CN106485156B - A kind of device and method for files in batch authorization - Google Patents
A kind of device and method for files in batch authorization Download PDFInfo
- Publication number
- CN106485156B CN106485156B CN201610843875.7A CN201610843875A CN106485156B CN 106485156 B CN106485156 B CN 106485156B CN 201610843875 A CN201610843875 A CN 201610843875A CN 106485156 B CN106485156 B CN 106485156B
- Authority
- CN
- China
- Prior art keywords
- authorization
- information
- file
- authorization object
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses one kind to be used for file, the especially device and method of nuclear power engineering design document batch authorization, device include for determining authorization object authorization object permission determination unit, the file attribute rule creation unit comprising grant set module, matched file and authorization object matching unit are carried out to authorization object information and grant set module information and forms the Authorization result acquiring unit of Authorization result;Method includes determining that authorization object, file attribute rule creation, design document are matched with authorization object and Authorization result obtains.The present invention can match the authorization object information having confirmed that with grant set module information, and the automatic batch Authorized operation of file is realized with this.Its operating procedure is simple, do not need repeatedly certification, interface is affine, can effectively improve working efficiency, reduces O&M manpower expenditure, reduces costs, and especially realizes the O&M automation of nuclear power design basis framework.
Description
Technical field
The present invention relates to file management field more particularly to a kind of devices for nuclear power engineering design document batch authorization
And method.
Background technique
During the daily operation management of enterprise, it will usually generate much comprising the secret sensitive information such as Technology design
Document.These information are by unauthorized access in order to prevent, it is necessary to carry out rights management to above-mentioned confidential document, prevent from looking forward to this
Industry file wealth is lost.Specifically, the effect of rights management be exactly limit specified range user to specified folder or file into
Row relevant operation, but current file authorizing mainly passes through individually input user account, design document address and is repeatedly recognized
The mode of card carries out the authorization one by one of file, and authorisation step is cumbersome, low efficiency and can not achieve batch authorization.
Especially being continuously increased recently as nuclear power projects, during nuclear power engineering design-build caused by data
Data has also reached millions, especially part nuclear power projects design document quantity and has increased rapidly, and huge data file is therewith
Backstage is caused to authorize increaseing accordingly for workload.Further, since the particularity of nuclear power industry, generated data file is also required
Confidentiality is very high, therefore requires in terms of file authorizing more stringent.And the authorization of existing nuclear power engineering design document
Mainly design document is authorized one by one in a manual manner, complex for operation step, the authentication system structure of server makes it
A design document authorization can only be run in the same time, and needs repeatedly certification, therefore lead to maintenance work inefficiency.
Therefore, in view of the foregoing drawbacks, it is necessary to provide it is a kind of can be to high-volume file, especially magnanimity nuclear power engineering designs
File realizes the method, device of automation batch authorization, designs text with this to solve file authorizing, especially magnanimity nuclear power engineering
The problems such as heavy workload, waiting for a long time, working efficiency be low in part authorization work and cost of labor.
Summary of the invention
The present invention for it is existing in the prior art cannot to heap file, especially magnanimity nuclear power engineering design document into
It the problem of row batch, automation authorization, provides one kind and is awarded for file, especially with nuclear power engineering design document automatic batch
The device and method of power reduce workload when file, especially nuclear power engineering design document authorization with this, improve work effect
Rate.
The technical solution that the present invention is proposed with regard to above-mentioned technical problem is as follows:
On the one hand, a kind of device for files in batch authorization is provided, comprising:
Authorization object permission determination unit, for determining the authorization object of the file;
File attribute rule creation unit, according to the specification of attribute of file rule, is automatically created for receiving the file
The attribute of the file, and grant set module is spliced into according to the attribute of the file of the creation;
File and authorization object matching unit, are separately connected the authorization object permission determination unit and file attribute is advised
Then creating unit, for receive the file authorization object information and the grant set module information, and to above two
Information is matched, and the corresponding authority relationship of the two is established, and selects one or more authorizations according to the grant set module information
Object generates grant column list;
And Authorization result acquiring unit, the file and authorization object matching unit are connected, for receiving described award
List information is weighed, and the grant column list information is confirmed, it is authorized as a result, realizing the batch authorization of the file.
It preferably, further include personnel domain control management system comprising domain keyholed back plate manages system authorization object information library;The domain
Keyholed back plate manages system authorization object information library and connects the authorization object permission determination unit by open interface, for awarding to described
The Authorization Attributes of object permission determination unit transmission authorization object are weighed, the authorization object permission determination unit is according to the permission
Attribute determines the authorization object to be determined, with the authorization object of the determination file.
Preferably, the authorization object permission determination unit further include:
MIM message input module, for passing through the identity information of the MIM message input module batch input authorization object to be determined
m;It connects the domain keyholed back plate by open interface and manages system authorization object information library simultaneously, for receiving domain keyholed back plate reason system
The Authorization Attributes of the authorization object transmitted in system authorization object information bank, the Authorization Attributes of the authorization object include sets of authorizations
The restrictive condition of M;
Contrast module connects the MIM message input module, for will be in the identity information m and sets of authorizations M
Restrictive condition be compared: if the identity information m meets the restrictive condition in the sets of authorizations M, return to True, institute
The authorization object that the corresponding authorization object to be determined of identity information m is confirmed as the file is stated, determination process terminates;
If the identity information m is unsatisfactory for the restrictive condition in the sets of authorizations M, False is returned, it is described to be unsatisfactory for the authorization
The corresponding authorization object to be determined of the identity information m of restrictive condition in set M is not confirmed as the authorization of the file
Object, determination process terminate.
Preferably, the file attribute includes file class, the affiliated project of file, the affiliated technology/profession of file and text
Part level of confidentiality;The grant set module is spelled by file class, the affiliated project of file, the affiliated technology/profession of file and file level of confidentiality
It connects.
Preferably, the file is with authorization object matching unit to the authorization object information and the authorization of the file
Group module information carries out matched process
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the Ziwen being divided into according to authority
The significance level of part and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module
Information;Mi is several subobject information for splitting into authorization object information;δ i is that will need matched grant set module information
Several sub-informations split into, Fi are sub-information δ i and each fractionation for calculating each grant set module information split out
The matching degree of the subobject information mi of authorization object information out;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, described
Authorization object information is split as m1, m2 under Meta frame ... mn-1, mnSeveral subobject information, while by the authorization
Group module information is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information and every
The sub-information of a grant set module information passes through adaptation function Fi (δ i, mi) to calculate, and multiplied by according to dimension significance level
And the weight λ 1, λ 2 ..., λ n-1 set, λ n, final summation obtain Match value;
In formula (2): τ is ultimate authority as a result, will be brought into formula (2) by the calculated Match value of formula (1)
Judged, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization pair of the file
Image information and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω
When, authorization value False, then the authorization object information of the file and grant set module information matching are unsuccessful.
Preferably, further include authorization message changing unit, respectively with the authorization object permission determination unit, file category
Property rule creation unit, file and authorization object matching unit and Authorization result acquiring unit connect, for receiving and storing
Authorization message in above-mentioned each unit, and the authorization message is modified, the authorization message includes awarding for the file
Weigh object information, the specification of attribute of file rule and grant set module information, the authorization object information of the file and institute
State the corresponding authority relationship and grant column list information between grant set module information.
Preferably, further include log recording and display unit, connect with the authorization message changing unit, for that will deposit
The authorization message stored up in the authorization message changing unit is presented to administrator, for its confirmation;And it will be right
The process that the authorization message is modified is recorded, and log recording is formed.
Preferably, the log recording and display unit are also used to the authorization message importing database hub, and right
Operation error message in operating process is recorded, formation operation error message record;It will can not be imported due to abnormal simultaneously
Authorization message carry out manual amendment, then import database hub again.
Preferably, the log recording and display unit further include grant error information logging modle and non-matching result
Logging modle;The grant error information logging modle is connect with the authorization object permission determination unit, for record not by
It is determined as the information of authorization object, forms grant error information record;The non-matching result logging modle and the file with
The connection of authorization object matching unit, authorization object information and the grant set module information for recording the file are not
The information matched forms non-matching result record.
Preferably, further include file authorizing control system, respectively with the authorization object permission determination unit, file category
Property rule creation unit, file and authorization object matching unit, Authorization result acquiring unit, authorization message changing unit and day
Will record is connect with display unit, for controlling the operation of above-mentioned each unit.
Preferably, the file is nuclear power engineering design document.
On the other hand, a kind of method for files in batch authorization is provided, is included the following steps:
S1, determine authorization object: setting authorization object permission determination unit is used for according to preset condition to authorization to be determined
Object is determined, with the authorization object of the determination file;
S2, file attribute rule creation: setting file attribute rule creation unit, for receiving the file, according to text
The specification of attribute rule of part, automatically creates the attribute of the file, and be spliced into according to the attribute of the file of the creation
Grant set module;
S3, design document are matched with authorization object: setting file and authorization object matching unit, are separately connected described award
Object permission determination unit and file attribute rule creation unit are weighed, for receiving authorization object information and the institute of the file
Grant set module information is stated, and above two information is matched;
S4, Authorization result obtain: setting Authorization result acquiring unit connects the file and matches list with authorization object
Member confirms for receiving the grant column list information, and to the grant column list information, authorized as a result, realizing institute
State the batch authorization of file.
Preferably, control management system in enterprise personnel domain is additionally provided in step S1 comprising domain keyholed back plate manages system authorization object
Information bank;The domain keyholed back plate reason system authorization object information library connects the authorization object permission by open interface and determines list
Member, for the Authorization Attributes to authorization object permission determination unit transmission authorization object, the authorization object permission is determined
Unit determines the authorization object to be determined according to the Authorization Attributes, with the authorization object of the determination file.
Preferably, the authorization object permission determination unit further include:
MIM message input module, for passing through the identity information of the MIM message input module batch input authorization object to be determined
m;It connects the domain keyholed back plate by open interface and manages system authorization object information library simultaneously, for receiving domain keyholed back plate reason system
The Authorization Attributes of the authorization object transmitted in system authorization object information bank, the Authorization Attributes of the authorization object include sets of authorizations
The restrictive condition of M;
Contrast module connects the MIM message input module, for will be in the identity information m and sets of authorizations M
Restrictive condition be compared: if the identity information m meets the restrictive condition in the sets of authorizations M, return to True, institute
The authorization object that the corresponding authorization object to be determined of identity information m is confirmed as the file is stated, determination process terminates;
If the identity information m is unsatisfactory for the restrictive condition in the sets of authorizations M, False is returned, it is described to be unsatisfactory for the authorization
The corresponding authorization object to be determined of the identity information m of restrictive condition in set M is not confirmed as the authorization of the file
Object, determination process terminate.
Preferably, in step S2, the file attribute includes file class, the affiliated project of file, the affiliated technology of file/special
Industry and file level of confidentiality;The grant set module is by file class, the affiliated project of file, the affiliated technology/profession of file and text
Part level of confidentiality is spliced.
Preferably, in step S3, the file and authorization object matching unit to the authorization object information of the file with
And the matched process of the grant set module information progress includes:
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the Ziwen being divided into according to authority
The significance level of part and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module
Information;Mi is several subobject information for splitting into authorization object information;δ i is that will need matched grant set module information
Several sub-informations split into, Fi are sub-information δ i and each fractionation for calculating each grant set module information split out
The matching degree of the subobject information mi of authorization object information out;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, described
Authorization object information is split as m1, m2 under Meta frame ... mn-1, mnSeveral subobject information, while by the authorization
Group module information is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information and every
The sub-information of a grant set module information passes through adaptation function Fi (δ i, mi) to calculate, and multiplied by according to dimension significance level
And the weight λ 1, λ 2 ..., λ n-1 set, λ n, final summation obtain Match value;
In formula (2): τ is ultimate authority as a result, will be brought into formula (2) by the calculated Match value of formula (1)
Judged, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization pair of the file
Image information and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω
When, authorization value False, then the authorization object information of the file and grant set module information matching are unsuccessful.
Preferably, further include step S4, authorization message change: be additionally provided with authorization message changing unit, respectively with it is described
Authorization object permission determination unit, file attribute rule creation unit, file and authorization object matching unit and Authorization result
Acquiring unit connection, is modified, institute for receiving and storing the authorization message in above-mentioned each unit, and to the authorization message
State authorization message include the authorization object information of the file, the specification of attribute of the file rule and grant set module information,
Corresponding authority relationship and grant column list information between the authorization object information of the file and the grant set module information.
Preferably, further include that step S5, log formation and information are presented: being additionally provided with log recording and display unit, with
Authorization message changing unit connection, the authorization message for that will be stored in the authorization message changing unit is to pipe
Reason person is presented, for its confirmation;And record the process being modified to the authorization message, form log note
Record.
Preferably, the log recording and display unit are also used to the authorization message importing database hub, and right
Operation error message in operating process is recorded, formation operation error message record;It will can not be imported due to abnormal simultaneously
Authorization message carry out manual amendment, then import database hub again.
Preferably, the log recording and display unit further include grant error information logging modle and non-matching result
Logging modle;The grant error information logging modle is connect with the authorization object permission determination unit, for record not by
It is determined as the information of authorization object, forms authorization object information errors record;The non-matching result logging modle and the text
Part is connect with authorization object matching unit, for record the file authorization object information and the grant set module information
Unmatched information forms non-matching result record.
Preferably, it is additionally provided with file authorizing control system, it is true with the authorization object permission in step S1-S5 respectively
Order member, file attribute rule creation unit, file and authorization object matching unit, Authorization result acquiring unit, authorization message
Changing unit and log recording are connect with display unit, for controlling the operation of above-mentioned each unit.
Preferably, the file is nuclear power engineering design document.
What technical solution of the present invention had has the beneficial effect that:
The present invention can be imported in batches to authorization object information, and automated analysis waits for authorization object information, whether confirms it
Belong to authorization object, and authorization object information is matched one by one with file authorizing group module information, is awarded to qualified
It weighs object and assigns authorization, the automatic batch Authorized operation of file is realized with this.Its operating procedure is simple, does not need repeatedly to recognize
Card, interface is affine, can effectively increase file, the especially working efficiency of nuclear power design project file batch authorization, reduce
O&M manpower expenditure, reduces costs, and realizes the O&M automation of nuclear power design basis framework.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the drawings in the following description are merely some embodiments of the present invention,
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings
Other attached drawings.
Fig. 1 is the structural schematic diagram for the device for files in batch authorization that the embodiment of the present invention one provides;
Fig. 2 is the structural schematic diagram for the authorization object permission determination unit that the embodiment of the present invention one provides;
Fig. 3 is the structural schematic diagram for the file attribute rule creation unit that the embodiment of the present invention one provides;
Fig. 4 is the structural schematic diagram of log recording and display unit that the embodiment of the present invention one provides;
Fig. 5 is the step flow chart of the method provided by Embodiment 2 of the present invention for files in batch authorization.
Specific embodiment
Heap file, especially magnanimity nuclear power engineering design document cannot be criticized for solution is existing in the prior art
The problem of amount, automation authorization, reduces text with this present invention provides a kind of device and method for files in batch authorization
Workload when part, especially nuclear power engineering design document authorization improves working efficiency.Its core concept is: being awarded by setting
Object permission determination unit is weighed tentatively to be confirmed to authorization object information to be determined, and is created by file attribute rule
Unit is built to found grant set module, will further be confirmed as the identity information and grant set module information of authorization object
It is transported to file and authorization object matching unit, the two is matched with authorization object matching unit using the file, so
The batch authorization of file described in grant column list information realization is obtained by Authorization result acquiring unit afterwards.
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to implementation of the invention
Mode is described in further detail.
Embodiment one:
Device for files in batch authorization of the invention can be used for the batch authorization of nuclear power engineering design document, such as Fig. 1
It is shown comprising:
Authorization object permission determination unit can connect the domain in enterprise personnel domain control management system by open interface
Keyholed back plate manages system authorization object information library;The domain keyholed back plate reason includes each authorization object in system authorization object information library
Authorization Attributes, the authorization object permission determination unit pass through the Authorization Attributes for receiving the authorization object of its transmission, and according to institute
It states Authorization Attributes to determine the authorization object to be determined, with the authorization object of the determination file.
File attribute rule creation unit, according to the specification of attribute of file rule, is automatically created for receiving the file
The attribute of the file, and grant set module is spliced into according to the attribute of the file of the creation;So that subsequent batch is awarded
Temporary use.
File and authorization object matching unit, are separately connected the authorization object permission determination unit and file attribute is advised
Then creating unit, major function are the authorization object information and the grant set module for receiving, reading the file
Information, and above two information is matched, the corresponding authority relationship of the two is established, is selected according to the grant set module information
It selects one or more authorization objects and generates grant column list.
Wherein the file is with authorization object matching unit to the authorization object information and the grant set of the file
Module information carries out matched process
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the Ziwen being divided into according to authority
The significance level of part and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module
Information;Mi is several subobject information for splitting into authorization object information;δ i is that will need matched grant set module information
Several sub-informations split into, Fi are sub-information δ i and each fractionation for calculating each grant set module information split out
The matching degree of the subobject information mi of authorization object information out;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, described
Authorization object information is split as m1, m2 under Meta frame ... mn-1, mnSeveral subobject information, while by the authorization
Group module information is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information and every
The sub-information of a grant set module information passes through adaptation function Fi (δ i, mi) to calculate, and multiplied by according to dimension significance level
And the weight λ 1, λ 2 ..., λ n-1 set, λ n, final summation obtain Match value;
In formula (2): τ is ultimate authority as a result, will be brought into formula (2) by the calculated Match value of formula (1)
Judged, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization pair of the file
Image information and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω
When, authorization value False, then the authorization object information of the file and grant set module information matching are unsuccessful.
Authorization result acquiring unit connects the file and authorization object matching unit, for receiving the authorization column
Table information, and the grant column list information is confirmed, it is authorized as a result, realizing the batch authorization of the file.
Further, may also include authorization message changing unit, respectively with the authorization object permission determination unit, text
Part attribution rule creating unit, file and authorization object matching unit and the connection of Authorization result acquiring unit, for receiving simultaneously
The authorization message in above-mentioned each unit is stored, and the authorization message is modified, the authorization message includes the file
Authorization object information, the specification of attribute of the file rule and grant set module information, the file authorization object letter
Corresponding authority relationship and grant column list information between breath and the grant set module information.The change includes: addition, deletes
The operation such as remove, modify and do not change and directly confirm.
Further, it may also include log recording and display unit, connect, be used for the authorization message changing unit
The authorization message being stored in the authorization message changing unit is presented to administrator, for its confirmation;And
The process being modified to the authorization message is recorded, log recording is formed.
Also, will to state log recording and also used with display unit convenient for storing, checking the authorization message and relative recording
In the authorization message is imported database hub, and the operation error message in operating process is recorded, formation operation
Error message record;Manual amendment will be carried out due to the abnormal authorization message that can not be imported simultaneously, then imports database again
Center.
Fig. 2 shows the structural schematic diagram of authorization object permission determination unit, the authorization object permission determination unit is also
Include:
MIM message input module, for passing through the identity information of the MIM message input module batch input authorization object to be determined
m;It connects the domain keyholed back plate by open interface and manages system authorization object information library simultaneously, for receiving domain keyholed back plate reason system
The Authorization Attributes of the authorization object transmitted in system authorization object information bank, the Authorization Attributes of the authorization object include sets of authorizations
The restrictive condition of M;
Contrast module connects the MIM message input module, for will be in the identity information m and sets of authorizations M
Restrictive condition be compared: if the identity information m meets the restrictive condition in the sets of authorizations M, return to True, institute
The authorization object that the corresponding authorization object to be determined of identity information m is confirmed as the file is stated, determination process terminates;
If the identity information m is unsatisfactory for the restrictive condition in the sets of authorizations M, False is returned, it is described to be unsatisfactory for the authorization
The corresponding authorization object to be determined of the identity information m of restrictive condition in set M is not confirmed as the authorization of the file
Object, determination process terminate.
Fig. 3 shows the structural schematic diagram of file attribute rule creation unit, and wherein grant set module is spelled by file attribute
Connect, wherein the file attribute include file class (such as Reference_doc), the affiliated project of file (such as TP4_NI),
Affiliated technology/the profession (such as BBS) of file and file level of confidentiality (C1).The unit assigns file by the collaborative platform of internal exploitation
Give corresponding grant set module, convenient for it is subsequent matched with authorization object after authorize.
As shown in figure 4, the log recording further includes grant error information logging modle with display unit and does not match
As a result logging modle;The grant error information logging modle is connect with the authorization object permission determination unit, for recording
It is not determined to the information of authorization object, forms authorization object error message record;The non-matching result logging modle and institute
It states file to connect with authorization object matching unit, for recording the authorization object information and the grant set module of the file
The unmatched information of information forms non-matching result record.
In addition, further include file authorizing control system, authorization object permission determination unit described above, file attribute rule
Creating unit, file and authorization object matching unit, Authorization result acquiring unit, authorization message changing unit and log recording
The server end of file authorizing control system can be connected to according to actual needs with display unit, for passing through above-mentioned control system
Control the operation of above-mentioned each unit.
Embodiment two:
Method for files in batch authorization of the invention is equally applicable to nuclear power engineering design document, as shown in figure 5, its
Include the following steps:
S1, determine authorization object: setting authorization object permission determination unit is used for according to preset condition to authorization to be determined
Object is determined, with the authorization object of the determination file;
S2, file attribute rule creation: setting file attribute rule creation unit, for receiving the file, according to text
The specification of attribute rule of part, automatically creates the attribute of the file, and be spliced into according to the attribute of the file of the creation
Grant set module;
If being confirmed as authorization object to authorization object, the grant set that is formed in the authorization object information and step S2
Module information enters together carries out subsequent process in step S3;If being not determined to authorization object to authorization object, give birth to
At authorization object error message, process terminates.
S3, design document are matched with authorization object: setting file and authorization object matching unit, are separately connected described award
Object permission determination unit and file attribute rule creation unit are weighed, for receiving authorization object information and the institute of the file
Grant set module information is stated, and above two information is matched;If successful match, enter in step S4;If matching
It is unsuccessful, then non-matching result record is generated, process terminates.
Specifically, the file is with authorization object matching unit to the authorization object information and the authorization of the file
Group module information carries out matched process and is the same as example 1.
S4, Authorization result obtain: setting Authorization result acquiring unit connects the file and matches list with authorization object
Member confirms for receiving the grant column list information, and to the grant column list information, authorized as a result, realizing institute
State the batch authorization of file.
Meanwhile step S4, authorization message change can also be set as needed: be additionally provided with authorization message changing unit, point
Not with the authorization object permission determination unit, file attribute rule creation unit, file and authorization object matching unit and
The connection of Authorization result acquiring unit, for receiving and storing the authorization message in above-mentioned each unit, and to the authorization message into
Row change, the authorization message include the authorization object information of the file, the specification of attribute of file rule and grant set
Module information, the file authorization object information and the grant set module information between corresponding authority relationship and authorization
List information.
And step S5, log formation and information are presented: being additionally provided with log recording and display unit, believed with the authorization
Changing unit connection is ceased, for being in administrator by the authorization message being stored in the authorization message changing unit
It is existing, for its confirmation;And record the process being modified to the authorization message, form log recording.And institute
It states log recording and display unit is also used to import the authorization message database hub, and is wrong to the operation in operating process
False information is recorded, formation operation error message record;It will be carried out manually due to the abnormal authorization message that can not be imported simultaneously
Modification, then imports database hub again.
Preferably, control management system in enterprise personnel domain is additionally provided in step S1;The authorization object permission determination unit is also
It further comprise MIM message input module and contrast module;The log recording and display unit further include grant error information note
Record module and non-matching result logging modle, structure composition, the mode of action and the step S2 of above-mentioned each system and module
Described in file attribute classification it is identical with embodiment one.
Equally, to be additionally provided with file authorizing control system convenient for effectively being controlled each unit, respectively with step
The authorization object permission determination unit in S1-S5, file attribute rule creation unit, file match single with authorization object
Member, Authorization result acquiring unit, authorization message changing unit and log recording are connect with display unit, above-mentioned each for controlling
The operation of unit.
It should be noted that above-described embodiment is used for the purpose of once to the purpose by taking nuclear power engineering file as an example in two
In completely illustrating technical solution of the present invention, those skilled in the art can be substituted for it is any of, have automatic batch
Authorize the file type needed.
In conclusion the present invention can be imported in batches to authorization object information, and automated analysis waits for authorization object information, really
Recognize whether it belongs to authorization object, and authorization object information is matched one by one with file authorizing group module information, to meeting
The authorization object of condition assigns authorization, and the automatic batch Authorized operation of file is realized with this.Its operating procedure is simple, does not need
Multiple certification, interface is affine, can effectively increase file, the especially working efficiency of nuclear power design project file batch authorization,
Reduce O&M manpower expenditure, reduce costs, realizes the O&M automation of nuclear power design basis framework.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (20)
1. a kind of device for files in batch authorization characterized by comprising
Control management system in enterprise personnel domain comprising domain keyholed back plate manages system authorization object information library;
Authorization object permission determination unit connects domain keyholed back plate reason system authorization object information library, for determining the file
Authorization object;
File attribute rule creation unit, according to the specification of attribute of file rule, automatically creates described for receiving the file
The attribute of file, and grant set module is spliced into according to the attribute of the file of the creation;
File and authorization object matching unit, are separately connected the authorization object permission determination unit and file attribute rule is created
Build unit, for receive the file authorization object information and the grant set module information, and to above two information
It is matched, establishes the corresponding authority relationship of the two, one or more authorization objects are selected according to the grant set module information
Generate grant column list;
And Authorization result acquiring unit, the file and authorization object matching unit are connected, for receiving the authorization column
Table information, and the grant column list information is confirmed, it is authorized as a result, realizing the batch authorization of the file;
The file and authorization object information and the grant set module information of the authorization object matching unit to the file
Carrying out matched process includes:
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the subfile being divided into according to authority
Significance level and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module information;
Mi is several subobject information for splitting into authorization object information;δ i is that matched grant set module information will be needed to split into
Several sub-informations, Fi be calculate each grant set module information split out sub-information δ i awarded with what each split out
Weigh the matching degree of the subobject information mi of object information;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, in the Meta
Authorization object information is split as m1, m2 under frame ... mn-1, mnSeveral subobject information, while by the grant set mould
Block message is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information with each award
The sub-information of power group module information passes through adaptation function Fi (δ i, mi) to calculate, and sets multiplied by according to dimension significance level
Fixed weight λ 1, λ 2 ..., λ n-1, λ n, final summation obtain Match value;
In formula (2): τ is that ultimate authority carries out as a result, will be brought by the calculated Match value of formula (1) in formula (2)
Judgement, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization object of the file is believed
Breath and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω, award
Weight is False, then the authorization object information of the file and grant set module information matching are unsuccessful.
2. device as described in claim 1, which is characterized in that domain keyholed back plate reason system authorization object information library passes through opening
Interface connects the authorization object permission determination unit, for transmitting authorization object to the authorization object permission determination unit
Authorization Attributes, the authorization object permission determination unit determine authorization object to be determined according to the Authorization Attributes, with
Determine the authorization object of the file.
3. device as claimed in claim 2, which is characterized in that the authorization object permission determination unit further include:
MIM message input module, for passing through the identity information m of the MIM message input module batch input authorization object to be determined;Together
When it connects the domain keyholed back plate by open interface and manages system authorization object information library, awarded for receiving the domain control management system
The Authorization Attributes of the authorization object transmitted in power object information library, the Authorization Attributes of the authorization object include sets of authorizations M
Restrictive condition;
Contrast module connects the MIM message input module, for by the limit in the identity information m and the sets of authorizations M
Condition processed is compared: if the identity information m meets the restrictive condition in the sets of authorizations M, returning to True, the body
The corresponding authorization object to be determined of part information m is the authorization object for being confirmed as the file, and determination process terminates;If institute
The restrictive condition that identity information m is unsatisfactory in the sets of authorizations M is stated, then returns to False, it is described to be unsatisfactory for the sets of authorizations
The corresponding authorization object to be determined of the identity information m of restrictive condition in M is not confirmed as the authorization object of the file,
Determination process terminates.
4. device as described in claim 1, which is characterized in that the file attribute include file class, the affiliated project of file,
Affiliated technology/the profession of file and file level of confidentiality;The grant set module is as belonging to file class, the affiliated project of file, file
Technology/profession and file level of confidentiality are spliced.
5. device as described in claim 1, which is characterized in that further include authorization message changing unit, awarded respectively with described
Power object permission determination unit, file attribute rule creation unit, file and authorization object matching unit and Authorization result obtain
It takes unit to connect, is modified for receiving and storing the authorization message in above-mentioned each unit, and to the authorization message, it is described
Authorization message includes the authorization object information of the file, the specification of attribute of file rule and grant set module information, institute
State the corresponding authority relationship and grant column list information between the authorization object information of file and the grant set module information.
6. device as claimed in claim 5, which is characterized in that further include log recording and display unit, with the authorization
The connection of information changing unit, the authorization message for that will be stored in the authorization message changing unit are carried out to administrator
It presents, for its confirmation;And record the process being modified to the authorization message, form log recording.
7. device as claimed in claim 6, which is characterized in that the log recording and display unit are also used to the authorization
Information imports database hub, and records to the operation error message in operating process, formation operation error message record;
Manual amendment will be carried out due to the abnormal authorization message that can not be imported simultaneously, then imports database hub again.
8. device as claimed in claim 6, which is characterized in that the log recording further includes grant error letter with display unit
Cease logging modle and non-matching result logging modle;The grant error information logging modle and the authorization object permission are true
The connection of order member forms grant error information record for recording the information for being not determined to authorization object;It is described not match knot
Fruit logging modle is connect with the file with authorization object matching unit, for record the file authorization object information and
The unmatched information of grant set module information forms non-matching result record.
9. device as claimed in claim 6, which is characterized in that further include file authorizing control system, awarded respectively with described
Weigh object permission determination unit, file attribute rule creation unit, file and authorization object matching unit, Authorization result obtains list
Member, authorization message changing unit and log recording are connect with display unit, for controlling the operation of above-mentioned each unit.
10. such as the described in any item devices of claim 1-9, which is characterized in that the file is nuclear power engineering design document.
11. a kind of method for files in batch authorization, which comprises the steps of:
S1, it determines authorization object: controlling management system in setting enterprise personnel domain comprising domain keyholed back plate manages system authorization object information
Library;Authorization object permission determination unit is set, connects the domain keyholed back plate and manages system authorization object information library, for according to default
Condition determines authorization object to be determined, with the authorization object of the determination file;
S2, file attribute rule creation: setting file attribute rule creation unit, for receiving the file, according to file
Specification of attribute rule, automatically creates the attribute of the file, and be spliced into authorization according to the attribute of the file of the creation
Group module;
S3, design document are matched with authorization object: setting file and authorization object matching unit, are separately connected the authorization pair
As permission determination unit and file attribute rule creation unit, for receiving the authorization object information of the file and described awarding
Power group module information, and above two information is matched;
S4, Authorization result obtain: setting Authorization result acquiring unit connects the file and authorization object matching unit, uses
In the reception grant column list information, and the grant column list information is confirmed, it is authorized as a result, realizing the file
Batch authorization;
The file and authorization object information and the grant set module information of the authorization object matching unit to the file
Carrying out matched process includes:
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the subfile being divided into according to authority
Significance level and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module information;
Mi is several subobject information for splitting into authorization object information;δ i is that matched grant set module information will be needed to split into
Several sub-informations, Fi be calculate each grant set module information split out sub-information δ i awarded with what each split out
Weigh the matching degree of the subobject information mi of object information;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, in the Meta
Authorization object information is split as m1, m2 under frame ... mn-1, mnSeveral subobject information, while by the grant set mould
Block message is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information with each award
The sub-information of power group module information passes through adaptation function Fi (δ i, mi) to calculate, and sets multiplied by according to dimension significance level
Fixed weight λ 1, λ 2 ..., λ n-1, λ n, final summation obtain Match value;
In formula (2): τ is that ultimate authority carries out as a result, will be brought by the calculated Match value of formula (1) in formula (2)
Judgement, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization object of the file is believed
Breath and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω, award
Weight is False, then the authorization object information of the file and grant set module information matching are unsuccessful.
12. method as claimed in claim 11, which is characterized in that in step S1, the domain keyholed back plate reason system authorization object letter
It ceases library and the authorization object permission determination unit is connected by open interface, for being passed to the authorization object permission determination unit
The Authorization Attributes of authorization object are sent, the authorization object permission determination unit is according to the Authorization Attributes to the authorization to be determined
Object is determined, with the authorization object of the determination file.
13. method as claimed in claim 12, which is characterized in that the authorization object permission determination unit further include:
MIM message input module, for passing through the identity information m of the MIM message input module batch input authorization object to be determined;Together
When it connects the domain keyholed back plate by open interface and manages system authorization object information library, awarded for receiving the domain control management system
The Authorization Attributes of the authorization object transmitted in power object information library, the Authorization Attributes of the authorization object include sets of authorizations M
Restrictive condition;
Contrast module connects the MIM message input module, for by the limit in the identity information m and the sets of authorizations M
Condition processed is compared: if the identity information m meets the restrictive condition in the sets of authorizations M, returning to True, the body
The corresponding authorization object to be determined of part information m is the authorization object for being confirmed as the file, and determination process terminates;If institute
The restrictive condition that identity information m is unsatisfactory in the sets of authorizations M is stated, then returns to False, it is described to be unsatisfactory for the sets of authorizations
The corresponding authorization object to be determined of the identity information m of restrictive condition in M is not confirmed as the authorization object of the file,
Determination process terminates.
14. method as claimed in claim 11, which is characterized in that in step S2, the file attribute includes file class, text
Affiliated technology/the profession of the affiliated project of part, file and file level of confidentiality;Grant set module item as belonging to file class, file
Affiliated technology/the profession of mesh, file and file level of confidentiality are spliced.
15. method as claimed in claim 11, which is characterized in that further include step S4, authorization message change: being additionally provided with authorization
Information changing unit, respectively with the authorization object permission determination unit, file attribute rule creation unit, file and authorization
Object matching unit and the connection of Authorization result acquiring unit, for receiving and storing the authorization message in above-mentioned each unit, and
The authorization message is modified, the authorization message includes the attribute of the authorization object information of the file, the file
It standardizes corresponding between the authorization object information and the grant set module information of regular and grant set module information, the file
Authority relation and grant column list information.
16. method as claimed in claim 15, which is characterized in that further include that step S5, log formation and information are presented: also setting
There are log recording and display unit, is connect with the authorization message changing unit, for the authorization message will to be stored in more
The authorization message changed in unit is presented to administrator, for its confirmation;And the authorization message will be carried out more
The process changed is recorded, and log recording is formed.
17. the method described in claim 16, which is characterized in that the log recording is also used to award described with display unit
It weighs information and imports database hub, and the operation error message in operating process is recorded, formation operation error message note
Record;Manual amendment will be carried out due to the abnormal authorization message that can not be imported simultaneously, then imports database hub again.
18. the method described in claim 16, which is characterized in that the log recording and display unit further include grant error
Information logging modle and non-matching result logging modle;The grant error information logging modle and the authorization object permission
Determination unit connection forms authorization object information errors record for recording the information for being not determined to authorization object;It is described not
Matching result logging modle is connect with the file with authorization object matching unit, and the authorization object for recording the file is believed
Breath and the unmatched information of grant set module information form non-matching result record.
19. the method described in claim 16, which is characterized in that be additionally provided with file authorizing control system, respectively with step
The authorization object permission determination unit in S1-S5, file attribute rule creation unit, file match single with authorization object
Member, Authorization result acquiring unit, authorization message changing unit and log recording are connect with display unit, above-mentioned each for controlling
The operation of unit.
20. such as the described in any item methods of claim 11-19, which is characterized in that the file is nuclear power engineering design document.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610843875.7A CN106485156B (en) | 2016-09-22 | 2016-09-22 | A kind of device and method for files in batch authorization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610843875.7A CN106485156B (en) | 2016-09-22 | 2016-09-22 | A kind of device and method for files in batch authorization |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106485156A CN106485156A (en) | 2017-03-08 |
CN106485156B true CN106485156B (en) | 2019-05-17 |
Family
ID=58267869
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610843875.7A Active CN106485156B (en) | 2016-09-22 | 2016-09-22 | A kind of device and method for files in batch authorization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106485156B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109711190B (en) * | 2018-12-19 | 2020-08-11 | 成都四方伟业软件股份有限公司 | Data table batch authorization method and device |
CN109918875A (en) * | 2019-03-15 | 2019-06-21 | 中民筑友科技投资有限公司 | Right management method, device, system and the storage medium of assembled design document |
CN110798446B (en) * | 2019-09-18 | 2021-09-17 | 平安科技(深圳)有限公司 | Mail batch authorization method and device, computer equipment and storage medium |
CN111046001B (en) * | 2019-12-28 | 2023-03-14 | 浪潮电子信息产业股份有限公司 | Method, device and equipment for creating files in batch and storage medium |
CN113849502A (en) * | 2021-09-10 | 2021-12-28 | 成都材智科技有限公司 | Nuclear power structural material data management system and method |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101196971B (en) * | 2007-12-18 | 2011-01-05 | 北京大学 | Method and system for implementing authorization management of digital contents |
CN101620650B (en) * | 2008-07-01 | 2011-04-06 | 成都市华为赛门铁克科技有限公司 | Method and system for controlling file permission and server |
US8166067B2 (en) * | 2008-12-26 | 2012-04-24 | Sandisk Il Ltd. | Method and apparatus for providing access to files based on user identity |
US20110107047A1 (en) * | 2009-11-03 | 2011-05-05 | Rotem Sela | Enforcing a File Protection Policy by a Storage Device |
CN103136483A (en) * | 2011-11-22 | 2013-06-05 | 中兴通讯股份有限公司 | Data card and multi-user access method of external memory card thereof |
-
2016
- 2016-09-22 CN CN201610843875.7A patent/CN106485156B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN106485156A (en) | 2017-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106485156B (en) | A kind of device and method for files in batch authorization | |
CN104364790B (en) | System and method for implementing dual factor anthentication | |
CN111919417A (en) | System, method and apparatus for implementing super communities and community sidechains for distributed ledger technology with consensus management in a cloud-based computing environment | |
CN109241753A (en) | A kind of data sharing method and system based on block chain | |
US20020107792A1 (en) | System and method for facilitating billing allocation within an access controlled environment via a global network such as the internet | |
CN103618717B (en) | The dynamic confirming method of more account client informations, device and system | |
CN109559213A (en) | The processing method and processing device of taxation informatization | |
CN109255208A (en) | A kind of authorization method and system of software service product | |
CN105590215A (en) | Device and method for data processing on-line processing of date mistakes between mechanisms | |
Qu et al. | A electronic voting protocol based on blockchain and homomorphic signcryption | |
CN107786343A (en) | A kind of access method and system in privately owned mirror image warehouse | |
CN110309676B (en) | Block chain multi-channel technology-based automobile supply chain safety protection method | |
CN109241119B (en) | Cross-department data sharing method and system | |
CN110968883A (en) | Data management method and device based on block chain technology and storage medium | |
CN102647296B (en) | Business registering method based on authorization setting | |
CN106302479B (en) | A kind of single-point logging method and system for multi-service internet site | |
CN112488707A (en) | Service flow supervision method and system | |
CN103310138A (en) | Account managing device and a method thereof | |
DE102022132069A1 (en) | SERVER SUPPORTING SECURITY ACCESS OF A USER'S TERMINAL AND CONTROL METHOD THEREOF | |
CN103971200A (en) | Computer operation and maintenance management method and system | |
CN111682934B (en) | Method and system for storing, accessing and sharing comprehensive energy metering data | |
CN116305219B (en) | Controllable, credible and rotatable personal information authorization processing method | |
CN115114670B (en) | File unlocking method and device based on external link, network disk and storage medium | |
US8176320B1 (en) | System and method for data access and control | |
CN115085997B (en) | Open authorization method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |