CN106780923A - A kind of access permission management system - Google Patents
A kind of access permission management system Download PDFInfo
- Publication number
- CN106780923A CN106780923A CN201710055140.2A CN201710055140A CN106780923A CN 106780923 A CN106780923 A CN 106780923A CN 201710055140 A CN201710055140 A CN 201710055140A CN 106780923 A CN106780923 A CN 106780923A
- Authority
- CN
- China
- Prior art keywords
- user
- unit
- access
- character units
- role
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
Abstract
The present invention relates to rights management techniques field, specifically a kind of access permission management system, including subscriber unit, conversation element, character units, keeper's unit, function privilege unit and access card unit;Subscriber unit is connected with conversation element and character units respectively, and the conversation element is connected with character units, and character units are connected with keeper's unit, function privilege unit respectively;Access card unit is connected with conversation element.Compared with the prior art, the present invention realizes the logical separation of user and access rights, and the authority separation of function and data makes the configuration of authority and manages simpler, reduces the use difficulty of user.
Description
Technical field
The present invention relates to rights management techniques field, and in particular to a kind of access permission management system.
Background technology
I T information systems are a man-machine interactive systems for complexity, and wherein each specific link may be subject to safe prestige
The side of body.Build strong Rights Management System, it is ensured that the security of information system is highly important.Access control is directed to goes beyond one's commission
Use the defensive measure of resource.Elementary object is to limit access main body (user, process, service etc.) to accessing object (text
Part, system etc.) access rights so that computer system is used in legal range.Access control policy typically has three kinds:
From principal mode access control method, pressure type access control method and access control based roles method (RBAC) (Role-
Based Access Control, refer to access control based roles).Wherein, autonomous type and workload both forced action type are big,
It is not easy to management.Access control based roles method is the concept that role is added between user and authority, by being role
Distribution authority, and for user distributes role, realize that user authorizes, the purpose that user with authority separate has been reached, the method is
The effective ways of the Uniform resources access control of the solution large enterprise for generally acknowledging at present.It significant two is characterized in greatly:1. reduce
The complexity of empowerment management, reduces administration overhead;2. the security strategy of enterprise is neatly supported, and change to enterprise has very big
Retractility.
Authority is generally divided into function privilege and data permission, and function privilege is primarily referred to as what main body had to certain business
Reading and writing, the license looking into, change etc., often shown in application system forms realization whether, menu item whether occur, function
Button whether can with etc. aspect.Data permission is mainly the scope to main body control resource, by the number to corresponding Role Dilemma
According to the definition of scope, reach system data tissue particles degree (tissue particles degree is classification and the size of data area of data,
Such as data classification can be divided into general data and private data, data area size can be divided into individual event business datum scope and
Multinomial business datum scope) differentiation.The rights management resourcefulness for being currently based on RBAC is the control for laying particular emphasis on function privilege, right
The control realization of data permission flexible or too complex not enough, so as to cause the configuration of authority and management process complicated, increases
The difficulty that user uses is added.
The content of the invention
It is an object of the invention to provide a kind of access permission management system, technical problem to be solved is:It is currently based on
The rights management resourcefulness of RBAC is the control for laying particular emphasis on function privilege, to the control realization of data permission not enough flexibly or
Too complex, so as to cause the configuration of authority and management process complicated, increased the difficulty that user uses.
The technical scheme that the present invention solves above-mentioned technical problem is as follows:A kind of rights management device based on RBAC, including
Subscriber unit, conversation element, character units, keeper's unit and function privilege unit;
The subscriber unit is connected with conversation element and character units respectively, and the session number of user is transmitted to conversation element
According to (role's configuration is directed to specified tissue or user is authorized in rights management device for role's configuration that reception character units send
In the reading and writing having to certain business, the license looking into, change etc. and main body control resource scope), subscriber unit is used to log in
The corresponding permission system of rights management device, carry out identifying data (identifying data include the date of birth on user, place,
The information such as health, company's position) record, send session data and receive role's configuration;
The conversation element is connected with character units, receives the session data of subscriber unit, and send sharp to character units
(activation character data is to show the information of user configuring role to character data living, configures the information of role, refers mainly to carry configuration
The signal of role), for by session process and user mutual, determining user identity, (user role refers to activation user role
User has the power of the scope of the reading and writing having to certain business, the license looking into, change etc. and main body control resource in systems
Limit);
The character units are connected with keeper's unit, function privilege unit and access card unit respectively, and respectively to pipe
Reason person's unit, function privilege unit send access request, for according to session results distributing user role (according to conversation element pair
After the identity validation of user, to user distribution increase, modification, delete job task authority), and determine user identity with
Corresponding relation between the affiliated role of user;
Keeper's unit, for the access request manual identified sent to user according to user role, and will identification
Result pushes to external reception unit;
The function privilege unit, for the access request identification sent to user according to user role, distributes to user
Function privilege, to operating the corresponding application program authority of each business to be controlled;
The access card unit is connected with character units, and the access request for being sent to user according to user role is known
Not, access permission is distributed to user, the access permission to user is controlled.
Further, the function privilege unit includes module and tissue, and the operation is to include increasing to user's distribution, delete
Except, the authority distribution unit changing, inquire about each operation flow application module, the module is the application mould of each operation flow
Block.
The beneficial effects of the invention are as follows:Authorized to user respectively by function privilege unit, so as to by the specific number of system
Operating right according to scope with operate the authority of the corresponding application program of each business to separate, simplify authority configuration process, it is right
It is more targeted in the scope and level of authority configuration, neatly support the security strategy of system, and change to system has
Very big retractility, so as to improve System Operation efficiency;The access request that access card unit sends according to user role to user
Identification, access permission is distributed to user, is easy to carry out access permission management to user;It is identified and examines by keeper's unit
Core, can push role's distribution information to outside, be easy to user to understand;Function privilege assigning process is constituted using " module+operation "
One function unit carries out the distribution of function privilege, make authority configuration and implementation procedure more flexibly, it is easy.
Brief description of the drawings
Fig. 1 is a kind of access permission management system structure diagram of the invention.
Specific embodiment
Principle of the invention and feature are described below in conjunction with accompanying drawing, example is served only for explaining the present invention, and
It is non-for limiting the scope of the present invention.
As shown in figure 1, a kind of access permission management system, including subscriber unit, conversation element, character units, keeper
Unit, function privilege unit and access card unit;
The subscriber unit is connected with conversation element and character units respectively, and the session number of user is transmitted to conversation element
According to, role's configuration that character units send is received, subscriber unit is used for load right managing device, carries out identifying data typing;
The conversation element is connected with character units, receives the session data of subscriber unit, and send sharp to character units
Character data living, for by session process and user mutual, activating user role;
The character units are connected with keeper's unit, function privilege unit and access card unit respectively, and respectively to pipe
Reason person's unit, function privilege unit and character units send access request, for according to session results distributing user role, and
Corresponding relation between the user identity of determination and the affiliated role of the user;
Keeper's unit, for the access request manual identified sent to user according to user role, and will identification
Result pushes to external reception unit;
The function privilege unit, for the access request identification sent to user according to user role, distributes to user
Function privilege, access and operating right to operating the corresponding application module of each business are controlled;
The access card unit is connected with character units, and the access request for being sent to user according to user role is known
Not, access permission is distributed to user, the access permission to user is controlled.
The function privilege unit includes module and tissue, and the operation is to distribute include increasing, delete, repair to user
Change, inquire about the authority distribution unit of each operation flow application module, the module is the application module of each operation flow.
Authorized to user respectively by function privilege unit, so as to by the operating right of the specific data area of system and behaviour
The authority for making the corresponding application program of each business is separated, and authority configuration process is simplified, for the scope and layer of authority configuration
It is secondary more targetedly neatly to support the security strategy of system, and change to system has very big retractility, so as to improve
System Operation efficiency;The access request identification that access card unit sends according to user role to user, weighs to user distribution gate inhibition
Limit, is easy to carry out access permission management to user;It is identified and audits by keeper's unit, role point can be pushed to outside
With information, it is easy to user to understand;Function privilege assigning process constitutes One function unit to carry out function using " module+operation "
The distribution of authority, makes authority configuration and implementation procedure more flexible, easy.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all it is of the invention spirit and
Within principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.
Claims (2)
1. a kind of access permission management system, it is characterised in that:Including subscriber unit, conversation element, character units, keeper's list
Unit, function privilege unit and access card unit;
The subscriber unit is connected with conversation element and character units respectively, and the session data of user is transmitted to conversation element, is connect
Role's configuration that character units send is received, subscriber unit is used for load right managing device, carries out identifying data typing;
The conversation element is connected with character units, receives the session data of subscriber unit, and send activation angle to character units
Chromatic number evidence, for by session process and user mutual, activating user role;
The character units are connected with keeper's unit, function privilege unit and access card unit respectively, and respectively to keeper
Unit, function privilege unit and character units send access request, for according to session results distributing user role, and determination
User identity and the affiliated role of the user between corresponding relation;
Keeper's unit, for the access request manual identified sent to user according to user role, and by recognition result
Push to external reception unit;
The function privilege unit, for the access request identification sent to user according to user role, to user's distribution function
Authority, access and operating right to operating the corresponding application module of each business are controlled;
The access card unit is connected with character units, and the access request for being sent to user according to user role is recognized, to
User distributes access permission, and the access permission to user is controlled.
2. a kind of access permission management system according to claim 1, it is characterised in that:The function privilege unit includes mould
Block and tissue, the operation are to include the authority for increasing, delete, changing, inquire about each operation flow application module to user's distribution
Allocation unit, the module is the application of each operation flow.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710055140.2A CN106780923A (en) | 2017-01-24 | 2017-01-24 | A kind of access permission management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710055140.2A CN106780923A (en) | 2017-01-24 | 2017-01-24 | A kind of access permission management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106780923A true CN106780923A (en) | 2017-05-31 |
Family
ID=58942817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710055140.2A Pending CN106780923A (en) | 2017-01-24 | 2017-01-24 | A kind of access permission management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106780923A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270292A (en) * | 2018-02-01 | 2018-07-10 | 七星电气股份有限公司 | System is monitored for the intelligent online of switching station |
| WO2019148582A1 (en) * | 2018-02-02 | 2019-08-08 | 深圳市鹰硕技术有限公司 | Control method and system for intelligent school campus |
| CN110930559A (en) * | 2019-12-13 | 2020-03-27 | 上海古鳌电子科技股份有限公司 | Control system of intelligent automatic interaction equipment |
| CN113963471A (en) * | 2020-07-20 | 2022-01-21 | 安徽徽昂光电科技有限公司 | RFID tag and operation method thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008282182A (en) * | 2007-05-10 | 2008-11-20 | Mitsubishi Electric Corp | Access authority management device and access authority management method and program |
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
| CN104052747A (en) * | 2014-06-23 | 2014-09-17 | 桂林长海科技有限责任公司 | Permission management system based on RBAC |
| CN105389870A (en) * | 2015-10-28 | 2016-03-09 | 广州畅联信息科技有限公司 | Entrance guard management method and system |
-
2017
- 2017-01-24 CN CN201710055140.2A patent/CN106780923A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008282182A (en) * | 2007-05-10 | 2008-11-20 | Mitsubishi Electric Corp | Access authority management device and access authority management method and program |
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
| CN104052747A (en) * | 2014-06-23 | 2014-09-17 | 桂林长海科技有限责任公司 | Permission management system based on RBAC |
| CN105389870A (en) * | 2015-10-28 | 2016-03-09 | 广州畅联信息科技有限公司 | Entrance guard management method and system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270292A (en) * | 2018-02-01 | 2018-07-10 | 七星电气股份有限公司 | System is monitored for the intelligent online of switching station |
| WO2019148582A1 (en) * | 2018-02-02 | 2019-08-08 | 深圳市鹰硕技术有限公司 | Control method and system for intelligent school campus |
| CN110930559A (en) * | 2019-12-13 | 2020-03-27 | 上海古鳌电子科技股份有限公司 | Control system of intelligent automatic interaction equipment |
| CN113963471A (en) * | 2020-07-20 | 2022-01-21 | 安徽徽昂光电科技有限公司 | RFID tag and operation method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104052747A (en) | Permission management system based on RBAC | |
| CN111709056B (en) | Data sharing method and system based on block chain | |
| CN106780923A (en) | A kind of access permission management system | |
| CN101411163B (en) | System and method for tracking the security enforcement in a grid system | |
| WO2020167620A1 (en) | Cryptoasset custodial system with different cryptographic keys controlling access to separate groups of private keys | |
| CN103379089B (en) | Access control method and system thereof based on security domain separation | |
| CN104566822A (en) | Management system of air conditioning unit | |
| CN106657147A (en) | RBAC-based authority management system | |
| CN105027498A (en) | A method, system and device for securely storing data files at a remote location by splitting and reassembling said files | |
| CN102611699A (en) | Method and system for access control in cloud operation system | |
| CN105184144A (en) | Multi-system privilege management method | |
| CN101847197A (en) | Method for controlling document access authority | |
| US10540511B2 (en) | Information rights management offline file access facility | |
| CN102347958B (en) | Dynamic hierarchical access control method based on user trust | |
| CN106230818A (en) | A kind of resource authorization method of information management system | |
| CN109711182A (en) | A kind of cross-cutting shared data security decision method and model based on block chain | |
| CN103763369A (en) | Multi-permission distribution method based on SAN storage system | |
| CN106897630A (en) | A kind of accurate Rights Management System | |
| CN105141614A (en) | Method and device for controlling access permission of mobile storage device | |
| CN109388971A (en) | Big data platform mobile office system based on cloud | |
| CN108898705A (en) | A kind of Household access control system and its authorization method shared with permission | |
| WO2006116931A1 (en) | A method for guaranteeing the safety of the storage network data and the system thereof | |
| KR102093145B1 (en) | Object Storage Cloud System for optimization data on basis of biometrics | |
| CN103605916A (en) | RBAC (Role-Based policies Access Control) accessing control model based on organization | |
| CN106502927A (en) | Trusted end-user is calculated and data inactivity security system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170531 |
|
| WD01 | Invention patent application deemed withdrawn after publication |