CN106228059A - Based on three Yuans management and the role access control method of expansion - Google Patents
Based on three Yuans management and the role access control method of expansion Download PDFInfo
- Publication number
- CN106228059A CN106228059A CN201610584280.4A CN201610584280A CN106228059A CN 106228059 A CN106228059 A CN 106228059A CN 201610584280 A CN201610584280 A CN 201610584280A CN 106228059 A CN106228059 A CN 106228059A
- Authority
- CN
- China
- Prior art keywords
- role
- user
- management
- information
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Computer Security & Cryptography (AREA)
- Strategic Management (AREA)
- Human Resources & Organizations (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Economics (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of based on three Yuans management with mutual role help (TMMERBAC) method expanded, is conventional character and system actor by Partition of role and system actor is subdivided into system manager, safety officer and security audit person three Yuans further carries out system administration;Introducing department concept, use user department role-security and two kinds of authorizations of user role authority, and TMMERBAC strategy is applied in concrete work project management system, indicate TMMERBAC strategy and can improve mandate motility, lower mandate complexity, the advantage of micro-stepping control granularity.
Description
Technical field
The present invention relates to information countermeasure/field of information security technology, based on three Yuans management and open up in particular to one
The role access control method of exhibition.
Background technology
Along with informationalized high speed development, increasing enterprise uses information system effectively to manage company information
Reason.Lot of domestic and foreign enterprises information system comprises many secret informations being correlated with about enterprise and employee at present, in order to high
Prevent to effect disabled user from entering system access information resources and stop validated user that the system resource not having authority is carried out
Access, need to use the access control technology in information security that the authority of user and undesirable is limited.
Present stage, many enterprises did not use any access control policy, or the access control policy used is mostly based on biography
Self contained navigation strategy, strong access control policy or the mutual role help strategy of system, along with development and the information in epoch
The progress of technology so that the scale of information system constantly expands, number of users is continuously increased and changes, self contained navigation strategy
Being difficult to meet the demand of contemporary information systems with strong access control policy, there is flexibility ratio in mutual role help strategy simultaneously
Problem the highest, that autgmentability is low, Control granularity is thicker.And for some based on tradition access control policy improve novel
Strategy, such as the access control policy of oriented mission, service-oriented workflow access control strategy and use control strategy etc.,
The scope of application is the narrowest, implements difficulty relatively big simultaneously, and practical application is the highest.
To this end, contemporary information systems is badly in need of a kind of novel access control policy can be generally applicable to enterprise information system,
Thus reach the purpose of maintenance information system safety.
Summary of the invention
Present invention aim at providing a kind of based on three Yuans management and the role access control method of expansion, based on three Yuans pipes
Reason and mutual role help (TMMERBAC) strategy expanded, be conventional character and system actor general further by Partition of role
System actor is subdivided into system manager, safety officer and security audit person three Yuans and carries out system administration;Introducing department concept,
Use user-department-role-authority and user-role-authority two kinds authorization, improve and authorize motility, attenuating mandate multiple
Polygamy, micro-stepping control granularity.
For reaching above-mentioned purpose, the present invention proposes a kind of based on three Yuans management and the role access control method of expansion, bag
Include:
Step 1, set up in information management system system manager, safety officer and security audit person three Yuans management system
System, wherein, system manager is arranged for user account, the management of Role Information realizing in system;Safety officer's quilt
It is provided for role-security distribution, user right distribution, department privilege distribution and the empowerment management realizing in system;Security audit
Member is arranged for the log sheet recorded according to the data base of information management system, user, system administration in supervisory systems
Member and all operations of safety officer, including to the interpolation of information, revise and delete;
Step 2, system manager add Role Information;
Step 3, system manager, after receiving papery examination and approval document, add user profile for enterprise personnel, and will be initial
Giving user, described user includes domestic consumer;
Step 4, safety officer are receiving papery examination and approval document and after the user of step 3 has created, according to setting
Set pattern is then every kind of role, each user and every class sector disrtibution acquiescence associated rights;
Step 5, security audit person carry out real-time oversight and examination to the daily record of safety officer and system manager, to can
The user behavior doubted carries out account locking and reports;
Frozen user is investigated by step 6, system manager, can be to the account freezed after terminating
Unlock;
Step 7, domestic consumer use account and password login information management system, complete in the extent of competence of himself
Work and task, nullify account, Safe withdrawing system afterwards.
Further, preceding method more comprises the steps of
Daily record in information management system is periodically backed up and is cleared up by security audit person.
Further, the management of user account, Role Information is specifically included by described system manager:
Create user: as system manager according to instruction according to the information creating account title provided and the closeest
Code, and typing user related information;
Safeguard Role Information: system manager updates Role Information, and adds or delete relative role;
User unlocks: the behavior dangerous for certain user causes account freezing, after examining and ascertaining the reason, by
System manager carries out user account unblock.
Further, in preceding method, role-security is distributed by described safety officer, user right distributes, department's power
Limit distribution and empowerment management specifically include:
Role-security distributes: after having safeguarded Role Information, distributes corresponding authority to role, wherein there is mutually punching
That dash forward, have the role of overlapping authority;
User right distributes: safety officer distributes authority to user;
Department privilege distributes: safety officer adds role the most of the same race according to the practical situation of department;
Empowerment management: account is mapped by safety officer with the role in relevant departments, or directly by account
It is mapped with role, completes the empowerment management of role.
Further, in preceding method, described system manager and safety officer, for user's right of distribution in limited time, use
Following manner realizes: system manager creates a new user at SYAD apoplexy due to endogenous wind on demand at User apoplexy due to endogenous wind, returns after completing
Return and create success message;Used U-D-R-P strategy or U-R-P strategy to User apoplexy due to endogenous wind by SEAD apoplexy due to endogenous wind safety officer afterwards
A certain user carries out authority distribution, and authority distribution is from Operations class and Objects class selection operation authority and system money
Source, returns after completing and is allocated successfully message;In authority assigning process, SEAU apoplexy due to endogenous wind security audit person's real-time oversight SYAD apoplexy due to endogenous wind
System manager and the behavior of SEAD apoplexy due to endogenous wind safety officer.
From the above technical solution of the present invention shows that, the remarkable advantage of the present invention is: be continuously increased and often user
Today of change, information system can be distributed, for user, the effective means that authority is to ensure that information security efficiently, is also to ensure
The Basic Ways of all resource reasonable employment in information system.The research and development of this access strategy, based under above-mentioned background, pass through information
Access control technology in safe practice, it is proposed that a kind of based on three Yuans management and the mutual role help (TMMERBAC) of expansion
Partition of role is conventional character and system actor by strategy and system actor is subdivided into system manager, bursting tube further
Reason person and security audit person three Yuans carry out system administration;Introducing department concept, use user-department-role-authority and user-
Two kinds of authorizations of role-authority, and TMMERBAC strategy is applied in certain military defense project management system, indicate
TMMERBAC strategy can improve mandate motility, lower mandate complexity, micro-stepping control granularity.
As long as should be appreciated that all combinations of aforementioned concepts and the extra design described in greater detail below are at this
A part for the subject matter of the disclosure is can be viewed as in the case of the design of sample is the most conflicting.It addition, required guarantor
All combinations of the theme protected are considered as a part for the subject matter of the disclosure.
Foregoing and other aspect, the reality that present invention teach that can be more fully appreciated with from the following description in conjunction with accompanying drawing
Execute example and feature.The feature of other additional aspect such as illustrative embodiments of the present invention and/or beneficial effect will be below
Description in obvious, or by learning according in the practice of detailed description of the invention that present invention teach that.
Accompanying drawing explanation
Fig. 1 is the flow process of the role access control method managing based on three Yuans and expanding according to certain embodiments of the invention
Schematic diagram.
Fig. 2 is the TMMERBAC overall model according to certain embodiments of the invention.
Fig. 3 is three Yuans administrative relationships figures according to certain embodiments of the invention.
Fig. 4 is that TMMERBAC strategy designs main class and graph of a relation.
Fig. 5 is TMMERBAC strategy sequential chart.
Detailed description of the invention
In order to know more about the technology contents of the present invention, especially exemplified by specific embodiment and coordinate institute's accompanying drawings to be described as follows.
Shown in Fig. 1-5, the present invention propose based on three Yuans management and expand role access control methods make based on
Three Yuans management and the mutual role help strategy expanded can be widely applied in enterprise information system, can be preferable by this strategy
Distribute authority for user, subdivision system role can cooperate, mutually restrict simultaneously, largely avoid the indiscriminate of authority
With.
In conjunction with Fig. 1, comprise the steps: based on three Yuans management and the role access control method expanded
Step 1, set up in information management system system manager, safety officer and security audit person three Yuans management system
System, wherein, system manager is arranged for user account, the management of Role Information realizing in system;Safety officer's quilt
It is provided for role-security distribution, user right distribution, department privilege distribution and the empowerment management realizing in system;Security audit
Member is arranged for the log sheet recorded according to the data base of information management system, user, system administration in supervisory systems
Member and all operations of safety officer, including to the interpolation of information, revise and delete;
Step 2, system manager add Role Information;
Step 3, system manager, after receiving papery examination and approval document, add user profile for enterprise personnel, and will be initial
Giving user, described user includes domestic consumer;
Step 4, safety officer are receiving papery examination and approval document and after the user of step 3 has created, according to setting
Set pattern is then every kind of role, each user and every class sector disrtibution acquiescence associated rights;
Step 5, security audit person carry out real-time oversight and examination to the daily record of safety officer and system manager, to can
The user behavior doubted carries out account locking and reports;
Frozen user is investigated by step 6, system manager, can be to the account freezed after terminating
Unlock;
Step 7, domestic consumer use account and password login information management system, complete in the extent of competence of himself
Work and task, nullify account, Safe withdrawing system afterwards.
Thus, in today that user is continuously increased and often changes, information system can distribute authority for user efficiently
It is to ensure that the effective means of information security, is also the Basic Ways of all resource reasonable employment in guarantee information system.This access
The research and development of strategy are based under above-mentioned background, by the access control technology in information security technology, it is proposed that a kind of based on three members
Management and mutual role help (TMMERBAC) strategy expanded, be conventional character and system actor further by Partition of role
System actor is subdivided into system manager, safety officer and security audit person three Yuans and carries out system administration;Introducing department is general
Read, use user-department-role-authority and user-role-authority two kinds authorization, and TMMERBAC strategy is applied to
In certain military defense project management system, indicate TMMERBAC strategy and can improve mandate motility, lower mandate complexity, segmentation
Control granularity.
Shown in Fig. 2, TMMERBAC strategy role-base access control strategy, introduce on the basis of RBAC97 model
Conventional character and managerial roles are also further improved by department's entity, and the overall model of TMMERBAC is as shown in Figure 1, 2.
Every a part of concept and effect in detailed description model separately below:
(1) user (Users, U): refer to those unique account created with system manager and password login system, and can
Participate in system mutual, perform the personnel of some operation.
(2) department (Departments, D): as connecting user and the key component of role, it is possible to facilitate user more preferable
Gain access and access system resources.
(3) role (Roles, R): carry the responsibility of certain access rights, and can by sector disrtibution to user or
Person is distributed directly to user to obtain authority.In TMMERBAC model, role is divided into conventional character and system actor, wherein system
Role is mainly responsible for conventional character and maintaining system safety etc.;The authority of conventional character is distributed by system manager, and holds
Load system business part responsibility.
(4) session (Sessions, S): as a kind of mapping between user and role, be embodied as activating certain angle
Color completes between user and system interactive.
(5) authority (Permissions, P): represent concrete access rights, one includes operating (Operations, OP)
With object (Objects, OB) binary crelation, wherein operate mainly include checking, amendment etc.;Object represents any to be protected by system
The information resources protected.
(6) constraint (Constraints, C): mainly include least privilege, mutually exclusive roles, constraint base and role's capacity with
And prerequisite etc..
(7) static responsibility separates (Static Separation of Duties, SSD): owing to same user can be allocated
Conflicting authority is there is again, to this end, need to be limited at assigning process between multiple roles and role.
(8) dynamic duty separation (Dynamic Separation of Duties, DSD): what DSD and SSD was solved asks
Topic is similar, and difference is implementation.SSD is mainly limited when distribution, and DSD is to conversate activation user
Limited during role.
Strategy designs main class and incidence relation as shown in Figure 3: access control policy depends on three Yuans management modules
Conduct interviews control with door module, mainly completed by ManagermentRole class and Department class.From class figure,
Realize information system access control strategy mainly to include such as lower class:
(1) User class: user class, comprises the essential information of user's user name, password and user, is for login system
Sole inlet.
(2) Session class: conversation class, it is achieved a certain user corresponding role that is activated has corresponding authority to carry out system mutual
Dynamic.
(3) Constraint class: constrained abstract class in system, including time constraints, territory restriction and numerical value about
Bundle.Native system mainly retrains at role assignment AC and department.
(4) RoleConstraint class: role assignment AC class, inherits Constraint class simultaneously.
(5) Role class: role class, mainly comprises some essential informations of role.
(6) CommonRole class: conventional character class, inherits Role class, it is achieved that the management to conventional character.
(7) ManagermentRole class: managerial roles's class, inherits Role class, it is achieved that the management to managerial roles.
(8) SYAD class: system manager's class, inherits ManagermentRole class, and main realization creates user, safeguards angle
Color information and user's unlocking function.
(9) SEAD class: safety officer's class, inherits ManagermentRole class, mainly realizes role-security distribution, uses
Family authority distribution, department privilege distribution and empowerment management function.
(10) SEAU class: safe design person's class, inherits ManagermentRole class, mainly realizes audit log and record
Journal function.
(11) Permission class: authority class, safety officer according to role and department, use U-D-R-P strategy or
U-R-P strategy is that user distributes authority, enjoys corresponding resource operation.
(12) Operation class: operation class, mainly includes the access to object and amendment function.
(13) Object class: object class, mainly comprises various resources in system.
Access control policy is broadly divided into two stages from sequential: manager distributes authority and allocated use for user
Family conversates with system, as Fig. 4 accesses shown in control sequential chart, and wherein manager is user's right of distribution
Three Yuans management: the role in RBAC97 and managerial roles are merged and are divided into commonly by TMMERBAC model
Role (Common Role, CR) and system actor (System Role, SR) (three Yuans physical relationships are as shown in Figure 2).It is simultaneously
System role uses three Yuans management, separate, mutually restricts, mutually assists, and common maintaining system safety also divides to domestic consumer
Join authority.
Three Yuans management are conducive to raising system fine granularity, the definitely responsibility of system actor, promote the efficiency of management.
The specific responsibility of three Yuans:
(1) system manager: the user account in main responsible system, the management etc. of Role Information, is described below in detail
The specific responsibility of system manager.
Create user: when system manager is after the papery application material receiving higher level's license, according to the letter provided
Breath creates account title and initial password, and typing user related information.
Safeguard Role Information: along with being continually changing of tissue, the relevant information of role also will change, to this end, be
System manager needs the Role Information that upgrades in time, and adds or delete relative role.
User unlocks: the behavior dangerous for certain user causes account freezing, after examining and ascertaining the reason, and can
User account unblock is carried out by system manager.
(2) safety officer: the main role-security being responsible in system distributes, user right distributes, department privilege distribution
With empowerment management etc., the specific responsibility of safety officer is described below in detail.
Role-security distributes: after the complete Role Information of system administrator maintenance, need to distribute corresponding authority to role,
Conflicting, to have overlapping authority role can be there is among these.
User right distributes: safety officer distributes authority to user, and this kind of mode well compensate for certain customers
Insufficient permission after serving as certain role but this role cannot add again the deficiency of authority.Meanwhile, only a few is the most well solved
User not yet serve as role but the awkward situation that is still in system.
Department privilege distributes: safety officer adds role the most of the same race, for great majority according to the practical situation of department
For system, there is a lot of the same role between department, allow safety officer carry out Role Management according to department and be conducive to subtracting
The quantity of bit part.
Empowerment management: account is mapped by safety officer with the role in relevant departments, or directly by account
It is mapped with role, completes the empowerment management of role.
(3) security audit person: the log sheet recorded in Main Basis data base, user, system administration in supervisory systems
Member and all operations of safety officer, including to the interpolation of information, revise and deletion etc..The specific responsibility of security audit person
Mainly include audit log and backup log.
Audit log: make regular check on audit log, when occurring adding, delete account or the user right great change of generation
During change, need to refer to relevant regulations and judged whether rationally, if unlawful practice occurs, need to report without delay.
Backup log: along with system uses the time the most long, journal file can be increasing, needs periodically journal file
Back up and safeguard.
The multiple authorization of introducing department concept: TMMERBAC model two kinds of authorizations of employing: user-department-role-
Authority mode and user-role-authority mode.In order to better illustrate, we use formalization method to be described.Assume
TMMERBAC={U, D, R, S, P, C, SSD, DSD}, wherein R={CR, SR}, SR={SYAD, SEAD, SEAU}, P={OP,
OB}, U represent that user collects, and D represents that department collects, and R represents that role set, S represent session collection, and P represents that authority set, C represent constraint set,
U-D-R-P and U-R-P authorization is explained in detail below.
(1) U-D-R-P strategy:
U-D distributes (U-D Assignment, UDA) relation: in actual life, a user is at most pertaining only to a portion
Door, there is also special case user and temporarily belongs to any one department, and the user of such as just registration is also in work shift or training
Deng.Therefore, ifThen mayMake two tuples
D-R distributes (D-R Assignment, DRA) relation: a department usually contains multiple role, and a kind of role is permissible
Multiple departments occur, so department and role are the relations of a kind of multi-to-multi.Therefore,IfThe most certainMake two tuples
R-P distributes (R-P Assignment, RPA) relation: on the one hand, and a kind of role has multinomial authority;On the other hand,
Each authority can be had by various rolls simultaneously, so role and authority are also the relations of a kind of multi-to-multi.Therefore,IfThe most certainMake two tuples
(2) U-R-P strategy:
U-R distributes (U-R Assignment, URA) relation: U comprises all validated users of system herein, and R comprises all kinds
The role of class.One user can be competent at various rolls, and a kind of role can be competent at by multidigit user, so user and role are one
Plant the relation of multi-to-multi.Therefore,IfThe most certainMake two tuples
R-P distributes (R-P Assignment, RPA) relation: relation is consistent with the R-P relations of distribution in U-D-R-P herein,
Do not repeating.
Control that access control policy depends on the management module of three Yuans and door module conducts interviews, mainly by
ManagermentRole realizes.
Access control policy is broadly divided into two stages from sequential: manager distributes authority and allocated use for user
Family conversates with system, as Fig. 4 accesses shown in control sequential chart, and wherein manager is user's right of distribution.Strategy design is main
Class and incidence relation be as shown in Figure 5: control that access control policy depends on three Yuans management modules and door module conducts interviews
System, is mainly completed by ManagermentRole class and Department class.
Manager distributes authority for user: SYAD apoplexy due to endogenous wind system manager on demand at User apoplexy due to endogenous wind create one new
User, returns after completing and creates success message.U-D-R-P strategy or U-R-P is used afterwards by SEAD apoplexy due to endogenous wind safety officer
Strategy user a certain to User apoplexy due to endogenous wind carries out authority distribution, and authority distribution is to choose behaviour from Operations class and Objects class
Make authority and system resource, return after completing and be allocated successfully message.In authority assigning process, SEAU apoplexy due to endogenous wind security audit person is real
Time supervision SYAD apoplexy due to endogenous wind system manager and the behavior of SEAD apoplexy due to endogenous wind safety officer, it is ensured that the reliability of System Privileges distribution
And safety.
User after distributing authority, login system, activate allocated role, conversate with system, use completing
Terminate session after the target of family and log off.
Although the present invention is disclosed above with preferred embodiment, so it is not limited to the present invention.Skill belonging to the present invention
Art field has usually intellectual, without departing from the spirit and scope of the present invention, when being used for a variety of modifications and variations.Cause
This, protection scope of the present invention is when being as the criterion depending on those as defined in claim.
Claims (5)
1. one kind manages and the role access control method of expansion based on three Yuans, it is characterised in that including::
Step 1, in information management system, set up system manager, safety officer and three Yuans management systems of security audit person,
Wherein, system manager is arranged for user account, the management of Role Information realizing in system;Safety officer is set
For realizing role-security distribution, user right distribution, department privilege distribution and the empowerment management in system;Security audit person's quilt
Be provided for the log sheet recorded in the data base according to information management system, user in supervisory systems, system manager and
The all operations of safety officer, including to the interpolation of information, revise and delete;
Step 2, system manager add Role Information;
Step 3, system manager, after receiving papery examination and approval document, add user profile for enterprise personnel, and will initially give
User, described user includes domestic consumer;
Step 4, safety officer are receiving papery examination and approval document and after the user of step 3 has created, according to setting rule
It is then every kind of role, each user and every class sector disrtibution acquiescence associated rights;
Step 5, security audit person carry out real-time oversight and examination to the daily record of safety officer and system manager, to suspicious
User behavior carries out account locking and reports;
Frozen user is investigated by step 6, system manager, can be to the account solution freezed after terminating
Lock;
Step 7, domestic consumer use account and password login information management system, complete work in the extent of competence of himself
And task, nullify account, Safe withdrawing system afterwards.
The most according to claim 1 based on three Yuans management and the role access control method of expansion, it is characterised in that aforementioned
Method more comprises the steps of
Daily record in information management system is periodically backed up and is cleared up by security audit person.
The most according to claim 1 based on three Yuans management and the role access control method of expansion, it is characterised in that described
The management of user account, Role Information is specifically included by system manager:
Create user: as system manager according to instruction according to the information creating account title provided and initial password, and
Typing user related information;
Safeguard Role Information: system manager updates Role Information, and adds or delete relative role;
User unlocks: the behavior dangerous for certain user causes account freezing, after examining and ascertaining the reason, by system
Manager carries out user account unblock.
The most according to claim 1 based on three Yuans management and the role access control method of expansion, it is characterised in that aforementioned
In method, role-security is distributed by described safety officer, user right distributes, department privilege distributes and empowerment management specifically wraps
Include:
Role-security distributes: after having safeguarded Role Information, distributes corresponding authority to role, wherein exists and collide with each other
, the role having overlapping authority;
User right distributes: safety officer distributes authority to user;
Department privilege distributes: safety officer adds role the most of the same race according to the practical situation of department;
Empowerment management: account is mapped by safety officer with the role in relevant departments, or directly by account and angle
Color is mapped, and completes the empowerment management of role.
The most according to claim 1 based on three Yuans management and the role access control method of expansion, it is characterised in that aforementioned
In method, described system manager and safety officer, for user's right of distribution in limited time, use following manner to realize: system administration
Member creates a new user at SYAD apoplexy due to endogenous wind on demand at User apoplexy due to endogenous wind, returns and create success message after completing;Afterwards by
SEAD apoplexy due to endogenous wind safety officer uses U-D-R-P strategy or U-R-P strategy user a certain to User apoplexy due to endogenous wind to carry out authority distribution,
Authority distribution is from Operations class and Objects class selection operation authority and system resource, returns and be allocated successfully after completing
Message;In authority assigning process, SEAU apoplexy due to endogenous wind security audit person real-time oversight SYAD apoplexy due to endogenous wind system manager and SEAD apoplexy due to endogenous wind
The behavior of safety officer.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610584280.4A CN106228059A (en) | 2016-07-22 | 2016-07-22 | Based on three Yuans management and the role access control method of expansion |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610584280.4A CN106228059A (en) | 2016-07-22 | 2016-07-22 | Based on three Yuans management and the role access control method of expansion |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106228059A true CN106228059A (en) | 2016-12-14 |
Family
ID=57531387
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610584280.4A Pending CN106228059A (en) | 2016-07-22 | 2016-07-22 | Based on three Yuans management and the role access control method of expansion |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106228059A (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107493304A (en) * | 2017-09-30 | 2017-12-19 | 新奥(中国)燃气投资有限公司 | A kind of Current Authorization Management Platform and method |
CN107633184A (en) * | 2017-10-19 | 2018-01-26 | 上海砾阳软件有限公司 | A kind of database and method and apparatus for being used to manage user right |
CN108550029A (en) * | 2017-05-09 | 2018-09-18 | 成都牵牛草信息技术有限公司 | The method that workflow approval node examines role by department's rank setting |
CN109087001A (en) * | 2017-08-03 | 2018-12-25 | 成都牵牛草信息技术有限公司 | The method for supervising review operation, Authorized operation and list operation |
CN109167755A (en) * | 2017-07-28 | 2019-01-08 | 成都牵牛草信息技术有限公司 | The management method of instant messaging account in management system |
WO2019033519A1 (en) * | 2017-08-17 | 2019-02-21 | 平安科技(深圳)有限公司 | User permission data query method and apparatus, electronic device, and medium |
CN109818935A (en) * | 2018-05-04 | 2019-05-28 | 360企业安全技术(珠海)有限公司 | User authority control method and device, storage medium, computer equipment |
CN110110976A (en) * | 2019-04-19 | 2019-08-09 | 一起住好房(北京)网络科技有限公司 | A method of improving the workflow examination and approval system actor efficiency of management |
CN110516453A (en) * | 2019-08-12 | 2019-11-29 | 广州海颐信息安全技术有限公司 | Franchise account proactive notification and the method and device of pipe received automatically |
CN110826088A (en) * | 2019-11-13 | 2020-02-21 | 国网浙江省电力有限公司宁波供电公司 | Method for constructing access control model of T-RBACG |
CN112464215A (en) * | 2020-12-15 | 2021-03-09 | 深圳市中博科创信息技术有限公司 | Identity authentication and control method for enterprise service system |
CN112651609A (en) * | 2020-12-17 | 2021-04-13 | 用友网络科技股份有限公司 | Robot system authorization control method, system and readable storage medium |
CN112989372A (en) * | 2021-03-03 | 2021-06-18 | 浪潮云信息技术股份公司 | Management authority separation method applied to business system based on micro-service |
CN113113123A (en) * | 2021-04-22 | 2021-07-13 | 安徽宏电信息技术有限公司 | Hospital management system based on intelligent integrated management platform |
CN113299013A (en) * | 2021-05-20 | 2021-08-24 | 中铁信安(北京)信息安全技术有限公司 | Intelligent folder and control method thereof |
CN113486322A (en) * | 2021-07-21 | 2021-10-08 | 中共四川省委组织部 | Control method, device and medium for integrated platform based on single sign-on |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103516679A (en) * | 2012-06-25 | 2014-01-15 | 上海博腾信息科技有限公司 | Office system based on character accessing control and realization method thereof |
CN104573478A (en) * | 2014-11-20 | 2015-04-29 | 深圳市远行科技有限公司 | User authority management system of Web application |
-
2016
- 2016-07-22 CN CN201610584280.4A patent/CN106228059A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103516679A (en) * | 2012-06-25 | 2014-01-15 | 上海博腾信息科技有限公司 | Office system based on character accessing control and realization method thereof |
CN104573478A (en) * | 2014-11-20 | 2015-04-29 | 深圳市远行科技有限公司 | User authority management system of Web application |
Non-Patent Citations (3)
Title |
---|
周长春等: "基于三员的角色访问控制", 《经贸实践》 * |
范收平等: "基于三员分离及数据限定的RBAC权限管理模型", 《计算机应用》 * |
黄梁标等: "涉密应用系统三员分离设计与研发", 《计算机光盘软件与应用》 * |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108550029A (en) * | 2017-05-09 | 2018-09-18 | 成都牵牛草信息技术有限公司 | The method that workflow approval node examines role by department's rank setting |
CN108550029B (en) * | 2017-05-09 | 2021-04-27 | 成都牵牛草信息技术有限公司 | Method for setting approval roles according to department levels by workflow approval nodes |
CN109167755B (en) * | 2017-07-28 | 2021-06-04 | 成都牵牛草信息技术有限公司 | Management method for instant communication account in management system |
CN109167755A (en) * | 2017-07-28 | 2019-01-08 | 成都牵牛草信息技术有限公司 | The management method of instant messaging account in management system |
CN109087001A (en) * | 2017-08-03 | 2018-12-25 | 成都牵牛草信息技术有限公司 | The method for supervising review operation, Authorized operation and list operation |
WO2019024899A1 (en) * | 2017-08-03 | 2019-02-07 | 成都牵牛草信息技术有限公司 | Method for supervising approval operations, authorization operations and form operations |
CN109087001B (en) * | 2017-08-03 | 2021-04-16 | 成都牵牛草信息技术有限公司 | Method for monitoring examination and approval operation, authorization operation and form operation |
US11281793B2 (en) | 2017-08-17 | 2022-03-22 | Ping An Technology (Shenzhen) Co., Ltd. | User permission data query method and apparatus, electronic device and medium |
WO2019033519A1 (en) * | 2017-08-17 | 2019-02-21 | 平安科技(深圳)有限公司 | User permission data query method and apparatus, electronic device, and medium |
CN107493304A (en) * | 2017-09-30 | 2017-12-19 | 新奥(中国)燃气投资有限公司 | A kind of Current Authorization Management Platform and method |
CN107493304B (en) * | 2017-09-30 | 2020-06-30 | 新奥(中国)燃气投资有限公司 | Authorization management platform and method |
CN107633184A (en) * | 2017-10-19 | 2018-01-26 | 上海砾阳软件有限公司 | A kind of database and method and apparatus for being used to manage user right |
CN109818935A (en) * | 2018-05-04 | 2019-05-28 | 360企业安全技术(珠海)有限公司 | User authority control method and device, storage medium, computer equipment |
CN110110976A (en) * | 2019-04-19 | 2019-08-09 | 一起住好房(北京)网络科技有限公司 | A method of improving the workflow examination and approval system actor efficiency of management |
CN110516453B (en) * | 2019-08-12 | 2021-12-10 | 广州海颐信息安全技术有限公司 | Method and device for actively notifying and automatically managing privileged account |
CN110516453A (en) * | 2019-08-12 | 2019-11-29 | 广州海颐信息安全技术有限公司 | Franchise account proactive notification and the method and device of pipe received automatically |
CN110826088A (en) * | 2019-11-13 | 2020-02-21 | 国网浙江省电力有限公司宁波供电公司 | Method for constructing access control model of T-RBACG |
CN112464215A (en) * | 2020-12-15 | 2021-03-09 | 深圳市中博科创信息技术有限公司 | Identity authentication and control method for enterprise service system |
CN112464215B (en) * | 2020-12-15 | 2024-06-04 | 深圳市中博科创信息技术有限公司 | Identity authentication and control method for enterprise service system |
CN112651609A (en) * | 2020-12-17 | 2021-04-13 | 用友网络科技股份有限公司 | Robot system authorization control method, system and readable storage medium |
CN112989372A (en) * | 2021-03-03 | 2021-06-18 | 浪潮云信息技术股份公司 | Management authority separation method applied to business system based on micro-service |
CN113113123A (en) * | 2021-04-22 | 2021-07-13 | 安徽宏电信息技术有限公司 | Hospital management system based on intelligent integrated management platform |
CN113299013A (en) * | 2021-05-20 | 2021-08-24 | 中铁信安(北京)信息安全技术有限公司 | Intelligent folder and control method thereof |
CN113299013B (en) * | 2021-05-20 | 2023-06-27 | 中铁信安(北京)信息安全技术有限公司 | Intelligent folder and control method thereof |
CN113486322A (en) * | 2021-07-21 | 2021-10-08 | 中共四川省委组织部 | Control method, device and medium for integrated platform based on single sign-on |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106228059A (en) | Based on three Yuans management and the role access control method of expansion | |
Bátora | The ‘Mitrailleuse Effect’: The EEAS as an interstitial organization and the dynamics of innovation in diplomacy | |
Eriksen | The normativity of the European Union | |
Hameiri | Regulating statehood: state building and the transformation of the global order | |
Bayuk et al. | An architectural systems engineering methodology for addressing cyber security | |
Rathmell et al. | Developing Iraq's security sector: the Coalition Provisional Authority's experience | |
CN103763369A (en) | Multi-permission distribution method based on SAN storage system | |
Richmond | The evolution of the international peace architecture | |
Ruiz | Public-permissioned blockchains as common-pool resources | |
Altaleb et al. | Decentralized autonomous organizations review, importance, and applications | |
Ward et al. | Network organizational development in the public sector: A case study of the federal emergency management administration (FEMA) | |
Collindres et al. | Using blockchain to secure honduran land titles | |
Sadvandi et al. | Safety and security interdependencies in complex systems and sos: Challenges and perspectives | |
Shankar | Special feature the total computer security problem: an oveview | |
Zhang et al. | Enigma of Relationship between Digital Economy and Intellectual Property Rights: Reflections on Innovation in Digital Economy Represented by Cloud Computing | |
Bendiek | Due diligence in cyberspace: guidelines for international and European cyber policy and cybersecurity policy | |
Everest | The objectives of database management | |
Saputra et al. | Tenurial conflict between parties in the technical implementation unit of the Banjar Regency Forest Management Unit in the Province of South Kalimantan | |
Sakwa | Federalism and democracy in the Russian Federation | |
Wilson | Firm capabilities, great power competition, and the structural reshaping of globalization | |
Bayern | Trusting organizational law | |
Ifesinachi | The Rentier State, Global Liberalism and Citizenship in Nigeria | |
Bieri et al. | Subsidiarity and Swiss Security Policy | |
Hu et al. | Blockchain-Based Solution to Improve the Transparency of Urban Governance Informationization | |
Kamphuis | The Convergence of Public and Corporate Power in Peru: Yanacocha Mine, Campesion Dispossession, Privatized Coercion |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161214 |