CN106230818A - A kind of resource authorization method of information management system - Google Patents
A kind of resource authorization method of information management system Download PDFInfo
- Publication number
- CN106230818A CN106230818A CN201610618190.2A CN201610618190A CN106230818A CN 106230818 A CN106230818 A CN 106230818A CN 201610618190 A CN201610618190 A CN 201610618190A CN 106230818 A CN106230818 A CN 106230818A
- Authority
- CN
- China
- Prior art keywords
- user
- management system
- role
- information management
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of resource authorization method of information management system, it realizes process and is: initially sets up new role doing and distributes;Set up a management module, add authority for newly-built role;A newly-built account, is used for gathering user profile, one or more roles is assigned to this user simultaneously;User login information management system, information management system obtains authority set and the resource collection of access of user according to user and role, and authorized user logs in.The resource authorization method of this kind of information management system compared with prior art, solves to be widely used, because of information system, the problem brought in terms of information security;Guaranteeing that information resources are not illegally used, validated user is able to access that allocated resource;Validated user Resources allocation, conduct interviews restriction to specific resources.Distinguish authorized user's access with unauthorized user etc. these systems and problem of data safety, practical, applied widely, it is easy to promote.
Description
Technical field
The present invention relates to technical field of the computer network, a kind of practical, money of information management system
Source authorization method.
Background technology
Extensively application and informationalized fast development along with Internet technology.Conventional management models in enterprise by
The information system gradually modernized replaces.ERP, CRM, OA etc. are the Typical Representatives of numerous information system management mode.And information
Being widely used of system also brings the problem in terms of information security to user.How to guarantee that information resources are not illegally used,
Validated user is able to access that allocated resource.How to legal user resource allocation, conduct interviews restriction to specific resources.Why
Distinguish authorized user's access with unauthorized user etc. these systems and problem of data safety is also information management system institute
To be solved.
Between the technology that information system realizes, exploitation scale, the consideration of the aspect such as design.User is provided by each information system
The mode that source accesses is not quite similar.The problem brought mainly have each system will overlapping development, waste resource.Can only meet
The system requirements of oneself, it is impossible to general.Technology barriers, do not reach requirement.
Based on this, now provide a kind of resource authorization method of information management system.
Summary of the invention
The technical assignment of the present invention is for above weak point, it is provided that a kind of practical, money of information management system
Source authorization method.
A kind of resource authorization method of information management system, the process that realizes of the method is:
Initially set up new role doing to distribute;
Set up a management module, add authority for newly-built role;
A newly-built account, is used for gathering user profile, one or more roles is assigned to this user simultaneously;
User login information management system, information management system obtains the authority set of user and access according to user and role
Resource collection, authorized user logs in.
Described role refers to the set of authority, the unit of authority distribution and carrier;For user-isolated and resource, it it is coarse grain
Degree and fine-grained interface, coarseness is class rank, the most only considers the classification of object, does not consider certain particular instance of object,
Fine granularity represents example or data level, the most concrete object instance or object properties;Role can comprise user, it is also possible to comprises
Realize the role of permission inheritance.
In described management module, for the difference in functionality of this management module, it is respectively allocated an ID;This management module simultaneously
Functional identity is added in the authority that newly-built role has, and is saved in persistent layer;If the authority set of newly-built role comprises
In existing role-security set, then directly inherit existing role and add new authority set in newly-built role;To needs
The user of application temporary authority, adds this authority to role and uses the time to this authority setting.
In described New Account, user can check that when signing in in system the operation of its resource accessed and execution is moved
Make, and synchronization user can only be with a kind of identity logs system.
When user login information management system, the concrete licensing process that logs in of this information management system is:
First user basic information and log-on message are gathered;
Then storage system needs authorize all system resources accessed;
Can obtain, by inheriting, all permissions collection that parent object is had for role and user resource allocation authority, role and user
Close;Role and user can map multiple access resource, and a resource can also be assigned to multiple role and user.
The user basic information and the log-on message that gather include accounts information, finger print information and logging device information.
The mandate of information management system includes forward mandate and negative sense mandate, and wherein forward mandate refers to when user does not appoint
During what authority, information management system authorizes authority as required;Negative sense mandate refers to when user has all permissions, information management
System will specify special access right to regain.
When interim use resource, information management system is that unauthorized user provides temporary Authorization, uses in licensing term
Family can use this resource, and licensing term reclaims use authority the most automatically.
The resource authorization method of a kind of information management system of the present invention, has the advantage that
The resource authorization method of a kind of information management system of this invention, solves to be widely used, because of information system, the information of bringing
The problem of secure context;Guaranteeing that information resources are not illegally used, validated user is able to access that allocated resource;Validated user
Resources allocation, conduct interviews restriction to specific resources.The access distinguishing authorized user and unauthorized user etc. these systems and
Problem of data safety, practical, applied widely, it is easy to promote.
Detailed description of the invention
Below in conjunction with specific embodiment, the invention will be further described.
The present invention provides a kind of resource authorization method of information management system, and the explanation of nouns related in the method is such as
Under:
Coarseness: class rank, the most only considers the classification of object, and do not consider object touches a particular instance.
Fine granularity: represent example or data level, the most concrete object instance or object properties.
User: the user of resource.User can not be with authority direct correlation, and user wants to have the right to use of certain resource
Association must be gone by Role.
Role: the set of authority, the unit of authority distribution and carrier.For user-isolated and resource, it is that coarseness is with thin
The interface of granularity.Role can comprise user, it is also possible to comprises role's (realizing the succession of authority).
Resource: be accessed for object.Can be reference address, operational order or data message.Resource can contain with reserved packet
Oneself, a resource can specify authority relevant to several.
Authorize: carry out authorizing information (forward authorizes negative sense mandate) for validated user.Mandate is to be bundled in concrete money
On source instance.The issue authority of such as news.
User's group: the unit of authority distribution and carrier.Group can comprise user, it is also possible to comprises group and (realizes continuing of authority
Hold).The authority of user's succession group in group.
Forward mandate: assuming that main body does not has any authority, authorize authority the most as required.
Negative sense mandate: assuming that main body has all permissions, then regains some special access right.
The process that realizes of the method is:
Initially set up new role doing to distribute;
Set up a management module, add authority for newly-built role;
A newly-built account, is used for gathering user profile, one or more roles is assigned to this user simultaneously;
User login information management system, information management system obtains the authority set of user and access according to user and role
Resource collection, authorized user logs in.
There is not direct access relation in user and resource, user wants to have the use authority of certain resource and must pass through
Role or user's group go association.User is comprised in role or user's group.Role can inherit role, and user's group can also continue
Hold user's group.
In described management module, for the difference in functionality of this management module, it is respectively allocated an ID;This management module simultaneously
Functional identity is added in the authority that newly-built role has, and is saved in persistent layer;If the authority set of newly-built role comprises
In existing role-security set, then directly inherit existing role and add new authority set in newly-built role;To needs
The user of application temporary authority, adds this authority to role and uses the time to this authority setting.
In described New Account, user can check that when signing in in system the operation of its resource accessed and execution is moved
Make, and synchronization user can only be with a kind of identity logs system.
When user login information management system, the concrete licensing process that logs in of this information management system is:
First user basic information and log-on message are gathered;
Then storage system needs authorize all system resources accessed;
Can obtain, by inheriting, all permissions collection that parent object is had for role and user resource allocation authority, role and user
Close;Role and user can map multiple access resource, and a resource can also be assigned to multiple role and user.
The user basic information and the log-on message that gather include accounts information, finger print information and logging device information.
The mandate of information management system includes forward mandate and negative sense mandate, and wherein forward mandate refers to when user does not appoint
During what authority, information management system authorizes authority as required;Negative sense mandate refers to when user has all permissions, information management
System will specify special access right to regain.
When interim use resource, information management system is that unauthorized user provides temporary Authorization, uses in licensing term
Family can use this resource, and licensing term reclaims use authority the most automatically.
Above-mentioned detailed description of the invention is only the concrete case of the present invention, and the scope of patent protection of the present invention includes but not limited to
Above-mentioned detailed description of the invention, claims of the resource authorization method of any a kind of information management system meeting the present invention
And any person of an ordinary skill in the technical field suitably change that it is done or replace, all should fall into the patent of the present invention
Protection domain.
Claims (8)
1. the resource authorization method of an information management system, it is characterised in that the process that realizes of the method is:
Initially set up new role doing to distribute;
Set up a management module, add authority for newly-built role;
A newly-built account, is used for gathering user profile, one or more roles is assigned to this user simultaneously;
User login information management system, information management system obtains the authority set of user and access according to user and role
Resource collection, authorized user logs in.
The resource authorization method of a kind of information management system the most according to claim 1, it is characterised in that described role is
Refer to the set of authority, the unit of authority distribution and carrier;For user-isolated and resource, it is coarseness and fine-grained interface,
Coarseness is class rank, the most only considers the classification of object, does not consider certain particular instance of object, and fine granularity represents example or number
According to level, the most concrete object instance or object properties;Role can comprise user, it is also possible to comprises the angle realizing permission inheritance
Color.
The resource authorization method of a kind of information management system the most according to claim 1, it is characterised in that described management mould
In block, for the difference in functionality of this management module, it is respectively allocated an ID;This management module is added functional identity to newly-built simultaneously
In the authority that role has, and it is saved in persistent layer;If the authority set of newly-built role is included in existing role-security set
In, then directly inherit existing role and add new authority set in newly-built role;To needing to apply for the user of temporary authority,
Add this authority to role and use the time to this authority setting.
The resource authorization method of a kind of information management system the most according to claim 1, it is characterised in that described newly-built account
In family, user can check its resource accessed and the operational motion of execution, and synchronization user when signing in in system
Can only be with a kind of identity logs system.
The resource authorization method of a kind of information management system the most according to claim 1, it is characterised in that when user logs in
During information management system, the concrete licensing process that logs in of this information management system is:
First user basic information and log-on message are gathered;
Then storage system needs authorize all system resources accessed;
Can obtain, by inheriting, all permissions collection that parent object is had for role and user resource allocation authority, role and user
Close;Role and user can map multiple access resource, and a resource can also be assigned to multiple role and user.
The resource authorization method of a kind of information management system the most according to claim 5, it is characterised in that the user of collection
Essential information and log-on message include accounts information, finger print information and logging device information.
The resource authorization method of a kind of information management system the most according to claim 5, it is characterised in that information management system
The mandate of system includes forward mandate and negative sense mandate, and wherein forward mandate refers to when user does not has any authority, information management
System authorizes authority as required;Negative sense mandate refers to when user has all permissions, and information management system will specify special power
Accept within limits back.
The resource authorization method of a kind of information management system the most according to claim 5, it is characterised in that use when interim
During resource, information management system is that unauthorized user provides temporary Authorization, and in licensing term, user can use this resource, awards
The power time limit reclaims use authority the most automatically.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610618190.2A CN106230818A (en) | 2016-08-01 | 2016-08-01 | A kind of resource authorization method of information management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610618190.2A CN106230818A (en) | 2016-08-01 | 2016-08-01 | A kind of resource authorization method of information management system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106230818A true CN106230818A (en) | 2016-12-14 |
Family
ID=57535721
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610618190.2A Pending CN106230818A (en) | 2016-08-01 | 2016-08-01 | A kind of resource authorization method of information management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106230818A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108183894A (en) * | 2017-12-26 | 2018-06-19 | 深圳市海恒智能科技有限公司 | The right management method and device of book self-help equipment |
CN108846634A (en) * | 2018-05-30 | 2018-11-20 | 北京尚易德科技有限公司 | A kind of case automatic authorization method and system |
CN109040123A (en) * | 2018-09-14 | 2018-12-18 | 南京理工技术转移中心有限公司 | A kind of user's operation supervisory systems |
CN109120722A (en) * | 2018-10-24 | 2019-01-01 | 北京计算机技术及应用研究所 | A kind of access control method based on reverse proxy mode |
CN109202899A (en) * | 2018-08-07 | 2019-01-15 | 北京云迹科技有限公司 | Permission processing method and processing device for robot |
CN110245499A (en) * | 2019-05-08 | 2019-09-17 | 深圳丝路天地电子商务有限公司 | Web application rights management method and system |
CN111783076A (en) * | 2020-08-05 | 2020-10-16 | 绵阳市智慧城市产业发展有限责任公司 | Multi-scenario normalization processing model for construction, right establishment, authorization and verification of authority resources |
CN112131585A (en) * | 2020-09-03 | 2020-12-25 | 苏州浪潮智能科技有限公司 | Method, system, equipment and medium for temporary authorization based on RBAC |
CN112346624A (en) * | 2020-11-09 | 2021-02-09 | 福建天晴在线互动科技有限公司 | Method and system for realizing menu authority of background management system |
CN112637214A (en) * | 2020-12-24 | 2021-04-09 | 北京金山云网络技术有限公司 | Resource access method and device and electronic equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1773413A (en) * | 2004-11-10 | 2006-05-17 | 中国人民解放军国防科学技术大学 | Character constant weight method |
US20060218394A1 (en) * | 2005-03-28 | 2006-09-28 | Yang Dung C | Organizational role-based controlled access management system |
CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
CN102664888A (en) * | 2012-04-19 | 2012-09-12 | 中国科学院软件研究所 | Trust-based access control method and system thereof |
-
2016
- 2016-08-01 CN CN201610618190.2A patent/CN106230818A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1773413A (en) * | 2004-11-10 | 2006-05-17 | 中国人民解放军国防科学技术大学 | Character constant weight method |
US20060218394A1 (en) * | 2005-03-28 | 2006-09-28 | Yang Dung C | Organizational role-based controlled access management system |
CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
CN102664888A (en) * | 2012-04-19 | 2012-09-12 | 中国科学院软件研究所 | Trust-based access control method and system thereof |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108183894A (en) * | 2017-12-26 | 2018-06-19 | 深圳市海恒智能科技有限公司 | The right management method and device of book self-help equipment |
CN108846634A (en) * | 2018-05-30 | 2018-11-20 | 北京尚易德科技有限公司 | A kind of case automatic authorization method and system |
CN109202899A (en) * | 2018-08-07 | 2019-01-15 | 北京云迹科技有限公司 | Permission processing method and processing device for robot |
CN109040123A (en) * | 2018-09-14 | 2018-12-18 | 南京理工技术转移中心有限公司 | A kind of user's operation supervisory systems |
CN109120722B (en) * | 2018-10-24 | 2021-12-07 | 北京计算机技术及应用研究所 | Access control method based on reverse proxy mode |
CN109120722A (en) * | 2018-10-24 | 2019-01-01 | 北京计算机技术及应用研究所 | A kind of access control method based on reverse proxy mode |
CN110245499A (en) * | 2019-05-08 | 2019-09-17 | 深圳丝路天地电子商务有限公司 | Web application rights management method and system |
CN111783076A (en) * | 2020-08-05 | 2020-10-16 | 绵阳市智慧城市产业发展有限责任公司 | Multi-scenario normalization processing model for construction, right establishment, authorization and verification of authority resources |
CN112131585A (en) * | 2020-09-03 | 2020-12-25 | 苏州浪潮智能科技有限公司 | Method, system, equipment and medium for temporary authorization based on RBAC |
CN112131585B (en) * | 2020-09-03 | 2023-01-06 | 苏州浪潮智能科技有限公司 | Method, system, equipment and medium for temporary authorization based on RBAC |
CN112346624A (en) * | 2020-11-09 | 2021-02-09 | 福建天晴在线互动科技有限公司 | Method and system for realizing menu authority of background management system |
CN112346624B (en) * | 2020-11-09 | 2022-04-01 | 福建天晴在线互动科技有限公司 | Method and system for realizing menu authority of background management system |
CN112637214A (en) * | 2020-12-24 | 2021-04-09 | 北京金山云网络技术有限公司 | Resource access method and device and electronic equipment |
CN112637214B (en) * | 2020-12-24 | 2023-04-07 | 北京金山云网络技术有限公司 | Resource access method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106230818A (en) | A kind of resource authorization method of information management system | |
WO2019052496A1 (en) | Account authentication method for cloud storage, and server | |
CN109981552B (en) | Authority distribution method and device | |
US9799003B2 (en) | Context-dependent transactional management for separation of duties | |
US6678682B1 (en) | Method, system, and software for enterprise access management control | |
WO2008087085A2 (en) | Administering access permissions for computer resources | |
US7895664B2 (en) | Determination of access checks in a mixed role based access control and discretionary access control environment | |
CN109766708B (en) | Data resource access method, system, computer system and storage medium | |
JP2009539183A5 (en) | ||
CN103605916A (en) | RBAC (Role-Based policies Access Control) accessing control model based on organization | |
CN106446638A (en) | Cloud computing operation system security access method and device | |
CN103460216A (en) | Software licence control | |
US20040088563A1 (en) | Computer access authorization | |
WO2016026320A1 (en) | Access control method and apparatus | |
CN106101074A (en) | A kind of sacurity dispatching method based on user's classification towards big data platform | |
CN106230865A (en) | A kind of secure access monitoring method, system and big data platform | |
CN111062028A (en) | Authority management method and device, storage medium and electronic equipment | |
Xu et al. | A Feasible Fuzzy‐Extended Attribute‐Based Access Control Technique | |
WO2016014079A1 (en) | Constraining authorization tokens via filtering | |
CN1633085A (en) | An access control method based on non-grade inter-role mapping | |
WO2017114210A1 (en) | Apparatus and method for security control of data processing system | |
Washizaki et al. | Taxonomy and literature survey of security pattern research | |
CN106599718A (en) | Control method and device for information access permission | |
KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment | |
CN107124429B (en) | Network service safety protection method and system based on double data table design |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Wusong Industrial Park, Wuzhong Development District of Suzhou City, Jiangsu province 215100 Wusong Road No. 818 Applicant after: Tide Financial Information Technology Co Ltd Address before: Wuzhong Economic Development Zone in Suzhou City, Jiangsu Province, the River Street 215104 tower rhyme Road No. 178 Building 2 layer 1 Applicant before: Tide (Suzhou) Financial Technology Service Co., Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161214 |