CN107342992A - A kind of System right management method, apparatus and computer-readable recording medium - Google Patents
A kind of System right management method, apparatus and computer-readable recording medium Download PDFInfo
- Publication number
- CN107342992A CN107342992A CN201710512825.5A CN201710512825A CN107342992A CN 107342992 A CN107342992 A CN 107342992A CN 201710512825 A CN201710512825 A CN 201710512825A CN 107342992 A CN107342992 A CN 107342992A
- Authority
- CN
- China
- Prior art keywords
- user
- authority
- interface service
- authorization mark
- button
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The invention discloses a kind of System right management method, apparatus and computer-readable recording medium, this method to include:Button in system resource is associated into corresponding atom operation by interface service;The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, describes the interface service using authorization mark, the authorization mark corresponds with the interface service, and the button associates the authorization mark;When carrying out user right distribution, the authorization mark is distributed into user, judges whether user possesses the interface service authority corresponding to access by verifying the authorization mark;If user is then allowed to perform the atom operation corresponding to the interface service association.The present invention solves authority particle big technical problem during the existing progress System Privileges distribution using access control based roles.
Description
Technical field
The present invention relates to rights management techniques field, more particularly to a kind of System right management method, apparatus and computer
Readable storage medium storing program for executing.
Background technology
Rights management will be carried out by being related to the network system of user's participation, and rights management belongs to the category of system safety,
Rights management realize to user access system control, according to safety regulation or security strategy control user can access and
Oneself authorized resource can only be accessed.Rights management includes authenticating user identification and authorizes two parts, abbreviation Certificate Authority.It is right
In needing the resource user of access control to first pass around authentication, certification has the access rights side of the resource by rear user
It may have access to.
Wherein, access (abbreviation RBAC) control technology of based role is widely used in rights management, in RBAC, user
With the relation of role's multi-to-multi, role and authority are the relations of multi-to-multi, and by role's opening relationships between user and authority,
Role is the set of authority, and authority represents system resource (such as menu, button, the page).
The corresponding relation of user and role are substantially the same in system, but the authority that system resource describes has very big difference
Not, resource can be divided into three kinds of catalogue, menu and button in common system;Catalogue is used to manage menu, menu connection page
Face, button respective operations (such as inquiry, newly-increased, modification, deletion etc.).It is distinct in the allocative decision of button, have at present
Two kinds of button methods of salary distribution:Firstth, first labelled to button, it is common to be divided into inquiry, newly-increased, modification and delete, user's binding
Label;Secondth, labelled to button, the uniform resource position mark URL of label associated buttons, it is legal that user is obtained by label
Uniform resource position mark URL, blocker intercept illegal uniform resource position mark URL.The first above-mentioned scheme only accomplishes the page
On do not show unappropriated button, because uniform resource position mark URL is not intercepted, actually user can access it is illegal (i.e.
It is unallocated) uniform resource position mark URL.The defects of second scheme is and is directed to the first scheme further optimizes, in label
On bound uniform resource position mark URL, blocker intercepts illegal URL, realizes page Dynamic Announce button, shields again
Illegal request, but this scheme there is also it is certain the defects of, for example system has Menu1, Menu2, Menu3 menu, to user
Menu1 search access right is assigned with, actually user can also access Menu2 and Menu3 inquiry button, be labelled on button
Cause the particle of authority larger, the authority distribution of system has certain leak, not up to ideal effect.
The allocative decision of authority is realized only in accordance with current needs in system, for example search access right is distributed to user, is used
Family just possesses the search access right of all services, and this extensive method of salary distribution has potential safety problem.System at present
Authority relation is illustrated in fig. 3 shown below:Type of button binds interface, and every kind of type of button includes corresponding total interface service, user
Whole interfaces of a certain or several type of button are obtained after distribution authority, illegal URL can not be effectively shielded and access,
Cause potential safety hazard.
The content of the invention
It is a primary object of the present invention to propose a kind of System right management method, apparatus and computer-readable storage medium
Matter, it is intended to solve existing access (RBAC) control using based role and carry out authority particle big technology during System Privileges distribution
Problem.
To achieve the above object, a kind of System right management method provided by the invention, this method comprise the following steps:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
Wherein, generally, system resource is segmented into catalogue, menu and button, and the catalogue is described for managing
Menu, the menu connect the page, and the page shows the button.
Further, the corresponding multiple authorization marks of button association, the authorization mark is authority character
String, passes through interface service described in the authority character string descriptor.
Further, before user right distribution is carried out, open system simultaneously carries out subscriber authentication, obtains user and carries
The identity data of friendship, the identity data is compared with authenticated domain, when meeting one of them described authenticated domain, judges to recognize
Demonstrate,prove successfully and return to the successful certification domain information of the certification.
Further, the permissions list that the authorization mark set corresponding to the interface service is formed is recognized described in being stored in
Demonstrate,prove in domain, when carrying out user right distribution, role is found according to user, role inquiry authority, read from the authenticated domain
The permissions list.
Further, the authenticated domain is any one of relevant database, cache server, configuration file.
Further, all information after being logged in by conversation recording user, the user is kept to weigh in a session
Limit the result of distribution.
Based on same inventive concept, another aspect of the present invention, there is provided a kind of System right management device, described device bag
Include:Memory, processor and the rights management program that can be run on the memory and on the processor is stored in, it is described
The step of System right management method as described below is realized when rights management program is by the computing device:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
Further, the rights management program is also realized System Privileges pipe as described below during the computing device
The step of reason method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing
Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification
Domain information;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
Further, the rights management program is also realized System Privileges pipe as described below during the computing device
The step of reason method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing
Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification
Domain information;
The permissions list that the authorization mark set corresponding to the interface service is formed is stored in the authenticated domain, when
When carrying out user right distribution, role is found according to user, role inquiry authority, the authority row are read from the authenticated domain
Table;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
Further, the rights management program is also realized System Privileges pipe as described below during the computing device
The step of reason method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered;
All information after being logged in by conversation recording user, the knot of the user right distribution is kept in a session
Fruit.
Based on same inventive concept, another aspect of the present invention, a kind of computer-readable recording medium is additionally provided, its feature
It is, rights management program is stored with the computer-readable recording medium, the rights management program is by the processor
The step of System right management method as described above is realized during execution.
The System right management method, apparatus and computer-readable recording medium of the present invention, from system resource angle,
It is authority character string to describe atom operation authority by carrying out note authorization mark in interface service, user distributes authority
When only need to complete all working by configuring authorization mark, then judge whether user legal, whether access interface legal,
So as to reach securely configurable authority distribution.Solve the problems, such as that access control based roles (RBAC) authority particle is big,
Authorization mark (authority character string) is beaten in interface service, one or more authorization marks is bound on button, realizes smallest particles
Authority distribution, safe and reliable authority distribution.The system resource datas such as catalogue, menu, button be can configure, and Maintenance free is based on
Access control (RBAC) module of role, realizes module complete package.
Brief description of the drawings
Fig. 1 is a kind of general-purpose rights management system structured flowchart based on RBAC;
Fig. 2 is the authority implementing procedure figure of the general-purpose rights management system based on RBAC;
Fig. 3 is the existing authority distribution relational structure block diagram based on RBAC;
Fig. 4 is the first System right management method flow block diagram of the embodiment of the present invention;
Fig. 5 is second of System right management method flow block diagram of the embodiment of the present invention;
Fig. 6 is the third System right management method flow block diagram of the embodiment of the present invention;
Fig. 7 is the 4th kind of system right management method FB(flow block) of the embodiment of the present invention;
Fig. 8 is the authority distribution relational structure block diagram of the System right management device of the embodiment of the present invention.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
In follow-up description, the suffix using such as " module ", " part " or " unit " for representing element is only
Be advantageous to the explanation of the present invention, itself there is no a specific meaning.Therefore, " module ", " part " or " unit " can mix
Ground uses.
Rights Management System is the indispensable part of application system all the time, institute's rights management, is exactly passed through
Access ability and scope are explicitly permitted or limited to certain approach, so as to limit the access to keystone resources, prevents disabled user
Intrusion or the careless operation of validated user damage.With computer technology and the development of application, particularly internet
Development, application system starts to increase sharply for the demand of rights management.People take in terms of the research of rights management techniques
Very big achievement was obtained, a variety of rights management access control technologies successively occurred, such as autonomous rights management self contained navigation
Technology DAC, forced symmetric centralization technology MAC.As rights management becomes increasingly complex, people generally feel DAC and MAC authority
Administrative skill can not meet the demand for security of application system increasingly sophisticated now, therefore, it is proposed to the authority pipe of based role
Reason technology RBAC.
RBAC technologies include user (USERS), role (ROLES), target objects (OBS), operation operations
(OPS), five master data elements of license permissions (PRMS), authority type ascribed role, role are assigned to a use
Family, this user just have the authority of atom operation possessed by the role.Wherein, atom operation, it is minimum rights management unit.
In order to when user asks to perform a certain atom operation (Internet resources as corresponding to request access certain uniform resource position mark URL),
Whether inquiry user possesses the authority for performing this atom operation, can be that user distributes role identification, to cause according to RBAC technologies
The role identification that can be subsequently possessed according to user determines the role of user, and then determines the atom operation that the role of user has
Authority.
As shown in Figure 1, there is provided a kind of general-purpose rights management system based on RBAC, employ authority system as described below
System;
First, permission system is divided into role, function group, three layers of basic authority.
Secondly, according to the needs of enterprise, all possible operation is divided in detail, determines all basic authorities.
Finally, several function groups can be formed a role by the authority of correlation with composition function group.One user can be with
Serve as several roles.
After such a layering, whole Rights Management System flexibly, effectively can access system number to user
According to being controlled, user's operation is managed.
The target of Rights Management System is to realize rights management described above.First, according to the analysis to system, really
Determine all basic authorities of system.Then on this basis, the permission system keeper to system provides flexible tissue, peace
Row function group and role and the function that corresponding role is distributed to user.The subsystem of Rights Management System has:Function group pipe
Reason, Role Management and the bulk of user role distribution function three, while should also provide according to authority distribution inspection specific user
Whether there is the interface of a certain basic authority, and the password modification and inquiry work(online user management that all users are all suitable for
With log management etc..
We can be clearly understood that the authority obtained in role is that function privilege can then realize systemic-function;If
Object authority, then select entity object.Some user obtains the role simultaneously, can carry out concrete power limit behaviour to entity object
Make, then modification authority, refresh authority records, until rights management is completed.Concrete power limit implementing procedure is as shown in Figure 2:
It is the module that each system should possess to log in subsystem, and login interface is the premise into system.It is at this
, it is necessary to which user inputs correct username and password in the login interface that system is set.And when user name and the password not match of input
When, dialog box is will appear to prompt user's " code error, please re-enter ".In user's operational subsystems, including to system
The query function of information and the maintenance function to system information.In system information query aspects, it is mainly characterized by supporting to entirety
The inquiry of system and specific inquiry.User can be inquired about system according to the needs of oneself.Such as user may
It can want to know which type of role has what kind of authority, some colleague specifically possesses which type of authority etc, this
Can is understood by inquiry operation if sample.In enquiry module, the content that user wants to know about according to oneself is come to tool
Gymnastics is selected.In terms of to system information maintenance, the modification mainly to user cipher.Because user is initially using
It is by Systems Operator's unified distribution authority when system and the information of user is initialized, i.e., to password and power
The imparting of limit.Authority is that the idea that cannot shine user changes, but password can be with.User can according to the hobby of oneself with
It is accustomed to be configured to password, and replaces original password storage into user profile.The core of Rights Management System is exactly
The authority of user is managed, and that specifically carry out rights management is exactly Systems Operator.So in order to simplify to authority pipe
Management to permission system, is specifically divided into three little modules, is the module to user management, the mould to Role Management respectively by reason
Block and the module to permission group management.
Right management system is divided into coarseness and fine granularity control of authority.Coarse grain privilege management, to the power of resource type
Limit management.Resource type is such as:Menu, URL connections, user add button in the page, user profile, class method, the page..Slightly
Granularity rights management is such as:Super keepe can access whole pages such as the family addition page, user profile.Fine granularity authority pipe
Reason, the rights management to resource instances.Resource instances with regard to resource type materialization, such as:The modification that user id is 001 connects
Connect, 1110 classes of user profile, the employee of administration department.
Realize it is a kind of more commonly used mode based on the URL modes intercepted.It is overanxious by filter for web system
Device realizes that URL is intercepted, and springmvc blocker can also be used to realize the interception based on URL.
For above-mentioned technical problem, based on above-mentioned Rights Management System, each embodiment of the inventive method is proposed.
Embodiment 1
To achieve the above object, as shown in figure 4, a kind of System right management method provided by the invention, this method include
Following steps:
S101, the button in system resource is passed through to interface service association correspondingly atom operation;
S102, the corresponding relation for establishing by role user and authority, the authority correspond to the system resource, using awarding
Token note describes the interface service, and the authorization mark corresponds with the interface service, is awarded described in the button association
Token is remembered;
S103, when carrying out user right distribution, the authorization mark is distributed into user, by verify it is described authorize mark
Note judges whether user possesses the interface service authority corresponding to access;If then allow user to perform the interface service to close
The atom operation corresponding to connection.
Wherein, generally, system resource is segmented into catalogue, menu and button, and the catalogue is described for managing
Menu, the menu connect the page, and the page shows the button.
Wherein, atom operation is minimum rights management unit, for example inquire about, be newly-increased, changing, deleting etc..
Wherein, the corresponding multiple authorization marks of button association, the authorization mark is authority character string, is led to
Cross interface service described in the authority character string descriptor.
Authority particle minimum is uniform resource position mark URL, and uniform resource position mark URL associates corresponding interface service,
One button may access more than one interface, pass through during development interface and explain (being also metadata, be the other explanation of code level)
Rights markings (i.e. authority character string) are stamped for interface, the rights markings of button associated interface, button is placed on menu tree node
Next stage, when distributing authority, while selecting menu, select button is also wanted, catalogue, the dish of distribution are bound after logging in system by user
The rights markings of single, button and interface, the rights markings of user accessing united resource positioning symbol URL elder generations matched interfaces, in interface
Layer intercepts illegal uniform resource position mark URL, realizes safe and reliable authority distribution.
As shown in figure 8, authority distribution is put on button, the next stage of menu tree is in, button association authorization mark, one
Individual button corresponds to multiple authorization marks, and authorization mark corresponds with interface, is a kind of resource identifier, represents to which module
Which resource operated, support authority character string asterisk wildcard, ":" represent NameSpace separation, ", " represent resource point
Every " * " represents that any cost can be operated.Such as " system:user:Query " represents the inquiry for possessing System Management User
Authority, " system:user:Query, system:user:Create " represents the inquiry of custom system management user and newly-increased power
Limit, " system:user:* all permissions of system user management " are represented.
As shown in figure 5, second of System right management method provided by the invention, this method comprise the following steps:
S201, the button in system resource is passed through to interface service association correspondingly atom operation;
S202, the corresponding relation for establishing by role user and authority, the authority correspond to the system resource, using awarding
Token note describes the interface service, and the authorization mark corresponds with the interface service, is awarded described in the button association
Token is remembered;
S203, open system simultaneously carry out subscriber authentication, the identity data that user submits are obtained, by the identity data
It is compared with authenticated domain, when meeting one of them described authenticated domain, judges certification success and return authentication is successfully described
Certification domain information;
S204, when carrying out user right distribution, the authorization mark is distributed into user, by verify it is described authorize mark
Note judges whether user possesses the interface service authority corresponding to access;If then allow user to perform the interface service to close
The atom operation corresponding to connection.
User submits identity data (being usually account, password and identifying code etc.), and certification is performed by the authenticator of system, is recognized
Card device is realized that, for the situation of a variety of authenticated domains, certification policy typically has three kinds by certification policy:As long as the firstth, there is one to recognize
Domain certification success is demonstrate,proved, returns to the authentication information of first authenticated domain;As long as the secondth, there is an authenticated domain certification successfully i.e.
Can, the authentication information of all successful authenticated domains of certification of return unlike the first;3rd, all authenticated domain certification successes
Work(is just counted as, and returns to the authentication information of all authenticated domains, if a failure is with regard to authentification failure.For the feelings of more accounts
Condition, such as the authenticated domain that mail account, cell-phone number and job number etc. are different, preferably by second of certification policy.
As shown in fig. 6, the third System right management method provided by the invention, this method comprise the following steps:
S301, the button in system resource is passed through to interface service association correspondingly atom operation;
S302, the corresponding relation for establishing by role user and authority, the authority correspond to the system resource, using awarding
Token note describes the interface service, and the authorization mark corresponds with the interface service, is awarded described in the button association
Token is remembered;
S303, open system simultaneously carry out subscriber authentication, the identity data that user submits are obtained, by the identity data
It is compared with authenticated domain, when meeting one of them described authenticated domain, judges certification success and return authentication is successfully described
Certification domain information;
The permissions list that the authorization mark set corresponding to S304, the interface service is formed is stored in the authenticated domain
In, when carrying out user right distribution, role, role inquiry authority, from the authenticated domain described in reading are found according to user
Permissions list;
S305, when carrying out user right distribution, the authorization mark is distributed into user, by verify it is described authorize mark
Note judges whether user possesses the interface service authority corresponding to access;If then allow user to perform the interface service to close
The atom operation corresponding to connection.
Authorize, that is to say authority distribution is completed by authorized device, and whether control user, which has permission, is operated, that is, is controlled
User can access which of application function.Role polymerize one group of authority set, and who can access resource for control of authority.That is root first
Role is found according to user, role finds authority again, then permissions list is read from authenticated domain, and this mode can also be named based on power
The access control of limit, the general rule of this mode is " resource identifier:The little particle description of operation ", i.e. resource class.Sentence
Whether disconnected user possesses access interface authority, and verifying authorization character string can be completed.For example modification user right is, it is necessary to use two
Individual interface, first is first inquired about user, and second is to submit modification information, and the authority character string of the two interfaces is respectively
“system:user:query”、“system:user:Update ", can be real as long as distributing the two authority character strings to user
The authority distribution of existing smallest particles.
Wherein, authenticated domain can be relevant database, can make cache server, even configuration file.This
The authenticated domain of scheme is placed on relevant database MySQL, and user's checking and authority are all that information is read from MySQL respectively.
As shown in fig. 7, the 4th kind of system right management method provided by the invention, this method comprise the following steps:
S401, the button in system resource is passed through to interface service association correspondingly atom operation;
S402, the corresponding relation for establishing by role user and authority, the authority correspond to the system resource, using awarding
Token note describes the interface service, and the authorization mark corresponds with the interface service, is awarded described in the button association
Token is remembered;
S403, when carrying out user right distribution, the authorization mark is distributed into user, by verify it is described authorize mark
Note judges whether user possesses the interface service authority corresponding to access;If then allow user to perform the interface service to close
The atom operation corresponding to connection;
S404, logged in by conversation recording user after all information, the user right point is kept in a session
The result matched somebody with somebody.
Wherein, the authenticated domain is any one of relevant database, cache server, configuration file.
Session (session) is a unbroken request response sequence between client and server.To the every of client
Individual request, server can recognize that request comes from same client.When a unknown client sends to web application
A session has been begun to during first request.When client clearly terminates session or server within a predefined time limit not
When receiving any request from client, session just finishes.After conversation end, what server just have forgotten client and client please
Ask.
Web sessions can be simply interpreted as:User drives a browser, accesses some web site, is clicked in this website
Multiple hyperlink, the multiple web resources of server are accessed, are then shut off browser, whole process is referred to as a session.Client to
The request first that Web Application Server is sent may not be that client interacts with the first time of server.Request first refers to needing
Create the request of session.It is because the request is the beginning (logic counted to multiple requests we term it request first
On), and server starts to remember the request of client.For example, when user logs in or adds a commodity into shopping cart, just
A session must be started
Session manager manages the work such as the conversation establishing of all users, maintenance, deletion, checking, in that context it may be convenient to from ought
The relevant information of user is obtained in preceding session.
Embodiment 2
Based on same inventive concept, another aspect of the present invention, there is provided a kind of System right management device, described device bag
Include:Memory, processor and the rights management program that can be run on the memory and on the processor is stored in, it is described
The step of System right management method as described below is realized when rights management program is by the computing device:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
In access control based roles technical foundation, when the operating right to system resource is allocated, pass through
Label is set in docking port service, that is to say authorization mark, this authorization labels and interface correspond, then, interface be with
What button was associated, therefore, in authority distribution, it is thus only necessary to configure the authorization labels of button, it is possible to judge that user is
It is no that there is corresponding operating right.If user is then allowed to perform the atom operation corresponding to the interface service association, otherwise
Refuse user and perform the atom operation corresponding to the interface service association.Atom operation can be deletion, preserve, check etc. tool
The operating procedure of body.
Wherein, the rights management program by the computing device when also realize System right management side as described below
The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing
Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification
Domain information;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
The authentication of user, that is to say the relation for needing to establish user and role, and role is the set of authority, authority list
Show system resource (such as menu, button, the page).By the advance identity data being stored in authenticated domain, submitted with user
Identity data is compared, and so as to identify user identity, establishes the corresponding relation of role and user, so as to be built by role
Vertical user and the relation of right, then can be that user carries out authority distribution.
Wherein, the rights management program by the computing device when also realize System right management side as described below
The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing
Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification
Domain information;
The permissions list that the authorization mark set corresponding to the interface service is formed is stored in the authenticated domain, when
When carrying out user right distribution, role is found according to user, role inquiry authority, the authority row are read from the authenticated domain
Table;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
The authorization mark of interface that is to say that the authority character string on interface is stored in the permissions list in authenticated domain, certification
Domain can be relevant database, can make cache server, even configuration file.User is built by role and authority
After vertical relation, authorization mark is distributed for user by reading permissions list.
Wherein, the rights management program by the computing device when also realize System right management side as described below
The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered;
All information after being logged in by conversation recording user, the knot of the user right distribution is kept in a session
Fruit.
The work such as the conversation establishing of all users, maintenance, deletion, checking are managed by session manager, in that context it may be convenient to
The relevant information of user is obtained from current sessions.
Embodiment 3
Based on same inventive concept, another aspect of the present invention, a kind of computer-readable recording medium is additionally provided, its feature
It is, rights management program is stored with the computer-readable recording medium, the rights management program is by the processor
The step of following System right management method is realized during execution:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered;
Wherein, the rights management program by the computing device when also realize System right management side as described below
The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing
Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification
Domain information;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
Wherein, the rights management program by the computing device when also realize System right management side as described below
The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing
Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification
Domain information;
The permissions list that the authorization mark set corresponding to the interface service is formed is stored in the authenticated domain, when
When carrying out user right distribution, role is found according to user, role inquiry authority, the authority row are read from the authenticated domain
Table;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered.
Wherein, the rights management program by the computing device when also realize System right management side as described below
The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing
Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark
Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced
Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair
The atom operation answered;
All information after being logged in by conversation recording user, the knot of the user right distribution is kept in a session
Fruit.
The System right management method, apparatus and computer-readable recording medium of the present invention, from system resource angle,
It is authority character string to describe atom operation authority by carrying out note authorization mark in interface service, user distributes authority
When only need to complete all working by configuring authorization mark, then judge whether user legal, whether access interface legal,
So as to reach securely configurable authority distribution.Solve the problems, such as that access control based roles (RBAC) authority particle is big,
Authorization mark (authority character string) is beaten in interface service, one or more authorization marks is bound on button, realizes smallest particles
Authority distribution, safe and reliable authority distribution.The system resource datas such as catalogue, menu, button be can configure, and Maintenance free is based on
Access control (RBAC) module of role, realizes module complete package.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row
His property includes, so that process, method, article or device including a series of elements not only include those key elements, and
And also include the other element being not expressly set out, or also include for this process, method, article or device institute inherently
Key element.In the absence of more restrictions, the key element limited by sentence " including one ... ", it is not excluded that including
Other identical element also be present in the process of the key element, method, article or device.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on such understanding, technical scheme is substantially done to prior art in other words
Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium
In (such as ROM/RAM, magnetic disc, CD), including some instructions to cause a station terminal equipment (can be mobile phone, computer, clothes
Be engaged in device, air conditioner, or network equipment etc.) perform method described in each embodiment of the present invention.
The preferred embodiments of the present invention are these are only, are not intended to limit the scope of the invention, it is every to utilize this hair
The equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills
Art field, is included within the scope of the present invention.
Claims (10)
- A kind of 1. System right management method, it is characterised in that the described method comprises the following steps:Button in system resource is associated into corresponding atom operation by interface service;The corresponding relation of user and authority is established by role, the authority is corresponded to the system resource, retouched using authorization mark The interface service is stated, the authorization mark corresponds with the interface service, and the button associates the authorization mark;When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark judges to use Whether family possesses the interface service authority corresponding to access;If user is then allowed to perform corresponding to the interface service association The atom operation.
- 2. a kind of System right management method according to claim 1, it is characterised in that a button association is corresponding Multiple authorization marks, the authorization mark are authority character strings, pass through interface service described in the authority character string descriptor.
- 3. a kind of System right management method according to claim 1, it is characterised in that distribute it carrying out user right Before, methods described is further comprising the steps of:Open system simultaneously carries out subscriber authentication, obtains the identity data that user submits, The identity data is compared with authenticated domain, when meeting one of them described authenticated domain, judges that certification succeeds and returned The successful certification domain information of certification.
- A kind of 4. System right management method according to claim 3, it is characterised in that institute corresponding to the interface service The permissions list for stating authorization mark set formation is stored in the authenticated domain, when carrying out user right distribution, according to user Role is found, role inquiry authority, the permissions list is read from the authenticated domain.
- 5. a kind of System right management method according to claim 4, it is characterised in that the authenticated domain is relationship type number According to any one of storehouse, cache server, configuration file.
- 6. a kind of System right management method according to claim 1, it is characterised in that methods described also includes:Pass through All information after conversation recording user login, the result of the user right distribution is kept in a session.
- 7. a kind of System right management device, it is characterised in that described device includes:Memory, processor and it is stored in described On memory and the rights management program that can run on the processor, the rights management program is by the computing device The step of Shi Shixian System right management methods as described below:Button in system resource is associated into corresponding atom operation by interface service;The corresponding relation of user and authority is established by role, the authority is corresponded to the system resource, retouched using authorization mark The interface service is stated, the authorization mark corresponds with the interface service, and the button associates the authorization mark;When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark judges to use Whether family possesses the interface service authority corresponding to access;If user is then allowed to perform corresponding to the interface service association The atom operation.
- 8. a kind of System Privileges distributor according to claim 7, it is characterised in that the rights management program is by institute The step of System right management method as described below is also realized when stating computing device:Before user right distribution is carried out, open system simultaneously carries out subscriber authentication, obtains the identity data that user submits, The identity data is compared with authenticated domain, when meeting one of them described authenticated domain, judges that certification succeeds and returned The successful certification domain information of certification.
- 9. a kind of System Privileges distributor according to claim 7, it is characterised in that the rights management program is by institute The step of System right management method as described below is also realized when stating computing device:All information after being logged in by conversation recording user, the result of the user right distribution is kept in a session.
- 10. a kind of computer-readable recording medium, it is characterised in that storage has permission pipe on the computer-readable recording medium Program is managed, the rights management program is realized that the system as described in claim any one of 1-6 is weighed during the computing device The step of limiting management method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710512825.5A CN107342992B (en) | 2017-06-27 | 2017-06-27 | System authority management method and device and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710512825.5A CN107342992B (en) | 2017-06-27 | 2017-06-27 | System authority management method and device and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107342992A true CN107342992A (en) | 2017-11-10 |
CN107342992B CN107342992B (en) | 2020-12-08 |
Family
ID=60218903
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710512825.5A Active CN107342992B (en) | 2017-06-27 | 2017-06-27 | System authority management method and device and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107342992B (en) |
Cited By (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108090374A (en) * | 2018-01-09 | 2018-05-29 | 珠海迈越信息技术有限公司 | A kind of multi User Privilege Management method and system |
CN108196837A (en) * | 2017-12-25 | 2018-06-22 | 国云科技股份有限公司 | A kind of system authority control method |
CN108289085A (en) * | 2017-01-10 | 2018-07-17 | 珠海金山办公软件有限公司 | A kind of document security management system login method and device |
CN108319827A (en) * | 2018-01-25 | 2018-07-24 | 烽火通信科技股份有限公司 | A kind of API rights managements plug-in unit and method based on OSGI frames |
CN108388604A (en) * | 2018-02-06 | 2018-08-10 | 平安科技(深圳)有限公司 | User right data administrator, method and computer readable storage medium |
CN108629484A (en) * | 2018-03-30 | 2018-10-09 | 平安科技(深圳)有限公司 | It attends a banquet qualification management method, apparatus and storage medium |
CN108776756A (en) * | 2018-06-04 | 2018-11-09 | 北京奇虎科技有限公司 | Access authorization for resource management method and device |
CN109088858A (en) * | 2018-07-13 | 2018-12-25 | 南京邮电大学 | A kind of medical system and method based on rights management |
CN109145545A (en) * | 2018-09-11 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of processing method and processing device of user's operation |
CN109165486A (en) * | 2018-08-27 | 2019-01-08 | 四川长虹电器股份有限公司 | A kind of configurable interface access right control method |
CN109446054A (en) * | 2018-09-03 | 2019-03-08 | 中国平安人寿保险股份有限公司 | The processing method and terminal device of unauthorized operation request based on big data |
CN109766706A (en) * | 2018-12-28 | 2019-05-17 | 中电科大数据研究院有限公司 | A kind of more Rights Management System of data |
WO2019127864A1 (en) * | 2017-12-28 | 2019-07-04 | 平安科技(深圳)有限公司 | Electronic device, springmvc-based data interface and automatic description generation method therefor, and storage medium |
CN109992988A (en) * | 2018-01-02 | 2019-07-09 | 中国移动通信有限公司研究院 | A kind of data permission management method and device |
CN110049083A (en) * | 2017-12-20 | 2019-07-23 | 丰田自动车株式会社 | Service management system, service management and non-transitory computer-readable medium |
CN110569667A (en) * | 2019-09-10 | 2019-12-13 | 北京字节跳动网络技术有限公司 | Access control method and device, computer equipment and storage medium |
CN110708298A (en) * | 2019-09-23 | 2020-01-17 | 广州海颐信息安全技术有限公司 | Method and device for centralized management of dynamic instance identity and access |
CN110780876A (en) * | 2019-10-29 | 2020-02-11 | 北京北纬通信科技股份有限公司 | Web development front-end and back-end separation authority control method and system |
CN111062028A (en) * | 2019-12-13 | 2020-04-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
CN111125650A (en) * | 2018-10-31 | 2020-05-08 | 北京国双科技有限公司 | Page access right processing method and device, storage medium and processor |
CN111191221A (en) * | 2019-12-30 | 2020-05-22 | 腾讯科技(深圳)有限公司 | Method and device for configuring authority resources and computer readable storage medium |
CN111241503A (en) * | 2020-01-16 | 2020-06-05 | 上海上实龙创智慧能源科技股份有限公司 | Js frame-based page button authorization method |
CN111526143A (en) * | 2020-04-21 | 2020-08-11 | 北京思特奇信息技术股份有限公司 | Method and device for realizing anti-unauthorized access of CRM system and storage medium |
CN111625842A (en) * | 2019-02-28 | 2020-09-04 | 武汉朗立创科技有限公司 | Permission control system based on RBAC |
CN111695124A (en) * | 2020-05-18 | 2020-09-22 | 北京三快在线科技有限公司 | Authority control method and device, storage medium and electronic equipment |
CN111783076A (en) * | 2020-08-05 | 2020-10-16 | 绵阳市智慧城市产业发展有限责任公司 | Multi-scenario normalization processing model for construction, right establishment, authorization and verification of authority resources |
CN111835792A (en) * | 2020-07-31 | 2020-10-27 | 海南中金德航科技股份有限公司 | System authentication role relationship system |
CN112055024A (en) * | 2020-09-09 | 2020-12-08 | 深圳市欢太科技有限公司 | Authority verification method and device, storage medium and electronic equipment |
CN112346624A (en) * | 2020-11-09 | 2021-02-09 | 福建天晴在线互动科技有限公司 | Method and system for realizing menu authority of background management system |
CN112347442A (en) * | 2020-11-30 | 2021-02-09 | 四川长虹电器股份有限公司 | User authority verification method and device |
CN112580000A (en) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | User data processing method and device |
CN112989373A (en) * | 2021-03-08 | 2021-06-18 | 北京慧友云商科技有限公司 | Hierarchical authorization control management engine based on RBAC |
CN113542214A (en) * | 2021-05-31 | 2021-10-22 | 新华三信息安全技术有限公司 | Access control method, device, equipment and machine readable storage medium |
CN113792270A (en) * | 2021-09-29 | 2021-12-14 | 北京字跳网络技术有限公司 | Authority resource configuration method and device, storage medium and electronic equipment |
CN113849848A (en) * | 2021-12-02 | 2021-12-28 | 上海金仕达软件科技有限公司 | Data permission configuration method and system |
CN114978601A (en) * | 2022-04-25 | 2022-08-30 | 康键信息技术(深圳)有限公司 | Authority management method, device, equipment and medium |
CN115118480A (en) * | 2022-06-22 | 2022-09-27 | 中电信数智科技有限公司 | Skyline system weight-sharing domain-dividing function realization method and device based on Openstack |
CN112836237B (en) * | 2021-02-05 | 2023-08-15 | 广州海量数据库技术有限公司 | Method and system for performing forced access control in content database |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010021177A1 (en) * | 2000-03-10 | 2001-09-13 | Anritsu Corporation | Spanning tree bridge and route change method using the same |
CN101441688A (en) * | 2007-11-20 | 2009-05-27 | 阿里巴巴集团控股有限公司 | User authority allocation method and user authority control method |
CN101515932A (en) * | 2009-03-23 | 2009-08-26 | 中兴通讯股份有限公司 | Method and system for accessing Web service safely |
CN101582767A (en) * | 2009-06-24 | 2009-11-18 | 阿里巴巴集团控股有限公司 | Authorization control method and authorization server |
CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
CN101917448A (en) * | 2010-08-27 | 2010-12-15 | 山东中创软件工程股份有限公司 | Control method for realizing RBAC access permission in application on basis of.NET |
CN102129364A (en) * | 2010-01-14 | 2011-07-20 | 中国电信股份有限公司 | Method for embedding widget toolbar in application program and rapid widget accessing method |
CN102195956A (en) * | 2010-03-19 | 2011-09-21 | 富士通株式会社 | Cloud service system and user right management method thereof |
CN102955644A (en) * | 2011-08-19 | 2013-03-06 | 幻音科技(深圳)有限公司 | Method and system for controlling resource display |
CN103077028A (en) * | 2012-12-28 | 2013-05-01 | 北京赛科世纪数码科技有限公司 | Display method and system |
CN103500297A (en) * | 2013-10-11 | 2014-01-08 | 济钢集团有限公司 | Fine grit authority management method in information system |
CN103530568A (en) * | 2012-07-02 | 2014-01-22 | 阿里巴巴集团控股有限公司 | Authority control method, device and system |
CN104484482A (en) * | 2014-12-31 | 2015-04-01 | 广州东海网络科技有限公司 | Webpage information updating method and system of network platform |
CN104836910A (en) * | 2015-04-27 | 2015-08-12 | 陆俊 | Mobile terminal application authority switching method and mobile terminal |
US20160127549A1 (en) * | 2014-11-01 | 2016-05-05 | Somos, Inc. | Macroeconomic and predictive analytics based on toll-free number utilization |
CN106096425A (en) * | 2016-06-06 | 2016-11-09 | 北京金山安全软件有限公司 | System permission starting method, device and equipment |
-
2017
- 2017-06-27 CN CN201710512825.5A patent/CN107342992B/en active Active
Patent Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010021177A1 (en) * | 2000-03-10 | 2001-09-13 | Anritsu Corporation | Spanning tree bridge and route change method using the same |
CN101441688A (en) * | 2007-11-20 | 2009-05-27 | 阿里巴巴集团控股有限公司 | User authority allocation method and user authority control method |
CN101515932A (en) * | 2009-03-23 | 2009-08-26 | 中兴通讯股份有限公司 | Method and system for accessing Web service safely |
CN101582767A (en) * | 2009-06-24 | 2009-11-18 | 阿里巴巴集团控股有限公司 | Authorization control method and authorization server |
CN102129364A (en) * | 2010-01-14 | 2011-07-20 | 中国电信股份有限公司 | Method for embedding widget toolbar in application program and rapid widget accessing method |
CN102195956A (en) * | 2010-03-19 | 2011-09-21 | 富士通株式会社 | Cloud service system and user right management method thereof |
CN101902402A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Method for managing user right and device thereof |
CN101917448A (en) * | 2010-08-27 | 2010-12-15 | 山东中创软件工程股份有限公司 | Control method for realizing RBAC access permission in application on basis of.NET |
CN102955644A (en) * | 2011-08-19 | 2013-03-06 | 幻音科技(深圳)有限公司 | Method and system for controlling resource display |
CN103530568A (en) * | 2012-07-02 | 2014-01-22 | 阿里巴巴集团控股有限公司 | Authority control method, device and system |
CN103077028A (en) * | 2012-12-28 | 2013-05-01 | 北京赛科世纪数码科技有限公司 | Display method and system |
CN103500297A (en) * | 2013-10-11 | 2014-01-08 | 济钢集团有限公司 | Fine grit authority management method in information system |
US20160127549A1 (en) * | 2014-11-01 | 2016-05-05 | Somos, Inc. | Macroeconomic and predictive analytics based on toll-free number utilization |
CN104484482A (en) * | 2014-12-31 | 2015-04-01 | 广州东海网络科技有限公司 | Webpage information updating method and system of network platform |
CN104836910A (en) * | 2015-04-27 | 2015-08-12 | 陆俊 | Mobile terminal application authority switching method and mobile terminal |
CN106096425A (en) * | 2016-06-06 | 2016-11-09 | 北京金山安全软件有限公司 | System permission starting method, device and equipment |
Non-Patent Citations (4)
Title |
---|
吴限: "《基于角色访问控制(RBAC)的Web应用》", 《中国硕士学位论文全文数据库 信息技术辑》 * |
张世龙, 沈玉利: "《基于RBAC的SSO统一权限管理方法》", 《计算机工程与设计》 * |
文骁一: "《 一种基于改进RBAC模型的权限管理系统》", 《硅谷》 * |
颜平超、牛熠、吴燕玲: "《基于RBAC的权限管理的设计与实现》", 《信息科学》 * |
Cited By (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108289085A (en) * | 2017-01-10 | 2018-07-17 | 珠海金山办公软件有限公司 | A kind of document security management system login method and device |
CN110049083A (en) * | 2017-12-20 | 2019-07-23 | 丰田自动车株式会社 | Service management system, service management and non-transitory computer-readable medium |
CN110049083B (en) * | 2017-12-20 | 2021-12-17 | 丰田自动车株式会社 | Service management system, service management method, and non-transitory computer-readable medium |
CN108196837A (en) * | 2017-12-25 | 2018-06-22 | 国云科技股份有限公司 | A kind of system authority control method |
WO2019127864A1 (en) * | 2017-12-28 | 2019-07-04 | 平安科技(深圳)有限公司 | Electronic device, springmvc-based data interface and automatic description generation method therefor, and storage medium |
CN109992988A (en) * | 2018-01-02 | 2019-07-09 | 中国移动通信有限公司研究院 | A kind of data permission management method and device |
CN108090374A (en) * | 2018-01-09 | 2018-05-29 | 珠海迈越信息技术有限公司 | A kind of multi User Privilege Management method and system |
CN108319827B (en) * | 2018-01-25 | 2020-06-02 | 烽火通信科技股份有限公司 | API (application program interface) authority management system and method based on OSGI (open service gateway initiative) framework |
CN108319827A (en) * | 2018-01-25 | 2018-07-24 | 烽火通信科技股份有限公司 | A kind of API rights managements plug-in unit and method based on OSGI frames |
CN108388604B (en) * | 2018-02-06 | 2022-06-10 | 平安科技(深圳)有限公司 | User authority data management apparatus, method and computer readable storage medium |
CN108388604A (en) * | 2018-02-06 | 2018-08-10 | 平安科技(深圳)有限公司 | User right data administrator, method and computer readable storage medium |
CN108629484A (en) * | 2018-03-30 | 2018-10-09 | 平安科技(深圳)有限公司 | It attends a banquet qualification management method, apparatus and storage medium |
CN108776756A (en) * | 2018-06-04 | 2018-11-09 | 北京奇虎科技有限公司 | Access authorization for resource management method and device |
CN109088858A (en) * | 2018-07-13 | 2018-12-25 | 南京邮电大学 | A kind of medical system and method based on rights management |
CN109165486A (en) * | 2018-08-27 | 2019-01-08 | 四川长虹电器股份有限公司 | A kind of configurable interface access right control method |
CN109165486B (en) * | 2018-08-27 | 2021-06-22 | 四川长虹电器股份有限公司 | Configurable interface access authority control method |
CN109446054A (en) * | 2018-09-03 | 2019-03-08 | 中国平安人寿保险股份有限公司 | The processing method and terminal device of unauthorized operation request based on big data |
CN109446054B (en) * | 2018-09-03 | 2023-08-25 | 中国平安人寿保险股份有限公司 | Processing method and terminal equipment for override operation request based on big data |
CN109145545A (en) * | 2018-09-11 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of processing method and processing device of user's operation |
CN111125650A (en) * | 2018-10-31 | 2020-05-08 | 北京国双科技有限公司 | Page access right processing method and device, storage medium and processor |
CN109766706A (en) * | 2018-12-28 | 2019-05-17 | 中电科大数据研究院有限公司 | A kind of more Rights Management System of data |
CN111625842A (en) * | 2019-02-28 | 2020-09-04 | 武汉朗立创科技有限公司 | Permission control system based on RBAC |
CN110569667A (en) * | 2019-09-10 | 2019-12-13 | 北京字节跳动网络技术有限公司 | Access control method and device, computer equipment and storage medium |
CN110708298A (en) * | 2019-09-23 | 2020-01-17 | 广州海颐信息安全技术有限公司 | Method and device for centralized management of dynamic instance identity and access |
CN112580000A (en) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | User data processing method and device |
CN110780876A (en) * | 2019-10-29 | 2020-02-11 | 北京北纬通信科技股份有限公司 | Web development front-end and back-end separation authority control method and system |
CN111062028B (en) * | 2019-12-13 | 2023-11-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
CN111062028A (en) * | 2019-12-13 | 2020-04-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
CN111191221A (en) * | 2019-12-30 | 2020-05-22 | 腾讯科技(深圳)有限公司 | Method and device for configuring authority resources and computer readable storage medium |
CN111191221B (en) * | 2019-12-30 | 2023-05-12 | 腾讯科技(深圳)有限公司 | Configuration method and device of authority resources and computer readable storage medium |
CN111241503A (en) * | 2020-01-16 | 2020-06-05 | 上海上实龙创智慧能源科技股份有限公司 | Js frame-based page button authorization method |
CN111526143A (en) * | 2020-04-21 | 2020-08-11 | 北京思特奇信息技术股份有限公司 | Method and device for realizing anti-unauthorized access of CRM system and storage medium |
CN111695124A (en) * | 2020-05-18 | 2020-09-22 | 北京三快在线科技有限公司 | Authority control method and device, storage medium and electronic equipment |
CN111835792A (en) * | 2020-07-31 | 2020-10-27 | 海南中金德航科技股份有限公司 | System authentication role relationship system |
CN111783076A (en) * | 2020-08-05 | 2020-10-16 | 绵阳市智慧城市产业发展有限责任公司 | Multi-scenario normalization processing model for construction, right establishment, authorization and verification of authority resources |
CN112055024A (en) * | 2020-09-09 | 2020-12-08 | 深圳市欢太科技有限公司 | Authority verification method and device, storage medium and electronic equipment |
CN112055024B (en) * | 2020-09-09 | 2023-08-22 | 深圳市欢太科技有限公司 | Authority verification method and device, storage medium and electronic equipment |
CN112346624B (en) * | 2020-11-09 | 2022-04-01 | 福建天晴在线互动科技有限公司 | Method and system for realizing menu authority of background management system |
CN112346624A (en) * | 2020-11-09 | 2021-02-09 | 福建天晴在线互动科技有限公司 | Method and system for realizing menu authority of background management system |
CN112347442A (en) * | 2020-11-30 | 2021-02-09 | 四川长虹电器股份有限公司 | User authority verification method and device |
CN112836237B (en) * | 2021-02-05 | 2023-08-15 | 广州海量数据库技术有限公司 | Method and system for performing forced access control in content database |
CN112989373A (en) * | 2021-03-08 | 2021-06-18 | 北京慧友云商科技有限公司 | Hierarchical authorization control management engine based on RBAC |
CN113542214B (en) * | 2021-05-31 | 2023-08-22 | 新华三信息安全技术有限公司 | Access control method, device, equipment and machine-readable storage medium |
CN113542214A (en) * | 2021-05-31 | 2021-10-22 | 新华三信息安全技术有限公司 | Access control method, device, equipment and machine readable storage medium |
CN113792270A (en) * | 2021-09-29 | 2021-12-14 | 北京字跳网络技术有限公司 | Authority resource configuration method and device, storage medium and electronic equipment |
CN113849848A (en) * | 2021-12-02 | 2021-12-28 | 上海金仕达软件科技有限公司 | Data permission configuration method and system |
CN114978601A (en) * | 2022-04-25 | 2022-08-30 | 康键信息技术(深圳)有限公司 | Authority management method, device, equipment and medium |
CN115118480A (en) * | 2022-06-22 | 2022-09-27 | 中电信数智科技有限公司 | Skyline system weight-sharing domain-dividing function realization method and device based on Openstack |
CN115118480B (en) * | 2022-06-22 | 2024-04-26 | 中电信数智科技有限公司 | Method and device for realizing split-weight split-domain function of Skyline system based on Openstack |
Also Published As
Publication number | Publication date |
---|---|
CN107342992B (en) | 2020-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107342992A (en) | A kind of System right management method, apparatus and computer-readable recording medium | |
AU2018374912B2 (en) | Model training system and method, and storage medium | |
US6055637A (en) | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential | |
US20210073806A1 (en) | Data processing system utilising distributed ledger technology | |
CN109670768A (en) | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain | |
CN106713271B (en) | Web system login constraint method based on single sign-on | |
JP5787640B2 (en) | Authentication system, authentication method and program | |
CN110474865B (en) | Block chain user authority system and implementation method | |
US8726358B2 (en) | Identity ownership migration | |
CN109214151A (en) | The control method and system of user right | |
CN108200050A (en) | Single logging-on server, method and computer readable storage medium | |
CN108122109B (en) | Electronic credential identity management method and device | |
CN110417820A (en) | Processing method, device and the readable storage medium storing program for executing of single-node login system | |
US20030115484A1 (en) | System and method for incrementally distributing a security policy in a computer network | |
CN107204978B (en) | A kind of access control method and device based on multi-tenant cloud environment | |
US20030115322A1 (en) | System and method for analyzing security policies in a distributed computer network | |
US20090313684A1 (en) | Using windows authentication in a workgroup to manage application users | |
CN105871914B (en) | CRM system access control method | |
US6678682B1 (en) | Method, system, and software for enterprise access management control | |
CN105812350B (en) | Cross-platform single sign-on system | |
CN104243491B (en) | A kind of control method and system of credible and secure service | |
JP2013033449A (en) | Server system, control method and program | |
CN102422298A (en) | Access control of distributed computing resources system and method | |
CN107026825A (en) | A kind of method and system for accessing big data system | |
CN103986734B (en) | Authentication management method and authentication management system applicable to high-security service system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20201117 Address after: 518000 408, building 5, tongfuyu Industrial Park, Dalang street, Longhua New District, Shenzhen City, Guangdong Province Applicant after: Shenzhen media home culture Communication Co., Ltd Address before: 518000 Guangdong Province, Shenzhen high tech Zone of Nanshan District City, No. 9018 North Central Avenue's innovation building A, 6-8 layer, 10-11 layer, B layer, C District 6-10 District 6 floor Applicant before: NUBIA TECHNOLOGY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |