CN106611132A - 一种基于角色的用户访问控制方法 - Google Patents

一种基于角色的用户访问控制方法 Download PDF

Info

Publication number
CN106611132A
CN106611132A CN201510702574.8A CN201510702574A CN106611132A CN 106611132 A CN106611132 A CN 106611132A CN 201510702574 A CN201510702574 A CN 201510702574A CN 106611132 A CN106611132 A CN 106611132A
Authority
CN
China
Prior art keywords
function
role
user
access control
string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510702574.8A
Other languages
English (en)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZHENJIANG HUAYANG INFORMATION TECHNOLOGY CO LTD
Original Assignee
ZHENJIANG HUAYANG INFORMATION TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZHENJIANG HUAYANG INFORMATION TECHNOLOGY CO LTD filed Critical ZHENJIANG HUAYANG INFORMATION TECHNOLOGY CO LTD
Priority to CN201510702574.8A priority Critical patent/CN106611132A/zh
Publication of CN106611132A publication Critical patent/CN106611132A/zh
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4488Object-oriented

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Document Processing Apparatus (AREA)

Abstract

基于角色的用户访问控制RBAC模型的设计思想,提出了一种简化开发过程、方便用户管理权限的方法,并采用Delphi实现其设计。

Description

一种基于角色的用户访问控制方法
技术领域
一种基于角色的用户访问控制方法主要是涉及数据库方面领域。
背景技术
随着企业对信息系统越来越高的期望,传统的访问控制方法DAC(Discretionary Access Control,自主访问控制模型)、MAC(Mandatory Access Control,强制访问控制模型)已经难以满足复杂的企业环境需求。因此,90年代初美国国家标准化和技术委员会提出了基于角色的访问控制方法,该方法由于实现了用户与访问权限的逻辑分离,更加符合企业的用户、组织、数据和应用特征,而被越来越多的信息系统所使用。
基于角色的访问控制方法(RBAC-Role-Based Access Control)是目前公认的解决大型企业的统一资源访问控制的有效方法。其显著的两大特征是:
1.减小授权管理的复杂性,降低管理开销。
2.灵活地支持企业的安全策略,并对企业的变化有更大的伸缩性。
发明内容
通过国家专利检索没有发现关于此系统方面的申请资料。
本文中使用Delphi作为开发工具来实现。在程序中,建立一个单元文件UFunctions.pas封装权限控制类,在系统登录时调用权限控制模块生成用户界面。此处仅列出主要的实现代码。
1.封装权限控制代码(UFunctions.pas)
//用户类
type
TUser = class(TObject)
private
_UserID: string;//用户代码
_UserName: string;//用户名
_PassWord: string;
public
constructor Create();
property UserID: string read _UserID;
property UserName: string read _UserName;
//登录用户
function Login(UserID, PassWord: string): Integer;
//注销用户
procedure Logout;
//修改密码
function ChangePassWord(OldPassWord, NewPassWord: string): boolean;
end;
//权限类
以下为权限定义部分:
type
TFunctions=class(TObject)
private
//整个菜单数据,功能号和窗体类的关联,用户可用的功能集
_cdsAllMenu,_cdsFunc,_cdsUserFunc: TClientDataSet;
_User:TUser;
//若子菜单有权限显示,必须把相应的父级菜单也显示出来
procedure ShowParentMenu(var cdsMenu:TClientDataSet;ParentMenuID:Integer); //显示子菜单,被ShowMenu调用
procedure ShowChildMenu(cdsMenu:TClientDataSet;MenuItem:TMenuItem;MenuID:Integer);
//显示菜单主过程
procedure ShowMenu(cdsMenu:TClientDataSet;Sender:TObject;mnuMain:TMainMenu); //显示工具栏按钮
procedure ShowToolButton(cdsUserFunc: TClientDataSet;tbMain:TToolBar);
//菜单点击动作处理程序
procedure MenuClick(Sender: TObject);
//根据窗体类名获得窗体类
function GetForm(FormName: string): TForm;
//传入窗体类名和窗体显示模式,创建该窗体类的一个实例
function ShowForm(FormName, FormModel: string): TForm;
function GetUser:TUser;
procedure SetUser(Value:TUser);
public
//登录用户的一个实例
property LoginUser:TUser read GetUser write SetUser;
//根据功能号执行相应的操作,若失败返回False
function ExeFunc(FuncID:String):Boolean;
//检查窗体的组件是否有权限,有则使之可用,否则禁用
procedure CheckFormChildFunc(Frm:TForm;FuncID:String);
//是否具有某权限
function HasRight(FuncID:String):Boolean;
//根据用户代码生成菜单和工具栏
procedure ShowMenuTool(UserID:String;var mnuMain:TMainMenu;
var tbMain:TToolBar;Sender:TObject);
//登录系统处理过程
function Login(UserID, PassWord: string): boolean;
end;
以下为一些关键的实现代码:
//根据功能号执行相应的操作,若失败返回False
function TFunctions.ExeFunc(FuncID:String):Boolean;
var
FormName, FormModel: string;
Frm:TForm;
begin
result:=False;
_cdsFunc.Filtered:=False;
_cdsFunc.Filter:='FuncID='''+FuncID+'''';
_cdsFunc.Filtered:=True;
//若该功能号不存在
if _cdsFunc.IsEmpty then
begin
_cdsFunc.Filtered:=False;
exit;
end;//if
if FuncID='1001' then//用户登录,该功能号是系统默认,1001表示的就是‘用户登录’功能。 else //打开窗体
begin
FormName:=_cdsFunc.FieldByName('ControlName').AsString;
FormModel:=_cdsFunc.FieldByName('FormModal').AsString;
_cdsFunc.Filtered:=False;
if FormName <> '' then
begin
Frm:=ShowForm(FormName, FormModel);
CheckFormChildFunc(Frm,FuncID);//控制窗体上的组件状态
end;
end;
_cdsFunc.Filtered:=False;
result:=True;
end;
//显示菜单
procedure TFunctions.ShowMenu(cdsMenu: TClientDataSet;
Sender: TObject;mnuMain:TMainMenu);
var
newMenu:TMenuItem;
cdsTmp:TClientDataSet;
FuncID:Integer;
begin
….
newMenu:=TMenuItem.Create(nil);
newMenu.Caption:='【'+cdsTmp.FieldByName('MenuText').AsString+'】';
FuncID:=GetIntDataSet(cdsTmp,'FuncID',0);
newMenu.Tag:=FuncID;
mnuMain.Items.Add(newMenu);
mnuMain.Items[mnuMain.Items.Count-1].Visible:=True;
if FuncID<>0 then newMenu.OnClick:=MenuClick;
ShowChildMenu(cdsMenu,newMenu,cdsTmp.FieldByName('MenuID').AsInteger);
……
end;
//传入窗体类名和显示模式,创建该窗体类的一个实例
function TFunctions.ShowForm(FormName, FormModel: string): TForm;
var
FormClass: TClass;
fForm: TForm;
bNull: Boolean;
begin
Result := nil;
bNull := False;
FormClass := GetClass(FormName);
FormModel := UpperCase(FormModel);
if FormClass = nil then
exit;
if (FormModel = 'M') or (FormModel = 'D') then
fForm := nil
else if (FormModel = 'S') then
fForm := GetForm(FormName)
else
exit;
if fForm = nil then
begin
Application.CreateForm(TComponentClass(FormClass), fForm); end
else
bNull := True;
if FormModel = 'D' then
begin
result := fForm;
fForm.ShowModal;
end
else
begin
fForm.Show;
result := fForm;
end;
ShowFuncIDInStatusBar(FuncID);
end;
2.主窗体部分,生成权限控制类的一个实例(UFrmMain)
var
MyFunctions: TFunctions;
MyFunctions := TFunctions.Create;
3.登录部分(UFrmLogin)
procedure TfrmLogin.btnLoginClick(Sender: TObject);
var
iRet,I:Integer;
sErr:String;
begin
iRet:=MyFunctions.LoginUser.Login(edtUserID.Text,edtPassWord.Text); Case iRet of
0:
sErr:='';
1:
sErr:='该账户已被禁用,请联系系统管理员!';
2:
sErr:='该账户密码已过期,请联系系统管理员!';
-1:
sErr:='用户密码有误,请重新输入!';
end;
//登录失败
if iRet<>0 then
begin
ShowMessage(sErr);
exit;
end
else//登录成功
begin
frmMain.Show;
MyFunctions.ShowMenuTool(MyFunctions.LoginUser.WorkID,frmMain.meuMain, frmMain.tbrMain,frmMain);
close;
end;
end;
4.定义一个窗体为功能时需要在该窗体中加入以下代码,使该窗体在系统中进行注册:
initialization
RegisterClass(TfrmTest);
TfrmTest是窗体的类名。
在‘功能定义’中可以这样登记:
功能号:2001
功能名称:测试功能
受控对象名:TfrmTest
窗体模式:S(S表示该窗体类仅能创建一个实例)。

Claims (5)

1.一种基于角色的用户访问控制方法其特征是访问权限与角色相关联,角色再与用户关联,从而实现了用户与访问权限的逻辑分离;人员在系统中总是扮演某种角色的;业务逻辑希望面对的是系统中的角色,而非扮演角色的具体的人。
2.开发人员进行功能定义,把每一个窗体作为一个功能登记到数据库中,并赋予唯一的一个功能号,也可以直接登记一个功能。
3.登记菜单,菜单再跟功能关联,一个功能可以与多个菜单项进行关联。
4.添加角色,并分配一些权限,即功能。
5.登记用户,并赋予该用户一个角色。
CN201510702574.8A 2015-10-27 2015-10-27 一种基于角色的用户访问控制方法 Pending CN106611132A (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510702574.8A CN106611132A (zh) 2015-10-27 2015-10-27 一种基于角色的用户访问控制方法

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510702574.8A CN106611132A (zh) 2015-10-27 2015-10-27 一种基于角色的用户访问控制方法

Publications (1)

Publication Number Publication Date
CN106611132A true CN106611132A (zh) 2017-05-03

Family

ID=58612854

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510702574.8A Pending CN106611132A (zh) 2015-10-27 2015-10-27 一种基于角色的用户访问控制方法

Country Status (1)

Country Link
CN (1) CN106611132A (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109388922A (zh) * 2017-08-04 2019-02-26 镇江雅迅软件有限责任公司 一种基于rbac模型的用户管理及一键登录实现办法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109388922A (zh) * 2017-08-04 2019-02-26 镇江雅迅软件有限责任公司 一种基于rbac模型的用户管理及一键登录实现办法

Similar Documents

Publication Publication Date Title
US20200301764A1 (en) Operating system on a computing system
Gong Java security: Present and near future
CN104516777B (zh) 用户界面管理方法和系统
US9769211B2 (en) Providing a common security policy for a heterogeneous computer architecture environment
CN102299915B (zh) 基于网络层声明的访问控制
TWI526931B (zh) 用於虛擬機器之繼承產品啟動
US8146138B2 (en) Access unit switching through physical mediation
Berger et al. Security for the cloud infrastructure: Trusted virtual data center implementation
KR102586159B1 (ko) 잠금 모드, 중급 모드, 그리고 해제 모드에서의 데이터 처리 단말들과 관련된 방법들
US11153295B2 (en) Authentication of plugins in a virtualized computing environment
CN104021335A (zh) 基于可扩展密码服务框架的密码服务方法
Gong New security architectural directions for Java
WO2019160747A1 (en) System and method for monitoring effective control of a machine
CN202632281U (zh) 一种电子数据隐私保护系统和具有隐私保护功能的移动存储装置
CN106611132A (zh) 一种基于角色的用户访问控制方法
Blanc et al. Improving mandatory access control for HPC clusters
US10205786B2 (en) Multi-user application executing in user privilege mode
US20210334084A1 (en) Systems and methods for secure maintenance device for cyber-physical systems
England et al. Virtual machines for enterprise desktop security
WO2019209893A1 (en) Operating system on a computing system
US10075448B2 (en) Password setup management
Gong Java security: a ten year retrospective
Blanc et al. Mandatory access control for shared hpc clusters: Setup and performance evaluation
Golonka et al. Integrated access control for PVSS-based SCADA systems at CERN
Kolhe et al. Trusted platform for support services in cloud computing environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170503