CN106230818A - A kind of resource authorization method of information management system - Google Patents

A kind of resource authorization method of information management system Download PDF

Info

Publication number
CN106230818A
CN106230818A CN201610618190.2A CN201610618190A CN106230818A CN 106230818 A CN106230818 A CN 106230818A CN 201610618190 A CN201610618190 A CN 201610618190A CN 106230818 A CN106230818 A CN 106230818A
Authority
CN
China
Prior art keywords
user
management system
role
information management
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610618190.2A
Other languages
Chinese (zh)
Inventor
张家重
陈志明
王玉奎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tide (suzhou) Financial Technology Service Co Ltd
Original Assignee
Tide (suzhou) Financial Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tide (suzhou) Financial Technology Service Co Ltd filed Critical Tide (suzhou) Financial Technology Service Co Ltd
Priority to CN201610618190.2A priority Critical patent/CN106230818A/en
Publication of CN106230818A publication Critical patent/CN106230818A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of resource authorization method of information management system, it realizes process and is: initially sets up new role doing and distributes;Set up a management module, add authority for newly-built role;A newly-built account, is used for gathering user profile, one or more roles is assigned to this user simultaneously;User login information management system, information management system obtains authority set and the resource collection of access of user according to user and role, and authorized user logs in.The resource authorization method of this kind of information management system compared with prior art, solves to be widely used, because of information system, the problem brought in terms of information security;Guaranteeing that information resources are not illegally used, validated user is able to access that allocated resource;Validated user Resources allocation, conduct interviews restriction to specific resources.Distinguish authorized user's access with unauthorized user etc. these systems and problem of data safety, practical, applied widely, it is easy to promote.

Description

A kind of resource authorization method of information management system
Technical field
The present invention relates to technical field of the computer network, a kind of practical, money of information management system Source authorization method.
Background technology
Extensively application and informationalized fast development along with Internet technology.Conventional management models in enterprise by The information system gradually modernized replaces.ERP, CRM, OA etc. are the Typical Representatives of numerous information system management mode.And information Being widely used of system also brings the problem in terms of information security to user.How to guarantee that information resources are not illegally used, Validated user is able to access that allocated resource.How to legal user resource allocation, conduct interviews restriction to specific resources.Why Distinguish authorized user's access with unauthorized user etc. these systems and problem of data safety is also information management system institute To be solved.
Between the technology that information system realizes, exploitation scale, the consideration of the aspect such as design.User is provided by each information system The mode that source accesses is not quite similar.The problem brought mainly have each system will overlapping development, waste resource.Can only meet The system requirements of oneself, it is impossible to general.Technology barriers, do not reach requirement.
Based on this, now provide a kind of resource authorization method of information management system.
Summary of the invention
The technical assignment of the present invention is for above weak point, it is provided that a kind of practical, money of information management system Source authorization method.
A kind of resource authorization method of information management system, the process that realizes of the method is:
Initially set up new role doing to distribute;
Set up a management module, add authority for newly-built role;
A newly-built account, is used for gathering user profile, one or more roles is assigned to this user simultaneously;
User login information management system, information management system obtains the authority set of user and access according to user and role Resource collection, authorized user logs in.
Described role refers to the set of authority, the unit of authority distribution and carrier;For user-isolated and resource, it it is coarse grain Degree and fine-grained interface, coarseness is class rank, the most only considers the classification of object, does not consider certain particular instance of object, Fine granularity represents example or data level, the most concrete object instance or object properties;Role can comprise user, it is also possible to comprises Realize the role of permission inheritance.
In described management module, for the difference in functionality of this management module, it is respectively allocated an ID;This management module simultaneously Functional identity is added in the authority that newly-built role has, and is saved in persistent layer;If the authority set of newly-built role comprises In existing role-security set, then directly inherit existing role and add new authority set in newly-built role;To needs The user of application temporary authority, adds this authority to role and uses the time to this authority setting.
In described New Account, user can check that when signing in in system the operation of its resource accessed and execution is moved Make, and synchronization user can only be with a kind of identity logs system.
When user login information management system, the concrete licensing process that logs in of this information management system is:
First user basic information and log-on message are gathered;
Then storage system needs authorize all system resources accessed;
Can obtain, by inheriting, all permissions collection that parent object is had for role and user resource allocation authority, role and user Close;Role and user can map multiple access resource, and a resource can also be assigned to multiple role and user.
The user basic information and the log-on message that gather include accounts information, finger print information and logging device information.
The mandate of information management system includes forward mandate and negative sense mandate, and wherein forward mandate refers to when user does not appoint During what authority, information management system authorizes authority as required;Negative sense mandate refers to when user has all permissions, information management System will specify special access right to regain.
When interim use resource, information management system is that unauthorized user provides temporary Authorization, uses in licensing term Family can use this resource, and licensing term reclaims use authority the most automatically.
The resource authorization method of a kind of information management system of the present invention, has the advantage that
The resource authorization method of a kind of information management system of this invention, solves to be widely used, because of information system, the information of bringing The problem of secure context;Guaranteeing that information resources are not illegally used, validated user is able to access that allocated resource;Validated user Resources allocation, conduct interviews restriction to specific resources.The access distinguishing authorized user and unauthorized user etc. these systems and Problem of data safety, practical, applied widely, it is easy to promote.
Detailed description of the invention
Below in conjunction with specific embodiment, the invention will be further described.
The present invention provides a kind of resource authorization method of information management system, and the explanation of nouns related in the method is such as Under:
Coarseness: class rank, the most only considers the classification of object, and do not consider object touches a particular instance.
Fine granularity: represent example or data level, the most concrete object instance or object properties.
User: the user of resource.User can not be with authority direct correlation, and user wants to have the right to use of certain resource Association must be gone by Role.
Role: the set of authority, the unit of authority distribution and carrier.For user-isolated and resource, it is that coarseness is with thin The interface of granularity.Role can comprise user, it is also possible to comprises role's (realizing the succession of authority).
Resource: be accessed for object.Can be reference address, operational order or data message.Resource can contain with reserved packet Oneself, a resource can specify authority relevant to several.
Authorize: carry out authorizing information (forward authorizes negative sense mandate) for validated user.Mandate is to be bundled in concrete money On source instance.The issue authority of such as news.
User's group: the unit of authority distribution and carrier.Group can comprise user, it is also possible to comprises group and (realizes continuing of authority Hold).The authority of user's succession group in group.
Forward mandate: assuming that main body does not has any authority, authorize authority the most as required.
Negative sense mandate: assuming that main body has all permissions, then regains some special access right.
The process that realizes of the method is:
Initially set up new role doing to distribute;
Set up a management module, add authority for newly-built role;
A newly-built account, is used for gathering user profile, one or more roles is assigned to this user simultaneously;
User login information management system, information management system obtains the authority set of user and access according to user and role Resource collection, authorized user logs in.
There is not direct access relation in user and resource, user wants to have the use authority of certain resource and must pass through Role or user's group go association.User is comprised in role or user's group.Role can inherit role, and user's group can also continue Hold user's group.
In described management module, for the difference in functionality of this management module, it is respectively allocated an ID;This management module simultaneously Functional identity is added in the authority that newly-built role has, and is saved in persistent layer;If the authority set of newly-built role comprises In existing role-security set, then directly inherit existing role and add new authority set in newly-built role;To needs The user of application temporary authority, adds this authority to role and uses the time to this authority setting.
In described New Account, user can check that when signing in in system the operation of its resource accessed and execution is moved Make, and synchronization user can only be with a kind of identity logs system.
When user login information management system, the concrete licensing process that logs in of this information management system is:
First user basic information and log-on message are gathered;
Then storage system needs authorize all system resources accessed;
Can obtain, by inheriting, all permissions collection that parent object is had for role and user resource allocation authority, role and user Close;Role and user can map multiple access resource, and a resource can also be assigned to multiple role and user.
The user basic information and the log-on message that gather include accounts information, finger print information and logging device information.
The mandate of information management system includes forward mandate and negative sense mandate, and wherein forward mandate refers to when user does not appoint During what authority, information management system authorizes authority as required;Negative sense mandate refers to when user has all permissions, information management System will specify special access right to regain.
When interim use resource, information management system is that unauthorized user provides temporary Authorization, uses in licensing term Family can use this resource, and licensing term reclaims use authority the most automatically.
Above-mentioned detailed description of the invention is only the concrete case of the present invention, and the scope of patent protection of the present invention includes but not limited to Above-mentioned detailed description of the invention, claims of the resource authorization method of any a kind of information management system meeting the present invention And any person of an ordinary skill in the technical field suitably change that it is done or replace, all should fall into the patent of the present invention Protection domain.

Claims (8)

1. the resource authorization method of an information management system, it is characterised in that the process that realizes of the method is:
Initially set up new role doing to distribute;
Set up a management module, add authority for newly-built role;
A newly-built account, is used for gathering user profile, one or more roles is assigned to this user simultaneously;
User login information management system, information management system obtains the authority set of user and access according to user and role Resource collection, authorized user logs in.
The resource authorization method of a kind of information management system the most according to claim 1, it is characterised in that described role is Refer to the set of authority, the unit of authority distribution and carrier;For user-isolated and resource, it is coarseness and fine-grained interface, Coarseness is class rank, the most only considers the classification of object, does not consider certain particular instance of object, and fine granularity represents example or number According to level, the most concrete object instance or object properties;Role can comprise user, it is also possible to comprises the angle realizing permission inheritance Color.
The resource authorization method of a kind of information management system the most according to claim 1, it is characterised in that described management mould In block, for the difference in functionality of this management module, it is respectively allocated an ID;This management module is added functional identity to newly-built simultaneously In the authority that role has, and it is saved in persistent layer;If the authority set of newly-built role is included in existing role-security set In, then directly inherit existing role and add new authority set in newly-built role;To needing to apply for the user of temporary authority, Add this authority to role and use the time to this authority setting.
The resource authorization method of a kind of information management system the most according to claim 1, it is characterised in that described newly-built account In family, user can check its resource accessed and the operational motion of execution, and synchronization user when signing in in system Can only be with a kind of identity logs system.
The resource authorization method of a kind of information management system the most according to claim 1, it is characterised in that when user logs in During information management system, the concrete licensing process that logs in of this information management system is:
First user basic information and log-on message are gathered;
Then storage system needs authorize all system resources accessed;
Can obtain, by inheriting, all permissions collection that parent object is had for role and user resource allocation authority, role and user Close;Role and user can map multiple access resource, and a resource can also be assigned to multiple role and user.
The resource authorization method of a kind of information management system the most according to claim 5, it is characterised in that the user of collection Essential information and log-on message include accounts information, finger print information and logging device information.
The resource authorization method of a kind of information management system the most according to claim 5, it is characterised in that information management system The mandate of system includes forward mandate and negative sense mandate, and wherein forward mandate refers to when user does not has any authority, information management System authorizes authority as required;Negative sense mandate refers to when user has all permissions, and information management system will specify special power Accept within limits back.
The resource authorization method of a kind of information management system the most according to claim 5, it is characterised in that use when interim During resource, information management system is that unauthorized user provides temporary Authorization, and in licensing term, user can use this resource, awards The power time limit reclaims use authority the most automatically.
CN201610618190.2A 2016-08-01 2016-08-01 A kind of resource authorization method of information management system Pending CN106230818A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610618190.2A CN106230818A (en) 2016-08-01 2016-08-01 A kind of resource authorization method of information management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610618190.2A CN106230818A (en) 2016-08-01 2016-08-01 A kind of resource authorization method of information management system

Publications (1)

Publication Number Publication Date
CN106230818A true CN106230818A (en) 2016-12-14

Family

ID=57535721

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610618190.2A Pending CN106230818A (en) 2016-08-01 2016-08-01 A kind of resource authorization method of information management system

Country Status (1)

Country Link
CN (1) CN106230818A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108183894A (en) * 2017-12-26 2018-06-19 深圳市海恒智能科技有限公司 The right management method and device of book self-help equipment
CN108846634A (en) * 2018-05-30 2018-11-20 北京尚易德科技有限公司 A kind of case automatic authorization method and system
CN109040123A (en) * 2018-09-14 2018-12-18 南京理工技术转移中心有限公司 A kind of user's operation supervisory systems
CN109120722A (en) * 2018-10-24 2019-01-01 北京计算机技术及应用研究所 A kind of access control method based on reverse proxy mode
CN109202899A (en) * 2018-08-07 2019-01-15 北京云迹科技有限公司 Permission processing method and processing device for robot
CN110245499A (en) * 2019-05-08 2019-09-17 深圳丝路天地电子商务有限公司 Web application rights management method and system
CN111783076A (en) * 2020-08-05 2020-10-16 绵阳市智慧城市产业发展有限责任公司 Multi-scenario normalization processing model for construction, right establishment, authorization and verification of authority resources
CN112131585A (en) * 2020-09-03 2020-12-25 苏州浪潮智能科技有限公司 Method, system, equipment and medium for temporary authorization based on RBAC
CN112346624A (en) * 2020-11-09 2021-02-09 福建天晴在线互动科技有限公司 Method and system for realizing menu authority of background management system
CN112637214A (en) * 2020-12-24 2021-04-09 北京金山云网络技术有限公司 Resource access method and device and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773413A (en) * 2004-11-10 2006-05-17 中国人民解放军国防科学技术大学 Character constant weight method
US20060218394A1 (en) * 2005-03-28 2006-09-28 Yang Dung C Organizational role-based controlled access management system
CN101478536A (en) * 2008-12-08 2009-07-08 山东浪潮齐鲁软件产业股份有限公司 Method for solving access control in authority management
CN101902402A (en) * 2010-07-21 2010-12-01 中兴通讯股份有限公司 Method for managing user right and device thereof
CN102664888A (en) * 2012-04-19 2012-09-12 中国科学院软件研究所 Trust-based access control method and system thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773413A (en) * 2004-11-10 2006-05-17 中国人民解放军国防科学技术大学 Character constant weight method
US20060218394A1 (en) * 2005-03-28 2006-09-28 Yang Dung C Organizational role-based controlled access management system
CN101478536A (en) * 2008-12-08 2009-07-08 山东浪潮齐鲁软件产业股份有限公司 Method for solving access control in authority management
CN101902402A (en) * 2010-07-21 2010-12-01 中兴通讯股份有限公司 Method for managing user right and device thereof
CN102664888A (en) * 2012-04-19 2012-09-12 中国科学院软件研究所 Trust-based access control method and system thereof

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108183894A (en) * 2017-12-26 2018-06-19 深圳市海恒智能科技有限公司 The right management method and device of book self-help equipment
CN108846634A (en) * 2018-05-30 2018-11-20 北京尚易德科技有限公司 A kind of case automatic authorization method and system
CN109202899A (en) * 2018-08-07 2019-01-15 北京云迹科技有限公司 Permission processing method and processing device for robot
CN109040123A (en) * 2018-09-14 2018-12-18 南京理工技术转移中心有限公司 A kind of user's operation supervisory systems
CN109120722B (en) * 2018-10-24 2021-12-07 北京计算机技术及应用研究所 Access control method based on reverse proxy mode
CN109120722A (en) * 2018-10-24 2019-01-01 北京计算机技术及应用研究所 A kind of access control method based on reverse proxy mode
CN110245499A (en) * 2019-05-08 2019-09-17 深圳丝路天地电子商务有限公司 Web application rights management method and system
CN111783076A (en) * 2020-08-05 2020-10-16 绵阳市智慧城市产业发展有限责任公司 Multi-scenario normalization processing model for construction, right establishment, authorization and verification of authority resources
CN112131585A (en) * 2020-09-03 2020-12-25 苏州浪潮智能科技有限公司 Method, system, equipment and medium for temporary authorization based on RBAC
CN112131585B (en) * 2020-09-03 2023-01-06 苏州浪潮智能科技有限公司 Method, system, equipment and medium for temporary authorization based on RBAC
CN112346624A (en) * 2020-11-09 2021-02-09 福建天晴在线互动科技有限公司 Method and system for realizing menu authority of background management system
CN112346624B (en) * 2020-11-09 2022-04-01 福建天晴在线互动科技有限公司 Method and system for realizing menu authority of background management system
CN112637214A (en) * 2020-12-24 2021-04-09 北京金山云网络技术有限公司 Resource access method and device and electronic equipment
CN112637214B (en) * 2020-12-24 2023-04-07 北京金山云网络技术有限公司 Resource access method and device and electronic equipment

Similar Documents

Publication Publication Date Title
CN106230818A (en) A kind of resource authorization method of information management system
WO2019052496A1 (en) Account authentication method for cloud storage, and server
CN109981552B (en) Authority distribution method and device
US9799003B2 (en) Context-dependent transactional management for separation of duties
US6678682B1 (en) Method, system, and software for enterprise access management control
WO2008087085A2 (en) Administering access permissions for computer resources
US7895664B2 (en) Determination of access checks in a mixed role based access control and discretionary access control environment
CN109766708B (en) Data resource access method, system, computer system and storage medium
JP2009539183A5 (en)
CN103605916A (en) RBAC (Role-Based policies Access Control) accessing control model based on organization
CN106446638A (en) Cloud computing operation system security access method and device
CN103460216A (en) Software licence control
US20040088563A1 (en) Computer access authorization
WO2016026320A1 (en) Access control method and apparatus
CN106101074A (en) A kind of sacurity dispatching method based on user's classification towards big data platform
CN106230865A (en) A kind of secure access monitoring method, system and big data platform
CN111062028A (en) Authority management method and device, storage medium and electronic equipment
Xu et al. A Feasible Fuzzy‐Extended Attribute‐Based Access Control Technique
WO2016014079A1 (en) Constraining authorization tokens via filtering
CN1633085A (en) An access control method based on non-grade inter-role mapping
WO2017114210A1 (en) Apparatus and method for security control of data processing system
Washizaki et al. Taxonomy and literature survey of security pattern research
CN106599718A (en) Control method and device for information access permission
KR20070076342A (en) User Group Role / Permission Management System and Access Control Methods in a Grid Environment
CN107124429B (en) Network service safety protection method and system based on double data table design

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Wusong Industrial Park, Wuzhong Development District of Suzhou City, Jiangsu province 215100 Wusong Road No. 818

Applicant after: Tide Financial Information Technology Co Ltd

Address before: Wuzhong Economic Development Zone in Suzhou City, Jiangsu Province, the River Street 215104 tower rhyme Road No. 178 Building 2 layer 1

Applicant before: Tide (Suzhou) Financial Technology Service Co., Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20161214