CN102902916A - Authority control method universal for application programs - Google Patents
Authority control method universal for application programs Download PDFInfo
- Publication number
- CN102902916A CN102902916A CN2012103442438A CN201210344243A CN102902916A CN 102902916 A CN102902916 A CN 102902916A CN 2012103442438 A CN2012103442438 A CN 2012103442438A CN 201210344243 A CN201210344243 A CN 201210344243A CN 102902916 A CN102902916 A CN 102902916A
- Authority
- CN
- China
- Prior art keywords
- user
- authority
- module
- application program
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an authority control method universal for application programs. An independent authority module which is relevant to the application programs through an interface is provided; the authority module comprises a user group management module, a user management module, a menu management module and a menu authority distributing module, wherein the user group management module is used for accomplishing the authority distribution of each user group; the user management module is used for associating user accounts with a user group; the menu management module is used for managing menus requiring authority control in the application programs; the menu authority distributing module is used for distributing the menu authority to the user groups; the authority module is used for finding corresponding user groups through the user accounts of the users, further judging whether the users have the authority in using the menus or not, and carrying out corresponding response. With the adoption of the method, the authority module is independent and universal and can be used in all application programs; the authority control granularity is fine, a grading authorization management mechanism is realized, the authorization management is simple and rapid, and the development efficiency of a system is greatly improved.
Description
Technical field
The present invention relates to the control of authority of computer applied algorithm, is the general authority control method of application program concretely.
Background technology
Control of authority module in the application program is one of module that frequency of utilization is the highest in the software development, therefore the control of authority of application program is the importance that Software for Design must be considered, its quality is directly connected to the safety and stability of application program and even whole system.
In traditional software development, authority management module is integrated in the operation system, the developer requires a great deal of time and energy aspect System right management, and the business logic codes of system and control of authority code are mixed in together, the height of formation coupling, be difficult to realize the multiplexing of control of authority code, also be difficult to simultaneously various users and corresponding various authorities are revised arbitrarily.
Although some patents have been arranged about control of authority, " a kind of hierarchical authorisation method of metallurgy MES application authority control system " such as treasured letter company, " a kind of authority control method based on Access Control List (ACL) " of Huawei Company etc., but these software products and technical scheme are not still fundamentally broken away from the pattern of customized development, still need the developer to write a large amount of control of authority codes, can not realize fine-grained control of authority, and configuration is used complicated, do not form independently assembly, therefore can not in software development, directly use.
Utilize the specific application system of standardized software module rapid build, and realize that to greatest extent the multiplexing of software module is the target that the software engineer pursues always.Obviously, traditional control of authority mode can not satisfy this requirement.In today that object-oriented, facing assembly are designed and developed increased popularity, traditional control of authority mode has seriously restricted the lifting of the development efficiency of application software.In order to improve the development efficiency of application system, strengthen dirigibility, security, stability and the expandability of application system, develop brand-new authority control system, it is imperative to form reusable general-purpose rights Control Component.
Summary of the invention
For above-mentioned problem, the invention provides the general authority control method of a kind of application program, random component in can application programs is carried out flexibly related and control of authority with the user, reduce the degree of coupling of control of authority module and application program, make application program and control of authority module that good extendability and stability be arranged, improve system development efficient.
The authority control method that application program of the present invention is general has the independently authority module that is associated with application program by interface, includes the user and organize administration module, user management module, menu management module and menu right assignment module in authority module; Organize establishment, modification and the deletion that administration module carries out user's group by the user, and finish the right assignment of each user's group; Set up user account number by user management module, and user account number is associated with user's group; In described authority module, add, delete and revise the menu that needs control of authority in the application program by the menu management module; By menu right assignment module the menu authority of menu management module setting is organized administration module by the user and be assigned to corresponding user's group;
When the user uses the menu of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related menu authority according to this user again and judge whether the user has the authority of using this menu, if have then continue user's operation, if not then point out accordingly.
The key distinction of method of the present invention and classic method is that the authority module in this method is independent and general, can be applied to all application programs, and is only related with application program by interface.So just, make the coupling of rights management and application program drop to minimum, because authority module and application program all are independently mutually, therefore can realize more becoming more meticulous with complicated of control of authority granularity, but also be conducive to separately expansion and maintenance.
Further, in order to realize that the control in the application programs carries out rights management, described authority module also has control administration module and control right assignment module, the control administration module is used for adding, deletion and the relevant control of revising application program, control right assignment module is carried out the authority setting with the application program control that adds in the control administration module, and the control that will arrange after the authority is distributed to corresponding user's group, the distribution of realization control authority.
When the user uses the control of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related control authority according to this user again and judge whether the user has the authority of using this control, if have then continue user's operation, if not then point out accordingly.
Further, in order to realize that the transversely arranged data set of data structure carries out rights management in the application programs, described authority module also has data set right assignment module, data set right assignment module is used for the operating right of application program data set is assigned to associated user's group, realizes the distribution of data set authority.
When the user uses the data set of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related data set authority according to this user again and judge whether the user has the authority of using this data set, if have then continue user's operation, if not then point out accordingly.
Further, in order to realize that data structure in the application programs is that the data rows of longitudinal arrangement is carried out rights management, described authority module also has data rows right assignment module, data rows right assignment module is used for the operating right of application program data rows is assigned to associated user's group, realizes the distribution of data rows authority.
When the user uses the data set of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related data rows authority according to this user again and judge whether the user has the authority of using this data rows, if have then continue user's operation, if not then point out accordingly.
Preferably, in described authority module, be provided with login module, be used for the user of rights of using module is controlled.
Preferably, in user group and user related, user's group be to should there being a plurality of users, and a user be to there being a plurality of users' groups, namely normal " multi-to-multi " correspondence of saying in the software development.Such benefit be user group when having a plurality of users, can also carry out to each user the management of authority levels, different user is by a plurality of users' groups at place, its authority also can have identical with different.More flexible in the design of authority like this.
The authority control method that application program of the present invention is general can be finished the control of authority of random component in the application program, and the control of authority granularity becomes more meticulous more, and has realized graduation authorization management mechanism, is particularly suitable for the empowerment management needs of large-scale enterprises and institutions.And the licensing scheme of user group is so that rights management simple and fast more.Authority module has realized the effective separation of control of authority and application system, so that authority module can be applied directly to various application programs particularly in the application development based on .NET, has improved greatly system development efficient.
Below in conjunction with the embodiment of embodiment, foregoing of the present invention is described in further detail again.But this should be interpreted as that the scope of the above-mentioned theme of the present invention only limits to following example.Do not breaking away from the above-mentioned technological thought situation of the present invention, various replacements or change according to ordinary skill knowledge and customary means are made all should comprise within the scope of the invention.
Embodiment
The authority control method that application program of the present invention is general, in the development environment based on .NET, the independently authority module of using Visual Studio developing instrument login module to be set in authority module and to be associated with application program by interface, login module are used for the user of rights of using module is controlled.In authority module, include the user and organize administration module, user management module, menu management module and menu right assignment module; Organize establishment, modification and the deletion that administration module carries out user's group by the user, and finish the right assignment of each user's group; Set up user account number by user management module, and user account number is associated with user's group; In described authority module, add, delete and revise the menu that needs control of authority in the application program by the menu management module; By menu right assignment module the menu authority of menu management module setting is organized administration module by the user and be assigned to corresponding user's group;
When the user uses the menu of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related menu authority according to this user again and judge whether the user has the authority of using this menu, if have then continue user's operation, if not then point out accordingly.
In order to realize that the control in the application programs carries out rights management, described authority module also has control administration module and control right assignment module, the control administration module is used for adding, deletion and the relevant control of revising application program, control right assignment module is carried out the authority setting with the application program control that adds in the control administration module, and the control that will arrange after the authority is distributed to corresponding user's group, the distribution of realization control authority.
When the user uses the control of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related control authority according to this user again and judge whether the user has the authority of using this control, if have then continue user's operation, if not then point out accordingly.
In order to realize that data structure is that transversely arranged data set carries out rights management in the application programs, described authority module also has data set right assignment module, data set right assignment module is used for the operating right of application program data set is assigned to associated user's group, realizes the distribution of data set authority.
When the user uses the data set of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related data set authority according to this user again and judge whether the user has the authority of using this data set, if have then continue user's operation, if not then point out accordingly.
In order to realize that data structure in the application programs is that the data rows of longitudinal arrangement is carried out rights management, described authority module also has data rows right assignment module, data rows right assignment module is used for the operating right of application program data rows is assigned to associated user's group, realizes the distribution of data rows authority.
When the user uses the data set of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related data rows authority according to this user again and judge whether the user has the authority of using this data rows, if have then continue user's operation, if not then point out accordingly.
In user group and user related, user's group be to should there being a plurality of users, and a user be to there being a plurality of users' groups, namely normal " multi-to-multi " correspondence of saying in the software development.Make like this user group when having a plurality of users, can also carry out to each user the management of authority levels, different user is by a plurality of users' groups at place, and its authority also can have identical with different.More flexible in the design of authority like this.
It is independent and general that method of the present invention makes authority module, can be applied to all application programs, particularly based on the application program of .NET.So just, make the coupling of rights management and application program drop to minimum, the control of authority granularity is become more meticulous more, and realized graduation authorization management mechanism, rights management is simple and fast more also, has improved greatly system development efficient.
Claims (6)
1. the general authority control method of application program is characterized by:
Have the independently authority module that is associated with application program by interface, in authority module, include the user and organize administration module, user management module, menu management module and menu right assignment module; Organize establishment, modification and the deletion that administration module carries out user's group by the user, and finish the right assignment of each user's group; Set up user account number by user management module, and user account number is associated with user's group; In described authority module, add, delete and revise the menu that needs control of authority in the application program by the menu management module; By menu right assignment module the menu authority of menu management module setting is organized administration module by the user and be assigned to corresponding user's group;
When the user uses the menu of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related menu authority according to this user again and judge whether the user has the authority of using this menu, if have then continue user's operation, if not then point out accordingly.
2. the general authority control method of application program as claimed in claim 1 is characterized by:
Described authority module also has control administration module and control right assignment module, the control administration module is used for adding, deletion and the relevant control of revising application program, control right assignment module is carried out the authority setting with the application program control that adds in the control administration module, and the control that will arrange after the authority is distributed to corresponding user's group, the distribution of realization control authority;
When the user uses the control of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related control authority according to this user again and judge whether the user has the authority of using this control, if have then continue user's operation, if not then point out accordingly.
3. the general authority control method of application program as claimed in claim 1 is characterized by:
Described authority module also has data set right assignment module, and data set right assignment module is used for the operating right of application program data set is assigned to associated user's group, realizes the distribution of data set authority;
When the user uses the data set of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related data set authority according to this user again and judge whether the user has the authority of using this data set, if have then continue user's operation, if not then point out accordingly.
4. the general authority control method of application program as claimed in claim 1 is characterized by:
Described authority module also has data rows right assignment module, and data rows right assignment module is used for the operating right of application program data rows is assigned to associated user's group, realizes the distribution of data rows authority;
When the user uses the data set of application program, the described independent authority module that arranges finds corresponding user's group by user's user account number, organize related data rows authority according to this user again and judge whether the user has the authority of using this data rows, if have then continue user's operation, if not then point out accordingly.
5. such as the general authority control method of the described application program of one of claim 1 to 4, it is characterized by: in described authority module, be provided with login module, be used for the user of rights of using module is controlled.
6. such as the general authority control method of the described application program of one of claim 1 to 4, it is characterized by: in user group and user related, user's group is to there being a plurality of users, and a user is to there being a plurality of users to organize.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210344243.8A CN102902916B (en) | 2012-09-17 | 2012-09-17 | The authority control method that application program is general |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210344243.8A CN102902916B (en) | 2012-09-17 | 2012-09-17 | The authority control method that application program is general |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102902916A true CN102902916A (en) | 2013-01-30 |
| CN102902916B CN102902916B (en) | 2015-09-02 |
Family
ID=47575143
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210344243.8A Expired - Fee Related CN102902916B (en) | 2012-09-17 | 2012-09-17 | The authority control method that application program is general |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102902916B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935599A (en) * | 2015-06-18 | 2015-09-23 | 北京京东尚科信息技术有限公司 | Control and management method and system for universal right |
| CN105005726A (en) * | 2015-07-20 | 2015-10-28 | 无锡天脉聚源传媒科技有限公司 | Control method and device for menu item |
| CN105138872A (en) * | 2015-07-27 | 2015-12-09 | 无锡天脉聚源传媒科技有限公司 | Method and apparatus for displaying menu page |
| CN110825929A (en) * | 2019-10-11 | 2020-02-21 | 支付宝(杭州)信息技术有限公司 | Service permission recommendation method and device |
| CN111523098A (en) * | 2020-04-15 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Data authority management method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN101430706A (en) * | 2008-11-03 | 2009-05-13 | 金蝶软件(中国)有限公司 | Subobject checking method, system and equipment for complex object |
| CN101546261A (en) * | 2008-10-10 | 2009-09-30 | 华中科技大学 | Secure web page tag library system supported by multiple strategies |
| CN101853358A (en) * | 2010-05-11 | 2010-10-06 | 南京赛孚科技有限公司 | Method for implementing file object authority management |
| EP2328301A1 (en) * | 2008-09-10 | 2011-06-01 | ZTE Corporation | Method and apparatus for managing the authority in workflow component based on authority component |
| CN102436565A (en) * | 2012-01-12 | 2012-05-02 | 浪潮(北京)电子信息产业有限公司 | Method and device for realizing software user authority management |
-
2012
- 2012-09-17 CN CN201210344243.8A patent/CN102902916B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| EP2328301A1 (en) * | 2008-09-10 | 2011-06-01 | ZTE Corporation | Method and apparatus for managing the authority in workflow component based on authority component |
| CN101546261A (en) * | 2008-10-10 | 2009-09-30 | 华中科技大学 | Secure web page tag library system supported by multiple strategies |
| CN101430706A (en) * | 2008-11-03 | 2009-05-13 | 金蝶软件(中国)有限公司 | Subobject checking method, system and equipment for complex object |
| CN101853358A (en) * | 2010-05-11 | 2010-10-06 | 南京赛孚科技有限公司 | Method for implementing file object authority management |
| CN102436565A (en) * | 2012-01-12 | 2012-05-02 | 浪潮(北京)电子信息产业有限公司 | Method and device for realizing software user authority management |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935599A (en) * | 2015-06-18 | 2015-09-23 | 北京京东尚科信息技术有限公司 | Control and management method and system for universal right |
| CN104935599B (en) * | 2015-06-18 | 2018-10-16 | 北京京东尚科信息技术有限公司 | A kind of general-purpose rights control management method and system |
| CN105005726A (en) * | 2015-07-20 | 2015-10-28 | 无锡天脉聚源传媒科技有限公司 | Control method and device for menu item |
| CN105138872A (en) * | 2015-07-27 | 2015-12-09 | 无锡天脉聚源传媒科技有限公司 | Method and apparatus for displaying menu page |
| CN110825929A (en) * | 2019-10-11 | 2020-02-21 | 支付宝(杭州)信息技术有限公司 | Service permission recommendation method and device |
| CN110825929B (en) * | 2019-10-11 | 2022-09-02 | 支付宝(杭州)信息技术有限公司 | Service permission recommendation method and device |
| CN111523098A (en) * | 2020-04-15 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Data authority management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102902916B (en) | 2015-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102981835B (en) | Android application program permanent Root permission acquiring method | |
| CN106250782B (en) | A kind of data permission control method and device based on SQL statement parsing | |
| CN102902916B (en) | The authority control method that application program is general | |
| CN103460216B (en) | Software license controls | |
| CN106850622B (en) | User identity management method based on permission chain | |
| CN101478398B (en) | Authorization management system oriented to resource management and establishing method | |
| CN108416230B (en) | Data access method based on data isolation model | |
| CN101673358B (en) | Method and device for managing authority in workflow component based on authority component | |
| CN102468971A (en) | Authority management method and device, and authority control method and device | |
| CN109308582A (en) | A kind of manufacturing execution system framework based on modularization Yu serviceization | |
| CN105550590A (en) | Role-based access control mechanism | |
| US9460272B2 (en) | Method and apparatus for group licensing of device features | |
| CN111651738A (en) | Fine-grained role authority unified management method based on front-end and back-end separation framework and electronic device | |
| CN103763369A (en) | Multi-permission distribution method based on SAN storage system | |
| CN105373714B (en) | A kind of user authority control method and device | |
| CN106599718A (en) | Control method and device for information access permission | |
| CN103442291A (en) | Set top box upgrading method and device | |
| CN106529230A (en) | Role-based permission control mechanism | |
| CN101198928A (en) | A computer system, integrable software component and software application | |
| CN102456106A (en) | Method and device for assigning user right, and method and device for controlling user right | |
| CN100563176C (en) | A kind of generation of authority relation data and method of adjustment and management system | |
| CN103514412A (en) | Method and cloud server for establishing role-based access control system | |
| CN103164636A (en) | On-line reading digital content authentication method and system | |
| CN106778319A (en) | One kind is based on the improved access control model of RBAC model | |
| CN104753902A (en) | Service system verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150902 Termination date: 20210917 |