CN102201935B - Access control method and device based on VIEW - Google Patents
Access control method and device based on VIEW Download PDFInfo
- Publication number
- CN102201935B CN102201935B CN 201110123928 CN201110123928A CN102201935B CN 102201935 B CN102201935 B CN 102201935B CN 201110123928 CN201110123928 CN 201110123928 CN 201110123928 A CN201110123928 A CN 201110123928A CN 102201935 B CN102201935 B CN 102201935B
- Authority
- CN
- China
- Prior art keywords
- access rights
- attribute information
- user class
- mib object
- mib
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an access control method and device based on VIEW. The method comprises the following steps: receiving request messages from a manager, wherein the request messages carry user identity information and information of an MIB (management information bank) object to be accessed; determining a user level in accordance with user identity information and determining access permission attribute information corresponding to the user level as well as determining access permission attribute information of the VIEW to which the MIB object belongs; and according to the relation between the access permission attribute information corresponding to the user level and the access permission attribute information of the VIEW to which the MIB object belongs, determining whether the manager is permitted to access the MIB object to be accessed. According to the relation between the access permission attribute information corresponding to the user level and the access permission attribute information of the VIEW to which the MIB object belongs, whether the manager is permitted to access the MIB object to be accessed is determined, so the access control for the MIB object can be realized and the MIB object in the VIEW can be checked and adjusted dynamically.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of access control method based on VIEW and device thereof.
Background technology
Have now in Internet mostly based on SNMP(Simple Network Management Protocol, Simple Network Management Protocol) architecture, the SNMP architecture is by manager (Manager), succedaneum (Agent), MIB(Management Information Base, management information bank) and protocol operation etc. partly consist of.Manager issues operational order by snmp protocol to Agent, and the operation requests of Agent response Manager is by the management maintenance of access MIB execution to equipment.
MIB is the set of all management objects, and each variable in MIB is webmaster object properties, has different level of securitys.From security consideration, the succedaneum need to provide the access control function to MIB, is responsible for namely checking whether the manager can operate corresponding MIB.Access control is for to be divided into different access group (being VIEW) with MIB, and to access rights rank corresponding to each access group definition, the user side who only possesses corresponding authority is authorized to executable operations.
In prior art, in order to realize the access control to MIB, VACM(View-based Access Control Model has been proposed, the view access control model), VACM is the access control model of SNMP definition, provides the access control to MIB, with the strengthening system fail safe.
VACM requires to create VACM_VIEW group (scope that is used for regulation access MIB) on every network equipment, the VACM_ACCESS group (is the access rights groups, be used for related between regulation VACM_GROUP group and VACM_VIEW group), VACM_GROUP group (being user grouping, for stipulating related between user and role).
The specific implementation process of VACM comprises: (1) sets up access VACM_VIEW group; (2) create the VACM_GROUP group, set up the Role Management unit, be used for user and corresponding access rights thereof are managed; (3) set up VACM_ACCESS group, the right that reads or writes that is about to access concrete VACM_VIEW group is given concrete user's group, sets up the strategy of the specific mib object of specific user's group access.
Though said method can provide the access control to MIB, it is pre-configured that the introducing of VACM requires all VIEW all to need, and can't realize dynamically adjusting according to demand, and still there is following shortcoming in prior art:
(1) VACM need to define and create multiple object and the table examples such as Group Table, Access Table, ViewTree Table, and the incidence relation between setting up by index, realizes complexity, processes level more, carries out efficient lower.
(2) setting up VACM_VIEW when group, the webmaster object that each need to be belonged to this VIEW is installed in independent chained list, and when the VIEW that sets up when webmaster object or wish was more, installation process was more loaded down with trivial details, easily make mistakes.And be often that same object is present in a plurality of VIEW simultaneously in practical application, cause final shared memory source more.
(3) do not provide interface that object that VIEW comprises is adjusted and the definition of relevant MIB object to the manager, cause and dynamically to adjust VIEW, make right assignment dumb, realize by configuration or software upgrading if need to adjust need.
Summary of the invention
The embodiment of the present invention provides a kind of access control method based on VIEW and device thereof, can't carry out the dynamically problem of adjustment to VIEW in order to solve, and realize the access control to MIB, and for this reason, the embodiment of the present invention adopts following technical scheme:
A kind of access control method based on access group VIEW comprises:
Reception is carried the information of subscriber identity information and management information bank mib object to be visited from gerentocratic request message in described request message;
Determine user class according to described subscriber identity information, determine the access rights attribute information that described user class is corresponding, and determine the access rights attribute information of the affiliated VIEW of mib object to be visited;
Under the access rights attribute information corresponding according to described user class and described mib object to be visited, the affiliated relation of the access rights attribute information of VIEW determines whether to allow the manager to access described mib object to be visited.
A kind of access control apparatus based on access group VIEW comprises:
Receiver module is used for receiving from gerentocratic request message, carries the information of subscriber identity information and management information bank mib object to be visited in described request message;
The first determination module is used for determining user class according to described subscriber identity information, determines the access rights attribute information that described user class is corresponding, and determines the access rights attribute information of the affiliated VIEW of mib object to be visited;
The second determination module, the affiliated relation that is used for the access rights attribute information of VIEW under the access rights attribute information corresponding according to described user class and described mib object to be visited determines whether to allow the manager to access described mib object to be visited.
The above embodiment of the present invention, can determine whether to allow the manager to access mib object to be visited by the affiliated relation of the access rights attribute information of VIEW under access rights attribute information corresponding to user class, mib object to be visited, can realize the access control to MIB, and can check and the mib object of dynamically adjusting in VIEW.
Description of drawings
The access control method schematic flow sheet based on access group VIEW that Fig. 1 provides for the embodiment of the present invention;
The structural representation based on the access control terminal of access group VIEW that Fig. 2 provides for the embodiment of the present invention.
Embodiment
Due to the webmaster external interface opening of network element device according to user's request progressively, in batches, therefore need and can dynamically adjust VIEW, and can't realize dynamically adjusting according to demand VIEW in existing implementation method.For the problems referred to above, the embodiment of the present invention provides a kind of access control method based on VIEW and device thereof, with when realizing the MIB access control, can support the dynamic adjustment to VIEW.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in detail.
In the embodiment of the present invention, because the setting of access rights depends on certain specific mib object, can increase an access rights attribute item for each mib object, this access rights attribute item and other existing attribute are (as OID(Object Identifier, object identifier), value type, default value etc.) side by side, and this access rights attribute item is used for recording the access rights attribute information (as the access rights property value) of mib object.
The succedaneum is kept at the access rights property value in internal memory, and any administration order of manager all needs the access control through the access rights attribute item before execution.Therefore the access rights attribute item that only is required to be each mib object is set suitable access rights property value, can determine that the VIEW(under mib object has the corresponding same VIEW of mib object of identical access rights property value according to the access rights property value, and each VIEW is to there being the access rights property value), set with mib object of identical access rights property value has consisted of administration view, and can determine the mib object that comprises in each VIEW based on administration view.
Further, because the access rights property value of mib object has identified the mib object that comprises in each VIEW, be VIEW under this mib object of capable of regulating by the access rights property value of revising mib object, thereby reach the purpose of dynamic adjustment VIEW.
Based on above-mentioned feature, in the embodiment of the present invention, in order to be each mib object maintenance access Authorization Attributes value, and carry out relevant treatment based on the access rights property value, need to configure and safeguard authority genus group definition list and MIB control of authority definition list.
Concrete, authority genus group definition list is used for the corresponding relation of maintenance customer's identity information (as username and password) and user class, authority genus group definition list accessUserTable as shown in table 1; MIB control of authority definition list is used for the corresponding relation of maintenance customer's rank and access rights attribute information, MIB control of authority definition list mibAuthorizationControlTable as shown in table 2.
Table 1 authority genus group definition list
Authority genus group definition list accessUserTable is used for defining user's natural quality, it is the corresponding relation of maintenance customer's name, password and user class, in table 1, user class is administrator (administrator), system user (system), operation user (operator), Guest User (guest).In practical application, user class is not limited to above-mentioned four kinds, and other user class can also be arranged, and as domestic consumer (user), user class can add according to the actual requirements voluntarily, repeats no more in the embodiment of the present invention.
It should be noted that the adjustment of user in the different stage genus group of authority genus group definition list, the manager can come increase, the deletion of completing user, adjustment of user class genus group etc. by configure user and authority genus group definition list.The process that authority genus group definition list is safeguarded comprises one of following or combination in any:
(1) adjust the corresponding user class of subscriber identity information in authority genus group definition list; For example, the corresponding relation that has user 1, password 1, operation user in current authority genus group definition list, when according to actual needs user 1 user class being adjusted into system user, the corresponding relation with user 1, password 1, operation user in authority genus group definition list is revised as the corresponding relation of user 1, password 1, system user.
(2) add the corresponding relation of subscriber identity information and user class in authority genus group definition list; For example, when increasing user 2, password 2 and Guest User's corresponding relation according to actual needs, add user 2, password 2 and Guest User's corresponding relation in current authority genus group definition list.
(3) corresponding relation of deletion subscriber identity information and user class in authority genus group definition list; For example, when deleting user 3, password 3 and Guest User's corresponding relation according to actual needs, user 3, password 3 and Guest User's that deletion has been recorded in current authority genus group definition list corresponding relation.
Table 2MIB control of authority definition list
MIB control of authority definition list mibAuthorizationControlTable be used for defining MIB to other access rights of different user level, it is the corresponding relation of maintenance customer's rank and access rights property value, in table 2, user class with the corresponding relation of access rights property value is: administrator MIB and corresponding access limit, system user MIB and corresponding access limit, operation user MIB and corresponding access limit, Guest User MIB and corresponding access limit thereof thereof thereof thereof.In practical application, be not limited to the corresponding relation of above-mentioned user class and access rights property value, user class can add according to the actual requirements voluntarily, and namely the corresponding relation of user class and access rights property value also can add, and repeats no more in the embodiment of the present invention.
It should be noted that the adjustment of user class genus group authority, the manager can directly come the authority adjustment of completing user rank genus group by configuration MIB control of authority definition list, can specify the OID of MIB that its notice, read-write, additions and deletions authority are set; The process that MIB control of authority definition list is safeguarded comprises one of following or combination in any:
(1) adjust access rights property value corresponding to user class in MIB control of authority definition list; For example, the corresponding relation that has system user and access rights property value 3 in current MIB control of authority definition list, access rights property value with system user is adjusted at 4 o'clock according to actual needs, the corresponding relation of system user and access rights property value 3 is revised as the corresponding relation of system user and access rights property value 4.
(2) add the corresponding relation of user class and access rights attribute information in MIB control of authority definition list; For example, add the corresponding relation of domestic consumer and access rights property value 1 in current MIB control of authority definition list.
(3) corresponding relation of deletion user class and access rights attribute information in MIB control of authority definition list; For example, the corresponding relation of deletion system user and access rights property value 3 in current MIB control of authority definition list.
Based on authority genus group definition list and the MIB control of authority definition list of above-mentioned maintenance, the embodiment of the present invention one provides a kind of access control method based on VIEW, and as shown in Figure 1, the method comprises the following steps:
This request message is GET operation requests message or SET operation requests message, GET operation requests message is used for the manager and uses this operation to obtain one or more parameter values from the succedaneum, and SET operation requests message is used for one or more parameter values that the manager uses this operation setting succedaneum.
The information of mib object to be visited is carried by OID information, and mib object is stored with tree, and the node of tree represents the mib object that is managed, and mib object can be identified uniquely with a paths that begins from root, and this paths is called OID; For example, management object system can use string number the 1.3.6.1.2.1.1} unique identification, and this string numeral be the OID of system.
The manager can be known the corresponding one or more mib objects to be visited of this OID by this request message by carry OID in request message.
After receiving request message, the succedaneum also can carry out the operations such as authentication, decoding to request message, if inerrancy enters the access control check process, namely execution in step 103.
Concrete, by the above-mentioned authority genus group definition list that comprises the corresponding relation of subscriber identity information and user class, the succedaneum can directly determine the user class that this subscriber identity information is corresponding.By the above-mentioned MIB control of authority definition list that comprises the corresponding relation of user class and access rights property value, the succedaneum can directly determine the access rights property value that this user class is corresponding.
It should be noted that when determining user class according to subscriber identity information, if subscriber identity information can't match corresponding user class, show that the manager is illegal, directly refuse request message.
In the embodiment of the present invention, owing to for each mib object, the access rights property value being set, and determine that according to the access rights property value VIEW(under each mib object has the corresponding same VIEW of mib object of identical access rights property value, and each VIEW is to there being the access rights property value), can directly determine the corresponding access rights property value of VIEW that mib object to be visited is affiliated.
For example, access rights property value 3 is set, access rights property value 3 is set, access rights property value 3 is set, access rights property value 4 is set, access rights property value 4 is set, access rights property value 4 is set, access rights property value 2 is set, for mib object 8, access rights property value 2 is set for mib object 7 for mib object 6 for mib object 5 for mib object 4 for mib object 3 for mib object 2 for mib object 1.
Same VIEW under mib object 1, mib object 2, mib object 3, and the access rights property value of this VIEW is 3, take this VIEW as example as VIEW3; Same VIEW under mib object 4, mib object 5, mib object 6, and the access rights property value of this VIEW is 4, take this VIEW as example as VIEW4; Same VIEW under mib object 7, mib object 8, and the access rights property value of this VIEW is 2, take this VIEW as example as VIEW2.
If mib object to be visited is mib object 1, mib object 4, mib object 7, under mib object 1, the access rights property value of VIEW is 3, the access rights property value of VIEW is 4 under mib object 4, the access rights property value of VIEW is 2 under mib object 7.
Concrete, if access rights property value corresponding to user class comprises the access rights property value of the affiliated VIEW of mib object to be visited, determine to allow the manager to access mib object to be visited; If the access rights property value that user class is corresponding does not comprise the access rights property value of VIEW under mib object to be visited, determine not allow the manager to access mib object to be visited (be denied access and return to relevant error).
For example, mib object to be visited is mib object 1, mib object 4, mib object 7, and the access rights property value that user class (as system user) is corresponding is 3, and the access rights property value is larger, and access rights are larger.
For each mib object to be visited, the succedaneum need to obtain the access rights property value of the affiliated VIEW of this mib object to be visited, under mib object 1, the access rights property value of VIEW is 3, the access rights property value 3 that user class is corresponding comprises the access rights property value 3 of mib object 1 affiliated VIEW, determines to allow the manager to access mib object 1; Under mib object 4, the access rights property value of VIEW is 4, and the access rights property value 3 that user class is corresponding does not comprise the access rights property value 4 of mib object 4 affiliated VIEW, determines not allow the manager to access mib object 4; Under mib object 7, the access rights property value of VIEW is 2, and the access rights property value 3 that user class is corresponding comprises the access rights property value 2 of mib object 7 affiliated VIEW, determines to allow the manager to access mib object 7.
In the embodiment of the present invention, can also be adjusted into according to actual needs the access rights property value that mib object arranges, and redefine VIEW under mib object according to the access rights property value after adjusting.For example, the access rights property value of mib object 7 was revised as 4 o'clock, the VIEW under the mib object 7 that redefines are VIEW4.
Concrete, due to the attribute of access rights property value as MIB, only need find corresponding MIB to locate, therefore as long as OID and the amended access rights property value of the mib object that in the message of modification access rights property value, binding will be revised, receive the message of gerentocratic modification access rights property value as the succedaneum after, can find the memory attribute memory location of purpose mib object, revise the access rights property value of this mib object and the new VIEW under this mib object, and return to response to the manager, can realize the dynamic adjustment to VIEW.
In the mib object correspondence after new VIEW, the succedaneum will use up-to-date VIEW to carry out authority to gerentocratic next operation requests to check, subsequent process repeats no more.
It should be noted that in the embodiment of the present invention, the higher-level user can configure lower-level user's access rights property value, and the lower-level user cannot configure higher-level user's access rights property value; In actual the use, can be by the user of highest weight limit and user's collocating accessing authority property value of time high authority.For example, in each user class shown in table 1, administrator's the Guest User that is superior to who is superior to operation user, operation user who is superior to system user, system user.
Based on identical technical conceive, the embodiment of the present invention also provides a kind of access control apparatus based on access group VIEW that can be applicable to above-mentioned flow process, and as shown in Figure 2, this device can comprise:
The first determination module 22 is used for determining user class according to described subscriber identity information, determines the access rights attribute information that described user class is corresponding, and determines the access rights attribute information of the affiliated VIEW of mib object to be visited;
The second determination module 23, the affiliated relation that is used for the access rights attribute information of VIEW under the access rights attribute information corresponding according to described user class and described mib object to be visited determines whether to allow the manager to access described mib object to be visited.
Described the first determination module 22, the concrete authority genus group definition list that is used for configuring the corresponding relation that comprises subscriber identity information and user class, and determine according to described authority genus group definition list the user class that described subscriber identity information is corresponding.
This device also comprises: maintenance module 24, be used for to carry out one of following or combination in any: adjust the corresponding user class of described authority genus group definition list subscriber identity information;
Add the corresponding relation of subscriber identity information and user class in described authority genus group definition list;
The corresponding relation of deletion subscriber identity information and user class in described authority genus group definition list.
Described the first determination module 22, the concrete MIB control of authority definition list that is used for configuring the corresponding relation that comprises user class and access rights attribute information, and determine according to described MIB control of authority definition list the access rights attribute information that described user class is corresponding.
Add the corresponding relation of user class and access rights attribute information in described MIB control of authority definition list;
The corresponding relation of deletion user class and access rights attribute information in described MIB control of authority definition list.
Described access rights attribute information comprises the access rights property value,
Described the first determination module 22, specifically be used to each mib object that the access rights property value is set, and determine VIEW under each mib object according to the access rights property value, have the corresponding same VIEW of mib object of identical access rights property value, and each VIEW is to there being the access rights property value;
Determine the corresponding access rights property value of VIEW that mib object to be visited is affiliated.
Described the second determination module 23 if specifically be used for the access rights attribute information that access rights attribute information corresponding to described user class comprises the affiliated VIEW of described mib object to be visited, is determined to allow the manager to access described mib object to be visited;
If the access rights attribute information that described user class is corresponding does not comprise the access rights attribute information of the affiliated VIEW of described mib object to be visited, determine not allow the manager to access described mib object to be visited.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above is only the preferred embodiment of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
Claims (14)
1. the access control method based on access group VIEW, is characterized in that, comprising:
Reception is carried the information of subscriber identity information and management information bank mib object to be visited from gerentocratic request message in described request message;
Determine user class according to described subscriber identity information, determine the access rights attribute information that described user class is corresponding, and determine the access rights attribute information of the affiliated VIEW of mib object to be visited; Wherein, described access rights attribute information comprises the access rights property value, determine the access rights attribute information of the affiliated VIEW of mib object to be visited, comprise: for each mib object arranges the access rights property value, and determine VIEW under each mib object according to the access rights property value, the corresponding same VIEW of mib object with identical access rights property value, and each VIEW is to there being the access rights property value; Determine the corresponding access rights property value of VIEW that mib object to be visited is affiliated;
Under the access rights attribute information corresponding according to described user class and described mib object to be visited, the affiliated relation of the access rights attribute information of VIEW determines whether to allow the manager to access described mib object to be visited.
2. the method for claim 1, is characterized in that, determines user class according to described subscriber identity information, comprising:
Configuration comprises the authority genus group definition list of the corresponding relation of subscriber identity information and user class, and determines according to described authority genus group definition list the user class that described subscriber identity information is corresponding.
3. method as claimed in claim 2, is characterized in that, the method also comprises one of following or combination in any:
Adjust the corresponding user class of subscriber identity information in described authority genus group definition list;
Add the corresponding relation of subscriber identity information and user class in described authority genus group definition list;
The corresponding relation of deletion subscriber identity information and user class in described authority genus group definition list.
4. the method for claim 1, is characterized in that, determines the access rights attribute information that described user class is corresponding, comprising:
Configuration comprises the MIB control of authority definition list of the corresponding relation of user class and access rights attribute information, and determines according to described MIB control of authority definition list the access rights attribute information that described user class is corresponding.
5. method as claimed in claim 4, is characterized in that, the method also comprises one of following or combination in any:
Adjust access rights attribute information corresponding to user class in described MIB control of authority definition list;
Add the corresponding relation of user class and access rights attribute information in described MIB control of authority definition list;
The corresponding relation of deletion user class and access rights attribute information in described MIB control of authority definition list.
6. the method for claim 1, is characterized in that, the method also comprises:
Be adjusted into the access rights property value that mib object arranges, and redefine VIEW under mib object according to the access rights property value after adjusting.
7. the method for claim 1, it is characterized in that, under the access rights attribute information corresponding according to described user class and described mib object to be visited, the affiliated relation of the access rights attribute information of VIEW determines whether to allow the manager to access described mib object to be visited, comprising:
If the access rights attribute information that described user class is corresponding comprises the access rights attribute information of the affiliated VIEW of described mib object to be visited, determine to allow the manager to access described mib object to be visited;
If the access rights attribute information that described user class is corresponding does not comprise the access rights attribute information of the affiliated VIEW of described mib object to be visited, determine not allow the manager to access described mib object to be visited.
8. the access control apparatus based on access group VIEW, is characterized in that, comprising:
Receiver module is used for receiving from gerentocratic request message, carries the information of subscriber identity information and management information bank mib object to be visited in described request message;
The first determination module is used for determining user class according to described subscriber identity information, determines the access rights attribute information that described user class is corresponding, and determines the access rights attribute information of the affiliated VIEW of mib object to be visited; Wherein, described access rights attribute information comprises the access rights property value, described the first determination module, specifically be used to each mib object that the access rights property value is set, and determine VIEW under each mib object according to the access rights property value, the corresponding same VIEW of mib object with identical access rights property value, and each VIEW is to there being the access rights property value; Determine the corresponding access rights property value of VIEW that mib object to be visited is affiliated;
The second determination module, the affiliated relation that is used for the access rights attribute information of VIEW under the access rights attribute information corresponding according to described user class and described mib object to be visited determines whether to allow the manager to access described mib object to be visited.
9. device as claimed in claim 8, is characterized in that,
Described the first determination module, the concrete authority genus group definition list that is used for configuring the corresponding relation that comprises subscriber identity information and user class, and determine according to described authority genus group definition list the user class that described subscriber identity information is corresponding.
10. device as claimed in claim 9, is characterized in that, also comprises:
Maintenance module be used for to be carried out one of following or combination in any: adjust the corresponding user class of described authority genus group definition list subscriber identity information;
Add the corresponding relation of subscriber identity information and user class in described authority genus group definition list;
The corresponding relation of deletion subscriber identity information and user class in described authority genus group definition list.
11. device as claimed in claim 8 is characterized in that,
Described the first determination module, the concrete MIB control of authority definition list that is used for configuring the corresponding relation that comprises user class and access rights attribute information, and determine according to described MIB control of authority definition list the access rights attribute information that described user class is corresponding.
12. device as claimed in claim 11 is characterized in that, also comprises:
Maintenance module be used for to be carried out one of following or combination in any: adjust access rights attribute information corresponding to described MIB control of authority definition list user class;
Add the corresponding relation of user class and access rights attribute information in described MIB control of authority definition list;
The corresponding relation of deletion user class and access rights attribute information in described MIB control of authority definition list.
13. device as claimed in claim 8 is characterized in that, also comprises:
Maintenance module is used for being adjusted into the access rights property value that mib object arranges, and redefines VIEW under mib object according to the access rights property value after adjusting.
14. device as claimed in claim 8 is characterized in that,
Described the second determination module if specifically be used for the access rights attribute information that access rights attribute information corresponding to described user class comprises the affiliated VIEW of described mib object to be visited, is determined to allow the manager to access described mib object to be visited;
If the access rights attribute information that described user class is corresponding does not comprise the access rights attribute information of the affiliated VIEW of described mib object to be visited, determine not allow the manager to access described mib object to be visited.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110123928 CN102201935B (en) | 2011-05-13 | 2011-05-13 | Access control method and device based on VIEW |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110123928 CN102201935B (en) | 2011-05-13 | 2011-05-13 | Access control method and device based on VIEW |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102201935A CN102201935A (en) | 2011-09-28 |
| CN102201935B true CN102201935B (en) | 2013-11-06 |
Family
ID=44662340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110123928 Active CN102201935B (en) | 2011-05-13 | 2011-05-13 | Access control method and device based on VIEW |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102201935B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104717176B (en) * | 2013-12-11 | 2018-05-18 | 华为技术有限公司 | A kind of authority control method, system and server |
| CN104023014B (en) * | 2014-06-04 | 2018-05-22 | 深信服科技股份有限公司 | The control method and system of data access authority |
| JP6410517B2 (en) * | 2014-08-18 | 2018-10-24 | キヤノン株式会社 | Image processing apparatus, information processing method, and program |
| CN107229644A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Searching method and device |
| CN110034949A (en) * | 2019-02-21 | 2019-07-19 | 国电南瑞科技股份有限公司 | A kind of Write-protection method based on snmp protocol |
| CN113411297A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Situation awareness defense method and system based on attribute access control |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1453954A (en) * | 2002-04-22 | 2003-11-05 | 华为技术有限公司 | System and method for managing access authority of network users |
| KR20050057871A (en) * | 2003-12-11 | 2005-06-16 | 한국전자통신연구원 | Customer network management service system in very high speed network and performance information advising methode thereof |
| CN101582881A (en) * | 2008-05-14 | 2009-11-18 | 华为技术有限公司 | Method and device for controlling access |
| CN101739526A (en) * | 2009-12-16 | 2010-06-16 | 北京佳讯飞鸿电气股份有限公司 | Service system-oriented and oriented object-based rights management method |
-
2011
- 2011-05-13 CN CN 201110123928 patent/CN102201935B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1453954A (en) * | 2002-04-22 | 2003-11-05 | 华为技术有限公司 | System and method for managing access authority of network users |
| KR20050057871A (en) * | 2003-12-11 | 2005-06-16 | 한국전자통신연구원 | Customer network management service system in very high speed network and performance information advising methode thereof |
| CN101582881A (en) * | 2008-05-14 | 2009-11-18 | 华为技术有限公司 | Method and device for controlling access |
| CN101739526A (en) * | 2009-12-16 | 2010-06-16 | 北京佳讯飞鸿电气股份有限公司 | Service system-oriented and oriented object-based rights management method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102201935A (en) | 2011-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11762970B2 (en) | Fine-grained structured data store access using federated identity management | |
| CN102201935B (en) | Access control method and device based on VIEW | |
| US9069979B2 (en) | LDAP-based multi-tenant in-cloud identity management system | |
| JP5624620B2 (en) | Plug-in authority control method and system | |
| RU2598324C2 (en) | Means of controlling access to online service using conventional catalogue features | |
| US20200327244A1 (en) | System for database access restrictions using ip addresses | |
| US20130218911A1 (en) | Systems and methods for enforcement of security profiles in multi-tenant database | |
| CN101594360B (en) | Local area network system and method for maintaining safety thereof | |
| EP3466014B1 (en) | Method and arrangement for configuring a secure domain in a network functions virtualization infrastructure | |
| CN102307114A (en) | Management method of network | |
| US8745701B2 (en) | Method and system for modeling options for opaque management data for a user and/or an owner | |
| CN105827645B (en) | Method, equipment and system for access control | |
| US7730179B2 (en) | System and method for policy-based registration of client devices | |
| US9160752B2 (en) | Database authorization rules and component logic authorization rules aggregation | |
| CN111914295A (en) | Database access control method and device and electronic equipment | |
| CN107566375B (en) | Access control method and device | |
| US20140041053A1 (en) | Data block access control | |
| US20240007458A1 (en) | Computer user credentialing and verification system | |
| WO2015152894A1 (en) | Device-type based content management | |
| US20200382516A1 (en) | Multi-vendor support for network access control policies | |
| CN106850623A (en) | A kind of general information issue right management method | |
| CN112733165B (en) | File access control method, device and medium | |
| CN105636031A (en) | Packet communication management method, apparatus and system | |
| US20170272449A1 (en) | Providing permissions to spawned computing resources | |
| CN107332840A (en) | Authority intelligent management system and its method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |