CN106570406A - Data level authority configuration method and apparatus - Google Patents

Data level authority configuration method and apparatus Download PDF

Info

Publication number
CN106570406A
CN106570406A CN201610970700.2A CN201610970700A CN106570406A CN 106570406 A CN106570406 A CN 106570406A CN 201610970700 A CN201610970700 A CN 201610970700A CN 106570406 A CN106570406 A CN 106570406A
Authority
CN
China
Prior art keywords
configuration item
data
level authority
authority
role
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610970700.2A
Other languages
Chinese (zh)
Inventor
叶金瓒
朱红燕
林城
杨芳
尤嘉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201610970700.2A priority Critical patent/CN106570406A/en
Publication of CN106570406A publication Critical patent/CN106570406A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention discloses a data level authority configuration method comprising steps of defining a name and/or attributes of a configuration item upon receiving a building instruction of the configuration item, building a role corresponding to the configuration item, configuring line level authority and/or row level authority for each role in the configuration item based on the name and/or attributes of the configuration item to enable each role in the configuration item to execute corresponding authority control operation according to the line level authority and/or row level authority. The role has a manger and common users. The invention further discloses a data level authority configuration apparatus; and cost of the data level authority configuration apparatus can be reduced.

Description

Data level authority configuring method and device
Technical field
The present invention relates to field of computer technology, more particularly to a kind of data level authority configuring method and device.
Background technology
Traditional configuration item system (Configuration Management Database, configuration management data base) system System in terms of the authority configuration of data, in order that the flexible configuration of data permission some, typically can using customization by the way of Configured.Specifically, it is exactly to each configuration item (Configuration Items, configuration item) in software system All coding logics can so accomplish the control of authority of data level controlling its data usage rights, but this number According to the configuration mode of level authority, there is new configuration item to increase every time, or the role in configuration item is when needing to change authority, all Need to put into substantial amounts of manpower and materials again and go to develop or change, cause to consume is relatively costly.
The content of the invention
Present invention is primarily targeted at proposing a kind of data level authority configuring method and device, it is intended to solve existing number According to level authority configuration mode, the relatively costly technical problem of consumption.
For achieving the above object, a kind of data level authority configuring method that the present invention is provided, the data level authority configuration Method includes:
When the establishment for receiving configuration item is instructed, the title and/or attribute of the configuration item are defined;
The corresponding role of the configuration item is created, wherein, the role includes manager and domestic consumer;
Title and/or attribute based on the configuration item, configure in the configuration item each role row level authority and/ Or row level authority, so that each role performs accordingly in the configuration item according to the row level authority and/or row level authority Control of authority is operated.
Preferably, the title based on the configuration item, configures the row level authority of each role in the configuration item The step of include:
Determine the preset attribute column of each role in the configuration item;
Based on the title of the configuration item, it is determined that the preset attribute column in filtercondition expression formula is set;
According to the filtercondition expression formula, the row level authority of each role in the configuration item is configured.
Preferably, the title and/or attribute based on the configuration item, configures each role's in the configuration item After the step of row level authority and/or row level authority, the data level authority configuring method also includes:
When the establishment for receiving account information is instructed, corresponding account is created;
When the account creation is completed, account role to be allocated is determined;
The incidence relation of the account and the role to be allocated is set up, by the role authorization account is given.
Preferably, it is described set up the account and the role to be allocated incidence relation the step of after, the number Also include according to level authority configuring method:
When receiving data inquiry request in the data-interface of the configuration item, the data inquiry request is parsed, with Accounts information in the data inquiry request is verified;
After accounts information verification passes through, Permission Levels of the accounts information in the configuration item are verified, its In, the Permission Levels include row level authority and/or row level authority;
Based on Permission Levels of the accounts information in the configuration item, the corresponding parameter letter of the Permission Levels is obtained Breath, and the corresponding data of the parameter information are extracted in data base;
The data extracted are packaged, and are sent to display in display interface.
Preferably, it is described to be packaged the data extracted, and be sent to before the step of showing in display interface, The data level authority configuring method also includes:
When the accounts information has multiple roles in the configuration item, to accounts information described in the configuration item Row level authority and row level authority are adjusted;Wherein, the row level authority is merged, the row level authority is expert at a grade authority For " visible " when, using highest-ranking authority as the row level authority after merging.
Additionally, for achieving the above object, the present invention also proposes a kind of data level authority configuration device, the data level authority Configuration device includes:
Definition module, during for instructing in the establishment for receiving configuration item, defines the title and/or category of the configuration item Property;
Creation module, for creating the corresponding role of the configuration item, wherein, the role includes manager and common use Family;
Configuration module, for title and/or attribute based on the configuration item, configures each role in the configuration item Row level authority and/or row level authority so that each role weighs in the configuration item according to the row level authority and/or row level Limit performs corresponding control of authority operation.
Preferably, the configuration module includes:
First determining unit, for determining the configuration item in each role preset attribute column;
Setting unit, for based on the configuration item title, it is determined that the preset attribute column in arranged Filter conditional expression;
Dispensing unit, for according to the filtercondition expression formula, configuring the row level power of each role in the configuration item Limit.
Preferably, the creation module, is additionally operable to, when the establishment for receiving account information is instructed, create corresponding account Family;
The data level authority configuration device also includes:
Determining module, for when the account creation is completed, determining account role to be allocated;
Module is set up, for setting up the incidence relation of the account and the role to be allocated, the role is awarded Weigh to the account.
Preferably, the data level authority configuration device also includes:
Parsing module, during for receiving data inquiry request in the data-interface of the configuration item, parses the number According to inquiry request, to verify to the accounts information in the data inquiry request;
Correction verification module, for after accounts information verification passes through, the verification accounts information to be in the configuration item Permission Levels, wherein, the Permission Levels include row level authority and/or row level authority;
Acquisition module, for based on Permission Levels of the accounts information in the configuration item, obtaining the authority level Not corresponding parameter information;
Extraction module, for extracting the corresponding data of the parameter information in data base;
Processing module, for the data extracted to be packaged, and is sent to display in display interface.
Preferably, the data level authority configuration device also includes:
Adjusting module, for when the accounts information has multiple roles in the configuration item, in the configuration item The row level authority and row level authority of the accounts information is adjusted;Wherein, the row level authority is merged, the row level Authority be expert at grade authority for " visible " when, using highest-ranking authority as the row level authority after merging.
Data level authority configuring method proposed by the present invention and device, it is first fixed when the establishment for receiving configuration item is instructed The title and/or attribute of the justice configuration item, then creates the corresponding role of the configuration item, is based ultimately upon the configuration item Title and/or attribute, configure the row level authority and/or row level authority of each role, so that each role in the configuration item Corresponding control of authority operation is performed according to the row level authority and/or row level authority in the configuration item, configuration is realized During data level authority, the row level authority and/or row level authority to each role in the configuration item is configured, without the need for weight New coding code, only just can reduce software system by modification configuration with precise control row level and the access rights of row level Development and maintenance cost.
Description of the drawings
Fig. 1 is the schematic flow sheet of data level authority configuring method first embodiment of the present invention;
Fig. 2 is the schematic flow sheet of data level authority configuring method second embodiment of the present invention;
Fig. 3 is the schematic flow sheet of data level authority configuring method 3rd embodiment of the present invention;
Fig. 4 is the high-level schematic functional block diagram of data level authority configuration device first embodiment of the present invention;
Fig. 5 is the high-level schematic functional block diagram of data level authority configuration device second embodiment of the present invention;
Fig. 6 is the high-level schematic functional block diagram of data level authority configuration device 3rd embodiment of the present invention;
Fig. 7 is the structural representation of data level authority configuration system in the present invention.
The realization of the object of the invention, functional characteristics and advantage will be described further referring to the drawings in conjunction with the embodiments.
Specific embodiment
It should be appreciated that specific embodiment described herein is not intended to limit the present invention only to explain the present invention.
The solution of the embodiment of the present invention is mainly:When the establishment for receiving configuration item is instructed, first match somebody with somebody described in definition Put the title and/or attribute of item, then create the corresponding role of the configuration item, be based ultimately upon the configuration item title and/ Or attribute, the row level authority and/or row level authority of each role are configured in the configuration item, so that each role matches somebody with somebody described Put in item and corresponding control of authority operation is performed according to the row level authority and/or row level authority, realize configuration data level power In limited time, to each role in the configuration item row level authority and/or row level authority is configured, without the need for writing journey again Sequence code, only by modification configuration just with precise control row level and the access rights of row level, can reduce software system exploitation and Maintenance cost.
The present invention proposes a kind of data level authority control method of flexibly configurable, by the authority for configuring role, makes not Same role realizes data level control of authority when single configuration item is accessed.
The present invention provides a kind of data level authority configuring method.
With reference to Fig. 1, Fig. 1 is the schematic flow sheet of data level authority configuring method first embodiment of the present invention.
In the present embodiment, the data level authority configuring method includes:
Step S10, when the establishment for receiving configuration item is instructed, defines the title and/or attribute of the configuration item;
In the present embodiment, when the establishment for receiving configuration item is instructed, configuration item type, the configuration item first to be created Tables of data can also be expressed as.Specifically:The title of the configuration item is first defined, the attribute of the configuration item is then positioned, it is fixed Corresponding tables of data is generated in data base after justice is complete.Such as configuration item entitled " operation maintenance personnel information ", there is " name ", " property Not ", the attribute such as " job number ", " department ", as shown in the table:
The configuration item type allocation list of table 1.
The configuration item attribute allocation list of table 2
The tables of data generated in the data base of table 3.
Step S20, creates the corresponding role of the configuration item, wherein, the role includes manager and domestic consumer;
Step S30, the title and/or attribute based on the configuration item, configures the row of each role in the configuration item Level authority and/or row level authority, so that each role holds in the configuration item according to the row level authority and/or row level authority The corresponding control of authority operation of row.
After the completion of the title and attribute definition of the configuration item, the corresponding role of the configuration item, the present embodiment are created In, role includes manager and domestic consumer, such as comprehensive financial operation portion manager, S&T tax portion manager, HR managers, science and technology Domestic consumer of division department or domestic consumer of comprehensive financial operation portion etc..The title and/or attribute of the configuration item are then based on, in institute The row level authority and/or row level authority that each role is configured in configuration item is stated, configuration item is licensed to into each role.Wherein:
The row level authority of each role is configured based on the title of the configuration item, is arranged actually in configuration item type Permission Levels, the Permission Levels of configuration item type have 3 kinds, are respectively " additions and deletions ", " editor ", " read-only "." additions and deletions " are represented can be with The data of the configuration item increased newly, are deleted, changed, inquired about etc. with operation;" editor " represents can be to the data of the configuration item The operation such as modify, inquire about;" read-only " expression can carry out inquiry operation to the data of the configuration item.It is as shown in the table:
The configuration item type Permission Levels allocation list of table 4.
As known from Table 4, four roles are created in upper table, different is possessed to configuration item type " operation maintenance personnel information " Permission Levels.
After the row level authority for configuring each role, then the row level authority of each role in the configuration item is set, institute State the Permission Levels that row level authority actually refers to attribute.The Permission Levels of attribute are equally divided into 3 kinds, are respectively " editor ", " only Read ", " invisible ".Wherein, " editor " represents to have permission and does edit operation to this property value;" read-only " expression is only checked This property rights;And " invisible " expression can not check this attribute information.It is as shown in the table:
Role's title Name Sex Job number Department
Comprehensive financial operation portion manager Editor Editor It is read-only Editor
S&T tax portion manager Editor Editor It is read-only Editor
HR managers Editor Editor Editor Editor
Domestic consumer of S&T tax portion It is read-only It is read-only It is invisible It is read-only
The configuration item attribute Permission Levels allocation list of table 5.
As known from Table 5, upper table represents that four roles possess different to the attribute of configuration item type " operation maintenance personnel information " Permission Levels.By such setting, it becomes possible to accurately control the authority of row DBMS.For example " S&T tax portion commonly uses Family " cannot just see the information of " job number ";" comprehensive financial operation portion manager " and " S&T tax portion manager " cannot change " work Number " information etc..
Further, in order to realize going level authority, the title based on the configuration item is configured in the configuration item The step of row level authority of each role, includes:
Step A, determines the preset attribute column of each role in the configuration item;
Step B, based on the title of the configuration item, it is determined that the preset attribute column in filtercondition table is set Up to formula;
Step C, according to the filtercondition expression formula, configures the row level authority of each role in the configuration item.
In the present embodiment, first determine the preset attribute column of each role in the configuration item, be then based on described The title of configuration item, arranges filtercondition expression formula in the preset attribute column, arranges the side of filtercondition expression formula Formula is as shown in the table:
Role's title Name Sex Job number Department
Comprehensive financial operation portion manager $ { this }=comprehensive financial operation portion
S&T tax portion manager $ { this }=S&T tax portion
HR managers
Domestic consumer of S&T tax portion $ { this }=S&T tax portion
The filtercondition expression formula allocation list of table 6.
As can be known from Table 6, " comprehensive financial operation portion manager " can only check that " department " is equal to the letter in " comprehensive financial operation portion " Breath;" S&T tax portion manager " and " domestic consumer of S&T tax portion " can only check that " department " is equal in " S&T tax portion " Information.The authority of row DBMS can accurately be controlled by this configuration.
That is, the preset attribute column of each role in the configuration item is first determined in the present embodiment, it is described pre- If attribute is selected as the case may be, such as when the configuration item includes the data of bank and security Liang Ge companies, So, the preset attribute is exactly company;S&T tax portion, comprehensive financial operation portion and row in the configuration item includes bank During political affairs Human Resources Department, then the preset attribute is exactly department, purpose is provided to arrange each role in the configuration item Row level authority.
The data level authority configuring method that the present embodiment is proposed, when the establishment for receiving configuration item is instructed, first defines institute The title and attribute of configuration item are stated, the corresponding role of the configuration item is then created, finally each is configured in the configuration item The row level authority and/or row level authority of role so that each role in the configuration item according to the row level authority and/or row Level authority performs corresponding control of authority operation, when realizing configuration data level authority, to each role in the configuration item Row level authority and/or row level authority are configured, without the need for coding code again, only just can be with essence by modification configuration Really the access rights of control row level and row level, reduce the development and maintenance cost of software system.
It is appreciated that this programme realizes the data permission control of capable level and row level, the data peace of information system is improve Quan Xing, because the mode that the data storage of information system has various ways, most common of which is previously stored in relevant database, Relevant database is got up data storage using tables of data, and tables of data has row and column just as form.The program can lead to The mode for crossing modification configuration controls data access authority of the user to tables of data, isolates the data of the row and column of different user role Access rights, to reach the demand of data safety.
Further, in order to improve the motility of data level priority assignation, data of the present invention are proposed based on first embodiment The second embodiment of level authority configuring method, in the present embodiment, with reference to Fig. 2, after step S30, the data level power Limit collocation method also includes:
Step S40, when the establishment for receiving account information is instructed, creates corresponding account;
Step S50, when the account creation is completed, determines account role to be allocated;
Step S60, sets up the incidence relation of the account and the role to be allocated, by the role authorization to institute State account.
In the present embodiment, when the establishment for receiving account information is instructed, first show register interface for user input Account and password, then create corresponding account according to the account and password, further, then determine that the account is to be allocated Role, that is, determine the account be S&T tax portion manager, domestic consumer of S&T tax portion, Human Resource Department manager also It is domestic consumer of Human Resource Department etc., finally sets up the incidence relation of the account and the role to be allocated.This enforcement In example, to there is unique identification information, such as S&T tax portion manager is A-1, science and technology to the role of preferred each department Domestic consumer of division department is A-2, and Human Resource Department manager is B-1, and domestic consumer of Human Resource Department is B-2, then it is determined that After account role to be allocated, you can by the account for creating unique mark corresponding with the role to be allocated Information association storage is known, to realize the role authorization to the account.
In the present embodiment, after account is created, determine account role to be allocated, finally set up the account Family and the incidence relation of the role to be allocated, by the role authorization account is given, and is easy to follow-up according to account pair The role for answering, performs corresponding data level control of authority operation.
Further, in order to improve the motility of data level priority assignation, data of the present invention are proposed based on second embodiment The 3rd embodiment of level authority configuring method, in the present embodiment, with reference to Fig. 3, after step S60, the data level power Limit collocation method also includes:
Step S70, when receiving data inquiry request in the data-interface of the configuration item, parses the data query Request, to verify to the accounts information in the data inquiry request;
In the present embodiment, the data inquiry request can be that data query of the user based on log-in interface input please Ask, or third party's peripheral system passes through the data inquiry request that the data-interface of the configuration item is input into.Wherein, in institute It is data inquiry request of the user based on log-in interface input to state data inquiry request, and the data level authority configuring method is also wrapped Include:
Step 1, accounts information of the receive user based on log-in interface input;
Step 2, the accounts information to receiving is verified;
Step 3, when the accounts information is verified successfully, execution receives data in the data-interface of the configuration item The operation of inquiry request.
Subsequently, when receiving data inquiry request in the data-interface of the configuration item, parsing the data query please Ask, to verify to the accounts information in the data inquiry request, it should be appreciated that user is by accessing configuration item The front page layout of system, has done some data manipulations such as data query instruction, then front page layout can be by the operation information of user Backstage is passed to, these is realized by backstage and is operated, in the step, although user has passed through the first time login of front page layout Checking, but when data are passed to into backstage, for the sake of security, interface can again carry out user's checking, verify when front transfer letter Cease to whether the accounts information and the accounts information that prestores on backstage match, be the equal of to verify accounts information again, only verifying into During work(, follow-up operation could be performed, it is therefore prevented that some terminals have impact on follow-up by way of packet capturing or imitating accounts information Data level control of authority process.
Certainly, if being now that third party's peripheral system please by the data query that the data-interface of the configuration item is input into Ask, then when receiving data inquiry request in the data-interface of the configuration item, the data inquiry request is parsed, with to institute The accounts information stated in data inquiry request is verified, and is exactly primary accounts information verification.
Step S80, after accounts information verification passes through, verifies authority of the accounts information in the configuration item Rank, wherein, the Permission Levels include row level authority and/or row level authority;
Step S90, based on Permission Levels of the accounts information in the configuration item, obtains the Permission Levels correspondence Parameter information, and the corresponding data of the parameter information are extracted in data base;
After accounts information verification passes through, Permission Levels of the accounts information in the configuration item are verified, by Include row level authority and/or row level authority in the Permission Levels, therefore, according to the accounts information in the configuration item Permission Levels, you can obtain the corresponding parameter information of the Permission Levels, the parameter information pair is finally extracted in data base The data answered.For example:Row level authority of the accounts information of S&T tax portion manager in the configuration item be S&T tax portion, Row level authority is name, sex editable, then, you can the corresponding number in the S&T tax portion is extracted in data base described According to, and in the data for obtaining, name and sex are editable.
Step S100, the data extracted are packaged, and are sent to display in display interface.
Finally, the data extracted are packaged, and will be shown in packaged data is activation to display interface, with Corresponding operation, such as read-only operation, edit operation are performed for user.
Further, before step S100, the data level authority configuring method also includes:
When the accounts information has multiple roles in the configuration item, to accounts information described in the configuration item Row level authority and row level authority are adjusted;Wherein, the row level authority is merged, the row level authority is expert at a grade authority For " visible " when, using highest-ranking authority as the row level authority after merging.
Be the equal of to do row level authority once to merge, for row level authority, first determine the grade of each authority, this enforcement In example, in row level authority preferably " editor ", " read-only ", " invisible " these three authorities, hierarchical relationship order from big to small according to It is secondary to be:" editor ", " read-only ", " invisible ".So, if the row level authority is respectively " editor ", " read-only ", then adopt The authority of " editor " covers the authority of " read-only ".Now, if " editor " and " invisible ", then the corresponding parameter letter of union is obtained Breath.
In the present embodiment, by using the data of allocation list, data level control of authority can be accomplished, so as to improve number According to the intelligent of level control of authority.
In the present invention, it is more preferable above-mentioned technical proposal, the lower data level authority control of description configures the structural representation of system, Specifically, with reference to Fig. 7:
System is made up of two parts, and one is the configuration item system (CMDB systems as shown in Figure 7) that front end user has access to Foreground, another part is the configuration item system background for being located at rear end.Each module is described below:
1st, configuration item system foreground:Configuration item system foreground login, configuration item mainly there is provided user is (as shown in Figure 7 CI) data inquiry and the displaying of the front page layout such as management, it can be divided mainly into following several functional modules:
A, user log-in block:The functions such as the login and verification of main responsible user;
B, the inquiry of configuration item data and management module:The main increase for being responsible for configuration item data, deletion, inquiry and modification Etc. function.
2nd, configuration item system background:Background system is mainly concerned with configuration item data interface module, user management module, angle Color management module, configuration item management module.Each function introduction is as follows:
A, configuration item data interface module:It is main to be responsible for processing before peripheral system and configuration item system in this solution The data that platform is sended over, including user profile, Role Information, configuration item authority information, the return result of verification data Deng;
B, user management module:The main management for being responsible for the account to user, such as account number are created, lock, nullified;
C, Role Management module:The main management being responsible for Role Information, such as role are created, locked, nullifying, authorized user To role, authorization configuration item to role etc.;
D, configuration item management module:The increase of the main management being responsible for configuration item information, such as configuration item type, deletion, Inquiry and modification, increase, deletion, inquiry and modification of configuration item attribute etc..
Based on each structure of said system, operative configuration item data flow process of the present invention is proposed:
(1) configuration item system foregrounding configuration item data
The front page layout operative configuration item data that user passes through configuration item system is the operation that user most often does, and its flow process is retouched State as follows:
User accesses the system login page, and " user logs in " module receives the account and encrypted message of user input;
Data are submitted to " user management " module and are verified by " user logs in " module;
After the verification of " user management " module passes through, configuration item data query and administration page are jumped to;
" configuration item data query and management " module is received after the operational order of user, to " the configuration item data on backstage Interface " module initiates request;
" configuration item data-interface " module is by request analysis;
Data after parsing are submitted to " user management " module by " configuration item data-interface " module, and user's letter is verified again Breath;
The verification of " user management " module initiates request by backward " Role Management " module, and whether verification user possesses access The configuration item type Permission Levels of the configuration item;
After the configuration item type Permission Levels of " Role Management " module verification user pass through, then the configuration item category for verifying user The Permission Levels of property, what is verified here is to go the authority of level and row level;
After the verification of " Role Management " module passes through, " configuration item management " module is asked, obtain configuration item type and configuration The details of item attribute;
" configuration item management " module returns data to " Role Management " module;
" Role Management " module is by all verification datas, and the details of configuration item type and configuration item attribute are in the lump Return to " user management " module;
" user management " module by verification after all data submit to " configuration item data-interface " module;
" configuration item data-interface " module is taken data are processed after the data that " user management " module is provided;
After " configuration item data-interface " complete data of resume module, initiate that data base is initiated to ask;
Data base returns data to " configuration item data-interface " module;
" configuration item data-interface " module is connected to after the data of data base's return, and data are packaged;
Data after encapsulation are back to " configuration item data query and management " module by " configuration item data-interface " module, will To front page layout, whole operation configuration item data flow terminates data display.
(2) peripheral system operative configuration item data
Peripheral system includes the asset management system, operational system, capacity management system etc., the stream of its operative configuration item data Journey is described as follows:
Peripheral system to " configuration item data-interface " module on backstage initiates request;
" configuration item data-interface " module is by request analysis;
Data after parsing are submitted to " user management " module by " configuration item data-interface " module, verify user profile;
The verification of " user management " module initiates request by backward " Role Management " module, and whether verification user possesses access The configuration item type Permission Levels of the configuration item;
After the configuration item type Permission Levels of " Role Management " module verification user pass through, then the configuration item category for verifying user The Permission Levels of property, what is verified here is to go the authority of level and row level;
After the verification of " Role Management " module passes through, " configuration item management " module is asked, obtain configuration item type and configuration The details of item attribute;
" configuration item management " module returns data to " Role Management " module;
" Role Management " module is by all verification datas, and the details of configuration item type and configuration item attribute are in the lump Return to " user management " module;
" user management " module by verification after all data submit to " configuration item data-interface " module;
" configuration item data-interface " module is taken data are processed after the data that " user management " module is provided;
After " configuration item data-interface " complete data of resume module, initiate that data base is initiated to ask;
Data base returns data to " configuration item data-interface " module;
" configuration item data-interface " module is connected to after the data of data base's return, and data are packaged;
" configuration item data-interface " module returns to the data after encapsulation, and whole operation configuration item data flow terminates.
The present invention further provides a kind of data level authority configuration.
With reference to Fig. 4, Fig. 4 is the high-level schematic functional block diagram of data level authority configuration first embodiment of the present invention.
It is emphasized that it will be apparent to those skilled in the art that functional block diagram shown in Fig. 4 is only one preferably real The exemplary plot of example is applied, those skilled in the art can be carried out easily around the functional module of the data level authority configuration shown in Fig. 4 The supplement of new functional module;The title of each functional module is self-defined title, is only used for auxiliary and understands that the data level authority is matched somebody with somebody Each program function block put, is not used in restriction technical scheme, and the core of technical solution of the present invention is, each self-defined The function to be reached of the functional module of title.
In the present embodiment, the data level authority configuration includes:
Definition module 10, during for instructing in the establishment for receiving configuration item, defines the title and/or category of the configuration item Property;
In the present embodiment, when the establishment for receiving configuration item is instructed, configuration item type, the configuration item first to be created Tables of data can also be expressed as.Specifically:Definition module 10 first defines the title of the configuration item, then positions the configuration item Attribute, corresponding tables of data is generated in data base after having defined.Such as configuration item entitled " operation maintenance personnel information ", has The attribute such as " name ", " sex ", " job number ", " department ", it is as shown in the table:
The configuration item type allocation list of table 1.
The configuration item attribute allocation list of table 2
The tables of data generated in the data base of table 3.
Creation module 20, for creating the corresponding role of the configuration item, wherein, the role is including manager and commonly User;
Configuration module 30, for title and/or attribute based on the configuration item, configures each angle in the configuration item The row level authority and/or row level authority of color so that each role in the configuration item according to the row level authority and/or row level Authority performs corresponding control of authority operation.
After the completion of the title and attribute definition of the configuration item, the corresponding role of the configuration item, the present embodiment are created In, role includes manager and domestic consumer, such as comprehensive financial operation portion manager, S&T tax portion manager, HR managers, science and technology Domestic consumer of division department or domestic consumer of comprehensive financial operation portion etc..The title and/or attribute of the configuration item are then based on, in institute The row level authority and/or row level authority that each role is configured in configuration item is stated, configuration item is licensed to into each role.Wherein:
The row level authority of each role is configured based on the title of the configuration item, is arranged actually in configuration item type Permission Levels, the Permission Levels of configuration item type have 3 kinds, are respectively " additions and deletions ", " editor ", " read-only "." additions and deletions " are represented can be with The data of the configuration item increased newly, are deleted, changed, inquired about etc. with operation;" editor " represents can be to the data of the configuration item The operation such as modify, inquire about;" read-only " expression can carry out inquiry operation to the data of the configuration item.It is as shown in the table:
The configuration item type Permission Levels allocation list of table 4.
As known from Table 4, four roles are created in upper table, different is possessed to configuration item type " operation maintenance personnel information " Permission Levels.
After the row level authority for configuring each role, then the row level authority of each role in the configuration item is set, institute State the Permission Levels that row level authority actually refers to attribute.The Permission Levels of attribute are equally divided into 3 kinds, are respectively " editor ", " only Read ", " invisible ".Wherein, " editor " represents to have permission and does edit operation to this property value;" read-only " expression is only checked This property rights;And " invisible " expression can not check this attribute information.It is as shown in the table:
Role's title Name Sex Job number Department
Comprehensive financial operation portion manager Editor Editor It is read-only Editor
S&T tax portion manager Editor Editor It is read-only Editor
HR managers Editor Editor Editor Editor
Domestic consumer of S&T tax portion It is read-only It is read-only It is invisible It is read-only
The configuration item attribute Permission Levels allocation list of table 5.
As known from Table 5, upper table represents that four roles possess different to the attribute of configuration item type " operation maintenance personnel information " Permission Levels.By such setting, it becomes possible to accurately control the authority of row DBMS.For example " S&T tax portion commonly uses Family " cannot just see the information of " job number ";" comprehensive financial operation portion manager " and " S&T tax portion manager " cannot change " work Number " information etc..
Further, in order to realize going level authority, the configuration module 30 includes:
First determining unit, for determining the configuration item in each role preset attribute column;
Setting unit, for based on the configuration item title, it is determined that the preset attribute column in arranged Filter conditional expression;
Dispensing unit, for according to the filtercondition expression formula, configuring the row level power of each role in the configuration item Limit.
In the present embodiment, the first determining unit first determines the preset attribute column of each role in the configuration item, Then title of the setting unit based on the configuration item, arranges filtercondition expression formula in the preset attribute column, if The mode for putting filtercondition expression formula is as shown in the table:
Role's title Name Sex Job number Department
Comprehensive financial operation portion manager $ { this }=comprehensive financial operation portion
S&T tax portion manager $ { this }=S&T tax portion
HR managers
Domestic consumer of S&T tax portion $ { this }=S&T tax portion
The filtercondition expression formula allocation list of table 6.
As can be known from Table 6, " comprehensive financial operation portion manager " can only check that " department " is equal to the letter in " comprehensive financial operation portion " Breath;" S&T tax portion manager " and " domestic consumer of S&T tax portion " can only check that " department " is equal in " S&T tax portion " Information.The authority of row DBMS can accurately be controlled by this configuration.
That is, the preset attribute column of each role in the configuration item is first determined in the present embodiment, it is described pre- If attribute is selected as the case may be, such as when the configuration item includes the data of bank and security Liang Ge companies, So, the preset attribute is exactly company;S&T tax portion, comprehensive financial operation portion and row in the configuration item includes bank During political affairs Human Resources Department, then the preset attribute is exactly department, purpose is provided to arrange each role in the configuration item Row level authority.
The data level authority configuration device that the present embodiment is proposed, when the establishment for receiving configuration item is instructed, first defines institute The title and attribute of configuration item are stated, the corresponding role of the configuration item is then created, finally each is configured in the configuration item The row level authority and/or row level authority of role so that each role in the configuration item according to the row level authority and/or row Level authority performs corresponding control of authority operation, when realizing configuration data level authority, to each role in the configuration item Row level authority and/or row level authority are configured, without the need for coding code again, only just can be with essence by modification configuration Really the access rights of control row level and row level, reduce the development and maintenance cost of software system.
It is appreciated that this programme realizes the data permission control of capable level and row level, the data peace of information system is improve Quan Xing, because the mode that the data storage of information system has various ways, most common of which is previously stored in relevant database, Relevant database is got up data storage using tables of data, and tables of data has row and column just as form.The program can lead to The mode for crossing modification configuration controls data access authority of the user to tables of data, isolates the data of the row and column of different user role Access rights, to reach the demand of data safety.
Further, in order to improve the motility of data level priority assignation, data of the present invention are proposed based on first embodiment The second embodiment of level authority configuration device, in the present embodiment, with reference to Fig. 5, the creation module 20 is additionally operable to receiving When the establishment of account information is instructed, corresponding account is created;
The data level authority configuration device also includes:
Determining module 40, for when the account creation is completed, determining account role to be allocated;
Module 50 is set up, for setting up the incidence relation of the account and the role to be allocated, by the role License to the account.
In the present embodiment, when the establishment for receiving account information is instructed, first show register interface for user input Account and password, then create corresponding account according to the account and password, further, it is determined that module 40 determine again it is described Account role to be allocated, that is, determine that the account is S&T tax portion manager, domestic consumer of S&T tax portion, human resourcess Portion manager or domestic consumer of Human Resource Department etc., finally set up module 50 and set up the account with the angle to be allocated The incidence relation of color.In the present embodiment, preferably the role of each department is to having unique identification information, such as S&T tax It is A-2 that portion manager is A-1, domestic consumer of S&T tax portion, and Human Resource Department manager is B-1, and Human Resource Department commonly uses Family is B-2, then it is determined that after account role to be allocated, you can by the account for creating and institute to be allocated The corresponding unique identification information associated storage of role is stated, to realize the role authorization to the account.
In the present embodiment, after account is created, determine account role to be allocated, finally set up the account Family and the incidence relation of the role to be allocated, by the role authorization account is given, and is easy to follow-up according to account pair The role for answering, performs corresponding data level control of authority operation.
Further, in order to improve the motility of data level priority assignation, data of the present invention are proposed based on second embodiment The 3rd embodiment of level authority configuration device, in the present embodiment, with reference to Fig. 6, the data level authority configuration device also includes:
Parsing module 60, during for receiving data inquiry request in the data-interface of the configuration item, parsing is described Data inquiry request, to verify to the accounts information in the data inquiry request;
In the present embodiment, the data inquiry request can be that data query of the user based on log-in interface input please Ask, or third party's peripheral system passes through the data inquiry request that the data-interface of the configuration item is input into.Wherein, in institute It is data inquiry request of the user based on log-in interface input to state data inquiry request, and the data level authority configuration also includes:
Accounts information of the receive user based on log-in interface input;
The accounts information to receiving is verified;
When the accounts information is verified successfully, execution receives data query in the data-interface of the configuration item please The operation asked.
Subsequently, when receiving data inquiry request in the data-interface of the configuration item, parsing module 60 parses described Data inquiry request, to verify to the accounts information in the data inquiry request, it should be appreciated that user is to pass through The front page layout of configuration item system is accessed, some data manipulations such as data query instruction has been done, then front page layout can be by user Operation information pass to backstage, these are realized by backstage and are operated, in the step, although user has passed through front page layout First time login authentication, but when data are passed to into backstage, for the sake of security, interface can again carry out user's checking, checking Whether the accounts information and the accounts information that prestores for currently communicating information to backstage matches, and is the equal of to verify accounts information again, Only when verifying successfully, follow-up operation could be performed, it is therefore prevented that some terminals packet capturing or imitate accounts information by way of, Have impact on follow-up data level control of authority process.
Certainly, if being now that third party's peripheral system please by the data query that the data-interface of the configuration item is input into Ask, then when receiving data inquiry request in the data-interface of the configuration item, the data inquiry request is parsed, with to institute The accounts information stated in data inquiry request is verified, and is exactly primary accounts information verification.
Correction verification module 70, for after accounts information verification passes through, verifying the accounts information in the configuration item In Permission Levels, wherein, the Permission Levels include row level authority and/or row level authority;
Acquisition module 80, for based on Permission Levels of the accounts information in the configuration item, obtaining the authority The corresponding parameter information of rank;
Extraction module 90, for extracting the corresponding data of the parameter information in data base;
After accounts information verification passes through, correction verification module 70 verifies power of the accounts information in the configuration item Limit rank, because the Permission Levels include row level authority and/or row level authority, therefore, acquisition module 80 is according to the account Permission Levels of the information in the configuration item, you can obtain the corresponding parameter information of the Permission Levels, final extraction module 90 extract the corresponding data of the parameter information in data base.For example:The accounts information of S&T tax portion manager is described It is name, sex editable that row level authority in configuration item is S&T tax portion, row level authority, then, you can counting described According to extracting in storehouse in the corresponding data in the S&T tax portion, and the data for obtaining, name and sex are editable.
Processing module 100, for the data extracted to be packaged, and is sent to display in display interface.
Finally, processing module 100 is packaged the data extracted, and by packaged data is activation to display circle Show in face, so that user performs corresponding operation, such as read-only operation, edit operation.
Further, the data level authority configuration device also includes:
Adjusting module, for when the accounts information has multiple roles in the configuration item, in the configuration item The row level authority and row level authority of the accounts information is adjusted;Wherein, the row level authority is merged, the row level Authority be expert at grade authority for " visible " when, using highest-ranking authority as the row level authority after merging.
Be the equal of to do row level authority once to merge, for row level authority, first determine the grade of each authority, this enforcement In example, in row level authority preferably " editor ", " read-only ", " invisible " these three authorities, hierarchical relationship order from big to small according to It is secondary to be:" editor ", " read-only ", " invisible ".So, if the row level authority is respectively " editor ", " read-only ", then adopt The authority of " editor " covers the authority of " read-only ".Now, if " editor " and " invisible ", then the corresponding parameter letter of union is obtained Breath.
In the present embodiment, by using the data of allocation list, data level control of authority can be accomplished, so as to improve number According to the intelligent of level control of authority.
It should be noted that herein, term " including ", "comprising" or its any other variant are intended to non-row His property is included, so that a series of process, method, article or device including key elements not only include those key elements, and And also include other key elements being not expressly set out, or also include for this process, method, article or device institute inherently Key element.In the absence of more restrictions, the key element for being limited by sentence "including a ...", it is not excluded that including being somebody's turn to do Also there is other identical element in the process of key element, method, article or device.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on such understanding, technical scheme is substantially done to prior art in other words Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, computer takes Business device, air-conditioner, or network equipment etc.) perform method described in each embodiment of the invention.
The preferred embodiments of the present invention are these are only, the scope of the claims of the present invention is not thereby limited, it is every using this Equivalent structure or equivalent flow conversion that bright description and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of data level authority configuring method, it is characterised in that the data level authority configuring method includes:
When the establishment for receiving configuration item is instructed, the title and/or attribute of the configuration item are defined;
The corresponding role of the configuration item is created, wherein, the role includes manager and domestic consumer;
Title and/or attribute based on the configuration item, configures the row level authority and/or row of each role in the configuration item Level authority, so that each role performs corresponding authority in the configuration item according to the row level authority and/or row level authority Control operation.
2. data level authority configuring method as claimed in claim 1, it is characterised in that the name based on the configuration item The step of title, row level authority that each role is configured in the configuration item, includes:
Determine the preset attribute column of each role in the configuration item;
Based on the title of the configuration item, it is determined that the preset attribute column in filtercondition expression formula is set;
According to the filtercondition expression formula, the row level authority of each role in the configuration item is configured.
3. data level authority configuring method as claimed in claim 1 or 2, it is characterised in that described based on the configuration item Title and/or attribute, the step of the row level authority and/or row level authority that each role is configured in the configuration item after, institute Stating data level authority configuring method also includes:
When the establishment for receiving account information is instructed, corresponding account is created;
When the account creation is completed, account role to be allocated is determined;
The incidence relation of the account and the role to be allocated is set up, by the role authorization account is given.
4. data level authority configuring method as claimed in claim 3, it is characterised in that it is described set up the account with it is to be allocated The role incidence relation the step of after, the data level authority configuring method also includes:
When receiving data inquiry request in the data-interface of the configuration item, the data inquiry request is parsed, with to institute The accounts information stated in data inquiry request is verified;
After accounts information verification passes through, Permission Levels of the accounts information in the configuration item are verified, wherein, institute Permission Levels are stated including row level authority and/or row level authority;
Based on Permission Levels of the accounts information in the configuration item, the corresponding parameter information of the Permission Levels is obtained, And extract the corresponding data of the parameter information in data base;
The data extracted are packaged, and are sent to display in display interface.
5. data level authority configuring method as claimed in claim 4, it is characterised in that described to carry out the data extracted Encapsulation, and be sent to before the step of showing in display interface, the data level authority configuring method also includes:
Row level when the accounts information has multiple roles in the configuration item, to accounts information described in the configuration item Authority and row level authority are adjusted;Wherein, the row level authority is merged, a row level authority grade authority of being expert at is When " visible ", using highest-ranking authority as the row level authority after merging.
6. a kind of data level authority configuration device, it is characterised in that the data level authority configuration device includes:
Definition module, during for instructing in the establishment for receiving configuration item, defines the title and/or attribute of the configuration item;
Creation module, for creating the corresponding role of the configuration item, wherein, the role includes manager and domestic consumer;
Configuration module, for title and/or attribute based on the configuration item, configures the row of each role in the configuration item Level authority and/or row level authority, so that each role holds in the configuration item according to the row level authority and/or row level authority The corresponding control of authority operation of row.
7. data level authority configuration device as claimed in claim 6, it is characterised in that the configuration module includes:
First determining unit, for determining the configuration item in each role preset attribute column;
Setting unit, for based on the configuration item title, it is determined that the preset attribute column in filtering rod is set Part expression formula;
Dispensing unit, for according to the filtercondition expression formula, configuring the row level authority of each role in the configuration item.
8. data level authority configuration device as claimed in claims 6 or 7, it is characterised in that the creation module, is additionally operable to When the establishment for receiving account information is instructed, corresponding account is created;
The data level authority configuration device also includes:
Determining module, for when the account creation is completed, determining account role to be allocated;
Module is set up, for setting up the incidence relation of the account and the role to be allocated, the role authorization is given The account.
9. data level authority configuration device as claimed in claim 8, it is characterised in that the data level authority configuration device is also Including:
Parsing module, during for receiving data inquiry request in the data-interface of the configuration item, parsing the data and looking into Request is ask, to verify to the accounts information in the data inquiry request;
Correction verification module, for after accounts information verification passes through, verifying power of the accounts information in the configuration item Limit rank, wherein, the Permission Levels include row level authority and/or row level authority;
Acquisition module, for based on Permission Levels of the accounts information in the configuration item, obtaining the Permission Levels pair The parameter information answered;
Extraction module, for extracting the corresponding data of the parameter information in data base;
Processing module, for the data extracted to be packaged, and is sent to display in display interface.
10. data level authority configuration device as claimed in claim 9, it is characterised in that the data level authority configuration device Also include:
Adjusting module, for when the accounts information has multiple roles in the configuration item, described in the configuration item The row level authority and row level authority of accounts information is adjusted;Wherein, the row level authority is merged, the row level authority When grade authority of being expert at is " visible ", using highest-ranking authority as the row level authority after merging.
CN201610970700.2A 2016-10-27 2016-10-27 Data level authority configuration method and apparatus Pending CN106570406A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610970700.2A CN106570406A (en) 2016-10-27 2016-10-27 Data level authority configuration method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610970700.2A CN106570406A (en) 2016-10-27 2016-10-27 Data level authority configuration method and apparatus

Publications (1)

Publication Number Publication Date
CN106570406A true CN106570406A (en) 2017-04-19

Family

ID=58539912

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610970700.2A Pending CN106570406A (en) 2016-10-27 2016-10-27 Data level authority configuration method and apparatus

Country Status (1)

Country Link
CN (1) CN106570406A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107742066A (en) * 2017-09-18 2018-02-27 广东芬尼克兹节能设备有限公司 Account authority configuring method, device, terminal device and computer-readable storage medium
CN107770173A (en) * 2017-10-20 2018-03-06 国信嘉宁数据技术有限公司 Subscriber Management System, related identification information creation method and request method of calibration
CN109032459A (en) * 2017-07-16 2018-12-18 成都牵牛草信息技术有限公司 A kind of form data operating right authorization method
WO2019011255A1 (en) * 2017-07-11 2019-01-17 成都牵牛草信息技术有限公司 Method for authorizing field value of form field by means of third party field
WO2019029499A1 (en) * 2017-08-07 2019-02-14 成都牵牛草信息技术有限公司 Authorization method for displaying current permissions status of all system users
WO2019034022A1 (en) * 2017-08-14 2019-02-21 成都牵牛草信息技术有限公司 Method for setting operating record viewing right based on time period
CN109472154A (en) * 2018-09-30 2019-03-15 武汉达梦数据库有限公司 The multi-layer mechanism of zero configuration, user maintenance method
WO2019201082A1 (en) * 2018-04-19 2019-10-24 华为技术有限公司 Data access control method and database access device
CN110704863A (en) * 2019-08-23 2020-01-17 深圳市随手科技有限公司 Configuration information processing method and device, computer equipment and storage medium
CN111177698A (en) * 2019-12-13 2020-05-19 平安医疗健康管理股份有限公司 Processing method and device of portal system and computer equipment
WO2020124294A1 (en) * 2018-12-16 2020-06-25 吉安市井冈山开发区金庐陵经济发展有限公司 Permission configuration method
CN111400681A (en) * 2020-04-07 2020-07-10 杭州指令集智能科技有限公司 Data permission processing method, device and equipment
CN111428212A (en) * 2020-04-15 2020-07-17 上海嘉银金融科技股份有限公司 Data visualization system and data authority management method thereof
JP2020528174A (en) * 2017-07-05 2020-09-17 成都牽牛草信息技術有限公司Chengdu Qianniucao Information Technology Co., Ltd. How to approve the operation authority of form field value
CN115017531A (en) * 2022-08-09 2022-09-06 威海海洋职业学院 Financial data sharing method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102479186A (en) * 2010-11-23 2012-05-30 金蝶软件(中国)有限公司 Method, device and system for integrating third-party service system authority into data processing system
CN104715341A (en) * 2015-03-30 2015-06-17 中国联合网络通信集团有限公司 Permission assigning method and device
US20160246992A1 (en) * 2015-02-24 2016-08-25 International Business Machines Corporation Fine-Grained User Control Over Usages Of Sensitive System Resources Having Private Data With Applications In Privacy Enforcement

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102479186A (en) * 2010-11-23 2012-05-30 金蝶软件(中国)有限公司 Method, device and system for integrating third-party service system authority into data processing system
US20160246992A1 (en) * 2015-02-24 2016-08-25 International Business Machines Corporation Fine-Grained User Control Over Usages Of Sensitive System Resources Having Private Data With Applications In Privacy Enforcement
CN104715341A (en) * 2015-03-30 2015-06-17 中国联合网络通信集团有限公司 Permission assigning method and device

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020528174A (en) * 2017-07-05 2020-09-17 成都牽牛草信息技術有限公司Chengdu Qianniucao Information Technology Co., Ltd. How to approve the operation authority of form field value
WO2019011255A1 (en) * 2017-07-11 2019-01-17 成都牵牛草信息技术有限公司 Method for authorizing field value of form field by means of third party field
US11775687B2 (en) 2017-07-11 2023-10-03 Chengdu Qianniucao Information Technology Co., Ltd. Method for authorizing field value of form field by means of third party field
US11599656B2 (en) 2017-07-16 2023-03-07 Chengdu Qianniucao Information Technology Co., Ltd. Method for authorizing form data operation authority
CN109032459A (en) * 2017-07-16 2018-12-18 成都牵牛草信息技术有限公司 A kind of form data operating right authorization method
WO2019015539A1 (en) * 2017-07-16 2019-01-24 成都牵牛草信息技术有限公司 Method for authorizing form data operation authority
CN109032459B (en) * 2017-07-16 2022-01-25 成都牵牛草信息技术有限公司 Form data operation authority authorization method
WO2019029499A1 (en) * 2017-08-07 2019-02-14 成都牵牛草信息技术有限公司 Authorization method for displaying current permissions status of all system users
WO2019034022A1 (en) * 2017-08-14 2019-02-21 成都牵牛草信息技术有限公司 Method for setting operating record viewing right based on time period
US11586747B2 (en) 2017-08-14 2023-02-21 Chengdu Qianniucao Information Technology Co., Ltd. Method for setting operating record viewing right based on time period
CN107742066B (en) * 2017-09-18 2020-07-28 广东芬尼克兹节能设备有限公司 Account permission configuration method and device, terminal equipment and computer storage medium
CN107742066A (en) * 2017-09-18 2018-02-27 广东芬尼克兹节能设备有限公司 Account authority configuring method, device, terminal device and computer-readable storage medium
CN107770173A (en) * 2017-10-20 2018-03-06 国信嘉宁数据技术有限公司 Subscriber Management System, related identification information creation method and request method of calibration
US11947700B2 (en) 2018-04-19 2024-04-02 Huawei Technologies Co., Ltd. Data access control method and database access apparatus
WO2019201082A1 (en) * 2018-04-19 2019-10-24 华为技术有限公司 Data access control method and database access device
CN109472154A (en) * 2018-09-30 2019-03-15 武汉达梦数据库有限公司 The multi-layer mechanism of zero configuration, user maintenance method
WO2020124294A1 (en) * 2018-12-16 2020-06-25 吉安市井冈山开发区金庐陵经济发展有限公司 Permission configuration method
CN110704863B (en) * 2019-08-23 2021-11-26 深圳市铭数信息有限公司 Configuration information processing method and device, computer equipment and storage medium
CN110704863A (en) * 2019-08-23 2020-01-17 深圳市随手科技有限公司 Configuration information processing method and device, computer equipment and storage medium
CN111177698A (en) * 2019-12-13 2020-05-19 平安医疗健康管理股份有限公司 Processing method and device of portal system and computer equipment
CN111177698B (en) * 2019-12-13 2022-10-25 平安医疗健康管理股份有限公司 Processing method and device of portal system and computer equipment
CN111400681A (en) * 2020-04-07 2020-07-10 杭州指令集智能科技有限公司 Data permission processing method, device and equipment
CN111400681B (en) * 2020-04-07 2023-09-12 杭州指令集智能科技有限公司 Data authority processing method, device and equipment
CN111428212B (en) * 2020-04-15 2023-05-05 上海嘉银金融科技股份有限公司 Data visualization system and data authority management method thereof
CN111428212A (en) * 2020-04-15 2020-07-17 上海嘉银金融科技股份有限公司 Data visualization system and data authority management method thereof
CN115017531B (en) * 2022-08-09 2022-11-01 威海海洋职业学院 Financial data sharing method and system
CN115017531A (en) * 2022-08-09 2022-09-06 威海海洋职业学院 Financial data sharing method and system

Similar Documents

Publication Publication Date Title
CN106570406A (en) Data level authority configuration method and apparatus
CN104391934B (en) Data verification method and device
CN110727922B (en) Anti-fraud decision model construction method based on multi-dimensional data flow
CN107342992A (en) A kind of System right management method, apparatus and computer-readable recording medium
CN105046146B (en) A kind of resource access method of Android system
CN102930226A (en) Method for controlling use permission of fine-grained client
CN101208702A (en) Architecture for computer-implemented authentication and authorization
CN107169073A (en) A kind of data managing method and management platform
CN103853986A (en) Access control method and device
CN108092945B (en) Method and device for determining access authority and terminal
CN112528251B (en) User account authority management method, device, equipment and readable medium
CN107908695A (en) Operation system operation method, device, system and readable storage medium storing program for executing
CN102004866A (en) Method and device for user identity verification and access control of information system
CN105337974A (en) Account authorization method, account login method, account authorization device and client end
CN106778303A (en) Delegated strategy optimization method and delegated strategy optimization device
CN107358122A (en) The access management method and system of a kind of data storage
CN110049048A (en) A kind of data access method, equipment and the readable medium of government affairs public service
CN106815503A (en) A kind of operating system method for managing user right and system
CN105825164A (en) Fingerprint identification method and electronic equipment
CN109817347A (en) Inline diagnosis platform, its right management method and Rights Management System
CN1972307A (en) A member registration method for network system
CN106302483A (en) Decentralized management method and system
CN102096877A (en) Online duty machine system and method
CN109670835A (en) Air control method, apparatus, equipment and readable storage medium storing program for executing based on service node
CN109461069A (en) Air control method, apparatus, equipment and readable storage medium storing program for executing based on service node

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170419