CN107342992A - A kind of System right management method, apparatus and computer-readable recording medium - Google Patents

A kind of System right management method, apparatus and computer-readable recording medium Download PDF

Info

Publication number
CN107342992A
CN107342992A CN201710512825.5A CN201710512825A CN107342992A CN 107342992 A CN107342992 A CN 107342992A CN 201710512825 A CN201710512825 A CN 201710512825A CN 107342992 A CN107342992 A CN 107342992A
Authority
CN
China
Prior art keywords
user
authority
interface service
authorization mark
button
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710512825.5A
Other languages
Chinese (zh)
Other versions
CN107342992B (en
Inventor
王平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen media home culture Communication Co., Ltd
Original Assignee
Nubia Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nubia Technology Co Ltd filed Critical Nubia Technology Co Ltd
Priority to CN201710512825.5A priority Critical patent/CN107342992B/en
Publication of CN107342992A publication Critical patent/CN107342992A/en
Application granted granted Critical
Publication of CN107342992B publication Critical patent/CN107342992B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Abstract

The invention discloses a kind of System right management method, apparatus and computer-readable recording medium, this method to include:Button in system resource is associated into corresponding atom operation by interface service;The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, describes the interface service using authorization mark, the authorization mark corresponds with the interface service, and the button associates the authorization mark;When carrying out user right distribution, the authorization mark is distributed into user, judges whether user possesses the interface service authority corresponding to access by verifying the authorization mark;If user is then allowed to perform the atom operation corresponding to the interface service association.The present invention solves authority particle big technical problem during the existing progress System Privileges distribution using access control based roles.

Description

A kind of System right management method, apparatus and computer-readable recording medium
Technical field
The present invention relates to rights management techniques field, more particularly to a kind of System right management method, apparatus and computer Readable storage medium storing program for executing.
Background technology
Rights management will be carried out by being related to the network system of user's participation, and rights management belongs to the category of system safety, Rights management realize to user access system control, according to safety regulation or security strategy control user can access and Oneself authorized resource can only be accessed.Rights management includes authenticating user identification and authorizes two parts, abbreviation Certificate Authority.It is right In needing the resource user of access control to first pass around authentication, certification has the access rights side of the resource by rear user It may have access to.
Wherein, access (abbreviation RBAC) control technology of based role is widely used in rights management, in RBAC, user With the relation of role's multi-to-multi, role and authority are the relations of multi-to-multi, and by role's opening relationships between user and authority, Role is the set of authority, and authority represents system resource (such as menu, button, the page).
The corresponding relation of user and role are substantially the same in system, but the authority that system resource describes has very big difference Not, resource can be divided into three kinds of catalogue, menu and button in common system;Catalogue is used to manage menu, menu connection page Face, button respective operations (such as inquiry, newly-increased, modification, deletion etc.).It is distinct in the allocative decision of button, have at present Two kinds of button methods of salary distribution:Firstth, first labelled to button, it is common to be divided into inquiry, newly-increased, modification and delete, user's binding Label;Secondth, labelled to button, the uniform resource position mark URL of label associated buttons, it is legal that user is obtained by label Uniform resource position mark URL, blocker intercept illegal uniform resource position mark URL.The first above-mentioned scheme only accomplishes the page On do not show unappropriated button, because uniform resource position mark URL is not intercepted, actually user can access it is illegal (i.e. It is unallocated) uniform resource position mark URL.The defects of second scheme is and is directed to the first scheme further optimizes, in label On bound uniform resource position mark URL, blocker intercepts illegal URL, realizes page Dynamic Announce button, shields again Illegal request, but this scheme there is also it is certain the defects of, for example system has Menu1, Menu2, Menu3 menu, to user Menu1 search access right is assigned with, actually user can also access Menu2 and Menu3 inquiry button, be labelled on button Cause the particle of authority larger, the authority distribution of system has certain leak, not up to ideal effect.
The allocative decision of authority is realized only in accordance with current needs in system, for example search access right is distributed to user, is used Family just possesses the search access right of all services, and this extensive method of salary distribution has potential safety problem.System at present Authority relation is illustrated in fig. 3 shown below:Type of button binds interface, and every kind of type of button includes corresponding total interface service, user Whole interfaces of a certain or several type of button are obtained after distribution authority, illegal URL can not be effectively shielded and access, Cause potential safety hazard.
The content of the invention
It is a primary object of the present invention to propose a kind of System right management method, apparatus and computer-readable storage medium Matter, it is intended to solve existing access (RBAC) control using based role and carry out authority particle big technology during System Privileges distribution Problem.
To achieve the above object, a kind of System right management method provided by the invention, this method comprise the following steps:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
Wherein, generally, system resource is segmented into catalogue, menu and button, and the catalogue is described for managing Menu, the menu connect the page, and the page shows the button.
Further, the corresponding multiple authorization marks of button association, the authorization mark is authority character String, passes through interface service described in the authority character string descriptor.
Further, before user right distribution is carried out, open system simultaneously carries out subscriber authentication, obtains user and carries The identity data of friendship, the identity data is compared with authenticated domain, when meeting one of them described authenticated domain, judges to recognize Demonstrate,prove successfully and return to the successful certification domain information of the certification.
Further, the permissions list that the authorization mark set corresponding to the interface service is formed is recognized described in being stored in Demonstrate,prove in domain, when carrying out user right distribution, role is found according to user, role inquiry authority, read from the authenticated domain The permissions list.
Further, the authenticated domain is any one of relevant database, cache server, configuration file.
Further, all information after being logged in by conversation recording user, the user is kept to weigh in a session Limit the result of distribution.
Based on same inventive concept, another aspect of the present invention, there is provided a kind of System right management device, described device bag Include:Memory, processor and the rights management program that can be run on the memory and on the processor is stored in, it is described The step of System right management method as described below is realized when rights management program is by the computing device:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
Further, the rights management program is also realized System Privileges pipe as described below during the computing device The step of reason method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification Domain information;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
Further, the rights management program is also realized System Privileges pipe as described below during the computing device The step of reason method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification Domain information;
The permissions list that the authorization mark set corresponding to the interface service is formed is stored in the authenticated domain, when When carrying out user right distribution, role is found according to user, role inquiry authority, the authority row are read from the authenticated domain Table;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
Further, the rights management program is also realized System Privileges pipe as described below during the computing device The step of reason method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered;
All information after being logged in by conversation recording user, the knot of the user right distribution is kept in a session Fruit.
Based on same inventive concept, another aspect of the present invention, a kind of computer-readable recording medium is additionally provided, its feature It is, rights management program is stored with the computer-readable recording medium, the rights management program is by the processor The step of System right management method as described above is realized during execution.
The System right management method, apparatus and computer-readable recording medium of the present invention, from system resource angle, It is authority character string to describe atom operation authority by carrying out note authorization mark in interface service, user distributes authority When only need to complete all working by configuring authorization mark, then judge whether user legal, whether access interface legal, So as to reach securely configurable authority distribution.Solve the problems, such as that access control based roles (RBAC) authority particle is big, Authorization mark (authority character string) is beaten in interface service, one or more authorization marks is bound on button, realizes smallest particles Authority distribution, safe and reliable authority distribution.The system resource datas such as catalogue, menu, button be can configure, and Maintenance free is based on Access control (RBAC) module of role, realizes module complete package.
Brief description of the drawings
Fig. 1 is a kind of general-purpose rights management system structured flowchart based on RBAC;
Fig. 2 is the authority implementing procedure figure of the general-purpose rights management system based on RBAC;
Fig. 3 is the existing authority distribution relational structure block diagram based on RBAC;
Fig. 4 is the first System right management method flow block diagram of the embodiment of the present invention;
Fig. 5 is second of System right management method flow block diagram of the embodiment of the present invention;
Fig. 6 is the third System right management method flow block diagram of the embodiment of the present invention;
Fig. 7 is the 4th kind of system right management method FB(flow block) of the embodiment of the present invention;
Fig. 8 is the authority distribution relational structure block diagram of the System right management device of the embodiment of the present invention.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
In follow-up description, the suffix using such as " module ", " part " or " unit " for representing element is only Be advantageous to the explanation of the present invention, itself there is no a specific meaning.Therefore, " module ", " part " or " unit " can mix Ground uses.
Rights Management System is the indispensable part of application system all the time, institute's rights management, is exactly passed through Access ability and scope are explicitly permitted or limited to certain approach, so as to limit the access to keystone resources, prevents disabled user Intrusion or the careless operation of validated user damage.With computer technology and the development of application, particularly internet Development, application system starts to increase sharply for the demand of rights management.People take in terms of the research of rights management techniques Very big achievement was obtained, a variety of rights management access control technologies successively occurred, such as autonomous rights management self contained navigation Technology DAC, forced symmetric centralization technology MAC.As rights management becomes increasingly complex, people generally feel DAC and MAC authority Administrative skill can not meet the demand for security of application system increasingly sophisticated now, therefore, it is proposed to the authority pipe of based role Reason technology RBAC.
RBAC technologies include user (USERS), role (ROLES), target objects (OBS), operation operations (OPS), five master data elements of license permissions (PRMS), authority type ascribed role, role are assigned to a use Family, this user just have the authority of atom operation possessed by the role.Wherein, atom operation, it is minimum rights management unit. In order to when user asks to perform a certain atom operation (Internet resources as corresponding to request access certain uniform resource position mark URL), Whether inquiry user possesses the authority for performing this atom operation, can be that user distributes role identification, to cause according to RBAC technologies The role identification that can be subsequently possessed according to user determines the role of user, and then determines the atom operation that the role of user has Authority.
As shown in Figure 1, there is provided a kind of general-purpose rights management system based on RBAC, employ authority system as described below System;
First, permission system is divided into role, function group, three layers of basic authority.
Secondly, according to the needs of enterprise, all possible operation is divided in detail, determines all basic authorities.
Finally, several function groups can be formed a role by the authority of correlation with composition function group.One user can be with Serve as several roles.
After such a layering, whole Rights Management System flexibly, effectively can access system number to user According to being controlled, user's operation is managed.
The target of Rights Management System is to realize rights management described above.First, according to the analysis to system, really Determine all basic authorities of system.Then on this basis, the permission system keeper to system provides flexible tissue, peace Row function group and role and the function that corresponding role is distributed to user.The subsystem of Rights Management System has:Function group pipe Reason, Role Management and the bulk of user role distribution function three, while should also provide according to authority distribution inspection specific user Whether there is the interface of a certain basic authority, and the password modification and inquiry work(online user management that all users are all suitable for With log management etc..
We can be clearly understood that the authority obtained in role is that function privilege can then realize systemic-function;If Object authority, then select entity object.Some user obtains the role simultaneously, can carry out concrete power limit behaviour to entity object Make, then modification authority, refresh authority records, until rights management is completed.Concrete power limit implementing procedure is as shown in Figure 2:
It is the module that each system should possess to log in subsystem, and login interface is the premise into system.It is at this , it is necessary to which user inputs correct username and password in the login interface that system is set.And when user name and the password not match of input When, dialog box is will appear to prompt user's " code error, please re-enter ".In user's operational subsystems, including to system The query function of information and the maintenance function to system information.In system information query aspects, it is mainly characterized by supporting to entirety The inquiry of system and specific inquiry.User can be inquired about system according to the needs of oneself.Such as user may It can want to know which type of role has what kind of authority, some colleague specifically possesses which type of authority etc, this Can is understood by inquiry operation if sample.In enquiry module, the content that user wants to know about according to oneself is come to tool Gymnastics is selected.In terms of to system information maintenance, the modification mainly to user cipher.Because user is initially using It is by Systems Operator's unified distribution authority when system and the information of user is initialized, i.e., to password and power The imparting of limit.Authority is that the idea that cannot shine user changes, but password can be with.User can according to the hobby of oneself with It is accustomed to be configured to password, and replaces original password storage into user profile.The core of Rights Management System is exactly The authority of user is managed, and that specifically carry out rights management is exactly Systems Operator.So in order to simplify to authority pipe Management to permission system, is specifically divided into three little modules, is the module to user management, the mould to Role Management respectively by reason Block and the module to permission group management.
Right management system is divided into coarseness and fine granularity control of authority.Coarse grain privilege management, to the power of resource type Limit management.Resource type is such as:Menu, URL connections, user add button in the page, user profile, class method, the page..Slightly Granularity rights management is such as:Super keepe can access whole pages such as the family addition page, user profile.Fine granularity authority pipe Reason, the rights management to resource instances.Resource instances with regard to resource type materialization, such as:The modification that user id is 001 connects Connect, 1110 classes of user profile, the employee of administration department.
Realize it is a kind of more commonly used mode based on the URL modes intercepted.It is overanxious by filter for web system Device realizes that URL is intercepted, and springmvc blocker can also be used to realize the interception based on URL.
For above-mentioned technical problem, based on above-mentioned Rights Management System, each embodiment of the inventive method is proposed.
Embodiment 1
To achieve the above object, as shown in figure 4, a kind of System right management method provided by the invention, this method include Following steps:
S101, the button in system resource is passed through to interface service association correspondingly atom operation;
S102, the corresponding relation for establishing by role user and authority, the authority correspond to the system resource, using awarding Token note describes the interface service, and the authorization mark corresponds with the interface service, is awarded described in the button association Token is remembered;
S103, when carrying out user right distribution, the authorization mark is distributed into user, by verify it is described authorize mark Note judges whether user possesses the interface service authority corresponding to access;If then allow user to perform the interface service to close The atom operation corresponding to connection.
Wherein, generally, system resource is segmented into catalogue, menu and button, and the catalogue is described for managing Menu, the menu connect the page, and the page shows the button.
Wherein, atom operation is minimum rights management unit, for example inquire about, be newly-increased, changing, deleting etc..
Wherein, the corresponding multiple authorization marks of button association, the authorization mark is authority character string, is led to Cross interface service described in the authority character string descriptor.
Authority particle minimum is uniform resource position mark URL, and uniform resource position mark URL associates corresponding interface service, One button may access more than one interface, pass through during development interface and explain (being also metadata, be the other explanation of code level) Rights markings (i.e. authority character string) are stamped for interface, the rights markings of button associated interface, button is placed on menu tree node Next stage, when distributing authority, while selecting menu, select button is also wanted, catalogue, the dish of distribution are bound after logging in system by user The rights markings of single, button and interface, the rights markings of user accessing united resource positioning symbol URL elder generations matched interfaces, in interface Layer intercepts illegal uniform resource position mark URL, realizes safe and reliable authority distribution.
As shown in figure 8, authority distribution is put on button, the next stage of menu tree is in, button association authorization mark, one Individual button corresponds to multiple authorization marks, and authorization mark corresponds with interface, is a kind of resource identifier, represents to which module Which resource operated, support authority character string asterisk wildcard, ":" represent NameSpace separation, ", " represent resource point Every " * " represents that any cost can be operated.Such as " system:user:Query " represents the inquiry for possessing System Management User Authority, " system:user:Query, system:user:Create " represents the inquiry of custom system management user and newly-increased power Limit, " system:user:* all permissions of system user management " are represented.
As shown in figure 5, second of System right management method provided by the invention, this method comprise the following steps:
S201, the button in system resource is passed through to interface service association correspondingly atom operation;
S202, the corresponding relation for establishing by role user and authority, the authority correspond to the system resource, using awarding Token note describes the interface service, and the authorization mark corresponds with the interface service, is awarded described in the button association Token is remembered;
S203, open system simultaneously carry out subscriber authentication, the identity data that user submits are obtained, by the identity data It is compared with authenticated domain, when meeting one of them described authenticated domain, judges certification success and return authentication is successfully described Certification domain information;
S204, when carrying out user right distribution, the authorization mark is distributed into user, by verify it is described authorize mark Note judges whether user possesses the interface service authority corresponding to access;If then allow user to perform the interface service to close The atom operation corresponding to connection.
User submits identity data (being usually account, password and identifying code etc.), and certification is performed by the authenticator of system, is recognized Card device is realized that, for the situation of a variety of authenticated domains, certification policy typically has three kinds by certification policy:As long as the firstth, there is one to recognize Domain certification success is demonstrate,proved, returns to the authentication information of first authenticated domain;As long as the secondth, there is an authenticated domain certification successfully i.e. Can, the authentication information of all successful authenticated domains of certification of return unlike the first;3rd, all authenticated domain certification successes Work(is just counted as, and returns to the authentication information of all authenticated domains, if a failure is with regard to authentification failure.For the feelings of more accounts Condition, such as the authenticated domain that mail account, cell-phone number and job number etc. are different, preferably by second of certification policy.
As shown in fig. 6, the third System right management method provided by the invention, this method comprise the following steps:
S301, the button in system resource is passed through to interface service association correspondingly atom operation;
S302, the corresponding relation for establishing by role user and authority, the authority correspond to the system resource, using awarding Token note describes the interface service, and the authorization mark corresponds with the interface service, is awarded described in the button association Token is remembered;
S303, open system simultaneously carry out subscriber authentication, the identity data that user submits are obtained, by the identity data It is compared with authenticated domain, when meeting one of them described authenticated domain, judges certification success and return authentication is successfully described Certification domain information;
The permissions list that the authorization mark set corresponding to S304, the interface service is formed is stored in the authenticated domain In, when carrying out user right distribution, role, role inquiry authority, from the authenticated domain described in reading are found according to user Permissions list;
S305, when carrying out user right distribution, the authorization mark is distributed into user, by verify it is described authorize mark Note judges whether user possesses the interface service authority corresponding to access;If then allow user to perform the interface service to close The atom operation corresponding to connection.
Authorize, that is to say authority distribution is completed by authorized device, and whether control user, which has permission, is operated, that is, is controlled User can access which of application function.Role polymerize one group of authority set, and who can access resource for control of authority.That is root first Role is found according to user, role finds authority again, then permissions list is read from authenticated domain, and this mode can also be named based on power The access control of limit, the general rule of this mode is " resource identifier:The little particle description of operation ", i.e. resource class.Sentence Whether disconnected user possesses access interface authority, and verifying authorization character string can be completed.For example modification user right is, it is necessary to use two Individual interface, first is first inquired about user, and second is to submit modification information, and the authority character string of the two interfaces is respectively “system:user:query”、“system:user:Update ", can be real as long as distributing the two authority character strings to user The authority distribution of existing smallest particles.
Wherein, authenticated domain can be relevant database, can make cache server, even configuration file.This The authenticated domain of scheme is placed on relevant database MySQL, and user's checking and authority are all that information is read from MySQL respectively.
As shown in fig. 7, the 4th kind of system right management method provided by the invention, this method comprise the following steps:
S401, the button in system resource is passed through to interface service association correspondingly atom operation;
S402, the corresponding relation for establishing by role user and authority, the authority correspond to the system resource, using awarding Token note describes the interface service, and the authorization mark corresponds with the interface service, is awarded described in the button association Token is remembered;
S403, when carrying out user right distribution, the authorization mark is distributed into user, by verify it is described authorize mark Note judges whether user possesses the interface service authority corresponding to access;If then allow user to perform the interface service to close The atom operation corresponding to connection;
S404, logged in by conversation recording user after all information, the user right point is kept in a session The result matched somebody with somebody.
Wherein, the authenticated domain is any one of relevant database, cache server, configuration file.
Session (session) is a unbroken request response sequence between client and server.To the every of client Individual request, server can recognize that request comes from same client.When a unknown client sends to web application A session has been begun to during first request.When client clearly terminates session or server within a predefined time limit not When receiving any request from client, session just finishes.After conversation end, what server just have forgotten client and client please Ask.
Web sessions can be simply interpreted as:User drives a browser, accesses some web site, is clicked in this website Multiple hyperlink, the multiple web resources of server are accessed, are then shut off browser, whole process is referred to as a session.Client to The request first that Web Application Server is sent may not be that client interacts with the first time of server.Request first refers to needing Create the request of session.It is because the request is the beginning (logic counted to multiple requests we term it request first On), and server starts to remember the request of client.For example, when user logs in or adds a commodity into shopping cart, just A session must be started
Session manager manages the work such as the conversation establishing of all users, maintenance, deletion, checking, in that context it may be convenient to from ought The relevant information of user is obtained in preceding session.
Embodiment 2
Based on same inventive concept, another aspect of the present invention, there is provided a kind of System right management device, described device bag Include:Memory, processor and the rights management program that can be run on the memory and on the processor is stored in, it is described The step of System right management method as described below is realized when rights management program is by the computing device:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
In access control based roles technical foundation, when the operating right to system resource is allocated, pass through Label is set in docking port service, that is to say authorization mark, this authorization labels and interface correspond, then, interface be with What button was associated, therefore, in authority distribution, it is thus only necessary to configure the authorization labels of button, it is possible to judge that user is It is no that there is corresponding operating right.If user is then allowed to perform the atom operation corresponding to the interface service association, otherwise Refuse user and perform the atom operation corresponding to the interface service association.Atom operation can be deletion, preserve, check etc. tool The operating procedure of body.
Wherein, the rights management program by the computing device when also realize System right management side as described below The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification Domain information;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
The authentication of user, that is to say the relation for needing to establish user and role, and role is the set of authority, authority list Show system resource (such as menu, button, the page).By the advance identity data being stored in authenticated domain, submitted with user Identity data is compared, and so as to identify user identity, establishes the corresponding relation of role and user, so as to be built by role Vertical user and the relation of right, then can be that user carries out authority distribution.
Wherein, the rights management program by the computing device when also realize System right management side as described below The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification Domain information;
The permissions list that the authorization mark set corresponding to the interface service is formed is stored in the authenticated domain, when When carrying out user right distribution, role is found according to user, role inquiry authority, the authority row are read from the authenticated domain Table;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
The authorization mark of interface that is to say that the authority character string on interface is stored in the permissions list in authenticated domain, certification Domain can be relevant database, can make cache server, even configuration file.User is built by role and authority After vertical relation, authorization mark is distributed for user by reading permissions list.
Wherein, the rights management program by the computing device when also realize System right management side as described below The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered;
All information after being logged in by conversation recording user, the knot of the user right distribution is kept in a session Fruit.
The work such as the conversation establishing of all users, maintenance, deletion, checking are managed by session manager, in that context it may be convenient to The relevant information of user is obtained from current sessions.
Embodiment 3
Based on same inventive concept, another aspect of the present invention, a kind of computer-readable recording medium is additionally provided, its feature It is, rights management program is stored with the computer-readable recording medium, the rights management program is by the processor The step of following System right management method is realized during execution:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered;
Wherein, the rights management program by the computing device when also realize System right management side as described below The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification Domain information;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
Wherein, the rights management program by the computing device when also realize System right management side as described below The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
Open system simultaneously carries out subscriber authentication, the identity data that user submits is obtained, by the identity data with recognizing Card domain is compared, and when meeting one of them described authenticated domain, judges certification success and the return authentication successfully certification Domain information;
The permissions list that the authorization mark set corresponding to the interface service is formed is stored in the authenticated domain, when When carrying out user right distribution, role is found according to user, role inquiry authority, the authority row are read from the authenticated domain Table;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered.
Wherein, the rights management program by the computing device when also realize System right management side as described below The step of method:
Button in system resource is associated into corresponding atom operation by interface service;
The corresponding relation of user and authority is established by role, the authority corresponds to the system resource, is marked using authorizing Note describes the interface service, and the authorization mark corresponds with the interface service, and the button association is described to authorize mark Note;
When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark is sentenced Whether disconnected user possesses the interface service authority corresponding to access;If user is then allowed to perform the interface service association pair The atom operation answered;
All information after being logged in by conversation recording user, the knot of the user right distribution is kept in a session Fruit.
The System right management method, apparatus and computer-readable recording medium of the present invention, from system resource angle, It is authority character string to describe atom operation authority by carrying out note authorization mark in interface service, user distributes authority When only need to complete all working by configuring authorization mark, then judge whether user legal, whether access interface legal, So as to reach securely configurable authority distribution.Solve the problems, such as that access control based roles (RBAC) authority particle is big, Authorization mark (authority character string) is beaten in interface service, one or more authorization marks is bound on button, realizes smallest particles Authority distribution, safe and reliable authority distribution.The system resource datas such as catalogue, menu, button be can configure, and Maintenance free is based on Access control (RBAC) module of role, realizes module complete package.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row His property includes, so that process, method, article or device including a series of elements not only include those key elements, and And also include the other element being not expressly set out, or also include for this process, method, article or device institute inherently Key element.In the absence of more restrictions, the key element limited by sentence " including one ... ", it is not excluded that including Other identical element also be present in the process of the key element, method, article or device.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on such understanding, technical scheme is substantially done to prior art in other words Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions to cause a station terminal equipment (can be mobile phone, computer, clothes Be engaged in device, air conditioner, or network equipment etc.) perform method described in each embodiment of the present invention.
The preferred embodiments of the present invention are these are only, are not intended to limit the scope of the invention, it is every to utilize this hair The equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims (10)

  1. A kind of 1. System right management method, it is characterised in that the described method comprises the following steps:
    Button in system resource is associated into corresponding atom operation by interface service;
    The corresponding relation of user and authority is established by role, the authority is corresponded to the system resource, retouched using authorization mark The interface service is stated, the authorization mark corresponds with the interface service, and the button associates the authorization mark;
    When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark judges to use Whether family possesses the interface service authority corresponding to access;If user is then allowed to perform corresponding to the interface service association The atom operation.
  2. 2. a kind of System right management method according to claim 1, it is characterised in that a button association is corresponding Multiple authorization marks, the authorization mark are authority character strings, pass through interface service described in the authority character string descriptor.
  3. 3. a kind of System right management method according to claim 1, it is characterised in that distribute it carrying out user right Before, methods described is further comprising the steps of:Open system simultaneously carries out subscriber authentication, obtains the identity data that user submits, The identity data is compared with authenticated domain, when meeting one of them described authenticated domain, judges that certification succeeds and returned The successful certification domain information of certification.
  4. A kind of 4. System right management method according to claim 3, it is characterised in that institute corresponding to the interface service The permissions list for stating authorization mark set formation is stored in the authenticated domain, when carrying out user right distribution, according to user Role is found, role inquiry authority, the permissions list is read from the authenticated domain.
  5. 5. a kind of System right management method according to claim 4, it is characterised in that the authenticated domain is relationship type number According to any one of storehouse, cache server, configuration file.
  6. 6. a kind of System right management method according to claim 1, it is characterised in that methods described also includes:Pass through All information after conversation recording user login, the result of the user right distribution is kept in a session.
  7. 7. a kind of System right management device, it is characterised in that described device includes:Memory, processor and it is stored in described On memory and the rights management program that can run on the processor, the rights management program is by the computing device The step of Shi Shixian System right management methods as described below:
    Button in system resource is associated into corresponding atom operation by interface service;
    The corresponding relation of user and authority is established by role, the authority is corresponded to the system resource, retouched using authorization mark The interface service is stated, the authorization mark corresponds with the interface service, and the button associates the authorization mark;
    When carrying out user right distribution, the authorization mark is distributed into user, by verifying that the authorization mark judges to use Whether family possesses the interface service authority corresponding to access;If user is then allowed to perform corresponding to the interface service association The atom operation.
  8. 8. a kind of System Privileges distributor according to claim 7, it is characterised in that the rights management program is by institute The step of System right management method as described below is also realized when stating computing device:
    Before user right distribution is carried out, open system simultaneously carries out subscriber authentication, obtains the identity data that user submits, The identity data is compared with authenticated domain, when meeting one of them described authenticated domain, judges that certification succeeds and returned The successful certification domain information of certification.
  9. 9. a kind of System Privileges distributor according to claim 7, it is characterised in that the rights management program is by institute The step of System right management method as described below is also realized when stating computing device:
    All information after being logged in by conversation recording user, the result of the user right distribution is kept in a session.
  10. 10. a kind of computer-readable recording medium, it is characterised in that storage has permission pipe on the computer-readable recording medium Program is managed, the rights management program is realized that the system as described in claim any one of 1-6 is weighed during the computing device The step of limiting management method.
CN201710512825.5A 2017-06-27 2017-06-27 System authority management method and device and computer readable storage medium Active CN107342992B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710512825.5A CN107342992B (en) 2017-06-27 2017-06-27 System authority management method and device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710512825.5A CN107342992B (en) 2017-06-27 2017-06-27 System authority management method and device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN107342992A true CN107342992A (en) 2017-11-10
CN107342992B CN107342992B (en) 2020-12-08

Family

ID=60218903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710512825.5A Active CN107342992B (en) 2017-06-27 2017-06-27 System authority management method and device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN107342992B (en)

Cited By (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108090374A (en) * 2018-01-09 2018-05-29 珠海迈越信息技术有限公司 A kind of multi User Privilege Management method and system
CN108196837A (en) * 2017-12-25 2018-06-22 国云科技股份有限公司 A kind of system authority control method
CN108289085A (en) * 2017-01-10 2018-07-17 珠海金山办公软件有限公司 A kind of document security management system login method and device
CN108319827A (en) * 2018-01-25 2018-07-24 烽火通信科技股份有限公司 A kind of API rights managements plug-in unit and method based on OSGI frames
CN108388604A (en) * 2018-02-06 2018-08-10 平安科技(深圳)有限公司 User right data administrator, method and computer readable storage medium
CN108629484A (en) * 2018-03-30 2018-10-09 平安科技(深圳)有限公司 It attends a banquet qualification management method, apparatus and storage medium
CN108776756A (en) * 2018-06-04 2018-11-09 北京奇虎科技有限公司 Access authorization for resource management method and device
CN109088858A (en) * 2018-07-13 2018-12-25 南京邮电大学 A kind of medical system and method based on rights management
CN109145545A (en) * 2018-09-11 2019-01-04 郑州云海信息技术有限公司 A kind of processing method and processing device of user's operation
CN109165486A (en) * 2018-08-27 2019-01-08 四川长虹电器股份有限公司 A kind of configurable interface access right control method
CN109446054A (en) * 2018-09-03 2019-03-08 中国平安人寿保险股份有限公司 The processing method and terminal device of unauthorized operation request based on big data
CN109766706A (en) * 2018-12-28 2019-05-17 中电科大数据研究院有限公司 A kind of more Rights Management System of data
WO2019127864A1 (en) * 2017-12-28 2019-07-04 平安科技(深圳)有限公司 Electronic device, springmvc-based data interface and automatic description generation method therefor, and storage medium
CN109992988A (en) * 2018-01-02 2019-07-09 中国移动通信有限公司研究院 A kind of data permission management method and device
CN110049083A (en) * 2017-12-20 2019-07-23 丰田自动车株式会社 Service management system, service management and non-transitory computer-readable medium
CN110569667A (en) * 2019-09-10 2019-12-13 北京字节跳动网络技术有限公司 Access control method and device, computer equipment and storage medium
CN110708298A (en) * 2019-09-23 2020-01-17 广州海颐信息安全技术有限公司 Method and device for centralized management of dynamic instance identity and access
CN110780876A (en) * 2019-10-29 2020-02-11 北京北纬通信科技股份有限公司 Web development front-end and back-end separation authority control method and system
CN111062028A (en) * 2019-12-13 2020-04-24 腾讯科技(深圳)有限公司 Authority management method and device, storage medium and electronic equipment
CN111125650A (en) * 2018-10-31 2020-05-08 北京国双科技有限公司 Page access right processing method and device, storage medium and processor
CN111191221A (en) * 2019-12-30 2020-05-22 腾讯科技(深圳)有限公司 Method and device for configuring authority resources and computer readable storage medium
CN111241503A (en) * 2020-01-16 2020-06-05 上海上实龙创智慧能源科技股份有限公司 Js frame-based page button authorization method
CN111526143A (en) * 2020-04-21 2020-08-11 北京思特奇信息技术股份有限公司 Method and device for realizing anti-unauthorized access of CRM system and storage medium
CN111625842A (en) * 2019-02-28 2020-09-04 武汉朗立创科技有限公司 Permission control system based on RBAC
CN111695124A (en) * 2020-05-18 2020-09-22 北京三快在线科技有限公司 Authority control method and device, storage medium and electronic equipment
CN111783076A (en) * 2020-08-05 2020-10-16 绵阳市智慧城市产业发展有限责任公司 Multi-scenario normalization processing model for construction, right establishment, authorization and verification of authority resources
CN111835792A (en) * 2020-07-31 2020-10-27 海南中金德航科技股份有限公司 System authentication role relationship system
CN112055024A (en) * 2020-09-09 2020-12-08 深圳市欢太科技有限公司 Authority verification method and device, storage medium and electronic equipment
CN112346624A (en) * 2020-11-09 2021-02-09 福建天晴在线互动科技有限公司 Method and system for realizing menu authority of background management system
CN112347442A (en) * 2020-11-30 2021-02-09 四川长虹电器股份有限公司 User authority verification method and device
CN112580000A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 User data processing method and device
CN112989373A (en) * 2021-03-08 2021-06-18 北京慧友云商科技有限公司 Hierarchical authorization control management engine based on RBAC
CN113542214A (en) * 2021-05-31 2021-10-22 新华三信息安全技术有限公司 Access control method, device, equipment and machine readable storage medium
CN113792270A (en) * 2021-09-29 2021-12-14 北京字跳网络技术有限公司 Authority resource configuration method and device, storage medium and electronic equipment
CN113849848A (en) * 2021-12-02 2021-12-28 上海金仕达软件科技有限公司 Data permission configuration method and system
CN114978601A (en) * 2022-04-25 2022-08-30 康键信息技术(深圳)有限公司 Authority management method, device, equipment and medium
CN115118480A (en) * 2022-06-22 2022-09-27 中电信数智科技有限公司 Skyline system weight-sharing domain-dividing function realization method and device based on Openstack
CN112836237B (en) * 2021-02-05 2023-08-15 广州海量数据库技术有限公司 Method and system for performing forced access control in content database

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010021177A1 (en) * 2000-03-10 2001-09-13 Anritsu Corporation Spanning tree bridge and route change method using the same
CN101441688A (en) * 2007-11-20 2009-05-27 阿里巴巴集团控股有限公司 User authority allocation method and user authority control method
CN101515932A (en) * 2009-03-23 2009-08-26 中兴通讯股份有限公司 Method and system for accessing Web service safely
CN101582767A (en) * 2009-06-24 2009-11-18 阿里巴巴集团控股有限公司 Authorization control method and authorization server
CN101902402A (en) * 2010-07-21 2010-12-01 中兴通讯股份有限公司 Method for managing user right and device thereof
CN101917448A (en) * 2010-08-27 2010-12-15 山东中创软件工程股份有限公司 Control method for realizing RBAC access permission in application on basis of.NET
CN102129364A (en) * 2010-01-14 2011-07-20 中国电信股份有限公司 Method for embedding widget toolbar in application program and rapid widget accessing method
CN102195956A (en) * 2010-03-19 2011-09-21 富士通株式会社 Cloud service system and user right management method thereof
CN102955644A (en) * 2011-08-19 2013-03-06 幻音科技(深圳)有限公司 Method and system for controlling resource display
CN103077028A (en) * 2012-12-28 2013-05-01 北京赛科世纪数码科技有限公司 Display method and system
CN103500297A (en) * 2013-10-11 2014-01-08 济钢集团有限公司 Fine grit authority management method in information system
CN103530568A (en) * 2012-07-02 2014-01-22 阿里巴巴集团控股有限公司 Authority control method, device and system
CN104484482A (en) * 2014-12-31 2015-04-01 广州东海网络科技有限公司 Webpage information updating method and system of network platform
CN104836910A (en) * 2015-04-27 2015-08-12 陆俊 Mobile terminal application authority switching method and mobile terminal
US20160127549A1 (en) * 2014-11-01 2016-05-05 Somos, Inc. Macroeconomic and predictive analytics based on toll-free number utilization
CN106096425A (en) * 2016-06-06 2016-11-09 北京金山安全软件有限公司 System permission starting method, device and equipment

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010021177A1 (en) * 2000-03-10 2001-09-13 Anritsu Corporation Spanning tree bridge and route change method using the same
CN101441688A (en) * 2007-11-20 2009-05-27 阿里巴巴集团控股有限公司 User authority allocation method and user authority control method
CN101515932A (en) * 2009-03-23 2009-08-26 中兴通讯股份有限公司 Method and system for accessing Web service safely
CN101582767A (en) * 2009-06-24 2009-11-18 阿里巴巴集团控股有限公司 Authorization control method and authorization server
CN102129364A (en) * 2010-01-14 2011-07-20 中国电信股份有限公司 Method for embedding widget toolbar in application program and rapid widget accessing method
CN102195956A (en) * 2010-03-19 2011-09-21 富士通株式会社 Cloud service system and user right management method thereof
CN101902402A (en) * 2010-07-21 2010-12-01 中兴通讯股份有限公司 Method for managing user right and device thereof
CN101917448A (en) * 2010-08-27 2010-12-15 山东中创软件工程股份有限公司 Control method for realizing RBAC access permission in application on basis of.NET
CN102955644A (en) * 2011-08-19 2013-03-06 幻音科技(深圳)有限公司 Method and system for controlling resource display
CN103530568A (en) * 2012-07-02 2014-01-22 阿里巴巴集团控股有限公司 Authority control method, device and system
CN103077028A (en) * 2012-12-28 2013-05-01 北京赛科世纪数码科技有限公司 Display method and system
CN103500297A (en) * 2013-10-11 2014-01-08 济钢集团有限公司 Fine grit authority management method in information system
US20160127549A1 (en) * 2014-11-01 2016-05-05 Somos, Inc. Macroeconomic and predictive analytics based on toll-free number utilization
CN104484482A (en) * 2014-12-31 2015-04-01 广州东海网络科技有限公司 Webpage information updating method and system of network platform
CN104836910A (en) * 2015-04-27 2015-08-12 陆俊 Mobile terminal application authority switching method and mobile terminal
CN106096425A (en) * 2016-06-06 2016-11-09 北京金山安全软件有限公司 System permission starting method, device and equipment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
吴限: "《基于角色访问控制(RBAC)的Web应用》", 《中国硕士学位论文全文数据库 信息技术辑》 *
张世龙, 沈玉利: "《基于RBAC的SSO统一权限管理方法》", 《计算机工程与设计》 *
文骁一: "《 一种基于改进RBAC模型的权限管理系统》", 《硅谷》 *
颜平超、牛熠、吴燕玲: "《基于RBAC的权限管理的设计与实现》", 《信息科学》 *

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108289085A (en) * 2017-01-10 2018-07-17 珠海金山办公软件有限公司 A kind of document security management system login method and device
CN110049083A (en) * 2017-12-20 2019-07-23 丰田自动车株式会社 Service management system, service management and non-transitory computer-readable medium
CN110049083B (en) * 2017-12-20 2021-12-17 丰田自动车株式会社 Service management system, service management method, and non-transitory computer-readable medium
CN108196837A (en) * 2017-12-25 2018-06-22 国云科技股份有限公司 A kind of system authority control method
WO2019127864A1 (en) * 2017-12-28 2019-07-04 平安科技(深圳)有限公司 Electronic device, springmvc-based data interface and automatic description generation method therefor, and storage medium
CN109992988A (en) * 2018-01-02 2019-07-09 中国移动通信有限公司研究院 A kind of data permission management method and device
CN108090374A (en) * 2018-01-09 2018-05-29 珠海迈越信息技术有限公司 A kind of multi User Privilege Management method and system
CN108319827B (en) * 2018-01-25 2020-06-02 烽火通信科技股份有限公司 API (application program interface) authority management system and method based on OSGI (open service gateway initiative) framework
CN108319827A (en) * 2018-01-25 2018-07-24 烽火通信科技股份有限公司 A kind of API rights managements plug-in unit and method based on OSGI frames
CN108388604B (en) * 2018-02-06 2022-06-10 平安科技(深圳)有限公司 User authority data management apparatus, method and computer readable storage medium
CN108388604A (en) * 2018-02-06 2018-08-10 平安科技(深圳)有限公司 User right data administrator, method and computer readable storage medium
CN108629484A (en) * 2018-03-30 2018-10-09 平安科技(深圳)有限公司 It attends a banquet qualification management method, apparatus and storage medium
CN108776756A (en) * 2018-06-04 2018-11-09 北京奇虎科技有限公司 Access authorization for resource management method and device
CN109088858A (en) * 2018-07-13 2018-12-25 南京邮电大学 A kind of medical system and method based on rights management
CN109165486A (en) * 2018-08-27 2019-01-08 四川长虹电器股份有限公司 A kind of configurable interface access right control method
CN109165486B (en) * 2018-08-27 2021-06-22 四川长虹电器股份有限公司 Configurable interface access authority control method
CN109446054A (en) * 2018-09-03 2019-03-08 中国平安人寿保险股份有限公司 The processing method and terminal device of unauthorized operation request based on big data
CN109446054B (en) * 2018-09-03 2023-08-25 中国平安人寿保险股份有限公司 Processing method and terminal equipment for override operation request based on big data
CN109145545A (en) * 2018-09-11 2019-01-04 郑州云海信息技术有限公司 A kind of processing method and processing device of user's operation
CN111125650A (en) * 2018-10-31 2020-05-08 北京国双科技有限公司 Page access right processing method and device, storage medium and processor
CN109766706A (en) * 2018-12-28 2019-05-17 中电科大数据研究院有限公司 A kind of more Rights Management System of data
CN111625842A (en) * 2019-02-28 2020-09-04 武汉朗立创科技有限公司 Permission control system based on RBAC
CN110569667A (en) * 2019-09-10 2019-12-13 北京字节跳动网络技术有限公司 Access control method and device, computer equipment and storage medium
CN110708298A (en) * 2019-09-23 2020-01-17 广州海颐信息安全技术有限公司 Method and device for centralized management of dynamic instance identity and access
CN112580000A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 User data processing method and device
CN110780876A (en) * 2019-10-29 2020-02-11 北京北纬通信科技股份有限公司 Web development front-end and back-end separation authority control method and system
CN111062028B (en) * 2019-12-13 2023-11-24 腾讯科技(深圳)有限公司 Authority management method and device, storage medium and electronic equipment
CN111062028A (en) * 2019-12-13 2020-04-24 腾讯科技(深圳)有限公司 Authority management method and device, storage medium and electronic equipment
CN111191221A (en) * 2019-12-30 2020-05-22 腾讯科技(深圳)有限公司 Method and device for configuring authority resources and computer readable storage medium
CN111191221B (en) * 2019-12-30 2023-05-12 腾讯科技(深圳)有限公司 Configuration method and device of authority resources and computer readable storage medium
CN111241503A (en) * 2020-01-16 2020-06-05 上海上实龙创智慧能源科技股份有限公司 Js frame-based page button authorization method
CN111526143A (en) * 2020-04-21 2020-08-11 北京思特奇信息技术股份有限公司 Method and device for realizing anti-unauthorized access of CRM system and storage medium
CN111695124A (en) * 2020-05-18 2020-09-22 北京三快在线科技有限公司 Authority control method and device, storage medium and electronic equipment
CN111835792A (en) * 2020-07-31 2020-10-27 海南中金德航科技股份有限公司 System authentication role relationship system
CN111783076A (en) * 2020-08-05 2020-10-16 绵阳市智慧城市产业发展有限责任公司 Multi-scenario normalization processing model for construction, right establishment, authorization and verification of authority resources
CN112055024A (en) * 2020-09-09 2020-12-08 深圳市欢太科技有限公司 Authority verification method and device, storage medium and electronic equipment
CN112055024B (en) * 2020-09-09 2023-08-22 深圳市欢太科技有限公司 Authority verification method and device, storage medium and electronic equipment
CN112346624B (en) * 2020-11-09 2022-04-01 福建天晴在线互动科技有限公司 Method and system for realizing menu authority of background management system
CN112346624A (en) * 2020-11-09 2021-02-09 福建天晴在线互动科技有限公司 Method and system for realizing menu authority of background management system
CN112347442A (en) * 2020-11-30 2021-02-09 四川长虹电器股份有限公司 User authority verification method and device
CN112836237B (en) * 2021-02-05 2023-08-15 广州海量数据库技术有限公司 Method and system for performing forced access control in content database
CN112989373A (en) * 2021-03-08 2021-06-18 北京慧友云商科技有限公司 Hierarchical authorization control management engine based on RBAC
CN113542214B (en) * 2021-05-31 2023-08-22 新华三信息安全技术有限公司 Access control method, device, equipment and machine-readable storage medium
CN113542214A (en) * 2021-05-31 2021-10-22 新华三信息安全技术有限公司 Access control method, device, equipment and machine readable storage medium
CN113792270A (en) * 2021-09-29 2021-12-14 北京字跳网络技术有限公司 Authority resource configuration method and device, storage medium and electronic equipment
CN113849848A (en) * 2021-12-02 2021-12-28 上海金仕达软件科技有限公司 Data permission configuration method and system
CN114978601A (en) * 2022-04-25 2022-08-30 康键信息技术(深圳)有限公司 Authority management method, device, equipment and medium
CN115118480A (en) * 2022-06-22 2022-09-27 中电信数智科技有限公司 Skyline system weight-sharing domain-dividing function realization method and device based on Openstack
CN115118480B (en) * 2022-06-22 2024-04-26 中电信数智科技有限公司 Method and device for realizing split-weight split-domain function of Skyline system based on Openstack

Also Published As

Publication number Publication date
CN107342992B (en) 2020-12-08

Similar Documents

Publication Publication Date Title
CN107342992A (en) A kind of System right management method, apparatus and computer-readable recording medium
AU2018374912B2 (en) Model training system and method, and storage medium
US6055637A (en) System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential
US20210073806A1 (en) Data processing system utilising distributed ledger technology
CN109670768A (en) Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain
CN106713271B (en) Web system login constraint method based on single sign-on
JP5787640B2 (en) Authentication system, authentication method and program
CN110474865B (en) Block chain user authority system and implementation method
US8726358B2 (en) Identity ownership migration
CN109214151A (en) The control method and system of user right
CN108200050A (en) Single logging-on server, method and computer readable storage medium
CN108122109B (en) Electronic credential identity management method and device
CN110417820A (en) Processing method, device and the readable storage medium storing program for executing of single-node login system
US20030115484A1 (en) System and method for incrementally distributing a security policy in a computer network
CN107204978B (en) A kind of access control method and device based on multi-tenant cloud environment
US20030115322A1 (en) System and method for analyzing security policies in a distributed computer network
US20090313684A1 (en) Using windows authentication in a workgroup to manage application users
CN105871914B (en) CRM system access control method
US6678682B1 (en) Method, system, and software for enterprise access management control
CN105812350B (en) Cross-platform single sign-on system
CN104243491B (en) A kind of control method and system of credible and secure service
JP2013033449A (en) Server system, control method and program
CN102422298A (en) Access control of distributed computing resources system and method
CN107026825A (en) A kind of method and system for accessing big data system
CN103986734B (en) Authentication management method and authentication management system applicable to high-security service system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20201117

Address after: 518000 408, building 5, tongfuyu Industrial Park, Dalang street, Longhua New District, Shenzhen City, Guangdong Province

Applicant after: Shenzhen media home culture Communication Co., Ltd

Address before: 518000 Guangdong Province, Shenzhen high tech Zone of Nanshan District City, No. 9018 North Central Avenue's innovation building A, 6-8 layer, 10-11 layer, B layer, C District 6-10 District 6 floor

Applicant before: NUBIA TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant