CN104113432A - Operation service data access control based on grade and domain division and realization thereof - Google Patents
Operation service data access control based on grade and domain division and realization thereof Download PDFInfo
- Publication number
- CN104113432A CN104113432A CN201410057060.7A CN201410057060A CN104113432A CN 104113432 A CN104113432 A CN 104113432A CN 201410057060 A CN201410057060 A CN 201410057060A CN 104113432 A CN104113432 A CN 104113432A
- Authority
- CN
- China
- Prior art keywords
- domain
- grade
- user
- service data
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses operation service data access control based on grade and domain division and realization thereof, and mainly solves realization of security control grade and domain division access for the generated large number of operation service data under the situation that a user organization mechanism and an IT environment are complex. The scheme comprises contents of five parts, including grade management, domain management, grade and domain information injection, user grade and domain authorization and grade and domain division display and control. Configuration management of user IT environment grade information is realized by grade management. Configuration management of the divided domain information of the user IT environment is realized by domain management. Binding management of service data grade and domain information is realized by grade and domain information injection. Distribution of grades and domains of accessible operation service data is realized by user grade and domain authorization. Access control of existing operation service data is realized via grade and domain division display and control so that data access security is guaranteed, and sensitive information leakage and grade-skip browsing are prevented. According to realization based on the aforementioned functions, a complete operation data grade and domain division access control solution scheme is formed so that security of the user operation service data and legitimacy of data access are guaranteed to the largest extent.
Description
Technical field
The present invention relates to design and the realization of the multilevel and multi-domain solution of O&M service data visitation control field, is a kind of by longitudinal classification, laterally the two-dimentional computational methods in minute territory realize design and the realization that O&M service data visitation is controlled.
Background technology
Continuous lifting along with business and government IT application level, its own IT infrastructure resource is also constantly being expanded and is being increased, O&M environment is also increasingly sophisticated, therefore in the situation that guaranteeing original service mode, operation system and IT resource not to be produced to disturbance, how to strengthen the access control dynamics to user's O&M business datum, become a urgent problem.The invention provides an access control design standard, reliable O&M business datum, realized the access control of daily O&M business datum in user IT environment is filtered, guaranteed the fail safe of data.
Summary of the invention
The present invention is based on longitudinal classification, the laterally two dimension calculating in minute territory, be intended to strengthening the access control of the O&M business datum of user IT environment generation is filtered.Concrete is exactly that the whole IT environment of user longitudinal (Y-axis) is carried out to Module Division by rank, horizontal (X-axis) by territory, then the intersection calculations by X-Y axle goes out the homing point of data in whole IT environment, the level domain information of having authorized in conjunction with user again judges whether it has access rights to this node data, if there is mandate open to it, if have, it is not opened to data, thereby realize the access control filtration of data.
Accompanying drawing explanation
Fig. 1 is overall construction drawing of the present invention.
Embodiment
The present invention mainly shows that by hierarchical management, territory management, the injection of level domain information, the mandate of user class territory and multilevel and multi-domain controlling four parts forms in embodiment, specific as follows;
One, hierarchical management
The management of realization to longitudinal grade, support grade increasing, the regular maintenance such as delete, look into, change, between each class information, there is father and son's relation, support it with Tree structure configuration and show, the positional information for locator data in longitudinal grade.
Two, territory management
The management of realization to horizontal territory, the increasing of support region, the regular maintenance such as deletes, looks into, changes, and between each territory, with parallel relation, exists, and supports its configuration of form with list and shows, the positional information for locator data on horizontal territory.
Three, level domain information injects
O&M service data visitation is controlled and be take level domain information as core, for each the acquisition node configuration stage domain information in all levels territory of having divided in user IT environment, make it after data acquisition generates, be accompanied with the identification information in level territory, place, thereby guarantee the uniqueness of its positional information in whole IT environment, avoid data corruption.
Four, authorize in user class territory
User will access the O&M business datum in this grade of territory, need to first obtain the mandate that this grade of domain browsing controlled.User class territory authorization module realizes the mandate to calling party level domain information, user needs first in the authorized user message in this module, to add it in the information in level territory after establishment, after having added, can realize the access to data in territory at the corresponding levels, support once to add, remove one or more and authorize level domain information.
Five, multilevel and multi-domain is shown control
Multilevel and multi-domain displaying is controlled by user and has been authorized mating of grade domain information and business datum self level territory, realizes the not granted access of domain information at the same level.The level domain information that all includes its position point in every data message, when user conducts interviews to information, authorization analysis device can collect its level domain information of having authorized from user profile, the level domain information carrying in this information being decomposed to rear and accessed data contrasts, if unanimously allow user to access this data, if inconsistent, these data are hidden not open to this user, thereby realize in same operation system, the multilevel and multi-domain of different brackets territory not at the same level O&M business datum shows.
Claims (6)
1. the O&M service data visitation based on multilevel and multi-domain is controlled and is realized, comprise that level management, territory are managed, level domain information injects, authorize in user class territory and multilevel and multi-domain is shown control five partial contents, it is characterized in that: level management, territory management, level domain information have injected the initial work of essential information, guarantee that every O&M data are all accompanied with a grade domain information; Authorize in user class territory and multilevel and multi-domain is shown control combination, completes the access control to O&M business datum multilevel and multi-domain.
2. according to a kind of O&M service data visitation based on multilevel and multi-domain described in right 1, control and realize, it is characterized in that, wherein said level management is longitudinally to divide from user IT environment, is divided into the differentiated control that a plurality of grades realize data.
3. according to a kind of O&M service data visitation based on multilevel and multi-domain described in right 1, control and realize, it is characterized in that, the management of wherein said territory is laterally to divide from user IT environment, is divided into minute territory management that a plurality of management domains are realized data.
4. according to a kind of O&M service data visitation based on multilevel and multi-domain described in right 1, control and realize, it is characterized in that, it has been the configuration effort of grade domain information that wherein said level domain information injects, and guarantees that every data are accompanied with a grade domain information when producing.
5. according to a kind of O&M service data visitation based on multilevel and multi-domain described in right 1, control and realize, it is characterized in that, authorize in wherein said user class territory is for it, to add the information in addressable level territory according to user right.
6. according to a kind of O&M service data visitation based on multilevel and multi-domain described in right 1, control and realize, it is characterized in that, wherein said multilevel and multi-domain shows that controlling is by the combination with right 5, realizes the multilevel and multi-domain access control of user's degree O&M business datum.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410057060.7A CN104113432A (en) | 2014-02-20 | 2014-02-20 | Operation service data access control based on grade and domain division and realization thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410057060.7A CN104113432A (en) | 2014-02-20 | 2014-02-20 | Operation service data access control based on grade and domain division and realization thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104113432A true CN104113432A (en) | 2014-10-22 |
Family
ID=51710069
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410057060.7A Pending CN104113432A (en) | 2014-02-20 | 2014-02-20 | Operation service data access control based on grade and domain division and realization thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104113432A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110932897A (en) * | 2019-11-27 | 2020-03-27 | 四川九洲电器集团有限责任公司 | Hierarchical unified operation and maintenance management platform under cross-network environment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101572630A (en) * | 2009-05-22 | 2009-11-04 | 中兴通讯股份有限公司 | Privilege management system and method based on objects |
-
2014
- 2014-02-20 CN CN201410057060.7A patent/CN104113432A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101572630A (en) * | 2009-05-22 | 2009-11-04 | 中兴通讯股份有限公司 | Privilege management system and method based on objects |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110932897A (en) * | 2019-11-27 | 2020-03-27 | 四川九洲电器集团有限责任公司 | Hierarchical unified operation and maintenance management platform under cross-network environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101478536B (en) | Method for solving access control in authority management | |
| CN101226573B (en) | Method for controlling access authority of electric document | |
| CN103763313B (en) | File protection method and system | |
| CN101572630B (en) | Privilege management system and method based on objects | |
| CN105488431A (en) | Authority management method and device for block chain system | |
| CN105917309A (en) | Determining a permission of a first tenant with respect to a second tenant | |
| CN105373726A (en) | User authority management system | |
| CN107122406B (en) | Data field-oriented access control method on Hadoop platform | |
| Ren et al. | Leader‐following consensus of fractional nonlinear multiagent systems | |
| CN106487763A (en) | A kind of data access method based on cloud computing platform and user terminal | |
| CN103605916A (en) | RBAC (Role-Based policies Access Control) accessing control model based on organization | |
| CN102542069B (en) | XML (Extensible Makeup Language) document access control method and system for XML database system | |
| CN112597544A (en) | Block chain-based industrial internet data security management system and method | |
| CN103729582A (en) | Safety storage management method and system based on checks and balances | |
| CN104113432A (en) | Operation service data access control based on grade and domain division and realization thereof | |
| CN103581200B (en) | A kind of realize the method and system that between multilevel security territory, structured document quickly circulates | |
| CN104573439A (en) | Permission assignment method and system based on product configuration | |
| CN103514412A (en) | Method and cloud server for establishing role-based access control system | |
| Atmaca et al. | On topological structures of fuzzy parametrized soft sets | |
| CN106570413A (en) | System and method for controlling access permission of document system | |
| CN103546278A (en) | Automatic password generation system | |
| CN110458585A (en) | Based on block chain technical label traceability system | |
| Aydi et al. | Coincidence Points for Expansive Mappings under c‐Distance in Cone Metric Spaces | |
| Wang et al. | A simple approach to achieve modified projective synchronization between two different chaotic systems | |
| Guan | Function projective synchronization of a class of chaotic systems with uncertain parameters |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141022 |
|
| WD01 | Invention patent application deemed withdrawn after publication |