CN102968599A - User-defined access control system and method based on resource publisher - Google Patents

User-defined access control system and method based on resource publisher Download PDF

Info

Publication number
CN102968599A
CN102968599A CN2012104132890A CN201210413289A CN102968599A CN 102968599 A CN102968599 A CN 102968599A CN 2012104132890 A CN2012104132890 A CN 2012104132890A CN 201210413289 A CN201210413289 A CN 201210413289A CN 102968599 A CN102968599 A CN 102968599A
Authority
CN
China
Prior art keywords
role
resource
access control
user
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012104132890A
Other languages
Chinese (zh)
Other versions
CN102968599B (en
Inventor
裘晓峰
贾金斗
成城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201210413289.0A priority Critical patent/CN102968599B/en
Publication of CN102968599A publication Critical patent/CN102968599A/en
Application granted granted Critical
Publication of CN102968599B publication Critical patent/CN102968599B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a user-defined access control system and method based on a resource publisher. The system comprise an access control interface module, a role-resource mapping rule management module, a user-role mapping rule management module, an authority judgment module and a role authority management module, wherein the access control interface module is used for providing a configuration and query interface relevant to the access control; the role-resource mapping rule management module is used for a mapping rule between a management role and the resource; the access control interface module is used for receiving an association rule between a specific-format role and the resource and storing the association rule to an access control database; the user-role mapping rule management module is used for managing an association rule between a user and the role; the access control interface module is used for receiving an association rule between a specific-format user and the role and storing the association rule to the access control database; the authority judgment module is used for judging the access authority of the user by accessing a mapping rule stored in the access control database according to the authority judgment request of the user; and the role authority management module is used for creating a management role and appointing the access authority to the resource associated with the role.

Description

Based on the self-defining access control system of resource publisher and method
Technical field
The present invention relates to communication field, relate in particular to the resource publisher can customize in a kind of resources open operation system fine granularity access control system and method.
Background technology
Access control refers to allow or forbid the ability of certain certain object of principal access.In computer system; access control refers to limit the main body (promoter of access; be generally the user; process; use etc.) to the access rights of object (can be accessed to and need protected resource or resource collection), thus the ability that computer system is used in legal range.Access control mechanisms has determined which main body can access system, which kind of resource that can access system and how to use these resources.
Existing access control mechanisms mainly contains: autonomous access control, force access control, based on role's access control method (RBAC), based on user's access control method (UBAC), based on the access control method (TBAC) of task, based on the access control method (ABAC) of attribute etc.Based on these basic access control models, people according to the demand of concrete operation system, have realized many different access control systems again.
Wherein the access control method (RBAC) based on the role is present widely used access control model.In access control, introduced role's concept, all authorities are authorized the role rather than directly given the user, access control just minute is associated with the role and user's two parts that are associated with the role for authority like this, make the role as the Agent layer of a user and authority, thus decoupling zero authority and user's relation.---the mapping relations between the definition of these several set of role's---authority-----object and set that RBAC has different versions, but basically, the RBAC access control can be abstracted into: the user.
Many and the operation system tight coupling of current access control model, thus the mapping between the definition of respectively gathering in the RBAC model and set is all carried out abstract according to the specific transactions system and optimization, lacks universality.For example, in a resources open operation system, the resource that each Resource Owner can they have by open system, the application of different application developer exploitations can utilize the different business of these resource constructions.In such resources open operation system, may comprise the demand of access control:
1, satisfies simultaneously the access control function of application-specific scene and open service system.
2, according to the possessory resources open wish of different resource, by its self-defined flexibly digital right management scheme, satisfy coarseness and fine-grained access control.
3, the access control under the open service environment needs towards the public user, need to carry out the role-security definition under the condition of user's the unknown, and realizes rights management in conjunction with the attribute information of role definition and access resources.
4, the design philosophy of the WEB framework of resourceoriented is centered by resource rather than take action, task as the access control model of the main heart.
But current access control model is difficult to satisfy simultaneously above all requirements of resources open operation system.
Summary of the invention
It is a kind of based on the self-defining access control system of resource publisher and method that the technical issues that need to address of the present invention are to provide, when being applied to customer-centric, the users such as ubiquitous network, WEB2.0 and participating in resource sharing and the professional open service system that generates to overcome existing access control system, resource can't independently be formulated the problem of the varigrained access control rule of resourceoriented.
For solving the problems of the technologies described above, the invention provides a kind ofly based on the self-defining access control system of resource publisher, be applied to comprise in the resources open operation system:
The access control interface module is used for providing configuration and the query interface relevant with access control;
Role-resource mapping rules administration module, be used for the correlation rule between role of manager and the resource, receive the correlation rule between the role-resource of specific format by described access control interface module, and described role-resource correlation rule is stored to the access control database;
User-role's mapping ruler administration module, be used for the correlation rule between leading subscriber and the role, receive the correlation rule between the user-role of specific format by described access control interface module, and with described user-role association rale store to the access control database;
The authority judge module is used for judging request according to user's authority, by accessing the rule judgment user's who stores in the described access control database access rights;
The role-security administration module is used for role of manager's establishment, is the associated resource assignment access rights of role.
The present invention and then provide a kind of based on the self-defining access control method of resource publisher is applied to comprise in the resources open operation system:
The access control interface is provided, and this access control interface is configuration and the query interface relevant with access control;
Correlation rule between role of manager and the resource receives the correlation rule between the role-resource of specific format by described access control interface, and described role-resource correlation rule is stored to the access control database;
Correlation rule between leading subscriber and the role receives the correlation rule between the user-role of specific format by described access control interface, and with described user-role association rale store to the access control database;
Authority according to the user is judged request, by accessing the rule judgment user's who stores in the described access control database access rights;
Role of manager's establishment is the associated resource assignment access rights of role.
According to technical scheme of the present invention, resource publisher can realize the varigrained access control of resourceoriented in the resources open operation system, content, the element number of role, authority, resource object set can customize, mapping relations between user, role, authority, object set can customize, thereby make the user can customize the access control rule of supporting any refinement granularity; And can support various open service environment, support multiple open mode, support the loose coupling of user role and operation system, role when making the user in different business even in same business and realizing different resource-accessing is switched flexibly, has strengthened the performance expansion demand of access control system.
Description of drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, consists of the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not consist of improper restriction of the present invention.In the accompanying drawings:
Fig. 1 is according to the described structured flowchart based on the self-defining access control system of resource publisher of the embodiment of the invention;
Fig. 2 is according to the described process flow diagram based on the self-defining access control method of resource publisher of the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
According to embodiments of the invention, provide a kind of based on the self-defining access control system of resource publisher.
Fig. 1 is the structured flowchart based on the self-defining access control system of resource publisher according to the embodiment of the invention, as shown in Figure 1, comprise: access control interface module 101, role-resource mapping rules administration module 102, user-role's mapping ruler administration module 103, authority judge module 104 and role-security administration module 105, the below describes the structure of each module in detail.
Access control interface module 101 is used for providing configuration and the query interface relevant with access control;
Role-resource mapping rules administration module 102, be used for the correlation rule between role of manager and the resource, receive the correlation rule between the role-resource of specific format by described access control interface module, and described role-resource correlation rule is stored to the access control database;
User-role's mapping ruler administration module 103, be used for the correlation rule between leading subscriber and the role, receive the correlation rule between the user-role of specific format by described access control interface module, and with described user-role association rale store to the access control database;
Authority judge module 104 is used for judging request according to user's authority, by accessing the rule judgment user's who stores in the described access control database access rights;
Role-security administration module 105 is used for role of manager's establishment, is the associated resource assignment access rights of role.
In addition, can also comprise:
Resource publisher's defined interface presents module 106, is used for providing the interface that concerns configuration authority, definition role with the maintenance resources publisher according to the user profile of its SNS and good friend and distribute the role.
According to above-described embodiment, the publisher defines Role and privilege by resource, carries out role's mapping according to resource access person's SNS information, thereby determines the resource access authority.
Access control database 107 is stored described role-resource correlation rule and described user-role association rule.In addition, access control database (or being called database) also stores the descriptor of registered resources, comprises at least the access rights type that the title of this resource and publisher's user name thereof, the resource name that this resource comprises, the reference address of described resource, described resource comprise.
Described authority judge module is further used for: the authority according to the user is judged request, by accessing the rule of storing in the described access control database, calling resource data interface module and SNS(SocialNetworking Services, social network services) data interface module judges user's authority; Wherein: described resource data interface module is used for providing the attribute information of various resources; Described SNS data interface module is used for being responsible for providing user's social prototype and social networks.
Described role-security administration module 105 can also be further used for setting up the role according to described resource publisher's request, and determines the resource that the role is associated according to described role-resource correlation rule, and the authority of assign visited resource.
So, autonomous definition and configuration to resource and authority by the resource publisher can realize the varigrained access control of resourceoriented.
Resource of the present invention, include but not limited to the various kinds of equipment (gateway, sensor, intelligent terminal, embedded device etc.) that the user shares in the open service system, equipment self storage, computing power, and the equipment Various types of data that generates, collect etc.The publisher of resource should be able to register having resource and upload in system, and offers other users access by open system and call.Generally speaking, the resource publisher is resource owner.
Equipment or resource publisher's is self-defined, refer to can to own resource that have or that obtain the authorization according to Resource Properties read, write, the authority setting such as deletion, the multiple authority of a plurality of resources is arbitrarily made with the role, so with the role in many ways (such as social networks SNS good friend relation, user property etc.) distribute to other users in the open service system.
Described varigrained access control refers to the granularity of the access control of resource object is not done restriction, and application or resource publisher can refine to concrete resource aspect with control law according to the user security demand.In the fine granularity access control, role, permissions mapping are not unique, and role's set, authority set also are definable, and resource publisher can be according to Resource Properties, and at any time definition is authority and role how arbitrarily.
According to embodiments of the invention, also provide a kind of based on the self-defining access control method of resource publisher.
Fig. 2 is the process flow diagram based on the self-defining access control method of resource publisher according to the embodiment of the invention, as shown in Figure 2, comprising:
Step S201 provides the access control interface, and this access control interface is configuration and the query interface relevant with access control;
Step S202, the correlation rule between role of manager and the resource receives the correlation rule between the role-resource of specific format by described access control interface, and described role-resource correlation rule is stored to the access control database;
Step S203, the correlation rule between leading subscriber and the role receives the correlation rule between the user-role of specific format by described access control interface, and with described user-role association rale store to the access control database;
Step S204 judges request according to user's authority, by accessing the rule judgment user's who stores in the described access control database access rights;
Step S205, role of manager's establishment is the associated resource assignment access rights of role.
In addition, according to embodiments of the invention, also comprise: the interface that concerns configuration authority, definition role and distribution role with the maintenance resources publisher according to the user profile among its SNS and good friend is provided.
Step S204 specifically comprises: the authority according to the user is judged request, by accessing the rule of storing in the described access control database, calls the authority that resource data interface and SNS data-interface are judged the user; Wherein: described resource data interface is used for providing the attribute information of various resources; Described SNS data-interface is used for being responsible for providing user's social prototype and social networks.
Step S205 specifically comprises: the role is set up in the request according to described resource publisher, and determines the resource that the role is associated according to described role-resource correlation rule, and the authority of assign visited resource.
And described access control database is stored described role-resource correlation rule and described user-role association rule.
Below in conjunction with a specific embodiment authority layoutprocedure of the present invention is described.
At first, user 1 is as the equipment owner, upload institute when having equipment (take the light switch controller as example) to open platform, the standard x ML format description device name that provides according to platform uploading device specification documents, resource name that equipment comprises, comprise the device descriptive information such as the operation that resource can carry out (read-only, only write, readable writing), resource location information, also with " owner " field, requiring to be somebody's turn to do " owner " field should be consistent with the user name of user 1 in platform in the descriptor.Wherein, resource name--operation that resource can be carried out can be: the control of electric light ON/OFF--readable writing, electric light brightness regulation--readable writing.
Then, user 1 sends the uploading device request to platform, and sends this XML device description document after configuration is finished.
After platform is received the uploading device request, resolve this XML document, and the resource that comprises for equipment carries out URI and distribute, comprising: the electric light ON/OFF is controlled to be URI1, and the light switch brightness regulation is URI2, then unifies storage in platform database.
User 1 can select equipment control after utilizing the username and password landing platform page.The page presents the Resources list that user 1 has, and comprises URI1, URI2, and descriptor of each resource, the operation that can carry out etc.
User 1 is self-defined role name " power user " in device management pages, and choose that URI1 is readable to be write, URI2 is readable to be write, and with newly-built role and corresponding authority write into Databasce, namely finishes and gives " power user " process of authority that the role possesses after click is preserved.In like manner, the user can continue self-defined role name " general user ", and it is read-only to choose URI1, and URI2 is read-only, namely gives general user's corresponding authority after the preservation.The like, the user can and give any granularity authority according to the self-defined any role of hobby.
After finishing role-authority configuration, user 1 enters and distributes role's page.The page will show user 1 defined role and separately authority, other users of platform, will show buddy list etc. as considering the SNS system.User 1 can select manually to input the mode of user name, one by one carry out role assignments; Also can by choosing user's mode, carry out role assignments; Can also pass through group's mode, all be Beijing University of Post ﹠ Telecommunication etc. such as all good friends or school, carries out role assignments.
Suppose that user 1 distributes to sam " power user " role, distributes to jeff " general user " role.
Each configuration finishes, and after the user preserves operation, platform will call API, with the above results write into Databasce.
When the equipment owner has the situation of a plurality of equipment, for example supposing that user 1 is the owner of light switch controller, also is the owner of temperature sensor, if after two equipment are all uploaded, dispose simultaneously again the resource of two equipment, then dispose authority, role method is the same.
If first the light switch controller has been finished configuration, then in configuration during temperature sensor, both can be by existing role having been increased the mode of authority; Also can finish configuration by newly-increased role's mode.
By above-mentioned layoutprocedure, can realize the access control to resource, for example:
Mode one, the direct access resources of user
Scene 1:
1) the Sam landing platform page is clicked the platform device option, will see platform armamentarium information; Simultaneously, also can check by the platform page armamentarium information of Internet access.
2) Sam selects this equipment of light switch controller, can see the resource information that the light switch controller has, i.e. electric light ON/OFF control and electric light brightness regulation.
3) Sam selects " turning on light ", and platform utilizes user name and resource URI1, and Query Database finds that sam has authority, then smooth complete operation.
4) in like manner, jeff selects " turning on light ", and platform utilizes jeff user name and resource URI1 Query Database, finds that jeff haves no right operation and then returns " sorry, you have no right to carry out this operation ".But jeff has authority to check the open/close state of lamp, and the monochrome information of lamp.
Scene 2: if another equipment--temperature regulator is arranged in the platform, the owner of this temperature regulator is user 2, and user 2 is by self-defined layoutprocedure, give the sam role of " normal ", authority is read-only certificate, gives the jeff role of " top ", and authority is readable writing.
1) Sam selects this equipment of temperature regulator, and when sam carried out Adjustment operation to temperature regulator, platform is Query Database as stated above, and returns the sam prompting of " having no right to carry out this operation "; But sam can read temperature.
2) Jeff access control flow process is the same.
By above-mentioned contrast as seen, same user sam has different Role and privileges for the distinct device owner's (user 1, user 2) resource.And the different equipment owners is separate to the process of sam type ascribed role and authority, and the renewal of Role and privilege is only effective to the possessory resource of same equipment, on the possessory resource access of other equipment without impact.
Mode two: the user is by the platform application access resources
Because platform is an open platform, any user both may be owner, generic access person, also can be application developer.The developer can be based on the platform opening API, by integrating the colourful application of all kinds of developments of resources.Use the temperature data that can utilize temperature sensor to gather such as drcssing index, the classification of wearing the clothes is recommended.The user might be direct access platform resource, and by using the dereference resource.In this case:
The owner who supposes temperature sensor is user 3, comprises two resources: temperature data--read-only; Temperature sensor switch control--readable writing.User 3 and give the sam role of " domestic consumer " by said process, this role has the authority of the temperature read.
When sam access drcssing index was used, platform will be inquired about it according to the temperature data URI of the user name of sam and temperature sensor lack of competence.Because sam has authority, then returns sam drcssing index information.
As seen, the user when the platform application access resources, access control with use irrelevant, or according to the resource publisher to the configuration result of " user-role-resource " control that conducts interviews.
This shows, the present invention has not only realized being can customize by the resource publisher role of any granularity or quantity, and can customize the user to role's mapping, can be the authority that defined role assigns any granularity, support simultaneously various open service environment, support the loose coupling of user role and operation system, make the user in similar and different business, can switch flexibly the role during to different resource-accessing, strengthened the performance expansion demand of access control system, made the concrete user who uses of resource publisher and exploitation can utilize structure of the present invention to realize the access control rule of controlling oneself.
The above is embodiments of the invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within the claim scope of the present invention.

Claims (10)

1. one kind based on the self-defining access control system of resource publisher, be applied in the resources open operation system, resource publisher is according to the fine granularity rules of competence of its social network services SNS user profile and the self-defined role's mapping ruler of social networks and the resource of issuing, it is characterized in that described system comprises:
The access control interface module is used for providing configuration and the query interface relevant with access control;
Role-resource mapping rules administration module, be used for the correlation rule between role of manager and the resource, receive the correlation rule between the role-resource of specific format by described access control interface module, and described role-resource correlation rule is stored to the access control database;
User-role's mapping ruler administration module, be used for the correlation rule between leading subscriber and the role, receive the correlation rule between the user-role of specific format by described access control interface module, and with described user-role association rale store to the access control database;
The authority judge module is used for judging request according to user's authority, by accessing the rule judgment user's who stores in the described access control database access rights;
The role-security administration module is used for role of manager's establishment, is the associated resource assignment access rights of role.
2. system according to claim 1 is characterized in that, also comprises:
Resource publisher's defined interface presents module, is used for providing the interface that concerns configuration authority, definition role with the maintenance resources publisher according to the user profile of its SNS and good friend and distribute the role.
3. system according to claim 1, it is characterized in that, described authority judge module is further used for: the authority according to the user is judged request, by accessing the rule of storing in the described access control database, call the authority that resource data interface module and SNS data interface module are judged the user;
Wherein:
Described resource data interface module is used for providing the attribute information of various resources;
Described SNS data interface module is used for being responsible for providing user's social prototype and social networks.
4. system according to claim 1, it is characterized in that, described role-security administration module is further used for: the role is set up in the request according to described resource publisher, and determines the resource that the role is associated according to described role-resource correlation rule, and the authority of assign visited resource.
5. system according to claim 1 is characterized in that, also comprises:
Described access control database is stored described role-resource correlation rule and described user-role association rule.
6. one kind based on the self-defining access control method of resource publisher, is applied to it is characterized in that in the resources open operation system, comprising:
The access control interface is provided, and this access control interface is configuration and the query interface relevant with access control;
Correlation rule between role of manager and the resource receives the correlation rule between the role-resource of specific format by described access control interface, and described role-resource correlation rule is stored to the access control database;
Correlation rule between leading subscriber and the role receives the correlation rule between the user-role of specific format by described access control interface, and with described user-role association rale store to the access control database;
Authority according to the user is judged request, by accessing the rule judgment user's who stores in the described access control database access rights;
Role of manager's establishment is the associated resource assignment access rights of role.
7. method according to claim 6 is characterized in that, also comprises:
The interface that concerns configuration authority, definition role and distribution role with the maintenance resources publisher according to the user profile among its SNS and good friend is provided.
8. method according to claim 6 is characterized in that, described authority according to the user is judged request, and the step of the access rights by accessing the rule judgment user who stores in the described access control database comprises:
Authority according to the user is judged request, by accessing the rule of storing in the described access control database, calls the authority that resource data interface and SNS data-interface are judged the user;
Wherein:
Described resource data interface is used for providing the attribute information of various resources;
Described SNS data-interface is used for being responsible for providing user's social prototype and social networks.
9. method according to claim 6 is characterized in that, described role of manager's establishment, for the step of the associated resource assignment access rights of role comprises:
The role is set up in request according to described resource publisher, and determines the resource that the role is associated according to described role-resource correlation rule, and the authority of assign visited resource.
10. method according to claim 6 is characterized in that, described access control database is stored described role-resource correlation rule and described user-role association rule.
CN201210413289.0A 2012-10-25 2012-10-25 Based on the self-defining access control system of resource publisher and method Active CN102968599B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210413289.0A CN102968599B (en) 2012-10-25 2012-10-25 Based on the self-defining access control system of resource publisher and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210413289.0A CN102968599B (en) 2012-10-25 2012-10-25 Based on the self-defining access control system of resource publisher and method

Publications (2)

Publication Number Publication Date
CN102968599A true CN102968599A (en) 2013-03-13
CN102968599B CN102968599B (en) 2016-05-04

Family

ID=47798735

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210413289.0A Active CN102968599B (en) 2012-10-25 2012-10-25 Based on the self-defining access control system of resource publisher and method

Country Status (1)

Country Link
CN (1) CN102968599B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104063636A (en) * 2013-03-22 2014-09-24 鸿富锦精密工业(深圳)有限公司 Role permission control method and system
CN104301315A (en) * 2014-09-30 2015-01-21 腾讯科技(深圳)有限公司 Method and device for limiting information access
CN104504343A (en) * 2014-12-05 2015-04-08 国云科技股份有限公司 Authority control method base on resource granularity
CN104579726A (en) * 2013-10-16 2015-04-29 航天信息股份有限公司 Method and device for managing network resource use permission of user
CN105474591A (en) * 2013-07-29 2016-04-06 微软技术许可有限责任公司 Content distribution using social relationships
CN105550590A (en) * 2015-09-09 2016-05-04 上海赞越软件服务中心 Role-based access control mechanism
CN105718817A (en) * 2016-01-22 2016-06-29 合肥工业大学 Data safety exchange system and method based on authority mapping
CN105827564A (en) * 2015-01-04 2016-08-03 中国移动通信集团安徽有限公司 Information management method and information management system
CN106096976A (en) * 2016-06-03 2016-11-09 成都镜杰科技有限责任公司 Small business's client relation management method
CN106778299A (en) * 2016-12-01 2017-05-31 同方知网(北京)技术有限公司 A kind of multiple users concurrent processing system
CN107104931A (en) * 2016-02-23 2017-08-29 中兴通讯股份有限公司 A kind of access control method and platform
CN107707572A (en) * 2017-11-21 2018-02-16 国云科技股份有限公司 A kind of WEB safety access control methods of based role
CN108009431A (en) * 2017-10-24 2018-05-08 广东康美通信息服务有限公司 A kind of merchant store fronts management system, method and storage medium
CN108304732A (en) * 2017-12-22 2018-07-20 石化盈科信息技术有限责任公司 A kind of method and system for refining data library permission
CN109254951A (en) * 2018-08-22 2019-01-22 北京知金链网络技术有限公司 A kind of method and apparatus that the card customized deposit system of platform is deposited based on block chain
CN110414257A (en) * 2018-04-26 2019-11-05 中移(苏州)软件技术有限公司 A kind of data access method and server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1967560A (en) * 2006-11-09 2007-05-23 华为技术有限公司 Controlling method of business operations competence and generating method of relational database
CN101321064A (en) * 2008-07-17 2008-12-10 上海众恒信息产业有限公司 Information system access control method and apparatus based on digital certificate technique
CN101350722A (en) * 2008-07-24 2009-01-21 上海众恒信息产业有限公司 Apparatus and method for controlling data security of information system
CN101729403A (en) * 2009-12-10 2010-06-09 上海电机学院 Access control method based on attribute and rule
CN102004867A (en) * 2009-09-01 2011-04-06 上海杉达学院 Method and device for authorizing user roles in information system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1967560A (en) * 2006-11-09 2007-05-23 华为技术有限公司 Controlling method of business operations competence and generating method of relational database
CN101321064A (en) * 2008-07-17 2008-12-10 上海众恒信息产业有限公司 Information system access control method and apparatus based on digital certificate technique
CN101350722A (en) * 2008-07-24 2009-01-21 上海众恒信息产业有限公司 Apparatus and method for controlling data security of information system
CN102004867A (en) * 2009-09-01 2011-04-06 上海杉达学院 Method and device for authorizing user roles in information system
CN101729403A (en) * 2009-12-10 2010-06-09 上海电机学院 Access control method based on attribute and rule

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104063636A (en) * 2013-03-22 2014-09-24 鸿富锦精密工业(深圳)有限公司 Role permission control method and system
CN105474591A (en) * 2013-07-29 2016-04-06 微软技术许可有限责任公司 Content distribution using social relationships
CN104579726A (en) * 2013-10-16 2015-04-29 航天信息股份有限公司 Method and device for managing network resource use permission of user
CN104301315A (en) * 2014-09-30 2015-01-21 腾讯科技(深圳)有限公司 Method and device for limiting information access
CN104504343A (en) * 2014-12-05 2015-04-08 国云科技股份有限公司 Authority control method base on resource granularity
CN105827564B (en) * 2015-01-04 2019-10-29 中国移动通信集团安徽有限公司 A kind of approaches to IM and system
CN105827564A (en) * 2015-01-04 2016-08-03 中国移动通信集团安徽有限公司 Information management method and information management system
CN105550590A (en) * 2015-09-09 2016-05-04 上海赞越软件服务中心 Role-based access control mechanism
CN105718817B (en) * 2016-01-22 2018-05-18 合肥工业大学 A kind of data safety exchange system and method based on permissions mapping
CN105718817A (en) * 2016-01-22 2016-06-29 合肥工业大学 Data safety exchange system and method based on authority mapping
CN107104931A (en) * 2016-02-23 2017-08-29 中兴通讯股份有限公司 A kind of access control method and platform
CN106096976A (en) * 2016-06-03 2016-11-09 成都镜杰科技有限责任公司 Small business's client relation management method
CN106778299A (en) * 2016-12-01 2017-05-31 同方知网(北京)技术有限公司 A kind of multiple users concurrent processing system
CN108009431A (en) * 2017-10-24 2018-05-08 广东康美通信息服务有限公司 A kind of merchant store fronts management system, method and storage medium
CN107707572A (en) * 2017-11-21 2018-02-16 国云科技股份有限公司 A kind of WEB safety access control methods of based role
CN108304732A (en) * 2017-12-22 2018-07-20 石化盈科信息技术有限责任公司 A kind of method and system for refining data library permission
CN110414257A (en) * 2018-04-26 2019-11-05 中移(苏州)软件技术有限公司 A kind of data access method and server
CN109254951A (en) * 2018-08-22 2019-01-22 北京知金链网络技术有限公司 A kind of method and apparatus that the card customized deposit system of platform is deposited based on block chain

Also Published As

Publication number Publication date
CN102968599B (en) 2016-05-04

Similar Documents

Publication Publication Date Title
CN102968599A (en) User-defined access control system and method based on resource publisher
CN104573478B (en) A kind of user authority management system of Web applications
US8850041B2 (en) Role based delegated administration model
RU2598324C2 (en) Means of controlling access to online service using conventional catalogue features
CN101631116B (en) Distributed dual-license and access control method and system
US9047462B2 (en) Computer account management system and realizing method thereof
CN105046146B (en) A kind of resource access method of Android system
CN103166950B (en) Via completely, only for the social device anonymity of content and function access view
CN101729403A (en) Access control method based on attribute and rule
US20120246738A1 (en) Resource Sharing and Isolation in Role Based Access
CN105871914B (en) CRM system access control method
CN102724221A (en) Enterprise information system using cloud computing and method for setting user authority thereof
CN103391273A (en) Method and device for controlling access authority of internet website user information
Rajpoot et al. Integrating attributes into role-based access control
US8843648B2 (en) External access and partner delegation
CN101573691A (en) Time based permissioning
CN103049684A (en) Data authority control method and data authority control system based on RBAC (role-based access control) model extension
CN105051749A (en) Policy based data protection
CN101588242A (en) Method and system for realizing authority management
CN103049707B (en) A kind of interception of the gps data based on Android platform control method
CA2829805C (en) Managing application execution and data access on a device
CN104376272A (en) Cloud computing enterprise information system and user right setting method thereof
CN106936765B (en) A kind of terminal side privacy of user guard method of web service application
CN102929605A (en) Cloud-computing-based open interface of data mining system
CN104217146A (en) Access control method based on ABAC (Attribute Based Access Control) and RBAC (Role Based Access Control)

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant