CN102129539A - Data resource authority management method based on access control list - Google Patents
Data resource authority management method based on access control list Download PDFInfo
- Publication number
- CN102129539A CN102129539A CN2011100599029A CN201110059902A CN102129539A CN 102129539 A CN102129539 A CN 102129539A CN 2011100599029 A CN2011100599029 A CN 2011100599029A CN 201110059902 A CN201110059902 A CN 201110059902A CN 102129539 A CN102129539 A CN 102129539A
- Authority
- CN
- China
- Prior art keywords
- user
- access control
- authority
- visited
- data resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 20
- 238000000034 method Methods 0.000 claims abstract description 6
- RLLPVAHGXHCWKJ-IEBWSBKVSA-N (3-phenoxyphenyl)methyl (1s,3s)-3-(2,2-dichloroethenyl)-2,2-dimethylcyclopropane-1-carboxylate Chemical compound CC1(C)[C@H](C=C(Cl)Cl)[C@@H]1C(=O)OCC1=CC=CC(OC=2C=CC=CC=2)=C1 RLLPVAHGXHCWKJ-IEBWSBKVSA-N 0.000 description 14
- 238000012360 testing method Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data resource authority management method based on an access control list, which comprises the following steps: S1: setting an access control authority list and a related user list for a directory/file of data resources on the basis of authority inheritance rules; S2: retrieving a name of a user who is going to access from an accessible user group name set, an authority value set and a user name set of the directory/file to be accessed, and receiving the returned authority value; S3: judging whether the authority value is null, and if not, executing S4; and S4: permitting the user who is going to access to execute the corresponding access operation according to the authority value, and if the authority value is null, retrieving the name of the user who is going to access in a recursive mode, and returning to the step S3. The method can enhance the access authority inquiry efficiency of large-volume data resources, and implement simple and independent data resource authority management and control.
Description
Technical field
The present invention relates to data resource rights management control technology field, relate in particular to a kind of data resource right management method based on Access Control List (ACL).
Background technology
Access Control List (ACL) is commonly used to describe the access control right of a file/catalogue; it is a kind of access control method that many operating systems are used; for providing multiple mode, operating system come the control operation person can accessed resources; it is a kind of key core component of operating system or distributed system management, is the important way of data and resource resource security in the protection system.
The basic functions of Access Control List (ACL) comprises: the authority of replying client institute access resources; Offer that one of user can inquire about or the interface of operational access control authority; The keeper can revise the access control right of a file or the pairing user's group of catalogue.
In order to guarantee the security of distributed memory system self, the dirigibility of data access also is provided for the user, in distributed file system, added the Access Control List (ACL) control strategy.Yet the public resource data in the large-scale distributed storage system comprise millions of above files, if each file is all preserved an Access Control List (ACL) record, the content of Access Control List (ACL) is too fat to move with causing, and search efficiency is low.
Summary of the invention
(1) technical matters that will solve
The technical problem to be solved in the present invention is how to improve the Large Volume Data resource, and the Access Control List (ACL) search efficiency of especially large-scale distributed storage system is realized simply, independently data resource rights management and control thus.
(2) technical scheme
For solving the problems of the technologies described above, technical scheme of the present invention provides a kind of data resource right management method based on Access Control List (ACL), comprising:
S1:, be the directories/files setting of data resource be mutually related access control right table and user list based on the authority inheritance rules; Described access control right table comprises: the addressable user group name set corresponding with described directories/files, and the authority credentials set that characterizes the access rights of each described addressable user's group name; Described user list comprises: the user name set under each described addressable user's group name;
S2: retrieval user name to be visited in addressable user's group name set, authority credentials set and the user name set of directories/files to be visited, and receive the authority credentials that it returns;
S3: judge that whether described authority credentials is empty, if not, then allows user to be visited to carry out corresponding accessing operation according to described authority credentials; If, execution in step S4 then;
S4:, and return step S3 with recursive fashion described user name to be visited of retrieval in addressable user's group name set, authority credentials set and the user name set of higher level's catalogue of described directories/files to be visited.
Preferably, among the step S1, described authority inheritance rules comprises: when new Object and/or copy object, the authority credentials of described object is set to the authority credentials of its parent directory.
Preferably, described step S1 realizes by distributed relational database or based on the non-relational database of key-value.
Preferably, among the step S1, described access rights comprise: read, write and deltree/combination in any of arbitrary or aforesaid operations in the operation of file.
Preferably, described step S2 also comprises; If retrieval does not then allow described user to be visited that directories/files to be visited is carried out any operation less than described user name to be visited.
Preferably, if the described recurrence among the described step S4 is retrieved when carrying out to root directory, the described authority credentials that returns still for empty, does not then allow described user to be visited that directories/files to be visited is carried out any operation.
(3) beneficial effect
With respect to existing other data resource access control method, data resource right management method based on Access Control List (ACL) proposed by the invention has following advantage: with Access Control List (ACL) as one independently module design, be convenient to stand-alone development, the concurrency of realization project exploitation; Because the relation that authority is inherited, the entry of access control right seldom can shorten the query time of access control right table greatly, improves the response speed of control of authority service as far as possible; Control of authority is simple, effective, interface is clear.
Description of drawings
Fig. 1 shows the process flow diagram according to the data resource right management method based on Access Control List (ACL) of the present invention.
Embodiment
The data resource right management method based on Access Control List (ACL) that the present invention proposes is described as follows in conjunction with the accompanying drawings and embodiments.
For the large-scale distributed storage system that comprises magnanimity public resource data, in order to improve response speed, effective measures are the record strip numbers that reduce database as far as possible, shorten the single query time.Public resource data in the large-scale distributed storage system comprise millions of above files, and the value of most Access Control List (ACL) is all identical.Therefore, core concept of the present invention is: adopt authority to inherit strategy, all inherit the authority credentials of parent directory when making new Object, copy object, reduce the record that repeats thus, shorten the time of data query as far as possible.
As shown in Figure 1, the data resource right management method based on Access Control List (ACL) according to the present invention may further comprise the steps S1-S4.
S1:, be the directories/files setting of data resource be mutually related access control right table and user list based on the authority inheritance rules;
Specifically, in order to guarantee the security of distributed system self, also provide the dirigibility of data access simultaneously for the user, one embodiment of the present of invention are that the file/catalogue of distributed system is provided with three kinds of authorities, and are as shown in table 1.
Table 1
| Authority | The access right of ordinary file | The access right of catalogue |
| R | Has the right that reads file | Can read (download) file |
| W | Has the right that writes file | Can set up and deleted file, can change filename |
| D | Right with deleted file | Deltree, name can chdir |
Simultaneously, the present invention also is provided with three types user, and every type user has R, W, three kinds of authorities of D, and is as shown in table 2.
Table 2
| User type | Explanation |
| Owner | The owner of file (owner) |
| Group | The user group member |
| Other | Other users (non-owner and non-group) |
Based on permission type in table 1 and the table 2 and user type, one embodiment of the present of invention are used distributed relational database or based on non-relational database memory access control authority table and the user list of key-value.The access control right table comprises: the addressable user group name set corresponding with directories/files, and the authority credentials set that characterizes the access rights of each addressable user's group name; Described user list comprises: the user name set under each addressable user's group name.
As shown in table 3 is an embodiment of access control right table.As shown in table 3, the file a.txt under corsair catalogue, study catalogue and the catalogue uses identical access control right table; Root, hxm}, test, develop}, and zm, xcc} are respectively and can visit above-mentioned directories/files---/three kinds of user types of corsair/study/a.txt (power user, group user and other users) user's group name down gathers; Wherein, the power user is set to have the R shown in the table 1, W, three kinds of authorities of D, and the group user is set to have the R shown in the table 1 and two kinds of authorities of W; Other users are set to only have the R authority shown in the table 1.
Table 3
| File/directory name | [power user, group user, other users] | The authority credentials tabulation |
| /corsair/study/a.txt | ?[{root,hxm},{test,develop},{zm,xcc}] | [{rwd},{rw-},{r--}] |
Corresponding with table 3, table 4 shows under " group user " this user type in the table 3 each group user name, and (test, develop) group membership down gathers.By table 4 as seen, comprise group membership xpz, wunuo, panyouyi under the group user name test; Comprise group membership liusongbin, zyb, llk under the group user name develop.
Table 4
| The group user name | Group membership's tabulation |
| test | {xpz,wunuo,panyouyi} |
| develop | {liusongbin,zyb,llk} |
Authority inheritance rules in the technical solution of the present invention is meant: be example with the distributed memory system, the keeper need not to add the access control right entry during object at newly-built/copy.During a newly-built object (file or catalogue), the access control right of new files is inherited the authority credentials of parent directory.And when copying an object (file or catalogue), All Files is all inherited the access control right of destination directory, because authority is inherited, does not need to add record.
According to technical scheme of the present invention, has only the operation of administrator's ability execution in step S1.And the keeper revises power user, group user or other users' (that is: user type) access control right value only, can not revise the access control right value of a certain particular user.As to revise other users right/during the access control right value of corsair/study/a.txt, at first inquire about other users right/the access control right value of corsair/study/a.txt, identical as the access control right value that will revise with its original access control right value, then need not to carry out retouching operation; Otherwise, the access right limit value in the authority credentials tabulation is modified as new access control right value.
S2: retrieval user name to be visited in the access control right table of directories/files to be visited and user list, and receive the authority credentials that it returns;
Particularly, be that example describes still with table 3 and table 4.Inquiring user wunuo is during to the access control right of file/corsair/study/a.txt, because user wunuo belongs to the test group, corresponding access control right value is " rw-", and the sign user wunuo that then returns will be " rw-" to the authority credentials of file/corsair/study/a.txt access rights.
S3: judge whether described authority credentials is empty, and if not, then described user carries out corresponding accessing operation according to the authority that described current authority credentials characterizes; If then carry out S4;
Particularly, for the user wunuo to be visited that enumerates among the step S2 because its authority credentials that returns is " rw-", non-NULL, then with this result as user wunuo right/the access control right value of corsair/study/a.txt.According to this authority credentials, allow user wunuo that file/corsair/study/a.txt is carried out R and W operation.With reference to table 1, that is: file and the operation that writes file are read in execution.
And be empty situation for the authority credentials among the step S3, also will describe for example below.If inquiring user xyz is right/access control right of corsair/study/a.txt do not tabulate and the member of other user lists because user xyz is not the power user, neither a certain group member among the user, rreturn value will be sky so, this moment is with execution in step S4.
S4: recurrence is retrieved described user name to be visited in the access control right table of all parent directories of described file to be visited and user list, and returns S3.
Particularly, when retrieving a certain user to the authority credentials of a certain file, if there be not (authority credentials that promptly returns is for empty) in corresponding entry, then the access control right value of its parent directory of recursive query is judged the operation that whether can carry out appointment according to the authority credentials that returns; If when this user of recursive query still be sky to the access control right value of root directory "/", then do not allow this user to carry out any operation.
Still with retrieval user xyz right/access rights of this file of corsair/study/a.txt are that example describes step S4.As mentioned above, among the step S3, user xyz is empty to the authority credentials of file/corsair/study/a.txt, at this moment, recursive query user xyz is right/and the access control right value of the parent directory of corsair/study/; If recursive query still be sky to user xyz to the access control right value of root directory "/", illustrate that xyz is not the member to a certain type of system, then user xyz can not carry out any operation to file/corsair/study/a.txt.
Need to prove that because the interactivity and the harmony of system, the exploitation debugging of large-scale distributed system is more many than conventional system difficulty.In order to reduce mutual in the performance history as far as possible, can be with Access Control List (ACL) as a kind of independently module, as stand-alone service other module invokes for system.Access Control List (ACL) may operate in one independently on the computing machine, also can be used as a program run on master server.Preferably, in order to reduce the performance decline that inter-machine communication causes, Access Control List (ACL) and master server are run on uniform machinery.
As mentioned above, with respect to existing other data resource access control method, data resource right management method based on Access Control List (ACL) proposed by the invention has following advantage: with Access Control List (ACL) as one independently module design, be convenient to stand-alone development, the concurrency of realization project exploitation; Because the relation that authority is inherited, the entry of access control right seldom can shorten the query time of access control right table greatly, improves the response speed of control of authority service as far as possible; Control of authority is simple, effective, interface is clear.
Above embodiment only is used to illustrate the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; under the situation that does not break away from the spirit and scope of the present invention; can also make various variations and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (6)
1. data resource right management method based on Access Control List (ACL) is characterized in that described method comprises:
S1:, be the directories/files setting of data resource be mutually related access control right table and user list based on the authority inheritance rules; Described access control right table comprises: the addressable user group name set corresponding with described directories/files, and the authority credentials set that characterizes the access rights of each described addressable user's group name; Described user list comprises: the user name set under each described addressable user's group name;
S2: retrieval user name to be visited in addressable user's group name set, authority credentials set and the user name set of directories/files to be visited, and receive the authority credentials that it returns;
S3: judge that whether described authority credentials is empty, if not, then allows user to be visited to carry out corresponding accessing operation according to described authority credentials; If, execution in step S4 then;
S4:, and return step S3 with recursive fashion described user name to be visited of retrieval in addressable user's group name set, authority credentials set and the user name set of higher level's catalogue of described directories/files to be visited.
2. the data resource right management method based on Access Control List (ACL) as claimed in claim 1, it is characterized in that, among the step S1, described authority inheritance rules comprises: when new Object and/or copy object, the authority credentials of described object is set to the authority credentials of its parent directory.
3. the data resource right management method based on Access Control List (ACL) as claimed in claim 1 is characterized in that, described step S1 realizes by distributed relational database or based on the non-relational database of key-value.
4. the data resource right management method based on Access Control List (ACL) as claimed in claim 1 is characterized in that, among the step S1, described access rights comprise: read, write and deltree/combination in any of arbitrary or aforesaid operations in the operation of file.
5. the data resource right management method based on Access Control List (ACL) as claimed in claim 1 is characterized in that described step S2 also comprises; If retrieval does not then allow described user to be visited that directories/files to be visited is carried out any operation less than described user name to be visited.
6. the data resource right management method based on Access Control List (ACL) as claimed in claim 1, it is characterized in that, when if the described recurrence retrieval among the described step S4 is carried out to root directory, the described authority credentials that returns still for empty, does not then allow described user to be visited that directories/files to be visited is carried out any operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100599029A CN102129539A (en) | 2011-03-11 | 2011-03-11 | Data resource authority management method based on access control list |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100599029A CN102129539A (en) | 2011-03-11 | 2011-03-11 | Data resource authority management method based on access control list |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102129539A true CN102129539A (en) | 2011-07-20 |
Family
ID=44267620
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100599029A Pending CN102129539A (en) | 2011-03-11 | 2011-03-11 | Data resource authority management method based on access control list |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102129539A (en) |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102663044A (en) * | 2012-03-28 | 2012-09-12 | 福建榕基软件股份有限公司 | Method and device for creating search base and method and device for full-text search with authorities |
| CN103179126A (en) * | 2013-03-26 | 2013-06-26 | 山东中创软件商用中间件股份有限公司 | Access control method and device |
| WO2014005268A1 (en) * | 2012-07-02 | 2014-01-09 | 华为技术有限公司 | Resource access method and device |
| CN103581187A (en) * | 2013-11-05 | 2014-02-12 | 曙光云计算技术有限公司 | Method and system for controlling access rights |
| CN104735091A (en) * | 2015-04-17 | 2015-06-24 | 三星电子(中国)研发中心 | Linux system-based user access control method and device |
| WO2015103794A1 (en) * | 2014-01-13 | 2015-07-16 | 华为技术有限公司 | Method and device for controlling access authority of file |
| CN105468689A (en) * | 2015-11-17 | 2016-04-06 | 广东电网有限责任公司电力科学研究院 | Power grid object level authority configuration and inheritance method |
| WO2017024956A1 (en) * | 2015-08-10 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Database access right processing method, device, and system |
| CN106570413A (en) * | 2016-10-19 | 2017-04-19 | 上海爱数信息技术股份有限公司 | System and method for controlling access permission of document system |
| CN106682186A (en) * | 2016-12-29 | 2017-05-17 | 华为技术有限公司 | File access control list (ACL) management method and related device and system |
| CN107241299A (en) * | 2016-03-29 | 2017-10-10 | 百度在线网络技术(北京)有限公司 | The control of authority management method and device of Dropbox |
| CN107403105A (en) * | 2017-06-30 | 2017-11-28 | 华为技术有限公司 | The authority setting method and device of a kind of file system |
| CN107579865A (en) * | 2017-10-18 | 2018-01-12 | 北京奇虎科技有限公司 | Right management method, the apparatus and system of distributed code server |
| CN107679420A (en) * | 2017-10-23 | 2018-02-09 | 郑州云海信息技术有限公司 | A kind of authority setting method and system based on distributed file system |
| CN107689949A (en) * | 2017-03-31 | 2018-02-13 | 平安科技(深圳)有限公司 | Data base authority management method and system |
| CN107968763A (en) * | 2016-10-19 | 2018-04-27 | 巽风数位工程有限公司 | Group's archive management system and method |
| CN108632238A (en) * | 2017-09-18 | 2018-10-09 | 北京视联动力国际信息技术有限公司 | A kind of method and apparatus of permission control |
| CN109002730A (en) * | 2018-07-26 | 2018-12-14 | 郑州云海信息技术有限公司 | A kind of file system directories right management method, device, equipment and storage medium |
| CN109002727A (en) * | 2018-06-28 | 2018-12-14 | 郑州云海信息技术有限公司 | A kind of method of distributed storage ACL quick response authorization check |
| CN109145621A (en) * | 2018-08-14 | 2019-01-04 | 阿里巴巴集团控股有限公司 | Document management method and device |
| CN109726579A (en) * | 2017-10-27 | 2019-05-07 | 阿里巴巴集团控股有限公司 | Resource access authority group technology and equipment |
| CN109766708A (en) * | 2017-11-09 | 2019-05-17 | 北京京东尚科信息技术有限公司 | Access method, system, computer system and the storage medium of data resource |
| CN110138881A (en) * | 2019-06-05 | 2019-08-16 | 安徽三实信息技术服务有限公司 | A kind of distributed memory system and its storage method |
| CN110414211A (en) * | 2019-07-29 | 2019-11-05 | 浪潮软件集团有限公司 | A kind of resource-based IOSS right management method |
| CN111274609A (en) * | 2020-01-19 | 2020-06-12 | 苏州浪潮智能科技有限公司 | User permission inheritance method and device of distributed file storage system |
| CN111967036A (en) * | 2020-10-26 | 2020-11-20 | 成都掌控者网络科技有限公司 | Distributed control-based multi-weight group inheritance treatment method and device |
| CN112069541A (en) * | 2020-09-08 | 2020-12-11 | 北京百度网讯科技有限公司 | Authority management and query method and device |
| CN113190870A (en) * | 2021-05-27 | 2021-07-30 | 新华三技术有限公司 | Redis database access authority control method and device |
| CN114238997A (en) * | 2022-02-23 | 2022-03-25 | 国汽智控(北京)科技有限公司 | Resource calling method and device based on vehicle application permission and electronic equipment |
| CN115795521A (en) * | 2023-02-07 | 2023-03-14 | 深圳复临科技有限公司 | Access control method, device, electronic equipment and storage medium |
| CN116319809A (en) * | 2022-12-27 | 2023-06-23 | 昆仑数智科技有限责任公司 | Method and system for data operation |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080235190A1 (en) * | 2006-05-22 | 2008-09-25 | Kaihao Zhao | Method and System For Intelligently Retrieving and Refining Information |
| CN101335745A (en) * | 2007-06-27 | 2008-12-31 | 潘广和 | Method and apparatus for data authorizing and authorized data access in Web application program system |
| CN101620601A (en) * | 2008-06-30 | 2010-01-06 | 上海全成通信技术有限公司 | Method for building directory tree based on user permissions |
-
2011
- 2011-03-11 CN CN2011100599029A patent/CN102129539A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080235190A1 (en) * | 2006-05-22 | 2008-09-25 | Kaihao Zhao | Method and System For Intelligently Retrieving and Refining Information |
| CN101335745A (en) * | 2007-06-27 | 2008-12-31 | 潘广和 | Method and apparatus for data authorizing and authorized data access in Web application program system |
| CN101620601A (en) * | 2008-06-30 | 2010-01-06 | 上海全成通信技术有限公司 | Method for building directory tree based on user permissions |
Cited By (45)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102663044A (en) * | 2012-03-28 | 2012-09-12 | 福建榕基软件股份有限公司 | Method and device for creating search base and method and device for full-text search with authorities |
| WO2014005268A1 (en) * | 2012-07-02 | 2014-01-09 | 华为技术有限公司 | Resource access method and device |
| CN104169930A (en) * | 2012-07-02 | 2014-11-26 | 华为技术有限公司 | Resource access method and device |
| CN104169930B (en) * | 2012-07-02 | 2017-02-22 | 华为技术有限公司 | resource access method and device |
| CN103179126A (en) * | 2013-03-26 | 2013-06-26 | 山东中创软件商用中间件股份有限公司 | Access control method and device |
| CN103581187A (en) * | 2013-11-05 | 2014-02-12 | 曙光云计算技术有限公司 | Method and system for controlling access rights |
| WO2015103794A1 (en) * | 2014-01-13 | 2015-07-16 | 华为技术有限公司 | Method and device for controlling access authority of file |
| CN104735091B (en) * | 2015-04-17 | 2018-03-30 | 三星电子(中国)研发中心 | A kind of user access control method and apparatus based on linux system |
| CN104735091A (en) * | 2015-04-17 | 2015-06-24 | 三星电子(中国)研发中心 | Linux system-based user access control method and device |
| WO2017024956A1 (en) * | 2015-08-10 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Database access right processing method, device, and system |
| CN105468689A (en) * | 2015-11-17 | 2016-04-06 | 广东电网有限责任公司电力科学研究院 | Power grid object level authority configuration and inheritance method |
| CN107241299A (en) * | 2016-03-29 | 2017-10-10 | 百度在线网络技术(北京)有限公司 | The control of authority management method and device of Dropbox |
| CN107968763B (en) * | 2016-10-19 | 2020-10-23 | 巽风数位工程有限公司 | Group file management system and method |
| CN107968763A (en) * | 2016-10-19 | 2018-04-27 | 巽风数位工程有限公司 | Group's archive management system and method |
| CN106570413A (en) * | 2016-10-19 | 2017-04-19 | 上海爱数信息技术股份有限公司 | System and method for controlling access permission of document system |
| CN106682186B (en) * | 2016-12-29 | 2020-06-16 | 华为技术有限公司 | File access control list management method and related device and system |
| CN106682186A (en) * | 2016-12-29 | 2017-05-17 | 华为技术有限公司 | File access control list (ACL) management method and related device and system |
| WO2018121454A1 (en) * | 2016-12-29 | 2018-07-05 | 华为技术有限公司 | Method of managing file access control list, associated device and system |
| CN107689949A (en) * | 2017-03-31 | 2018-02-13 | 平安科技(深圳)有限公司 | Data base authority management method and system |
| US11455415B2 (en) | 2017-03-31 | 2022-09-27 | Ping An Technology (Shenzhen) Co., Ltd. | Method, system, and device for managing database permissions, and computer-readable storage medium |
| CN107689949B (en) * | 2017-03-31 | 2020-03-17 | 平安科技(深圳)有限公司 | Database authority management method and system |
| CN107403105A (en) * | 2017-06-30 | 2017-11-28 | 华为技术有限公司 | The authority setting method and device of a kind of file system |
| CN107403105B (en) * | 2017-06-30 | 2020-09-04 | 华为技术有限公司 | Permission setting method and device for file system |
| US11526476B2 (en) | 2017-06-30 | 2022-12-13 | Huawei Technologies Co., Ltd. | File system permission setting method and apparatus |
| CN108632238A (en) * | 2017-09-18 | 2018-10-09 | 北京视联动力国际信息技术有限公司 | A kind of method and apparatus of permission control |
| CN107579865A (en) * | 2017-10-18 | 2018-01-12 | 北京奇虎科技有限公司 | Right management method, the apparatus and system of distributed code server |
| CN107679420A (en) * | 2017-10-23 | 2018-02-09 | 郑州云海信息技术有限公司 | A kind of authority setting method and system based on distributed file system |
| CN109726579A (en) * | 2017-10-27 | 2019-05-07 | 阿里巴巴集团控股有限公司 | Resource access authority group technology and equipment |
| CN109726579B (en) * | 2017-10-27 | 2023-04-28 | 阿里巴巴集团控股有限公司 | Resource access authority grouping method and equipment |
| CN109766708A (en) * | 2017-11-09 | 2019-05-17 | 北京京东尚科信息技术有限公司 | Access method, system, computer system and the storage medium of data resource |
| CN109766708B (en) * | 2017-11-09 | 2021-04-30 | 北京京东尚科信息技术有限公司 | Data resource access method, system, computer system and storage medium |
| CN109002727A (en) * | 2018-06-28 | 2018-12-14 | 郑州云海信息技术有限公司 | A kind of method of distributed storage ACL quick response authorization check |
| CN109002730A (en) * | 2018-07-26 | 2018-12-14 | 郑州云海信息技术有限公司 | A kind of file system directories right management method, device, equipment and storage medium |
| CN109145621A (en) * | 2018-08-14 | 2019-01-04 | 阿里巴巴集团控股有限公司 | Document management method and device |
| CN110138881A (en) * | 2019-06-05 | 2019-08-16 | 安徽三实信息技术服务有限公司 | A kind of distributed memory system and its storage method |
| CN110414211A (en) * | 2019-07-29 | 2019-11-05 | 浪潮软件集团有限公司 | A kind of resource-based IOSS right management method |
| CN111274609A (en) * | 2020-01-19 | 2020-06-12 | 苏州浪潮智能科技有限公司 | User permission inheritance method and device of distributed file storage system |
| CN112069541A (en) * | 2020-09-08 | 2020-12-11 | 北京百度网讯科技有限公司 | Authority management and query method and device |
| CN112069541B (en) * | 2020-09-08 | 2024-05-07 | 北京百度网讯科技有限公司 | Authority management and query method and device |
| CN111967036A (en) * | 2020-10-26 | 2020-11-20 | 成都掌控者网络科技有限公司 | Distributed control-based multi-weight group inheritance treatment method and device |
| CN113190870A (en) * | 2021-05-27 | 2021-07-30 | 新华三技术有限公司 | Redis database access authority control method and device |
| CN114238997A (en) * | 2022-02-23 | 2022-03-25 | 国汽智控(北京)科技有限公司 | Resource calling method and device based on vehicle application permission and electronic equipment |
| CN116319809A (en) * | 2022-12-27 | 2023-06-23 | 昆仑数智科技有限责任公司 | Method and system for data operation |
| CN116319809B (en) * | 2022-12-27 | 2023-12-29 | 昆仑数智科技有限责任公司 | Method and system for data operation |
| CN115795521A (en) * | 2023-02-07 | 2023-03-14 | 深圳复临科技有限公司 | Access control method, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102129539A (en) | Data resource authority management method based on access control list | |
| US11468103B2 (en) | Relational modeler and renderer for non-relational data | |
| KR101419828B1 (en) | Composite term index for graph data | |
| KR100959473B1 (en) | Systems and methods for interfacing application programs with an item-based storage platform | |
| CN103608809B (en) | Recommending data is enriched with | |
| CN111680041B (en) | Safety high-efficiency access method for heterogeneous data | |
| CN101360123B (en) | Network system and management method thereof | |
| US20080005186A1 (en) | Methods and apparatus for composite configuration item management in configuration management database | |
| US20080005135A1 (en) | Defining and extracting a flat list of search properties from a rich structured type | |
| CN107533569B (en) | System and method for sandbox support in a multidimensional database environment | |
| KR20060095452A (en) | Data model for object-relational data | |
| US20150088806A1 (en) | Supporting multi-tenancy in a federated data management system | |
| CN103597474A (en) | Efficient indexing and searching of access control listed documents | |
| CN103377336A (en) | Method and system for controlling computer system user rights | |
| US20170364696A1 (en) | Method for filtering documents and electronic device | |
| CN102110111A (en) | Method and system for processing database operating command | |
| US10311051B1 (en) | Storing modeling alternatives with unitized data | |
| CN102385593B (en) | Method and device as well as operation system for operating utility tree | |
| CN102214214B (en) | Method and device for processing data relationship and mobile communication terminal | |
| CN102799645B (en) | Safe searcher and safe searching method | |
| CN101702180A (en) | Method and system for searching associated field value | |
| CN109739484B (en) | Asset relationship model construction system, method and storage medium | |
| CN106649462A (en) | Implementation method for mass data full-text retrieval scene | |
| Temuujin et al. | Spark-based partitioning algorithm for k-anonymization of large RDFs | |
| CN104239576A (en) | Method and device for searching for all lines in column values of HBase list |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110720 |