CN106485156B - A kind of device and method for files in batch authorization - Google Patents

A kind of device and method for files in batch authorization Download PDF

Info

Publication number
CN106485156B
CN106485156B CN201610843875.7A CN201610843875A CN106485156B CN 106485156 B CN106485156 B CN 106485156B CN 201610843875 A CN201610843875 A CN 201610843875A CN 106485156 B CN106485156 B CN 106485156B
Authority
CN
China
Prior art keywords
authorization
information
file
authorization object
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610843875.7A
Other languages
Chinese (zh)
Other versions
CN106485156A (en
Inventor
方丽
杨帆
罗亚林
赵淑光
曾志华
李天然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China General Nuclear Power Corp
China Nuclear Power Engineering Co Ltd
Original Assignee
China General Nuclear Power Corp
China Nuclear Power Engineering Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China General Nuclear Power Corp, China Nuclear Power Engineering Co Ltd filed Critical China General Nuclear Power Corp
Priority to CN201610843875.7A priority Critical patent/CN106485156B/en
Publication of CN106485156A publication Critical patent/CN106485156A/en
Application granted granted Critical
Publication of CN106485156B publication Critical patent/CN106485156B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention discloses one kind to be used for file, the especially device and method of nuclear power engineering design document batch authorization, device include for determining authorization object authorization object permission determination unit, the file attribute rule creation unit comprising grant set module, matched file and authorization object matching unit are carried out to authorization object information and grant set module information and forms the Authorization result acquiring unit of Authorization result;Method includes determining that authorization object, file attribute rule creation, design document are matched with authorization object and Authorization result obtains.The present invention can match the authorization object information having confirmed that with grant set module information, and the automatic batch Authorized operation of file is realized with this.Its operating procedure is simple, do not need repeatedly certification, interface is affine, can effectively improve working efficiency, reduces O&M manpower expenditure, reduces costs, and especially realizes the O&M automation of nuclear power design basis framework.

Description

A kind of device and method for files in batch authorization
Technical field
The present invention relates to file management field more particularly to a kind of devices for nuclear power engineering design document batch authorization And method.
Background technique
During the daily operation management of enterprise, it will usually generate much comprising the secret sensitive information such as Technology design Document.These information are by unauthorized access in order to prevent, it is necessary to carry out rights management to above-mentioned confidential document, prevent from looking forward to this Industry file wealth is lost.Specifically, the effect of rights management be exactly limit specified range user to specified folder or file into Row relevant operation, but current file authorizing mainly passes through individually input user account, design document address and is repeatedly recognized The mode of card carries out the authorization one by one of file, and authorisation step is cumbersome, low efficiency and can not achieve batch authorization.
Especially being continuously increased recently as nuclear power projects, during nuclear power engineering design-build caused by data Data has also reached millions, especially part nuclear power projects design document quantity and has increased rapidly, and huge data file is therewith Backstage is caused to authorize increaseing accordingly for workload.Further, since the particularity of nuclear power industry, generated data file is also required Confidentiality is very high, therefore requires in terms of file authorizing more stringent.And the authorization of existing nuclear power engineering design document Mainly design document is authorized one by one in a manual manner, complex for operation step, the authentication system structure of server makes it A design document authorization can only be run in the same time, and needs repeatedly certification, therefore lead to maintenance work inefficiency.
Therefore, in view of the foregoing drawbacks, it is necessary to provide it is a kind of can be to high-volume file, especially magnanimity nuclear power engineering designs File realizes the method, device of automation batch authorization, designs text with this to solve file authorizing, especially magnanimity nuclear power engineering The problems such as heavy workload, waiting for a long time, working efficiency be low in part authorization work and cost of labor.
Summary of the invention
The present invention for it is existing in the prior art cannot to heap file, especially magnanimity nuclear power engineering design document into It the problem of row batch, automation authorization, provides one kind and is awarded for file, especially with nuclear power engineering design document automatic batch The device and method of power reduce workload when file, especially nuclear power engineering design document authorization with this, improve work effect Rate.
The technical solution that the present invention is proposed with regard to above-mentioned technical problem is as follows:
On the one hand, a kind of device for files in batch authorization is provided, comprising:
Authorization object permission determination unit, for determining the authorization object of the file;
File attribute rule creation unit, according to the specification of attribute of file rule, is automatically created for receiving the file The attribute of the file, and grant set module is spliced into according to the attribute of the file of the creation;
File and authorization object matching unit, are separately connected the authorization object permission determination unit and file attribute is advised Then creating unit, for receive the file authorization object information and the grant set module information, and to above two Information is matched, and the corresponding authority relationship of the two is established, and selects one or more authorizations according to the grant set module information Object generates grant column list;
And Authorization result acquiring unit, the file and authorization object matching unit are connected, for receiving described award List information is weighed, and the grant column list information is confirmed, it is authorized as a result, realizing the batch authorization of the file.
It preferably, further include personnel domain control management system comprising domain keyholed back plate manages system authorization object information library;The domain Keyholed back plate manages system authorization object information library and connects the authorization object permission determination unit by open interface, for awarding to described The Authorization Attributes of object permission determination unit transmission authorization object are weighed, the authorization object permission determination unit is according to the permission Attribute determines the authorization object to be determined, with the authorization object of the determination file.
Preferably, the authorization object permission determination unit further include:
MIM message input module, for passing through the identity information of the MIM message input module batch input authorization object to be determined m;It connects the domain keyholed back plate by open interface and manages system authorization object information library simultaneously, for receiving domain keyholed back plate reason system The Authorization Attributes of the authorization object transmitted in system authorization object information bank, the Authorization Attributes of the authorization object include sets of authorizations The restrictive condition of M;
Contrast module connects the MIM message input module, for will be in the identity information m and sets of authorizations M Restrictive condition be compared: if the identity information m meets the restrictive condition in the sets of authorizations M, return to True, institute The authorization object that the corresponding authorization object to be determined of identity information m is confirmed as the file is stated, determination process terminates; If the identity information m is unsatisfactory for the restrictive condition in the sets of authorizations M, False is returned, it is described to be unsatisfactory for the authorization The corresponding authorization object to be determined of the identity information m of restrictive condition in set M is not confirmed as the authorization of the file Object, determination process terminate.
Preferably, the file attribute includes file class, the affiliated project of file, the affiliated technology/profession of file and text Part level of confidentiality;The grant set module is spelled by file class, the affiliated project of file, the affiliated technology/profession of file and file level of confidentiality It connects.
Preferably, the file is with authorization object matching unit to the authorization object information and the authorization of the file Group module information carries out matched process
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the Ziwen being divided into according to authority The significance level of part and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module Information;Mi is several subobject information for splitting into authorization object information;δ i is that will need matched grant set module information Several sub-informations split into, Fi are sub-information δ i and each fractionation for calculating each grant set module information split out The matching degree of the subobject information mi of authorization object information out;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, described Authorization object information is split as m1, m2 under Meta frame ... mn-1, mnSeveral subobject information, while by the authorization Group module information is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information and every The sub-information of a grant set module information passes through adaptation function Fi (δ i, mi) to calculate, and multiplied by according to dimension significance level And the weight λ 1, λ 2 ..., λ n-1 set, λ n, final summation obtain Match value;
In formula (2): τ is ultimate authority as a result, will be brought into formula (2) by the calculated Match value of formula (1) Judged, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization pair of the file Image information and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω When, authorization value False, then the authorization object information of the file and grant set module information matching are unsuccessful.
Preferably, further include authorization message changing unit, respectively with the authorization object permission determination unit, file category Property rule creation unit, file and authorization object matching unit and Authorization result acquiring unit connect, for receiving and storing Authorization message in above-mentioned each unit, and the authorization message is modified, the authorization message includes awarding for the file Weigh object information, the specification of attribute of file rule and grant set module information, the authorization object information of the file and institute State the corresponding authority relationship and grant column list information between grant set module information.
Preferably, further include log recording and display unit, connect with the authorization message changing unit, for that will deposit The authorization message stored up in the authorization message changing unit is presented to administrator, for its confirmation;And it will be right The process that the authorization message is modified is recorded, and log recording is formed.
Preferably, the log recording and display unit are also used to the authorization message importing database hub, and right Operation error message in operating process is recorded, formation operation error message record;It will can not be imported due to abnormal simultaneously Authorization message carry out manual amendment, then import database hub again.
Preferably, the log recording and display unit further include grant error information logging modle and non-matching result Logging modle;The grant error information logging modle is connect with the authorization object permission determination unit, for record not by It is determined as the information of authorization object, forms grant error information record;The non-matching result logging modle and the file with The connection of authorization object matching unit, authorization object information and the grant set module information for recording the file are not The information matched forms non-matching result record.
Preferably, further include file authorizing control system, respectively with the authorization object permission determination unit, file category Property rule creation unit, file and authorization object matching unit, Authorization result acquiring unit, authorization message changing unit and day Will record is connect with display unit, for controlling the operation of above-mentioned each unit.
Preferably, the file is nuclear power engineering design document.
On the other hand, a kind of method for files in batch authorization is provided, is included the following steps:
S1, determine authorization object: setting authorization object permission determination unit is used for according to preset condition to authorization to be determined Object is determined, with the authorization object of the determination file;
S2, file attribute rule creation: setting file attribute rule creation unit, for receiving the file, according to text The specification of attribute rule of part, automatically creates the attribute of the file, and be spliced into according to the attribute of the file of the creation Grant set module;
S3, design document are matched with authorization object: setting file and authorization object matching unit, are separately connected described award Object permission determination unit and file attribute rule creation unit are weighed, for receiving authorization object information and the institute of the file Grant set module information is stated, and above two information is matched;
S4, Authorization result obtain: setting Authorization result acquiring unit connects the file and matches list with authorization object Member confirms for receiving the grant column list information, and to the grant column list information, authorized as a result, realizing institute State the batch authorization of file.
Preferably, control management system in enterprise personnel domain is additionally provided in step S1 comprising domain keyholed back plate manages system authorization object Information bank;The domain keyholed back plate reason system authorization object information library connects the authorization object permission by open interface and determines list Member, for the Authorization Attributes to authorization object permission determination unit transmission authorization object, the authorization object permission is determined Unit determines the authorization object to be determined according to the Authorization Attributes, with the authorization object of the determination file.
Preferably, the authorization object permission determination unit further include:
MIM message input module, for passing through the identity information of the MIM message input module batch input authorization object to be determined m;It connects the domain keyholed back plate by open interface and manages system authorization object information library simultaneously, for receiving domain keyholed back plate reason system The Authorization Attributes of the authorization object transmitted in system authorization object information bank, the Authorization Attributes of the authorization object include sets of authorizations The restrictive condition of M;
Contrast module connects the MIM message input module, for will be in the identity information m and sets of authorizations M Restrictive condition be compared: if the identity information m meets the restrictive condition in the sets of authorizations M, return to True, institute The authorization object that the corresponding authorization object to be determined of identity information m is confirmed as the file is stated, determination process terminates; If the identity information m is unsatisfactory for the restrictive condition in the sets of authorizations M, False is returned, it is described to be unsatisfactory for the authorization The corresponding authorization object to be determined of the identity information m of restrictive condition in set M is not confirmed as the authorization of the file Object, determination process terminate.
Preferably, in step S2, the file attribute includes file class, the affiliated project of file, the affiliated technology of file/special Industry and file level of confidentiality;The grant set module is by file class, the affiliated project of file, the affiliated technology/profession of file and text Part level of confidentiality is spliced.
Preferably, in step S3, the file and authorization object matching unit to the authorization object information of the file with And the matched process of the grant set module information progress includes:
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the Ziwen being divided into according to authority The significance level of part and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module Information;Mi is several subobject information for splitting into authorization object information;δ i is that will need matched grant set module information Several sub-informations split into, Fi are sub-information δ i and each fractionation for calculating each grant set module information split out The matching degree of the subobject information mi of authorization object information out;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, described Authorization object information is split as m1, m2 under Meta frame ... mn-1, mnSeveral subobject information, while by the authorization Group module information is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information and every The sub-information of a grant set module information passes through adaptation function Fi (δ i, mi) to calculate, and multiplied by according to dimension significance level And the weight λ 1, λ 2 ..., λ n-1 set, λ n, final summation obtain Match value;
In formula (2): τ is ultimate authority as a result, will be brought into formula (2) by the calculated Match value of formula (1) Judged, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization pair of the file Image information and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω When, authorization value False, then the authorization object information of the file and grant set module information matching are unsuccessful.
Preferably, further include step S4, authorization message change: be additionally provided with authorization message changing unit, respectively with it is described Authorization object permission determination unit, file attribute rule creation unit, file and authorization object matching unit and Authorization result Acquiring unit connection, is modified, institute for receiving and storing the authorization message in above-mentioned each unit, and to the authorization message State authorization message include the authorization object information of the file, the specification of attribute of the file rule and grant set module information, Corresponding authority relationship and grant column list information between the authorization object information of the file and the grant set module information.
Preferably, further include that step S5, log formation and information are presented: being additionally provided with log recording and display unit, with Authorization message changing unit connection, the authorization message for that will be stored in the authorization message changing unit is to pipe Reason person is presented, for its confirmation;And record the process being modified to the authorization message, form log note Record.
Preferably, the log recording and display unit are also used to the authorization message importing database hub, and right Operation error message in operating process is recorded, formation operation error message record;It will can not be imported due to abnormal simultaneously Authorization message carry out manual amendment, then import database hub again.
Preferably, the log recording and display unit further include grant error information logging modle and non-matching result Logging modle;The grant error information logging modle is connect with the authorization object permission determination unit, for record not by It is determined as the information of authorization object, forms authorization object information errors record;The non-matching result logging modle and the text Part is connect with authorization object matching unit, for record the file authorization object information and the grant set module information Unmatched information forms non-matching result record.
Preferably, it is additionally provided with file authorizing control system, it is true with the authorization object permission in step S1-S5 respectively Order member, file attribute rule creation unit, file and authorization object matching unit, Authorization result acquiring unit, authorization message Changing unit and log recording are connect with display unit, for controlling the operation of above-mentioned each unit.
Preferably, the file is nuclear power engineering design document.
What technical solution of the present invention had has the beneficial effect that:
The present invention can be imported in batches to authorization object information, and automated analysis waits for authorization object information, whether confirms it Belong to authorization object, and authorization object information is matched one by one with file authorizing group module information, is awarded to qualified It weighs object and assigns authorization, the automatic batch Authorized operation of file is realized with this.Its operating procedure is simple, does not need repeatedly to recognize Card, interface is affine, can effectively increase file, the especially working efficiency of nuclear power design project file batch authorization, reduce O&M manpower expenditure, reduces costs, and realizes the O&M automation of nuclear power design basis framework.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, the drawings in the following description are merely some embodiments of the present invention, For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings Other attached drawings.
Fig. 1 is the structural schematic diagram for the device for files in batch authorization that the embodiment of the present invention one provides;
Fig. 2 is the structural schematic diagram for the authorization object permission determination unit that the embodiment of the present invention one provides;
Fig. 3 is the structural schematic diagram for the file attribute rule creation unit that the embodiment of the present invention one provides;
Fig. 4 is the structural schematic diagram of log recording and display unit that the embodiment of the present invention one provides;
Fig. 5 is the step flow chart of the method provided by Embodiment 2 of the present invention for files in batch authorization.
Specific embodiment
Heap file, especially magnanimity nuclear power engineering design document cannot be criticized for solution is existing in the prior art The problem of amount, automation authorization, reduces text with this present invention provides a kind of device and method for files in batch authorization Workload when part, especially nuclear power engineering design document authorization improves working efficiency.Its core concept is: being awarded by setting Object permission determination unit is weighed tentatively to be confirmed to authorization object information to be determined, and is created by file attribute rule Unit is built to found grant set module, will further be confirmed as the identity information and grant set module information of authorization object It is transported to file and authorization object matching unit, the two is matched with authorization object matching unit using the file, so The batch authorization of file described in grant column list information realization is obtained by Authorization result acquiring unit afterwards.
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to implementation of the invention Mode is described in further detail.
Embodiment one:
Device for files in batch authorization of the invention can be used for the batch authorization of nuclear power engineering design document, such as Fig. 1 It is shown comprising:
Authorization object permission determination unit can connect the domain in enterprise personnel domain control management system by open interface Keyholed back plate manages system authorization object information library;The domain keyholed back plate reason includes each authorization object in system authorization object information library Authorization Attributes, the authorization object permission determination unit pass through the Authorization Attributes for receiving the authorization object of its transmission, and according to institute It states Authorization Attributes to determine the authorization object to be determined, with the authorization object of the determination file.
File attribute rule creation unit, according to the specification of attribute of file rule, is automatically created for receiving the file The attribute of the file, and grant set module is spliced into according to the attribute of the file of the creation;So that subsequent batch is awarded Temporary use.
File and authorization object matching unit, are separately connected the authorization object permission determination unit and file attribute is advised Then creating unit, major function are the authorization object information and the grant set module for receiving, reading the file Information, and above two information is matched, the corresponding authority relationship of the two is established, is selected according to the grant set module information It selects one or more authorization objects and generates grant column list.
Wherein the file is with authorization object matching unit to the authorization object information and the grant set of the file Module information carries out matched process
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the Ziwen being divided into according to authority The significance level of part and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module Information;Mi is several subobject information for splitting into authorization object information;δ i is that will need matched grant set module information Several sub-informations split into, Fi are sub-information δ i and each fractionation for calculating each grant set module information split out The matching degree of the subobject information mi of authorization object information out;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, described Authorization object information is split as m1, m2 under Meta frame ... mn-1, mnSeveral subobject information, while by the authorization Group module information is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information and every The sub-information of a grant set module information passes through adaptation function Fi (δ i, mi) to calculate, and multiplied by according to dimension significance level And the weight λ 1, λ 2 ..., λ n-1 set, λ n, final summation obtain Match value;
In formula (2): τ is ultimate authority as a result, will be brought into formula (2) by the calculated Match value of formula (1) Judged, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization pair of the file Image information and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω When, authorization value False, then the authorization object information of the file and grant set module information matching are unsuccessful.
Authorization result acquiring unit connects the file and authorization object matching unit, for receiving the authorization column Table information, and the grant column list information is confirmed, it is authorized as a result, realizing the batch authorization of the file.
Further, may also include authorization message changing unit, respectively with the authorization object permission determination unit, text Part attribution rule creating unit, file and authorization object matching unit and the connection of Authorization result acquiring unit, for receiving simultaneously The authorization message in above-mentioned each unit is stored, and the authorization message is modified, the authorization message includes the file Authorization object information, the specification of attribute of the file rule and grant set module information, the file authorization object letter Corresponding authority relationship and grant column list information between breath and the grant set module information.The change includes: addition, deletes The operation such as remove, modify and do not change and directly confirm.
Further, it may also include log recording and display unit, connect, be used for the authorization message changing unit The authorization message being stored in the authorization message changing unit is presented to administrator, for its confirmation;And The process being modified to the authorization message is recorded, log recording is formed.
Also, will to state log recording and also used with display unit convenient for storing, checking the authorization message and relative recording In the authorization message is imported database hub, and the operation error message in operating process is recorded, formation operation Error message record;Manual amendment will be carried out due to the abnormal authorization message that can not be imported simultaneously, then imports database again Center.
Fig. 2 shows the structural schematic diagram of authorization object permission determination unit, the authorization object permission determination unit is also Include:
MIM message input module, for passing through the identity information of the MIM message input module batch input authorization object to be determined m;It connects the domain keyholed back plate by open interface and manages system authorization object information library simultaneously, for receiving domain keyholed back plate reason system The Authorization Attributes of the authorization object transmitted in system authorization object information bank, the Authorization Attributes of the authorization object include sets of authorizations The restrictive condition of M;
Contrast module connects the MIM message input module, for will be in the identity information m and sets of authorizations M Restrictive condition be compared: if the identity information m meets the restrictive condition in the sets of authorizations M, return to True, institute The authorization object that the corresponding authorization object to be determined of identity information m is confirmed as the file is stated, determination process terminates; If the identity information m is unsatisfactory for the restrictive condition in the sets of authorizations M, False is returned, it is described to be unsatisfactory for the authorization The corresponding authorization object to be determined of the identity information m of restrictive condition in set M is not confirmed as the authorization of the file Object, determination process terminate.
Fig. 3 shows the structural schematic diagram of file attribute rule creation unit, and wherein grant set module is spelled by file attribute Connect, wherein the file attribute include file class (such as Reference_doc), the affiliated project of file (such as TP4_NI), Affiliated technology/the profession (such as BBS) of file and file level of confidentiality (C1).The unit assigns file by the collaborative platform of internal exploitation Give corresponding grant set module, convenient for it is subsequent matched with authorization object after authorize.
As shown in figure 4, the log recording further includes grant error information logging modle with display unit and does not match As a result logging modle;The grant error information logging modle is connect with the authorization object permission determination unit, for recording It is not determined to the information of authorization object, forms authorization object error message record;The non-matching result logging modle and institute It states file to connect with authorization object matching unit, for recording the authorization object information and the grant set module of the file The unmatched information of information forms non-matching result record.
In addition, further include file authorizing control system, authorization object permission determination unit described above, file attribute rule Creating unit, file and authorization object matching unit, Authorization result acquiring unit, authorization message changing unit and log recording The server end of file authorizing control system can be connected to according to actual needs with display unit, for passing through above-mentioned control system Control the operation of above-mentioned each unit.
Embodiment two:
Method for files in batch authorization of the invention is equally applicable to nuclear power engineering design document, as shown in figure 5, its Include the following steps:
S1, determine authorization object: setting authorization object permission determination unit is used for according to preset condition to authorization to be determined Object is determined, with the authorization object of the determination file;
S2, file attribute rule creation: setting file attribute rule creation unit, for receiving the file, according to text The specification of attribute rule of part, automatically creates the attribute of the file, and be spliced into according to the attribute of the file of the creation Grant set module;
If being confirmed as authorization object to authorization object, the grant set that is formed in the authorization object information and step S2 Module information enters together carries out subsequent process in step S3;If being not determined to authorization object to authorization object, give birth to At authorization object error message, process terminates.
S3, design document are matched with authorization object: setting file and authorization object matching unit, are separately connected described award Object permission determination unit and file attribute rule creation unit are weighed, for receiving authorization object information and the institute of the file Grant set module information is stated, and above two information is matched;If successful match, enter in step S4;If matching It is unsuccessful, then non-matching result record is generated, process terminates.
Specifically, the file is with authorization object matching unit to the authorization object information and the authorization of the file Group module information carries out matched process and is the same as example 1.
S4, Authorization result obtain: setting Authorization result acquiring unit connects the file and matches list with authorization object Member confirms for receiving the grant column list information, and to the grant column list information, authorized as a result, realizing institute State the batch authorization of file.
Meanwhile step S4, authorization message change can also be set as needed: be additionally provided with authorization message changing unit, point Not with the authorization object permission determination unit, file attribute rule creation unit, file and authorization object matching unit and The connection of Authorization result acquiring unit, for receiving and storing the authorization message in above-mentioned each unit, and to the authorization message into Row change, the authorization message include the authorization object information of the file, the specification of attribute of file rule and grant set Module information, the file authorization object information and the grant set module information between corresponding authority relationship and authorization List information.
And step S5, log formation and information are presented: being additionally provided with log recording and display unit, believed with the authorization Changing unit connection is ceased, for being in administrator by the authorization message being stored in the authorization message changing unit It is existing, for its confirmation;And record the process being modified to the authorization message, form log recording.And institute It states log recording and display unit is also used to import the authorization message database hub, and is wrong to the operation in operating process False information is recorded, formation operation error message record;It will be carried out manually due to the abnormal authorization message that can not be imported simultaneously Modification, then imports database hub again.
Preferably, control management system in enterprise personnel domain is additionally provided in step S1;The authorization object permission determination unit is also It further comprise MIM message input module and contrast module;The log recording and display unit further include grant error information note Record module and non-matching result logging modle, structure composition, the mode of action and the step S2 of above-mentioned each system and module Described in file attribute classification it is identical with embodiment one.
Equally, to be additionally provided with file authorizing control system convenient for effectively being controlled each unit, respectively with step The authorization object permission determination unit in S1-S5, file attribute rule creation unit, file match single with authorization object Member, Authorization result acquiring unit, authorization message changing unit and log recording are connect with display unit, above-mentioned each for controlling The operation of unit.
It should be noted that above-described embodiment is used for the purpose of once to the purpose by taking nuclear power engineering file as an example in two In completely illustrating technical solution of the present invention, those skilled in the art can be substituted for it is any of, have automatic batch Authorize the file type needed.
In conclusion the present invention can be imported in batches to authorization object information, and automated analysis waits for authorization object information, really Recognize whether it belongs to authorization object, and authorization object information is matched one by one with file authorizing group module information, to meeting The authorization object of condition assigns authorization, and the automatic batch Authorized operation of file is realized with this.Its operating procedure is simple, does not need Multiple certification, interface is affine, can effectively increase file, the especially working efficiency of nuclear power design project file batch authorization, Reduce O&M manpower expenditure, reduce costs, realizes the O&M automation of nuclear power design basis framework.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (20)

1. a kind of device for files in batch authorization characterized by comprising
Control management system in enterprise personnel domain comprising domain keyholed back plate manages system authorization object information library;
Authorization object permission determination unit connects domain keyholed back plate reason system authorization object information library, for determining the file Authorization object;
File attribute rule creation unit, according to the specification of attribute of file rule, automatically creates described for receiving the file The attribute of file, and grant set module is spliced into according to the attribute of the file of the creation;
File and authorization object matching unit, are separately connected the authorization object permission determination unit and file attribute rule is created Build unit, for receive the file authorization object information and the grant set module information, and to above two information It is matched, establishes the corresponding authority relationship of the two, one or more authorization objects are selected according to the grant set module information Generate grant column list;
And Authorization result acquiring unit, the file and authorization object matching unit are connected, for receiving the authorization column Table information, and the grant column list information is confirmed, it is authorized as a result, realizing the batch authorization of the file;
The file and authorization object information and the grant set module information of the authorization object matching unit to the file Carrying out matched process includes:
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the subfile being divided into according to authority Significance level and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module information; Mi is several subobject information for splitting into authorization object information;δ i is that matched grant set module information will be needed to split into Several sub-informations, Fi be calculate each grant set module information split out sub-information δ i awarded with what each split out Weigh the matching degree of the subobject information mi of object information;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, in the Meta Authorization object information is split as m1, m2 under frame ... mn-1, mnSeveral subobject information, while by the grant set mould Block message is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information with each award The sub-information of power group module information passes through adaptation function Fi (δ i, mi) to calculate, and sets multiplied by according to dimension significance level Fixed weight λ 1, λ 2 ..., λ n-1, λ n, final summation obtain Match value;
In formula (2): τ is that ultimate authority carries out as a result, will be brought by the calculated Match value of formula (1) in formula (2) Judgement, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization object of the file is believed Breath and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω, award Weight is False, then the authorization object information of the file and grant set module information matching are unsuccessful.
2. device as described in claim 1, which is characterized in that domain keyholed back plate reason system authorization object information library passes through opening Interface connects the authorization object permission determination unit, for transmitting authorization object to the authorization object permission determination unit Authorization Attributes, the authorization object permission determination unit determine authorization object to be determined according to the Authorization Attributes, with Determine the authorization object of the file.
3. device as claimed in claim 2, which is characterized in that the authorization object permission determination unit further include:
MIM message input module, for passing through the identity information m of the MIM message input module batch input authorization object to be determined;Together When it connects the domain keyholed back plate by open interface and manages system authorization object information library, awarded for receiving the domain control management system The Authorization Attributes of the authorization object transmitted in power object information library, the Authorization Attributes of the authorization object include sets of authorizations M Restrictive condition;
Contrast module connects the MIM message input module, for by the limit in the identity information m and the sets of authorizations M Condition processed is compared: if the identity information m meets the restrictive condition in the sets of authorizations M, returning to True, the body The corresponding authorization object to be determined of part information m is the authorization object for being confirmed as the file, and determination process terminates;If institute The restrictive condition that identity information m is unsatisfactory in the sets of authorizations M is stated, then returns to False, it is described to be unsatisfactory for the sets of authorizations The corresponding authorization object to be determined of the identity information m of restrictive condition in M is not confirmed as the authorization object of the file, Determination process terminates.
4. device as described in claim 1, which is characterized in that the file attribute include file class, the affiliated project of file, Affiliated technology/the profession of file and file level of confidentiality;The grant set module is as belonging to file class, the affiliated project of file, file Technology/profession and file level of confidentiality are spliced.
5. device as described in claim 1, which is characterized in that further include authorization message changing unit, awarded respectively with described Power object permission determination unit, file attribute rule creation unit, file and authorization object matching unit and Authorization result obtain It takes unit to connect, is modified for receiving and storing the authorization message in above-mentioned each unit, and to the authorization message, it is described Authorization message includes the authorization object information of the file, the specification of attribute of file rule and grant set module information, institute State the corresponding authority relationship and grant column list information between the authorization object information of file and the grant set module information.
6. device as claimed in claim 5, which is characterized in that further include log recording and display unit, with the authorization The connection of information changing unit, the authorization message for that will be stored in the authorization message changing unit are carried out to administrator It presents, for its confirmation;And record the process being modified to the authorization message, form log recording.
7. device as claimed in claim 6, which is characterized in that the log recording and display unit are also used to the authorization Information imports database hub, and records to the operation error message in operating process, formation operation error message record; Manual amendment will be carried out due to the abnormal authorization message that can not be imported simultaneously, then imports database hub again.
8. device as claimed in claim 6, which is characterized in that the log recording further includes grant error letter with display unit Cease logging modle and non-matching result logging modle;The grant error information logging modle and the authorization object permission are true The connection of order member forms grant error information record for recording the information for being not determined to authorization object;It is described not match knot Fruit logging modle is connect with the file with authorization object matching unit, for record the file authorization object information and The unmatched information of grant set module information forms non-matching result record.
9. device as claimed in claim 6, which is characterized in that further include file authorizing control system, awarded respectively with described Weigh object permission determination unit, file attribute rule creation unit, file and authorization object matching unit, Authorization result obtains list Member, authorization message changing unit and log recording are connect with display unit, for controlling the operation of above-mentioned each unit.
10. such as the described in any item devices of claim 1-9, which is characterized in that the file is nuclear power engineering design document.
11. a kind of method for files in batch authorization, which comprises the steps of:
S1, it determines authorization object: controlling management system in setting enterprise personnel domain comprising domain keyholed back plate manages system authorization object information Library;Authorization object permission determination unit is set, connects the domain keyholed back plate and manages system authorization object information library, for according to default Condition determines authorization object to be determined, with the authorization object of the determination file;
S2, file attribute rule creation: setting file attribute rule creation unit, for receiving the file, according to file Specification of attribute rule, automatically creates the attribute of the file, and be spliced into authorization according to the attribute of the file of the creation Group module;
S3, design document are matched with authorization object: setting file and authorization object matching unit, are separately connected the authorization pair As permission determination unit and file attribute rule creation unit, for receiving the authorization object information of the file and described awarding Power group module information, and above two information is matched;
S4, Authorization result obtain: setting Authorization result acquiring unit connects the file and authorization object matching unit, uses In the reception grant column list information, and the grant column list information is confirmed, it is authorized as a result, realizing the file Batch authorization;
The file and authorization object information and the grant set module information of the authorization object matching unit to the file Carrying out matched process includes:
Wherein, in formula (1): Match is to indicate final matching value variable;λ is the subfile being divided into according to authority Significance level and the weight being arranged;Meta is authorization object information standard module;Δ is to need matched grant set module information; Mi is several subobject information for splitting into authorization object information;δ i is that matched grant set module information will be needed to split into Several sub-informations, Fi be calculate each grant set module information split out sub-information δ i awarded with what each split out Weigh the matching degree of the subobject information mi of object information;
Match function is used to judge the matching degree of grant set module information Yu known authorization object information, in the Meta Authorization object information is split as m1, m2 under frame ... mn-1, mnSeveral subobject information, while by the grant set mould Block message is split as δ 1, δ 2 ..., several sub-informations of δ n-1, δ n, the subobject information of each authorization object information with each award The sub-information of power group module information passes through adaptation function Fi (δ i, mi) to calculate, and sets multiplied by according to dimension significance level Fixed weight λ 1, λ 2 ..., λ n-1, λ n, final summation obtain Match value;
In formula (2): τ is that ultimate authority carries out as a result, will be brought by the calculated Match value of formula (1) in formula (2) Judgement, when calculated Match value is greater than preset threshold value Ω, authorization value True, then the authorization object of the file is believed Breath and the grant set module information successful match;When calculated Match value is less than or equal to preset threshold value Ω, award Weight is False, then the authorization object information of the file and grant set module information matching are unsuccessful.
12. method as claimed in claim 11, which is characterized in that in step S1, the domain keyholed back plate reason system authorization object letter It ceases library and the authorization object permission determination unit is connected by open interface, for being passed to the authorization object permission determination unit The Authorization Attributes of authorization object are sent, the authorization object permission determination unit is according to the Authorization Attributes to the authorization to be determined Object is determined, with the authorization object of the determination file.
13. method as claimed in claim 12, which is characterized in that the authorization object permission determination unit further include:
MIM message input module, for passing through the identity information m of the MIM message input module batch input authorization object to be determined;Together When it connects the domain keyholed back plate by open interface and manages system authorization object information library, awarded for receiving the domain control management system The Authorization Attributes of the authorization object transmitted in power object information library, the Authorization Attributes of the authorization object include sets of authorizations M Restrictive condition;
Contrast module connects the MIM message input module, for by the limit in the identity information m and the sets of authorizations M Condition processed is compared: if the identity information m meets the restrictive condition in the sets of authorizations M, returning to True, the body The corresponding authorization object to be determined of part information m is the authorization object for being confirmed as the file, and determination process terminates;If institute The restrictive condition that identity information m is unsatisfactory in the sets of authorizations M is stated, then returns to False, it is described to be unsatisfactory for the sets of authorizations The corresponding authorization object to be determined of the identity information m of restrictive condition in M is not confirmed as the authorization object of the file, Determination process terminates.
14. method as claimed in claim 11, which is characterized in that in step S2, the file attribute includes file class, text Affiliated technology/the profession of the affiliated project of part, file and file level of confidentiality;Grant set module item as belonging to file class, file Affiliated technology/the profession of mesh, file and file level of confidentiality are spliced.
15. method as claimed in claim 11, which is characterized in that further include step S4, authorization message change: being additionally provided with authorization Information changing unit, respectively with the authorization object permission determination unit, file attribute rule creation unit, file and authorization Object matching unit and the connection of Authorization result acquiring unit, for receiving and storing the authorization message in above-mentioned each unit, and The authorization message is modified, the authorization message includes the attribute of the authorization object information of the file, the file It standardizes corresponding between the authorization object information and the grant set module information of regular and grant set module information, the file Authority relation and grant column list information.
16. method as claimed in claim 15, which is characterized in that further include that step S5, log formation and information are presented: also setting There are log recording and display unit, is connect with the authorization message changing unit, for the authorization message will to be stored in more The authorization message changed in unit is presented to administrator, for its confirmation;And the authorization message will be carried out more The process changed is recorded, and log recording is formed.
17. the method described in claim 16, which is characterized in that the log recording is also used to award described with display unit It weighs information and imports database hub, and the operation error message in operating process is recorded, formation operation error message note Record;Manual amendment will be carried out due to the abnormal authorization message that can not be imported simultaneously, then imports database hub again.
18. the method described in claim 16, which is characterized in that the log recording and display unit further include grant error Information logging modle and non-matching result logging modle;The grant error information logging modle and the authorization object permission Determination unit connection forms authorization object information errors record for recording the information for being not determined to authorization object;It is described not Matching result logging modle is connect with the file with authorization object matching unit, and the authorization object for recording the file is believed Breath and the unmatched information of grant set module information form non-matching result record.
19. the method described in claim 16, which is characterized in that be additionally provided with file authorizing control system, respectively with step The authorization object permission determination unit in S1-S5, file attribute rule creation unit, file match single with authorization object Member, Authorization result acquiring unit, authorization message changing unit and log recording are connect with display unit, above-mentioned each for controlling The operation of unit.
20. such as the described in any item methods of claim 11-19, which is characterized in that the file is nuclear power engineering design document.
CN201610843875.7A 2016-09-22 2016-09-22 A kind of device and method for files in batch authorization Active CN106485156B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610843875.7A CN106485156B (en) 2016-09-22 2016-09-22 A kind of device and method for files in batch authorization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610843875.7A CN106485156B (en) 2016-09-22 2016-09-22 A kind of device and method for files in batch authorization

Publications (2)

Publication Number Publication Date
CN106485156A CN106485156A (en) 2017-03-08
CN106485156B true CN106485156B (en) 2019-05-17

Family

ID=58267869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610843875.7A Active CN106485156B (en) 2016-09-22 2016-09-22 A kind of device and method for files in batch authorization

Country Status (1)

Country Link
CN (1) CN106485156B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109711190B (en) * 2018-12-19 2020-08-11 成都四方伟业软件股份有限公司 Data table batch authorization method and device
CN109918875A (en) * 2019-03-15 2019-06-21 中民筑友科技投资有限公司 Right management method, device, system and the storage medium of assembled design document
CN110798446B (en) * 2019-09-18 2021-09-17 平安科技(深圳)有限公司 Mail batch authorization method and device, computer equipment and storage medium
CN111046001B (en) * 2019-12-28 2023-03-14 浪潮电子信息产业股份有限公司 Method, device and equipment for creating files in batch and storage medium
CN113849502A (en) * 2021-09-10 2021-12-28 成都材智科技有限公司 Nuclear power structural material data management system and method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101196971B (en) * 2007-12-18 2011-01-05 北京大学 Method and system for implementing authorization management of digital contents
CN101620650B (en) * 2008-07-01 2011-04-06 成都市华为赛门铁克科技有限公司 Method and system for controlling file permission and server
US8166067B2 (en) * 2008-12-26 2012-04-24 Sandisk Il Ltd. Method and apparatus for providing access to files based on user identity
US20110107047A1 (en) * 2009-11-03 2011-05-05 Rotem Sela Enforcing a File Protection Policy by a Storage Device
CN103136483A (en) * 2011-11-22 2013-06-05 中兴通讯股份有限公司 Data card and multi-user access method of external memory card thereof

Also Published As

Publication number Publication date
CN106485156A (en) 2017-03-08

Similar Documents

Publication Publication Date Title
CN106485156B (en) A kind of device and method for files in batch authorization
CN104364790B (en) System and method for implementing dual factor anthentication
CN111919417A (en) System, method and apparatus for implementing super communities and community sidechains for distributed ledger technology with consensus management in a cloud-based computing environment
CN109241753A (en) A kind of data sharing method and system based on block chain
US20020107792A1 (en) System and method for facilitating billing allocation within an access controlled environment via a global network such as the internet
CN103618717B (en) The dynamic confirming method of more account client informations, device and system
CN109559213A (en) The processing method and processing device of taxation informatization
CN109255208A (en) A kind of authorization method and system of software service product
CN105590215A (en) Device and method for data processing on-line processing of date mistakes between mechanisms
Qu et al. A electronic voting protocol based on blockchain and homomorphic signcryption
CN107786343A (en) A kind of access method and system in privately owned mirror image warehouse
CN110309676B (en) Block chain multi-channel technology-based automobile supply chain safety protection method
CN109241119B (en) Cross-department data sharing method and system
CN110968883A (en) Data management method and device based on block chain technology and storage medium
CN102647296B (en) Business registering method based on authorization setting
CN106302479B (en) A kind of single-point logging method and system for multi-service internet site
CN112488707A (en) Service flow supervision method and system
CN103310138A (en) Account managing device and a method thereof
DE102022132069A1 (en) SERVER SUPPORTING SECURITY ACCESS OF A USER'S TERMINAL AND CONTROL METHOD THEREOF
CN103971200A (en) Computer operation and maintenance management method and system
CN111682934B (en) Method and system for storing, accessing and sharing comprehensive energy metering data
CN116305219B (en) Controllable, credible and rotatable personal information authorization processing method
CN115114670B (en) File unlocking method and device based on external link, network disk and storage medium
US8176320B1 (en) System and method for data access and control
CN115085997B (en) Open authorization method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant