CN106326692A - Method and device for operating authorization analysis of configurable management and control integration platform - Google Patents
Method and device for operating authorization analysis of configurable management and control integration platform Download PDFInfo
- Publication number
- CN106326692A CN106326692A CN201610997669.1A CN201610997669A CN106326692A CN 106326692 A CN106326692 A CN 106326692A CN 201610997669 A CN201610997669 A CN 201610997669A CN 106326692 A CN106326692 A CN 106326692A
- Authority
- CN
- China
- Prior art keywords
- self
- lock
- value
- title
- operating right
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000010354 integration Effects 0.000 title claims abstract description 22
- 238000004458 analytical method Methods 0.000 title claims abstract description 16
- 238000000034 method Methods 0.000 title claims abstract description 12
- 238000013475 authorization Methods 0.000 title abstract 8
- 230000008878 coupling Effects 0.000 claims description 2
- 238000010168 coupling process Methods 0.000 claims description 2
- 238000005859 coupling reaction Methods 0.000 claims description 2
- 230000008676 import Effects 0.000 claims description 2
- 230000006870 function Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004886 process control Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for operating authorization analysis of a configurable management and control integration platform. According to the method, a name of an operating authorization can be customized, and the use by users is facilitated. According to the method for operating authorization analysis of the configurable management and control integration platform, if no lock is used, a service object is only protected by a safety area; if a lock is added, the service object not only is protected by a safety area, but also is protected by the lock, and matching is performed according to key authorization and grade rules and lock authorizations and grade; each customized operating model is equivalent to an enumeration type, the customized operating model corresponds to an operating authorization, one operating model exemplifies a plurality of operating objects, and a value of each operating model is an enumeration type value. A device for operating authorization analysis of the configurable management and control integration platform is further provided.
Description
Technical field
The present invention relates to the technical field of configurable control integration platform, particularly relate to a kind of configurable control integration
The operating right analytic method of platform, and the operating right resolver of configurable control integration platform.
Background technology
Configuration software, the one of upper computer software.Configuration software≤upper computer software.Also known as configuration monitoring software service
Software.It is translated from English SCADA, i.e. Supervisory Control and Data Acquisition (data acquisition and supervision
Control).It refers to the special-purpose software of some data acquisitions and process control.They are in automaton supervisory layers one-level
Software platform and development environment, use configuration mode flexibly, provides the user rapid build industry automatic control assembly monitor
The software tool of level function, general.The application of configuration software is very wide, can apply to electric device, waterworks,
The data acquisition in the field such as oil, chemical industry and the numerous areas such as supervision control and process control.At electric device and electrically
Change on railway also known as telemechanical apparatus (RTU System, Remote Terminal Unit).
Configuration software is a concept sanctified by usage at home, and the clearest and the most definite definition, it can be understood as " configuration
Formula monitoring software "." configuration (Configure) " is meant that " configuration ", " setting ", " setting " etc. are looked like, and refers to that user passes through
The plain mode of similar " playing with building blocks " is to complete oneself required software function, without writing computer program, the most just
It is so-called " configuration ".It is sometimes referred to as " secondary development ", and configuration software can be described as " configurable control integration platform ".
" monitoring (Supervisory Control) ", i.e. " monitors and controls ", referring to by Computer signal automation equipment or mistake
Cheng Jinhang monitors, controls and manage.
In order to solve the problems referred to above, applicant proposed the safe space structure side of a kind of configurable control integration platform
Method and system.Wherein assembly has authority.Authority reads and writes two kinds of operations the most exactly, except inquiry and derivation belong to read operation,
Other are all the operations of write permission.
As a configuration platform, user configuration can be allowed to realize the safety management of oneself, certainly to build applicant
Key, lock, place of safety, rank, operation, unit, user, under this set system of time.
Concrete builds key and lock exactly, lock is added in business object, key is given on the person in unit, this
The key that sample people takes has been driven lock and has just been possessed the operating right to business object.
Such rights management has a following problem:
First, authority is limited.If user wants to go only to distinguish authority for function thinner in certain functional node
Can exploitation.
Secondly, granularity is the thinnest.Such as user is not desired to manage whole module, wants to manage certain module, and this can not realize.
And user may can manage module, can not manage the most again module authority for a moment, this does not configures yet.
Finally, wanting to realize can joining flexibly, authority content can be coarse to fine or authority granularity is changeable, and content can how may be used
Few, existing authority is if it is desired to reach this effect, and the key, the lock that finally configure out can be many, the most in use
The place of inconvenience will be there is.
Summary of the invention
For overcoming the defect of prior art, the technical problem to be solved in the present invention there is provided a kind of configurable control with management
Change the operating right analytic method of platform, its can the title of self-defining operation authority, be user-friendly to.
The technical scheme is that the operating right analytic method of this configurable control integration platform, if do not had
Having locking, business object is the most only protected by place of safety;If having added lock, business object is not only protected by place of safety, also to be locked
Protection, go to mate with authority, the rank of lock according to the authority of key, the rule of rank;Each self-defining operation model
Be equivalent to an enumeration type, the corresponding operating right of self-defining operation model, several behaviour of operation model instantiation
Making object, the value of each operation object is the value of enumeration type.
The present invention is equivalent to a value enumerated, an operating right Model instantiation by each operating right title
Several operate object such that it is able to the title of self-defining operation authority, are user-friendly to.
Additionally providing the operating right resolver of a kind of configurable control integration platform, this device includes: key and
Lock matching module, its configuration is the most only protected by place of safety without locking, business object;If having added lock, business object is not
Only protected by place of safety, the protection also locked, go to mate with authority, the rank of lock according to the authority of key, the rule of rank;
Enumeration module, each self-defining operation model is equivalent to an enumeration type, self-defining operation model by it
A corresponding operating right;
Instantiation module, its configuration is by several operation objects of an operation model instantiation, and each operation object is just
It it is the value of self-defined title enumeration type.
Accompanying drawing explanation
Fig. 1 show the schematic diagram of the configurable control integration platform according to the present invention.
Detailed description of the invention
The operating right analytic method of this configurable control integration platform, without locking, business object is the most only
Protected by place of safety;If having added lock, business object is not only protected by place of safety, the protection also locked, according to the power of key
Limit, the rule of rank go to mate with authority, the rank of lock;Each self-defining operation model is equivalent to an enumeration type,
The corresponding operating right of self-defining operation model, several operation objects of operation model instantiation, each operation object
Value be the value of enumeration type.
The present invention is equivalent to a value enumerated, an operating right Model instantiation by each operating right title
Several operate object such that it is able to the title of self-defining operation authority, are user-friendly to.
It addition, as it is shown in figure 1, a kind of unlocking method, the user with self-defined title key opens self-defined title industry
The condition of the lock of the self-defined title of business object is: the place of safety spatial dimension of self-defined title key and the industry of self-defined title
The comparing result 1 of business place of safety, object place spatial dimension, the enumerated value of the operating right that self-defined title key is corresponding and from
The comparing result 2 of the enumerated value of the operating right of the lock correspondence of the self-defined title of the business object of definition title, self-defining name
Claim the rank integer value that rank integer value corresponding to key is corresponding with the lock of the self-defined title of the business object of self-defined title
Comparing result 3, the when that comparing result 1, comparing result 2, comparing result 3 these three result being true, just can open and make by oneself
The lock of the self-defined title of the business object of justice title;User configured time, create self-defined title user, select to make by oneself
Justice title unit, takes self-defined title key, the title that these self-defined titles are all familiar with according to user oneself place industry
Define with call.
But allow user go to record this group numeral will bother very much, record the ip ground of each big website like allowing user go
Location is the same, but record domain name is just easy to many.
To this end, the present invention is user configured time, just goes to create manager user, select manager office, take manager
Key, title and call that these titles are all familiar with according to user oneself place industry define, it is not necessary to training, are known that certainly
Oneself this configuration what, what authority this has.
If not wanting to allow manager user have president's search access right, as long as the manipulation inquiry operation object in manager's key
Choose and cancel.
It addition, key enumeration type is: self-defined title key 1, value is 1;Self-defined title key 2, value is 2;Make by oneself
Justice title key n, being worth for n, n is the integer more than 2.
It addition, the item of enumerating of lock enumeration type is: self-defined title lock 1, value is 1;Self-defined title lock 2, value is 2;From
Definition title lock n, being worth for n, n is the integer more than 2;Lock enumeration type is by operating enumeration type and rank integer type is constituted.
It addition, the integer value of rank integer type is: self-defined title level object 1, value is 1;Self-defined title rank
Object 2, value is 2;Self-defined title level object n, being worth for n, n is the integer more than 2.
It addition, the corresponding one or more operation enumeration types of operating right, the item of enumerating of operation enumeration type is: from
Definition name operation object 1, value is 1;Self-defined name operation object 2, value is 2;Self-defined name operation object n, is worth for n, n
For the integer more than 2.
It addition, operating right includes: newly-built, delete, inquire about, revise, import, derive, querying attributes, amendment attribute, new
The person of building up, removing members, inquiry member, amendment member, query script, amendment script.Owing to read operation, write operation are the most straight
Seeing, so using the above operating right, when configuration, user uses the most directly perceived.
It will appreciated by the skilled person that all or part of step realizing in above-described embodiment method is permissible
Instructing relevant hardware by program to complete, described program can be stored in a computer read/write memory medium,
Upon execution, including each step of above-described embodiment method, and described storage medium may is that ROM/RAM, magnetic to this program
Dish, CD, storage card etc..Therefore, corresponding with the method for the present invention, the present invention includes a kind of configurable management and control one the most simultaneously
The operating right resolver of body platform, this device is generally with the form table of the corresponding functional module of step each with method
Show.Using the device of the method, this device includes:
Key and lock matching module, its configuration is the most only protected by place of safety without locking, business object;If added
Locking, business object is not only protected by place of safety, the protection also locked, according to the authority of key, the rule of rank and the power of lock
Limit, rank go coupling;
Enumeration module, each self-defining operation model is equivalent to an enumeration type, self-defining operation model by it
A corresponding operating right;
Instantiation module, its configuration is by several operation objects of an operation model instantiation, and each operation object is just
It it is the value of self-defined title enumeration type.
The above, be only presently preferred embodiments of the present invention, and the present invention not makees any pro forma restriction, every depends on
Any simple modification, equivalent variations and the modification made above example according to the technical spirit of the present invention, the most still belongs to the present invention
The protection domain of technical scheme.
Claims (8)
1. the operating right analytic method of a configurable control integration platform, it is characterised in that: without locking, business
Object is the most only protected by place of safety;If having added lock, business object is not only protected by place of safety, the protection also locked, according to
The authority of key, the rule of rank go to mate with authority, the rank of lock;Each self-defining operation model is equivalent to one piece
Lift type, the corresponding operating right of self-defining operation model, several operation objects of operation model instantiation, Mei Gecao
The value making object is the value of enumeration type.
The operating right analytic method of configurable control integration platform the most according to claim 1, it is characterised in that: one
Kind of unlocking method, has the bar of lock that the user of self-defined title key opens the self-defined title of self-defined title business object
Part is: the place of safety spatial dimension of self-defined title key and place of safety, the business object place spatial dimension of self-defined title
Comparing result 1, the enumerated value of the operating right that self-defined title key is corresponding and the business object of self-defined title self-defined
The comparing result 2 of the enumerated value of the operating right that the lock of title is corresponding, rank integer value that self-defined title key is corresponding and from
The integer-valued comparing result of rank 3 of the lock correspondence of the self-defined title of the business object of definition title, comparing result 1, contrast
As a result 2, comparing result 3 these three result is when be true, and just can open the self-defining name of the business object of self-defined title
The lock claimed;User configured time, create self-defined title user, select self-defined title unit, take self-defined title
Key, title and call that these self-defined titles are all familiar with according to user oneself place industry define.
The operating right analytic method of configurable control integration platform the most according to claim 2, it is characterised in that: key
Spoon enumeration type is: self-defined title key 1, value is 1;Self-defined title key 2, value is 2;Self-defined title key n, is worth and is
N, n are the integer more than 2.
The operating right analytic method of configurable control integration platform the most according to claim 3, it is characterised in that: lock
The item of enumerating of enumeration type is: self-defined title lock 1, value is 1;Self-defined title lock 2, value is 2;Self-defined title lock n, is worth and is
N, n are the integer more than 2;Lock enumeration type is by operating enumeration type and rank integer type is constituted.
The operating right analytic method of configurable control integration platform the most according to claim 4, it is characterised in that: level
The integer value of other integer type is: self-defined title level object 1, and value is 1;Self-defined title level object 2, value is 2;Make by oneself
Justice title level object n, being worth for n, n is the integer more than 2.
The operating right analytic method of configurable control integration platform the most according to claim 4, it is characterised in that: one
The corresponding one or more operation enumeration types of individual operating right, the item of enumerating of operation enumeration type is: self-defined name operation pair
As 1, value is 1;Self-defined name operation object 2, value is 2;Self-defined name operation object n, being worth for n, n is the integer more than 2.
The operating right analytic method of configurable control integration platform the most according to claim 6, it is characterised in that: behaviour
Include as authority: newly-built, delete, inquire about, revise, import, derive, querying attributes, amendment attribute, newly-built member, removing members,
Inquiry member, amendment member, query script, amendment script.
8. the operating right resolver of a configurable control integration platform, it is characterised in that: this device includes:
Key and lock matching module, its configuration is the most only protected by place of safety without locking, business object;If having added lock,
Business object is not only protected by place of safety, the protection also locked, according to the authority of key, the authority of rule and the lock of rank,
Rank goes coupling;
Enumeration module, each self-defining operation model is equivalent to an enumeration type, self-defining operation model correspondence by it
One operating right;
Instantiation module, its configuration is by several operation objects of an operation model instantiation, and each operation object is exactly certainly
The value of definition title enumeration type.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2016109275390 | 2016-10-24 | ||
| CN201610927539 | 2016-10-24 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106326692A true CN106326692A (en) | 2017-01-11 |
| CN106326692B CN106326692B (en) | 2018-07-06 |
Family
ID=57816837
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610997669.1A Active CN106326692B (en) | 2016-10-24 | 2016-11-11 | A kind of operating right analysis method and device of configurable control integration platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106326692B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN101587439A (en) * | 2009-06-24 | 2009-11-25 | 用友软件股份有限公司 | Service system, authority system and data authority control method for service system |
| CN104821897A (en) * | 2015-04-29 | 2015-08-05 | 国网上海市电力公司 | Authority management system used for transformer substation digital platform and application thereof |
| CN105335669A (en) * | 2015-11-24 | 2016-02-17 | 南京大全自动化科技有限公司 | Permission configuration method and system used for photovoltaic monitoring system |
-
2016
- 2016-11-11 CN CN201610997669.1A patent/CN106326692B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN101587439A (en) * | 2009-06-24 | 2009-11-25 | 用友软件股份有限公司 | Service system, authority system and data authority control method for service system |
| CN104821897A (en) * | 2015-04-29 | 2015-08-05 | 国网上海市电力公司 | Authority management system used for transformer substation digital platform and application thereof |
| CN105335669A (en) * | 2015-11-24 | 2016-02-17 | 南京大全自动化科技有限公司 | Permission configuration method and system used for photovoltaic monitoring system |
Non-Patent Citations (1)
| Title |
|---|
| 亚控公司: "《组态王6.53使用手册》", 31 December 2007 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106326692B (en) | 2018-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Joshi et al. | Digital government security infrastructure design challenges | |
| CN101401061B (en) | Cascading security architecture | |
| DE102017116311A1 (en) | AUTHENTICATION AND AUTHORIZATION TO CONTROL ACCESS TO PROCESS CONTROL DEVICES IN A PROCESS PLANT | |
| DE102017116139A1 (en) | Fleet management system for portable maintenance tools | |
| CN109643356B (en) | Method and system for preventing phishing or extorting software attacks | |
| DE60215196T2 (en) | DEVICE AND METHOD FOR CONTROLLING THE SPREAD OF DISCHARGE KEYS | |
| CN1321509C (en) | Universal safety audit strategies customing method based on mapping table | |
| Chudnovsky et al. | Induced subgraphs of graphs with large chromatic number. XII. Distant stars | |
| Vuorinen et al. | The order machine–The ontology of information security | |
| CN105023372A (en) | File management method | |
| WO2018108423A1 (en) | System and method for user authorization | |
| CN104734921A (en) | Authority processing method and device for network monitoring system | |
| CN116522197A (en) | Identity authentication and access control system based on security management | |
| CN101090336A (en) | Command line interface authority hierarchical method for network equipment | |
| US9779566B2 (en) | Resource management based on physical authentication and authorization | |
| CN104134262A (en) | Intelligent lock management system | |
| CN106326692A (en) | Method and device for operating authorization analysis of configurable management and control integration platform | |
| JP2016191281A (en) | Electronic key management unit, electronic key management program, control program of portable wireless terminal and electronic key management system | |
| CN106709354B (en) | A kind of the safe space building method and system of configurable control integration platform | |
| CN106652116A (en) | Application for managing multifunctional opening and closing door locks by two-dimensional codes of mobile phone | |
| Cisco | DIST Configuration Database | |
| CN105022703A (en) | Archived file management method | |
| Cisco | DIST Configuration Database | |
| Cisco | DIST Configuration Databases | |
| Muhiuddin et al. | Generalized ideals of BCK/BCI-algebras based on fuzzy soft set theory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |