website, browser and system | |
| TW201642156A (en) | Page jumps based on text hiding | |
| US10044754B2 (en) | Polluting results of vulnerability scans | |
| CN107635221A (en) | A kind of car-mounted terminal identifying processing method and device | |
| JP2012243318A (en) | Method for enhancing security in interaction using tag | |
| US20190014121A1 (en) | Information processing system, information processing apparatus, and non-transitory computer readable medium | |
| CN104462366B (en) | The browser and its method for viewing thumbnail of a kind of computing device | |
| CN105635257A (en) | Method and system for automatically detecting data update | |
| JP5661290B2 (en) | Information processing apparatus and method | |
| CN103118045A (en) | Method and system of off-line downloading | |
| US20140297953A1 (en) | Removable Storage Device Identity and Configuration Information | |
| CN104238965A (en) | Printing selection method and electronic device | |
| CN105191419B (en) | It enables the device to find to service via network controller or group owner | |
| CN105701158A (en) | File system read-write optimization method and framework | |
| CN103544445A (en) | Right control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING SURSEN ELECTRONIC CO., LTD. Free format text: FORMER OWNER: BEIJING SURESENSE INTERNATIONAL INFORMATION TECHNOLOGY CO., LTD. Effective date: 20120511 Owner name: TIANJIN SHUSHEN SOFTWARE TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: BEIJING SURSEN ELECTRONIC CO., LTD. BEIJING SURSEN NETWORK TECHNOLOGY CO., LTD. BEIJING SURSEN DIGITAL LIBRARY SOFTWARE TECHNOLOGY CO., LTD. Effective date: 20120511 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20120511 Address after: 100191, Room 408, Taixing building, 11 Garden East Road, Beijing, Haidian District Applicant after: Beijing Sursen Electronic Technology Co., Ltd. Co-applicant after: Tianjin Scholar Software Technology Co., Ltd. Address before: 100191, room 407, Taixing building, 11 Garden East Road, Beijing, Haidian District Applicant before: Beijing Suresense International Information Technology Co., Ltd. Co-applicant before: Beijing Sursen Electronic Technology Co., Ltd. Co-applicant before: Beijing Sursen Network Technology Co., Ltd. Co-applicant before: Beijing Sursen Digital Library Software Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181229 Address after: 100029 Changxin Building 408-409, 39 Anding Road, Chaoyang District, Beijing Patentee after: Beijing Sursen Electronic Technology Co., Ltd. Address before: Room 408, Taixing Building, 11 Garden East Road, Haidian District, Beijing, 100191 Co-patentee before: Tianjin Scholar Software Technology Co., Ltd. Patentee before: Beijing Sursen Electronic Technology Co., Ltd. |
|
| TR01 | Transfer of patent right |