CN103500314B - A kind of authorization control system construction method and device - Google Patents
A kind of authorization control system construction method and device Download PDFInfo
- Publication number
- CN103500314B CN103500314B CN201310468353.XA CN201310468353A CN103500314B CN 103500314 B CN103500314 B CN 103500314B CN 201310468353 A CN201310468353 A CN 201310468353A CN 103500314 B CN103500314 B CN 103500314B
- Authority
- CN
- China
- Prior art keywords
- model
- business
- current
- template
- control system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
This application discloses a kind of authorization control system construction method and device, it is applied in the RBAC model of extension, the RBAC model of described extension is to increase user type item, group item and set type item in the RBAC model pre-build to generate, the all corresponding benchmark service model of each item of information in the RBAC model of described extension and a benchmark service template, described method includes: obtain current service data;Call at least one benchmark service model corresponding with described current service data and benchmark service template;According to described current service data and described benchmark service model and benchmark service template, generate current business model and current business template;Described current business model and current business template are combined, generate authority control system.
Description
Technical field
The application relates to control of authority technical field, particularly to a kind of authority control system structure side
Method and device.
Background technology
Enterprise application system construction all refers to rights management, grasps including feature operation rights management and data
Make rights management.
At present, to authority control system, now it is based on RBAC (Role-Based Access
Control, mutual role help) model construction authority control system.In Fig. 1, for RBAC
Kernel model schematic diagram, RBAC model includes user's item, Jiao Sexiang, authority (license) item
Deng item of information.In RBAC model, authority (license) is associated with role, and user passes through quilt
It is set as that the member of suitable role obtains the authority of corresponding role, thus simplifies rights management.?
In one tissue, role is in order to complete various work and to be created, and user is then according to its responsibility
It is designated as corresponding role with qualification, and user also can be designated as another angle by a role
Color.Such as, in a certain enterprise, including multiple branch companies, each branch company includes multiple department,
Each department is provided with the roles such as general manager, vice general manager, Manager Assistant.
But in authority control system based on RBAC model structure, can not be anti-between each role
Mirror its respective affiliated organizational structure, such as, when general manager role is set as a certain user,
The department belonging to this user and branch company's character can not be reflected, therefore, more for user
Enterprise application in cannot be suitable for.
Summary of the invention
Technical problems to be solved in this application are to provide a kind of authorization control system construction method and dress
Put, in order to solve in prior art in authority control system based on RBAC model structure, each
Its respective affiliated organizational structure can not be reflected, for nothing in the application that user is more between role
Method is suitable for, the technical problem that effectiveness reduces.
This application provides a kind of authorization control system construction method, be applied to the RBAC mould of extension
In type, the RBAC model of described extension is to pre-build the middle increase user class of RBAC model
Type item, group item and set type item generate, and each item of information in the RBAC model of described extension is equal
A corresponding benchmark service model and a benchmark service template, described method includes:
Obtain current service data;
Call at least one benchmark service model corresponding with described current service data and standard industry
Business template;
According to described current service data and described benchmark service model and benchmark service template, generate and work as
Front business model and current business template;
Described current business model and current business template are combined, generate authority control system.
Said method, it is preferred that according to described current service data and described benchmark service model and mark
Quasi-service template, generates current business model and current business template, including:
By the write of described current service data to described benchmark service model, generate current business model;
Revise described benchmark service template according to described current business model, generate current business template.
Said method, it is preferred that after described generation authority control system, described method also includes:
Obtain described current service data corresponding business more new data;
According to described business more new data, revise the current business model in described authority control system;
According to amended current business model, revise the current business mould in described authority control system
Plate.
Said method, it is preferred that described according to described business more new data, revises described control of authority
Current business model in system, including:
Determine target service mould corresponding with described business more new data in described authority control system
Type;
According to described business more new data, revise the described target service mould in described authority control system
Type;
Obtain corresponding with described business more new data and be different from described objective business model new
Increase master pattern;
According to described business more new data, generate the Added Business corresponding with described newly-increased master pattern
Model;
Described Added Business model is added to described authority control system.
Said method, it is preferred that also include:
Current business template in described authority control system is resolved, generates described control of authority
The display interface corresponding with described current service data of system;
Described display interface is shown.
Present invention also provides a kind of authority control system construction device, be applied to the RBAC of extension
In model, the RBAC model of described extension is for increasing user class in pre-building RBAC model
Type item, group item and set type item generate, and each item of information in the RBAC model of described extension is equal
A corresponding benchmark service model and a benchmark service template, described device includes:
Data capture unit, is used for obtaining current service data;
Standard call unit, for calling at least one standard corresponding with described current service data
Business model and benchmark service template;
It is currently generated unit, for according to described current service data and described benchmark service model and mark
Quasi-service template, generates current business model and current business template;
System signal generating unit, for described current business model and current business template are combined,
Generate authority control system.
Said apparatus, it is preferred that described in be currently generated unit and include:
"current" model generates subelement, for by described current service data write extremely described benchmark service
Model, generates current business model;
Current template generates subelement, for according to described current business model, revises described standard industry
Business template, generates current business template.
Said apparatus, it is preferred that also include:
Update acquiring unit, for obtaining described current service data corresponding business more new data;
Model modification unit, for according to described business more new data, revises described authority control system
In current business model;
Template amendment unit, for according to amended current business model, revises described control of authority
Current business template in system.
Said apparatus, it is preferred that described model modification unit includes:
First model determines subelement, is used for determining in described authority control system and updates with described business
The objective business model that data are corresponding;
Object module amendment subelement, for according to described business more new data, revises described authority control
Described objective business model in system processed;
Second model obtains subelement, for obtaining corresponding with described business more new data and distinguishing
Newly-increased master pattern in described objective business model;
Newly-increased model generation subelement, for according to described business more new data, generates newly-increased with described
The Added Business model that master pattern is corresponding;
Newly-increased model adds subelement, for adding described Added Business model to described control of authority
In system.
Said apparatus, it is preferred that also include:
Interface signal generating unit, for described system signal generating unit generate described authority control system it
After, carry out the current business template in described authority control system resolving the described control of authority of generation
The display interface corresponding with described current service data of system;
Interface display unit, for showing described display interface.
From such scheme, a kind of authorization control system construction method that the application provides and device,
By obtaining the RBAC model of foundation increases user type item, group item and set type item in advance
The RBAC model of extension, each item of information such as user's item, user in the RBAC model of this extension
Type entry, the most corresponding benchmark service model such as group item and set type item etc. and benchmark service template,
Wherein, this business model definition business is corresponding, and described service template definition display interface, at needs
When carrying out the structure of a certain authority control system, first obtain current service data, and by calling
The benchmark service model corresponding with current service data and benchmark service template, such as current business number
According to the corresponding each self-corresponding benchmark service model of user, user type, group and set type and standard
Service template, and then according to described current service data and described benchmark service model and benchmark service
Template, generates current business model and current business template, finally by described current business model and
Current business template is combined, and generates authority control system, it is achieved the application purpose.The application
By increasing user type item, group item, set type item and respective standard industry in RBAC model
Business model and benchmark service template, thus build control of authority system at RBAC model based on extension
In the authority control system obtained during system, each role is not only had the user type of its correspondence, also
There is its each self-corresponding group and set type, thereby, it is possible to reflect it between each role
Organizational structure belonging to respective, such as, when general manager role is set as a certain user, this use
Family also has its user type such as high-level executive, sane level general manager etc., group such as department or branch company
Deng and set type such as department or branch company's character etc., it is possible to reflect department belonging to this user with
And branch company's character, therefore, in the application of the application enterprise the most more or less to user all
It is suitable for, there is higher effectiveness.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present application, embodiment will be retouched below
In stating, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below
It is only some embodiments of the application, for those of ordinary skill in the art, is not paying
On the premise of creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic diagram of RBAC model in prior art;
The flow chart of a kind of authorization control system construction method embodiment one that Fig. 2 provides for the application;
Fig. 3 is the schematic diagram of the RBAC model of extension in the embodiment of the present application one;
The part flow process of a kind of authorization control system construction method embodiment two that Fig. 4 provides for the application
Figure;
The part flow process of a kind of authorization control system construction method embodiment three that Fig. 5 provides for the application
Figure;
Fig. 6 is the partial process view of the embodiment of the present application three;
The flow chart of a kind of authorization control system construction method embodiment four that Fig. 7 provides for the application;
Fig. 8 is the application example figure of the embodiment of the present application four;
The structural representation of a kind of authority control system construction device embodiment five that Fig. 9 provides for the application
Figure;
The part-structure of a kind of authority control system construction device embodiment six that Figure 10 provides for the application
Schematic diagram;
The part knot of a kind of authority control system construction device embodiment seven that Figure 11 provides for the application
Structure schematic diagram;
Figure 12 is another part structural representation of the embodiment of the present application seven;
The structural representation of a kind of authorization control system construction method embodiment eight that Figure 13 provides for the application
Figure.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present application, to the technical scheme in the embodiment of the present application
It is clearly and completely described, it is clear that described embodiment is only that the application part is real
Execute example rather than whole embodiments.Based on the embodiment in the application, ordinary skill
The every other embodiment that personnel are obtained under not making creative work premise, broadly falls into this
The scope of application protection.
With reference to Fig. 2, for the flow process of a kind of authorization control system construction method embodiment one that the application provides
Figure, described method can apply in the RBAC model of extension, and the RBAC model of described extension is
Generate after increasing user type item, group item and set type item in the RBAC model pre-build, as
Described in Fig. 3 shown in the RBAC model schematic diagram of extension.In the RBAC model of described extension often
Individual item of information such as user's item, user type item, the most corresponding benchmark service mould such as group item and set type item etc.
Type and a benchmark service template, wherein, described benchmark service model benchmark service object, described
The benchmark service template definition standard display page, is the standard information not comprising any customized information,
Described method may comprise steps of:
Step 201: obtain current service data.
Wherein, described current service data refers to authority control system correspondence enterprise to be built or mechanism
Business demand data, such as the essential information of user a certain in school: login name, login password, true surname
Names etc., and the customized information of user, such as academic title, role's numbering, affiliated institute etc..
Step 202: call at least one benchmark service model corresponding with described current service data and
Benchmark service template.
Such as, in the application example of school, described current service data include user login name,
Login password, Real Name etc. and user type such as common teachers, administrative personnel, rear service personnel etc.,
Group such as affiliated universities and colleges and set type such as School of Computer Science.Thus, in described step 202, call and be somebody's turn to do
The user basic information that in current service data, the login name of user, login password, Real Name etc. are corresponding
The benchmark service model of item correspondence and benchmark service template, and call the mark corresponding with user type item
Quasi-type of service and benchmark service template, and call the benchmark service model corresponding with organizing item and standard
Service template, and call the benchmark service type corresponding with set type item and benchmark service template, etc.
Deng.
If it should be noted that cannot call in the RBAC model of described extension and described current industry
The business corresponding benchmark service model of data and benchmark service template, described method can also include:
Benchmark service model and the benchmark service template of correspondence is generated according to described current service data editor,
And benchmark service model and the benchmark service template of generation are placed in the RBAC model of described extension.
Step 203: according to described current service data and described benchmark service model and benchmark service template,
Generate current business model and current business template.
Wherein, described step 203 refers to, respectively according to described current service data and each item of information pair
The benchmark service model answered and benchmark service template, generate current business model and current business template.Example
As, according to the benchmark service model of user basic information item and its correspondence in described current service data and
Benchmark service template, generates current business model and the current business template of this user basic information item;Depend on
According to the benchmark service model of user type item and its correspondence in described current service data and benchmark service
Template, generates current business model and the current business template of this user type item;According to described current industry
Business data organize item and the benchmark service model of its correspondence and benchmark service template, generates working as of this group item
Front business model and current business template;According to set type item in described current service data and its correspondence
Benchmark service model and benchmark service template, generate the current business model of this set type item and current industry
Business template;Etc..
Step 204: described current business model and current business template are combined, generates authority control
System processed.
Wherein, described step 204 can be accomplished by:
According to the related information between each item of information that described current service data is corresponding, by described currently
Business model and current business template are combined, and generate authority control system.
It addition, in actual applications, the method in the embodiment of the present application can also include:
Described current service data is preserved to data base;
Concrete, information corresponding for user basic information item in described current service data is placed in default
In Basic Information Table, by other items of information in addition to user basic information item in described current service data
Information such as user type item, the group correspondence such as item and set type item is placed in default customized information table.
From such scheme, a kind of authorization control system construction method embodiment that the application provides
One, by the RBAC model of foundation increasing user type item, group item and set type item in advance
The RBAC model being expanded, each item of information such as user's item in the RBAC model of this extension,
User type item, the most corresponding benchmark service model such as group item and set type item etc. and benchmark service mould
Plate, wherein, this business model definition business is corresponding, described service template definition display interface,
When needing the structure carrying out a certain authority control system, first obtain current service data, and pass through
Call the benchmark service model corresponding with current service data and benchmark service template, such as current industry
The business each self-corresponding benchmark service model of user, user type, group and set type corresponding to data and
Benchmark service template, and then according to described current service data and described benchmark service model and standard
Service template, generates current business model and current business template, finally by described current business mould
Type and current business template are combined, and generate authority control system, it is achieved the embodiment of the present application mesh
's.The embodiment of the present application is by increasing user type item, group item, set type in RBAC model
And respective benchmark service model and benchmark service template, thus at RBAC mould based on extension
In the authority control system that type obtains when building authority control system, each role is not only had it right
The user type answered, also has its each self-corresponding group and set type, thereby, it is possible to each
Reflect its respective affiliated organizational structure between role, such as, a certain user is set as always
During manager role, this user also have its user type such as high-level executive, sane level general manager etc.,
Group is such as department or branch company etc. and set type such as department or branch company's character etc., it is possible to reflect this
Department belonging to user and branch company's character, therefore, the embodiment of the present application is the most more to user
Or the most applicable in the application of less enterprise, there is higher effectiveness.
With reference to Fig. 4, for described in a kind of authorization control system construction method embodiment two that the application provides
The flow chart of step 203, described step 203 may comprise steps of:
Step 401: by described current service data write to described benchmark service model, generate current
Business model.
Wherein, described step 401 refers to, by each item of information such as user in described current service data
Essential information item, user type item, group each self-corresponding data such as item and set type item are respectively written into it
In each self-corresponding benchmark service model, obtain each self-corresponding current business model of each item of information.
It should be noted that the business that the definition of this current business model is corresponding with described current service data
Object, has its distinctive personalized nature.
Step 402: revise described benchmark service template according to described current business model, generate current industry
Business template.
It should be noted that the business model of each item of information service template respective with it relative to, and
There is hierarchical relationship, be, in described step 402, according to the current industry corresponding to each item of information
Its each self-corresponding benchmark service template revised by business model, generates current business template, by this current business
The display interface of authority control system corresponding to template definition current service data.
It addition, the information of each user, role and authority is by specifically in the authority control system built at present
The quantity of business datum customization, the i.e. item of information that each user of business datum decision has and content, such as,
Be applicable to the Rights Management System of army, user profile includes the information such as officer's identity card number, Years Of Service, right
Answering different enterprise application systems, the quantity of item of information and content thereof are respectively provided with certain diversity.Thus,
Specific Enterprise Project is applied, needs developer to write the specific authority control system of structure,
When the business datum of this system occurs some to change, developer needs again according to the data structure after change
Build new authority control system.
Therefore, the scheme being currently based on RBAC model structure authority control system makes rights management ineffective
Live, code redundancy amount big, and this systematic difference limitation is relatively big, constantly becomes being applied to business datum
Time in the application changed, the structure speed of authority control system is relatively slow, inefficient.
Thus, with reference to Fig. 5, a kind of authorization control system construction method embodiment three provided for the application
Partial process view, wherein, after described step 204, described method can also comprise the following steps:
Step 205: obtain described current service data corresponding business more new data.
Wherein, described business more new data refers to, the information changed in described current service data
The data of item, and the data of the item of information increased on the basis of described current service data.
Step 206: according to described business more new data, revise the current industry in described authority control system
Business model.
With reference to Fig. 6, for the flow chart of step 206 described in the embodiment of the present application three, described step 206
Can be accomplished by:
Step 601: determine target corresponding with described business more new data in described authority control system
Business model.
Wherein, described objective business model, refer to, the letter changed in described current service data
The current business model that breath item is corresponding.
Step 602: according to described business more new data, revise the described mesh in described authority control system
Mark business model.
Wherein, described step 602 can be accomplished by:
According in described business more new data based on the item of information changed described in current service data, build
The replacement business model of its correspondence vertical, by described replacement business model by described authority control system with should
The objective business model replacing business model corresponding is replaced.
Described step 602 can also be accomplished by:
According in described business more new data based on the item of information changed described in current service data,
Objective business model corresponding with the item of information that this changes in described authority control system is repaiied
Change, obtain the objective business model updated.
Step 603: obtain corresponding with described business more new data and be different from described target service mould
The newly-increased master pattern of type.
Wherein, described newly-increased master pattern, refer to, based on described current industry in described business more new data
The benchmark service model corresponding to item of information that business data newly increase.
It should be noted that described step 603 can Tong Bu with described step 601 perform, it is also possible to front
Performing in described step 601, be, described step 601 is not subject to the execution sequence of described step 603
Before and after in accompanying drawing 6, order limits.
Step 604: according to described business more new data, generates corresponding with described newly-increased master pattern
Added Business model.
Wherein, described step 604 refers to, by described business more new data based on described current business number
Write to described newly-increased master pattern according to the data of the item of information newly increased, obtain the information newly-increased with this
The Added Business model that item is corresponding.
Step 605: described Added Business model is added to described authority control system.
Wherein, described step 605 is it is to be understood that add described Added Business model to described authority
In the business model of control system, and set up the pass between this Added Business model and other business models
Connection.
Step 207: according to amended current business model, revise working as in described authority control system
Front service template.
It should be noted that amended current business model mentioned in described step 207, including
There is the current industry obtained in described authority control system based on the business model amendment existed or replacement
Business model and the current business model newly increased.Each based on existed business model amendment or replace
The current business model got in return all has a current business template corresponding, each current industry newly increased
Business model all has a benchmark service model corresponding.The implementation being hereby based in Fig. 6, described step
Rapid 207 can be accomplished by:
According to what described authority control system obtained based on the business model amendment existed or replacement
Current business model, revises its each self-corresponding current business template;According in described authority control system
The current business model newly increased, revises the benchmark service template of its correspondence, and obtain that this newly increases is current
The current business template that business model is corresponding.
It addition, in the embodiment of the present application three, described method can also include:
Described business more new data is preserved to data base;
Concrete, data corresponding with user basic information item in described business more new data are preserved to institute
State in Basic Information Table, by the user in described business more new data and in addition to user basic information item
Type entry, the data that group item and set type item etc. are corresponding preserve to customized information table.
From in such scheme, a kind of authorization control system construction method embodiment three that the application provides
In, after there is more new change in business information, only need according to the service data updating updated or increasing
Add business model corresponding in existing authority control system and service template, it is not necessary to developer is again
Write code, reduce the amount of redundancy of code, when being applied in the application that business datum is continually changing, power
The structure speed of limit control system, efficiency is higher.
With reference to Fig. 7, for the flow process of a kind of authorization control system construction method embodiment four that the application provides
Figure, described method can also include:
Step 208: carry out the current business template in described authority control system resolving the described power of generation
The display interface of limit control system.
Wherein, described step 208 can be accomplished by:
Invoking page rendering engine reads described current service data, according to described current service data to institute
State current business template to resolve and render, obtain the display interface of this authority control system.
Step 209: described display interface is shown.
From such scheme, a kind of authorization control system construction method embodiment four that the application provides,
Render by current business template in authority control system is carried out parsing, obtain display circle of this system
Face, and show, thus present to user.
Based on foregoing individual embodiments, present invention also provides a kind of stencil design device, this stencil design device
Can be the visual design device, be used for carrying out the deployment task such as Pages Design and attributes edit, obtain industry
Business model and service template, such as, the current service data previously according to user designs corresponding standard industry
Business model and benchmark service template etc..Such as Fig. 8, realize the structure of authority control system for the embodiment of the present application
The schematic diagram built and show, wherein:
Business demand (business datum after including current service data and updating) according to user, in advance
Utilize the visual design device, be designed the Page Template corresponding with business demand, or amendment has been deposited
Page Template, described Page Template refer to define display interface standard page face die plate, thus this Shen
Please call by calling corresponding template data storage management interface in the data management module being pre-designed
The benchmark service model corresponding with business demand and benchmark service template, and then generate and business demand phase
Corresponding current business model and current business template, thus obtain authority control system.
After completing to build design, user is when checking newly-generated display interface, and the application passes through page
Face rendering engine calls current business template and current service data, and utilizes current service data to template
File renders, and finally gives display interface, is presented to user.
And after user have modified business datum, the application can be by such as the data management mould in Fig. 8
Block calls corresponding business datum access management interface and amended business datum is saved in data base.
It addition, the embodiment of the present application is when carrying out page rendering, mode and service can be rendered with client
Device end is rendered mode and is carried out the realization of page rendering by service interface and service server processor.
As a example by user, application the embodiment of the present application build school authority control system time, described currently
Business datum, in addition to user basic information, also includes user type etc., and user type may include that
Common teachers, administrative personnel, rear service personnel.So in its authority control system, these three user profile
Template may most information be identical, such as user basic information such as login username, login password,
Real Name, sex etc. these.Fraction message is different, and such as common teachers has academic title;Administrative people
Member has position etc..So when building authority control system, first according to business demand, setting up three
Plant user type, i.e. common teachers, administrative personnel, rear service personnel, now, it is provided that a user profile
Business model, user basic information defined in this model, such as: user name, password, Real Name,
Sex;One benchmark service template is provided, the showing interface of this template definition user basic information, such as:
User name be one read-only, can not revise, password is text box, can revise.But due to this three
The information planting user type is not quite similar, so needing to call stencil design device at benchmark service model and mark
On the basis of quasi-service template, design respective business model and service template for every kind of user type, i.e.
A business model file, a service template file is generated for every kind of user type.Business model is used for
Definition business object, this kind of user type of specific definition is in addition to the essential information in standard form, also
Those peculiar information are customized.When increasing the user of a kind of the type, read service template file and open up
Show to operation user.After user's amendment, then the value of item of information user inputted is saved in data base.
Wherein, essential information is saved in Basic Information Table, and the information of customization is saved in unified a kind of table,
This table only has four row: i.e. ID, Type, attributeName, attributeValue.ID is this user
Only table in, associate with Basic Information Table, type identifies the user type of this user,
AttributeName represents the information name of customization, and attributeValue represents customized information value.Such as:
0000001, common teachers, academic title, professor.
It should be noted that the difference of business model hereinbefore and service template is, in service template
Define this kind of user type be illustrated in the appearance of front page layout and item of information put in order, the most read-only,
It is textview field, combobox or a checkbox etc., is the page presenting to system user.
Business object in this service template derives from business model.
With reference to Fig. 9, for the structure of a kind of authority control system construction device embodiment five that the application provides
Schematic diagram, described device is applied in the RBAC model of extension, and the RBAC model of described extension is
Generate after increasing user type item, group item and set type item in the RBAC model pre-build, as
Described in Fig. 2 shown in the RBAC model schematic diagram of extension.In the RBAC model of described extension often
Individual item of information such as user's item, user type item, the most corresponding benchmark service mould such as group item and set type item etc.
Type and a benchmark service template, wherein, described benchmark service model benchmark service object, described
The benchmark service template definition standard display page, is the standard information not comprising any customized information,
Described device may include that
Data capture unit 901, is used for obtaining current service data.
Wherein, described current service data refers to authority control system correspondence enterprise to be built or mechanism
Business demand data, such as the essential information of user a certain in school: login name, login password, true surname
Names etc., and the customized information of user, such as academic title, role's numbering, affiliated institute etc..
Standard call unit 902, for calling at least one corresponding with described current service data
Benchmark service model and benchmark service template.
Such as, in the application example of school, described current service data include user login name,
Login password, Real Name etc. and user type such as common teachers, administrative personnel, rear service personnel etc.,
Group such as affiliated universities and colleges and set type such as School of Computer Science.Thus, in described standard call unit 902,
Call the user corresponding with the login name of user, login password, Real Name etc. in this current service data
Benchmark service model that essential information item is corresponding and benchmark service template, and call and user type item phase
Corresponding benchmark service type and benchmark service template, and call the benchmark service mould corresponding with organizing item
Type and benchmark service template, and call the benchmark service type corresponding with set type item and benchmark service
Template, etc..
If it should be noted that cannot call in the RBAC model of described extension and described current industry
The business corresponding benchmark service model of data and benchmark service template, described device can be also used for:
Benchmark service model and the benchmark service template of correspondence is generated according to described current service data editor,
And benchmark service model and the benchmark service template of generation are placed in the RBAC model of described extension.
It is currently generated unit 903, for according to described current service data and described benchmark service model
With benchmark service template, generate current business model and current business template.
Wherein, it is currently generated unit 903 and refers to, respectively according to described current service data and each described in
Benchmark service model that item of information is corresponding and benchmark service template, generate current business model and current business
Template.Such as, according to the standard industry of user basic information item and its correspondence in described current service data
Business model and benchmark service template, generate current business model and the current business of this user basic information item
Template;According to the benchmark service model of user type item and its correspondence in described current service data and mark
Quasi-service template, generates current business model and the current business template of this user type item;According to described
Current service data is organized item and the benchmark service model of its correspondence and benchmark service template, generates this group
The current business model of item and current business template;According to set type item in described current service data and
The benchmark service model of its correspondence and benchmark service template, generate this set type item current business model and
Current business template;Etc..
System signal generating unit 904, for carrying out group by described current business model and current business template
Close, generate authority control system.
Wherein, described system signal generating unit 904 can be accomplished by:
According to the related information between each item of information that described current service data is corresponding, by described currently
Business model and reading service template are combined, and generate authority control system.
It addition, in actual applications, the device in the embodiment of the present application can be also used for:
Described current service data is preserved to data base;
Concrete, information corresponding for user basic information item in described current service data is placed in default
In Basic Information Table, by other items of information in addition to user basic information item in described current service data
Information such as user type item, the group correspondence such as item and set type item is placed in default customized information table.
From such scheme, a kind of authority control system construction device embodiment that the application provides
Five, by the RBAC model of foundation increasing user type item, group item and set type item in advance
The RBAC model being expanded, each item of information such as user's item in the RBAC model of this extension,
User type item, the most corresponding benchmark service model such as group item and set type item etc. and benchmark service mould
Plate, wherein, this business model definition business is corresponding, described service template definition display interface,
When needing the structure carrying out a certain authority control system, first obtain current service data, and pass through
Call the benchmark service model corresponding with current service data and benchmark service template, such as current industry
The business each self-corresponding benchmark service model of user, user type, group and set type corresponding to data and
Benchmark service template, and then according to described current service data and described benchmark service model and standard
Service template, generates current business model and current business template, finally by described current business mould
Type and current business template are combined, and generate authority control system, it is achieved the embodiment of the present application mesh
's.The embodiment of the present application is by increasing user type item, group item, set type in RBAC model
And respective benchmark service model and benchmark service template, thus at RBAC mould based on extension
In the authority control system that type obtains when building authority control system, each role is not only had it right
The user type answered, also has its each self-corresponding group and set type, thereby, it is possible to each
Reflect its respective affiliated organizational structure between role, such as, a certain user is set as always
During manager role, this user also have its user type such as high-level executive, sane level general manager etc.,
Group is such as department or branch company etc. and set type such as department or branch company's character etc., it is possible to reflect this
Department belonging to user and branch company's character, therefore, the embodiment of the present application is the most more to user
Or the most applicable in the application of less enterprise, there is higher effectiveness.
With reference to Figure 10, for institute in a kind of authority control system construction device embodiment six that the application provides
State the structural representation being currently generated unit 903, described in be currently generated unit 903 and may include that
"current" model generates subelement 931, for by described current service data write extremely described standard
Business model, generates current business model.
Wherein, described "current" model signal generating unit 931 refers to, each by described current service data
Item of information such as user basic information item, user type item, group each self-corresponding data such as item and set type item
Be respectively written into its each self-corresponding benchmark service model, obtain each item of information each self-corresponding currently
Business model.
It should be noted that the business that the definition of this current business model is corresponding with described current service data
Object, has its distinctive personalized nature.
Current template generates subelement 932, for according to described current business model, revises described mark
Quasi-service template, generates current business template.
It should be noted that the business model of each item of information service template respective with it relative to, and
There is hierarchical relationship, be, in described current template signal generating unit 932, according to each item of information institute
Its each self-corresponding benchmark service template revised by corresponding current business model, generates current business template,
The display interface of authority control system corresponding to current service data is defined by this current service template.
It addition, the information of each user, role and authority is by specifically in the authority control system built at present
The quantity of business datum customization, the i.e. item of information that each user of business datum decision has and content, such as,
Be applicable to according to Rights Management System user profile include the information such as officer's identity card number, Years Of Service, right
Answering different enterprise application systems, the quantity of item of information and content thereof are respectively provided with certain diversity.Thus,
Specific Enterprise Project is applied, needs developer to write the specific authority control system of structure,
When the business datum of this system occurs some to change, developer needs again according to the data structure after change
Build new authority control system.
Therefore, the scheme being currently based on RBAC model structure authority control system makes rights management ineffective
Live, code redundancy amount big, and this systematic difference limitation is relatively big, constantly becomes being applied to business datum
Time in the application changed, the structure speed of authority control system is relatively slow, inefficient.
Thus, with reference to Figure 11, a kind of authority control system construction device provided for the application is implemented
The part-structure schematic diagram of example seven, described device can also include:
Update acquiring unit 905, update number for obtaining business corresponding to described current service data
According to.
Wherein, described business more new data refers to, the information changed in described current service data
The data of item, and the data of the item of information increased on the basis of described current service data.
Model modification unit 906, for according to described business more new data, revises described control of authority
Current business model in system.
With reference to Figure 12, for the structural representation of model modification unit 906 described in the embodiment of the present application seven
Figure, described model modification unit 906 may include that
First model determines subelement 961, is used for determining in described authority control system and described business
The objective business model that more new data is corresponding.
Wherein, described objective business model, refer to, the letter changed in described current service data
The current business model that breath item is corresponding.
Object module amendment subelement 962, for according to described business more new data, revises described power
Described objective business model in limit control system.
Wherein, described object module amendment subelement 962 can be accomplished by:
According in described business more new data based on the item of information changed described in current service data, build
The replacement business model of its correspondence vertical, by described replacement business model by described authority control system with should
The objective business model replacing business model corresponding is replaced.
Described object module amendment subelement 962 can also be accomplished by:
According in described business more new data based on the item of information changed described in current service data,
Objective business model corresponding with the item of information that this changes in described authority control system is repaiied
Change, obtain the objective business model updated.
Second model obtains subelement 963, for obtain corresponding with described business more new data and
It is different from the newly-increased master pattern of described objective business model.
Wherein, described newly-increased master pattern, refer to, based on described current in described business more new data
Benchmark service model corresponding to the item of information that business datum newly increases.
It should be noted that described second model obtain subelement 963 be triggered operation order can be with
Described first model determines that subelement 961 is identical, it is also possible to front determine subelement in described first model
961 run.
Newly-increased model generation subelement 964, for according to described business more new data, generates with described
The Added Business model that newly-increased master pattern is corresponding.
Wherein, described newly-increased model generation subelement 964 refers to, by base in described business more new data
The data write of the item of information newly increased in described current service data in described newly-increased master pattern,
To the Added Business model corresponding with this newly-increased item of information.
Newly-increased model adds subelement 965, for adding described Added Business model to described authority
In control system.
Wherein, described newly-increased model adds subelement 965 it is to be understood that by described Added Business model
Add to the business model of described authority control system, and set up this Added Business model and other business
Association between model.
Template amendment unit 907, for according to amended current business model, revises described authority
Current business template in control system.
It should be noted that amended current business mould mentioned in described template amendment unit 907
Type, includes in described authority control system and obtains based on the business model amendment existed or replace
Current business model and the current business model newly increased.Each repair based on the business model existed
To change or replace the current business model obtained all have a current business template corresponding, each newly increases
Current business model all has a benchmark service model corresponding.The implementation being hereby based in Figure 12,
Described template amendment unit 907 can be accomplished by:
According to what described authority control system obtained based on the business model amendment existed or replacement
Current business model, revises its each self-corresponding current business template;According in described authority control system
The current business model newly increased, revises the benchmark service template of its correspondence, and obtain that this newly increases is current
The current business template that business model is corresponding.
It addition, in the embodiment of the present application seven, described device can be also used for:
Described business more new data is preserved to data base;
Concrete, data corresponding with user basic information item in described business more new data are preserved to institute
State in Basic Information Table, by the user in described business more new data and in addition to user basic information item
Type entry, the data that group item and set type item etc. are corresponding preserve to customized information table.
From in such scheme, a kind of authority control system construction device embodiment seven that the application provides
In, after there is more new change in business information, only need according to the service data updating updated or increasing
Add business model corresponding in existing authority control system and service template, it is not necessary to developer is again
Write code, reduce the amount of redundancy of code, when being applied in the application that business datum is continually changing, power
The structure speed of limit control system, efficiency is higher.
With reference to Figure 13, for the structure of a kind of authorization control system construction method embodiment eight that the application provides
Schematic diagram, described device can also include:
Interface signal generating unit 908, for generating described control of authority in described system signal generating unit 904
After system, carry out the current business template in described authority control system resolving the described power of generation
The display interface of limit control system.
Wherein, described interface signal generating unit 908 can be accomplished by:
Invoking page rendering engine reads described current service data, according to described current service data to institute
State current business template to resolve and render, obtain the display interface of this authority control system.
Interface display unit 909, for showing described display interface.
From such scheme, a kind of authority control system construction device embodiment eight that the application provides,
Render by current business template in authority control system is carried out parsing, obtain display circle of this system
Face, and show, thus present to user.
It should be noted that each embodiment in this specification all uses the mode gone forward one by one to describe,
What each embodiment stressed is the difference with other embodiments, between each embodiment
Identical similar part sees mutually.
Finally, in addition it is also necessary to explanation, in this article, the relation art of such as first and second or the like
Language is used merely to separate an entity or operation with another entity or operating space, and not necessarily
Require or imply relation or the order that there is any this reality between these entities or operation.And
And, term " includes ", " comprising " or its any other variant are intended to the bag of nonexcludability
Contain, so that include that the process of a series of key element, method, article or equipment not only include those
Key element, but also include other key elements being not expressly set out, or also include for this process,
The key element that method, article or equipment are intrinsic.In the case of there is no more restriction, by statement
The key element that " including one ... " limits, it is not excluded that include the process of described key element, method,
Article or equipment there is also other identical element.
Above a kind of authorization control system construction method provided by the present invention and device are carried out in detail
Thin introducing, principle and the embodiment of the present invention are explained by specific case used herein
Stating, the explanation of above example is only intended to help to understand method and the core concept thereof of the present invention;
Simultaneously for one of ordinary skill in the art, according to the thought of the present invention, in specific embodiment party
All will change in formula and range of application, in sum, this specification content should not be construed as
Restriction to the application.
Claims (10)
1. an authorization control system construction method, it is characterised in that be applied to the RBAC mould of extension
In type, the RBAC model of described extension be in the RBAC model pre-build increase user type item,
Group item and set type item generate, all corresponding mark of each item of information in the RBAC model of described extension
Quasi-business model and a benchmark service template, described method includes:
Obtain current service data;
Call at least one benchmark service model and benchmark service corresponding with described current service data
Template;
According to described current service data and described benchmark service model and benchmark service template, generate and work as
Front business model and current business template;
Described current business model and current business template are combined, generate authority control system.
Method the most according to claim 1, it is characterised in that according to described current service data
And described benchmark service model and benchmark service template, generate current business model and current business template,
Including:
By the write of described current service data to described benchmark service model, generate current business model;
Revise described benchmark service template according to described current business model, generate current business template.
Method the most according to claim 1 and 2, it is characterised in that in described generation authority control
After system processed, described method also includes:
Obtain described current service data corresponding business more new data;
According to described business more new data, revise the current business model in described authority control system;
According to amended current business model, revise the current business mould in described authority control system
Plate.
Method the most according to claim 3, it is characterised in that described update according to described business
Data, revise the current business model in described authority control system, including:
Determine target service mould corresponding with described business more new data in described authority control system
Type;
According to described business more new data, revise the described target service mould in described authority control system
Type;
Obtain corresponding with described business more new data and be different from described objective business model newly-increased
Master pattern;
According to described business more new data, generate the Added Business corresponding with described newly-increased master pattern
Model;
Described Added Business model is added to described authority control system.
Method the most according to claim 1, it is characterised in that also include:
Current business template in described authority control system is resolved, generates described control of authority
The display interface corresponding with described current service data of system;
Described display interface is shown.
6. an authority control system construction device, it is characterised in that be applied to the RBAC mould of extension
In type, the RBAC model of described extension be the middle increase user type item pre-building RBAC model,
Group item and set type item generate, all corresponding mark of each item of information in the RBAC model of described extension
Quasi-business model and a benchmark service template, described device includes:
Data capture unit, is used for obtaining current service data;
Standard call unit, for calling at least one standard corresponding with described current service data
Business model and benchmark service template;
It is currently generated unit, for according to described current service data and described benchmark service model and mark
Quasi-service template, generates current business model and current business template;
System signal generating unit, for described current business model and current business template are combined,
Generate authority control system.
Device the most according to claim 6, it is characterised in that described in be currently generated unit and include:
"current" model generates subelement, for by described current service data write extremely described benchmark service
Model, generates current business model;
Current template generates subelement, for according to described current business model, revises described standard industry
Business template, generates current business template.
8. according to the device described in claim 6 or 7, it is characterised in that also include:
Update acquiring unit, for obtaining described current service data corresponding business more new data;
Model modification unit, for according to described business more new data, revises described authority control system
In current business model;
Template amendment unit, for according to amended current business model, revises described control of authority
Current business template in system.
Device the most according to claim 8, it is characterised in that described model modification unit includes:
First model determines subelement, is used for determining in described authority control system and updates with described business
The objective business model that data are corresponding;
Object module amendment subelement, for according to described business more new data, revises described authority control
Described objective business model in system processed;
Second model obtains subelement, for obtaining corresponding with described business more new data and distinguishing
Newly-increased master pattern in described objective business model;
Newly-increased model generation subelement, for according to described business more new data, generates newly-increased with described
The Added Business model that master pattern is corresponding;
Newly-increased model adds subelement, for adding described Added Business model to described control of authority
In system.
Device the most according to claim 6, it is characterised in that also include:
Interface signal generating unit, after generating described authority control system in described system signal generating unit,
Carry out the current business template in described authority control system resolving and generate described authority control system
The display interface corresponding with described current service data;
Interface display unit, for showing described display interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310468353.XA CN103500314B (en) | 2013-10-09 | 2013-10-09 | A kind of authorization control system construction method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310468353.XA CN103500314B (en) | 2013-10-09 | 2013-10-09 | A kind of authorization control system construction method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103500314A CN103500314A (en) | 2014-01-08 |
CN103500314B true CN103500314B (en) | 2016-08-17 |
Family
ID=49865520
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310468353.XA Active CN103500314B (en) | 2013-10-09 | 2013-10-09 | A kind of authorization control system construction method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103500314B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105320498B (en) * | 2014-05-28 | 2018-05-25 | 中国科学院沈阳自动化研究所 | Configurable multi-level roduction track method for visualizing based on figure |
CN111381864A (en) * | 2020-04-01 | 2020-07-07 | 中国铁塔股份有限公司 | Configuration method and device of software system |
CN117113960A (en) * | 2023-09-05 | 2023-11-24 | 北京数聚智连科技股份有限公司 | Method and device for generating service data form, electronic equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100651751B1 (en) * | 2005-10-14 | 2006-12-01 | 한국전자통신연구원 | Method of service access control in ubiquitous platform and securtity middleware thereof |
KR20080006157A (en) * | 2006-07-11 | 2008-01-16 | 박재근 | Env-rbac: dynamic access control for ubiquitous environment |
US20120215718A1 (en) * | 2011-02-17 | 2012-08-23 | Rajagopal Sitaram | Computer Implemented System and Method for Aggregating, Analyzing and Distributing Information Corresponding to Retirement Plans |
-
2013
- 2013-10-09 CN CN201310468353.XA patent/CN103500314B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
Non-Patent Citations (2)
Title |
---|
《基于RBAC扩展模型的授权策略研究》;邢小永;《中国优秀硕士学位论文全文数据库·信息科技辑》;20070615;I139-139 * |
《基于组织结构的RBAC扩展模型及应用》;范志等;《电脑知识与技术》;20130125;第9卷(第3期);497-499 * |
Also Published As
Publication number | Publication date |
---|---|
CN103500314A (en) | 2014-01-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102521412B (en) | Data association device and data association method | |
CN105487864A (en) | Method and device for automatically generating code | |
CN101539855A (en) | Service basic software platform | |
Betts et al. | Integrated construction information | |
KR20210122311A (en) | Reversible data transformation | |
CN112445392B (en) | Organization authority processing method and device, electronic equipment and storage medium | |
CN103500314B (en) | A kind of authorization control system construction method and device | |
CN108694260A (en) | Application process of the BIM technology in Steel Bridge processing and manufacturing | |
US20050132224A1 (en) | Collaborative computing community role mapping system and method | |
Sheard et al. | 6.2. 1 complexity types: From science to systems engineering | |
Phiri | Information technology in construction design | |
US10140387B2 (en) | Model for managing variations in a product structure for a product | |
CN107480186A (en) | A kind of business model data processing method and computer equipment | |
Swain | Object-oriented analysis and design through unified modeling language | |
Flores et al. | The construction value chain in a BIM environment | |
Hess et al. | Business Building Blocks as Coordination Mechanism for Enterprise Transformations | |
Ramanathan et al. | A generic iconic tool for viewing databases | |
Sánchez et al. | Extraction and reconstruction of enterprise models | |
Mansour et al. | The Role of Electronic Management in Promoting Organizational Creativity: A Case Study of Orange Telecom Company/Jordan | |
Ducatel et al. | ICTs and employment in Europe: Outlooks to 2010 | |
Gajewsky | The expert view of the Petri net Baukasten | |
Davis | Introducing ARIS | |
Juhás et al. | Practical Experience with Petriflow: Enriched Process Models Serving as Implementation | |
Waszkowski | Reference Low-code Development Platform Architecture: Aurea BPM | |
Hu et al. | A structured DEVS model representation based on extended structured modeling |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20211208 Address after: 250014 No. 41-1 Qianfo Shandong Road, Lixia District, Jinan City, Shandong Province Patentee after: SHANDONG CIVIC SE COMMERCIAL MIDDLEWARE Co.,Ltd. Address before: 250014 No. 41-1 Qianfo Shandong Road, Lixia District, Jinan City, Shandong Province Patentee before: SHANDONG CVIC SOFTWARE ENGINEERING Co.,Ltd. Patentee before: Shandong Zhongchuang software commercial middleware Co., Ltd |
|
TR01 | Transfer of patent right |