CN107563206A - Unified rights method of servicing and system - Google Patents
Unified rights method of servicing and system Download PDFInfo
- Publication number
- CN107563206A CN107563206A CN201710586334.5A CN201710586334A CN107563206A CN 107563206 A CN107563206 A CN 107563206A CN 201710586334 A CN201710586334 A CN 201710586334A CN 107563206 A CN107563206 A CN 107563206A
- Authority
- CN
- China
- Prior art keywords
- user
- unified
- rights
- service system
- operation system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of unified rights method of servicing and system, the unified rights method of servicing is implemented in unified rights service system, including:Receive the data access request of user, wherein, the data access request of the user is that the user of each operation system authorized logs in the access request sent after the unified rights service system, and user's object to be accessed is comprised at least in the data access request;Judge whether user has access rights to the object to be accessed;If having access rights, user is allowed to conduct interviews;If not having access rights, user is not allowed to conduct interviews.Being uniformly processed by the data access request to user of the invention, realizes the unification and centralized management of the authority of each operation system, is easy to manage and safeguards.
Description
Technical field
The present invention relates to computer technology application service technical field, more particularly to a kind of unified rights method of servicing and
System.
Background technology
With the propulsion of informatization, information level of the enterprise is constantly lifted.So far, in the information of enterprise
Change to have built numerous business application systems in environment and put into daily office and use, these business application systems are
As the important component of enterprise's daily routines.
Existing traffic application system in the information systems of enterprise is to use different technology buildings different in the period of,
Such as:OA (Office Automation, office automation) system, OES education administration systems, Document Management System etc..These business should
With in system, most of have the user management having a style of one's own, mandate and a Verification System, rights management business weight in operation system
Multiple exploitation, and can not share, it is each integral.Same user is required for use to belong to this when entering different business application systems
The different accounts of system go to access different business application systems, and this mode of operation is not only that the use of user brings many not
Just, it is often more important that reduce the manageability and security of enterprise's daily routines.
The content of the invention
It is contemplated that at least solves one of technical problem in above-mentioned correlation technique to a certain extent.
Therefore, it is an object of the present invention to propose a kind of unified rights method of servicing.The unified rights method of servicing
By being uniformly processed for the data access request to user, the unification and centralized management of the authority of each operation system are realized,
It is easy to manage and safeguards.
It is another object of the present invention to propose a kind of unified rights service system.
To achieve these goals, an aspect of of the present present invention discloses a kind of unified rights method of servicing, the unified power
Limit method of servicing is implemented in unified rights service system, including:The data access request of user is received, wherein, the user
Data access request be that the user of each operation system authorized logs in the visit sent after the unified rights service system
Request is asked, user's object to be accessed is comprised at least in the data access request;Judge whether user is accessed to described
Object has access rights;If having access rights, user is allowed to conduct interviews;If do not have access rights, no
User is allowed to conduct interviews.
According to the unified rights method of servicing of the present invention, by being uniformly processed for the data access request to user, realize
The unification and centralized management of the authority of each operation system, is easy to manage and safeguards.
In addition, unified rights method of servicing according to the above embodiment of the present invention can also have technology additional as follows special
Sign:
Further, in addition to:For each operation system user authorized in unified rights service system role and/or
Function, to log in the unified rights service system.
Further, the user for each operation system authorizes role and/or work(in unified rights service system
There can be permission inheritance function.
Further, the user for each operation system authorizes role and/or work(in unified rights service system
The method of energy includes:By character list for each operation system user is authorized in unified rights service system role with/
Or function;Or by authority menu tree for each operation system user authorized in unified rights service system role and/or
Function.
Further, it is described to judge whether user there is the step of access rights specifically to wrap the object to be accessed
Include:Whether search includes the access rights of user's object to be accessed in the unified rights service system.
Another aspect of the present invention discloses a kind of unified rights service system, including:Rights service unified login module,
For providing unified interface for the user of each operation system;Rights service management module, for receiving the data access of user
Request, wherein, the data access request of the user is user's login unified rights of each operation system authorized
The access request sent after service system, user's object to be accessed is comprised at least in the data access request;Rights service
Authentication module, for judging whether user has access rights to the object to be accessed;If having access rights, permit
Family allowable conducts interviews;If not having access rights, user is not allowed to conduct interviews.
According to the unified rights service system of the present invention, by being uniformly processed for the data access request to user, realize
The unification and centralized management of the authority of each operation system, is easy to manage and safeguards.
In addition, unified rights service system according to the above embodiment of the present invention can also have technology additional as follows special
Sign:
Further, in addition to:Authorization module, for the user for each operation system in unified rights service system
Role and/or function are authorized, to log in the unified rights service system.
Further, the user for each operation system authorizes role and/or work(in unified rights service system
There can be permission inheritance function.
Further, the user for each operation system authorizes role and/or work(in unified rights service system
The method of energy includes:By character list for each operation system user is authorized in unified rights service system role with/
Or function;Or by authority menu tree for each operation system user authorized in unified rights service system role and/or
Function.
Further, it is described to judge whether user there is the step of access rights specifically to wrap the object to be accessed
Include:Whether search includes the access rights of user's object to be accessed in the unified rights service system.
Further, the rights service management module, in addition to:Menu management module, for by setting menu as
Authorized user shows the authority tree of operation system and provides menu Custom Icons function;Information department management module, is used for
The organization in extent of competence is shown for authorized user;Role Management module, for showing authority model for authorized user
Role existing for operation system in enclosing;User authority management module, for for authorized operation system user show authority model
User existing for operation system in enclosing.
The additional aspect and advantage of the present invention will be set forth in part in the description, and will partly become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Brief description of the drawings
The above-mentioned and/or additional aspect and advantage of the present invention will become in the description from combination accompanying drawings below to embodiment
Substantially and it is readily appreciated that, wherein:
Fig. 1 is the flow chart of unified rights method of servicing according to an embodiment of the invention;
Fig. 2 is the structure chart of unified rights service system according to an embodiment of the invention;
Fig. 3 is the flow chart of unified rights method of servicing in accordance with another embodiment of the present invention;
Fig. 4 is the structure chart of user's authorization flow according to an embodiment of the invention.
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not considered as limiting the invention.
Unified rights method of servicing according to embodiments of the present invention and system are described below in conjunction with accompanying drawing.
Fig. 1 is the flow chart of unified rights method of servicing according to an embodiment of the invention.
As shown in figure 1, unified rights method of servicing according to an embodiment of the invention, wherein, the unified rights clothes
Business method is implemented in unified rights service system 200, is that the unified rights of one embodiment of the invention take with reference to shown in Fig. 2
Business system 200, this method includes:
S110:The data access request of user is received, wherein, the data access request of user is each business authorized
The user of system logs in the access request sent after unified rights service system 200, and user is comprised at least in data access request
The object to be accessed.
Before step S110, this method also includes:S100:For each operation system user in unified rights service system
Role and/or function are authorized in system, to log in unified rights service system 200.Further, it is the use of each operation system
Family authorizes the method for role and/or function to include in unified rights service system:It is each operation system by character list
User role and/or function are authorized in unified rights service system;Or by authority menu tree for each operation system
User authorizes role and/or function in unified rights service system.
Wherein, the user for each operation system authorizes role and/or function to have power in unified rights service system
Limit inherits function.For example, there is role B under role A, role B inherits role A authority.Operation system user passes through unified rights
Service login module is logged in, and unified authority management module is provided for authorized user.
With reference to shown in Fig. 4, it is for user's authorization flow of each operation system:
S1:User is created in user authority management in unified rights service system;
S2:Judge whether to distribute role to user, if it is, into S3, if it is not, directly authorizing menu work(
Can, complete to authorize;
S3:New role is created, judges whether that there is corresponding tissue, if it is not, into S4, if corresponding tissue,
Role is then distributed, completes to authorize;
S4:New organization is created, judges whether that there is corresponding menu, if it is not, into S5, if with corresponding
Menu, then organization is distributed, reallocate role, is finally completed mandate;
S5:New menu, and distribution menu are created, reallocate organization, and reallocate role, is finally completed mandate.
The mode that this user for each operation system authorizes, is different from traditional access control based roles mould
Type, authority not only can be only assigned to role, can also distribute to organization and menu, or directly authorize menu for user
Function;Actual authority is the superposition of this three's corresponding authority, so can be user-friendly to greatest extent.In view of user
Extension, system provide role-security inheritance rules.Therefore, the unified rights service system possess it is general, flexible, can be free
Configuration, it is expansible, support multi-user, support the characteristics such as more applications, the systems of B/S frameworks without the demand further according to user again
Design, exploitation authority management module.It only need to realize that the service logic of operation system can complete the exploitation of system, be significantly reduced
The overlapping development workload of operation system.
Also, CRM, ERP, OA, the website backstage that unified rights service system 200 can apply to any B/S frameworks are managed
In reason system, possess perfect superiority and convenience, considerably reduce system maintenance, management, upgrade cost.Realize power
Unification and centralized management of the service system 200 to the authority of each operation system are limited, is easy to manage and safeguards.Unified rights service
System 200 is developed using Java7 development language, has good professional platform independence.
S120:Judge whether user has access rights to the object to be accessed.
Step S120 is specifically included:Whether search includes the access of user's object to be accessed in unified rights service system
Authority.Wherein it is possible to carry out searching whether the access for including user's object to be accessed from the privileges configuration information in system
Authority.Further, access authority information is returned into unified rights service system 200, so as to unified rights service system 200
Continue with the data access request with access authority information.
S130:If having access rights, user is allowed to conduct interviews.
S140:If not having access rights, user is not allowed to conduct interviews.
According to the unified rights method of servicing of the present invention, by being uniformly processed for the data access request to user, realize
The unification and centralized management of the authority of each operation system, is easy to manage and safeguards.
Fig. 2 is the structure chart of unified rights service system according to an embodiment of the invention.
As shown in Fig. 2 the unified rights service system 200 of one embodiment of the invention, including:Rights service unified login
Module 210, rights service management module 220, rights service authentication module 230.
Wherein, rights service unified login module 210 is used to provide unified interface for the user of each operation system.Authority
Service management module 220 is used for the data access request for receiving user, wherein, the data access request of user is each to have authorized
The user of individual operation system logs in the access request sent after unified rights service system, comprises at least and uses in data access request
The family object to be accessed.Rights service authentication module 230 is used to judge whether user has access rights to the object to be accessed;
If having access rights, user is allowed to conduct interviews;If not having access rights, user is not allowed to conduct interviews.
According to the unified rights service system of the present invention, by being uniformly processed for the data access request to user, realize
The unification and centralized management of the authority of each operation system, is easy to manage and safeguards.
In certain embodiments, in addition to:Authorization module, for the user for each operation system in unified rights service
Role and/or function are authorized in system, to log in the unified rights service system.
In certain embodiments, for each operation system user authorized in unified rights service system role and/or
Function has permission inheritance function.
In certain embodiments, for each operation system user authorized in unified rights service system role and/or
The method of function includes:Role and/or function are authorized for the user of each operation system by character list;Or pass through authority dish
The user of each operation systems of Dan Shuwei authorizes role and/or function in unified rights service system.
In certain embodiments, judge whether user there is the step of access rights to specifically include the object to be accessed:
Whether search includes the access rights of user's object to be accessed in unified rights service system.
With reference to shown in Fig. 2, rights service management module 220, in addition to:Menu management module 221, for by setting menu
The authority tree of operation system is shown for authorized user and menu Custom Icons function is provided, wherein, authorized user exists
Within the scope of authority to menu, function is increased, deleted and edited, and user can utilize and provide menu Custom Icons work(
Can, operation system menu individual character desktop can be achieved.Information department management module 222 is used to show extent of competence for authorized user
Interior organization, wherein, authorized user is increased organization, deleted, edited within the scope of authority, by organizing machine
The authority of the tree-like formula management organization of structure authority.Role Management module 223 is used to show in extent of competence for authorized user
Operation system existing for role, wherein, user can carry out the management of role intra vires:Add role, editor's role
Data, the affiliated organization of distribution role, and the authority that user is possessed is shown, it is role in the permissions base that user is possessed
Carry out authority distribution.Consider user's extension, system provides role-security inheritance rules.User authority management module 224 passes through row
Table is to have authorized operation system user to show user existing for the operation system in extent of competence.User is carried out intra vires
Management, the module management user right mode not only possesses traditional Role-based access control model, also possesses and be based on
The access control model of menu function.
It should be noted that the specific implementation of the unified rights service system of the embodiment of the present invention is implemented with the present invention
The specific implementation of the unified rights method of servicing of example is similar, specifically refers to the description of unified rights method of servicing part,
In order to reduce redundancy, do not repeat herein.
In addition, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relative importance
Or the implicit quantity for indicating indicated technical characteristic.Thus, define " first ", the feature of " second " can be expressed or
Implicitly include at least one this feature.In the description of the invention, " multiple " are meant that at least two, such as two, three
It is individual etc., unless otherwise specifically defined.
In the present invention, unless otherwise clearly defined and limited, term " installation ", " connected ", " connection ", " fixation " etc.
Term should be interpreted broadly, for example, it may be fixedly connected or be detachably connected, or integrally;Can be that machinery connects
Connect or electrically connect;Can be joined directly together, can also be indirectly connected by intermediary, can be in two elements
The connection in portion or the interaction relationship of two elements, limited unless otherwise clear and definite.For one of ordinary skill in the art
For, the concrete meaning of above-mentioned term in the present invention can be understood as the case may be.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or the spy for combining the embodiment or example description
Point is contained at least one embodiment or example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Identical embodiment or example must be directed to.Moreover, specific features, structure, material or the feature of description can be with office
Combined in an appropriate manner in one or more embodiments or example.In addition, in the case of not conflicting, the skill of this area
Art personnel can be tied the different embodiments or example and the feature of different embodiments or example described in this specification
Close and combine.
Although embodiments of the invention have been shown and described above, it is to be understood that above-described embodiment is example
Property, it is impossible to limitation of the present invention is interpreted as, one of ordinary skill in the art within the scope of the invention can be to above-mentioned
Embodiment is changed, changed, replacing and modification.
Claims (10)
1. a kind of unified rights method of servicing, it is characterised in that the unified rights method of servicing is in unified rights service system
Middle execution, including:
The data access request of user is received, wherein, the data access request of the user is each operation system authorized
User log in the access request sent after the unified rights service system, comprise at least user in the data access request
The object to be accessed;
Judge whether user has access rights to the object to be accessed;
If having access rights, user is allowed to conduct interviews;
If not having access rights, user is not allowed to conduct interviews.
2. unified rights method of servicing according to claim 1, it is characterised in that also include:For each operation system
User authorizes role and/or function in unified rights service system, to log in the unified rights service system.
3. unified rights method of servicing according to claim 2, it is characterised in that the user for each operation system
Authorize role and/or function that there is permission inheritance function in unified rights service system.
4. unified rights method of servicing according to claim 2, it is characterised in that the user for each operation system
The method of role and/or function is authorized to include in unified rights service system:
Role and/or function are authorized in unified rights service system for the user of each operation system by character list;
Or role and/or work(are authorized in unified rights service system for the user of each operation system by authority menu tree
Energy.
5. unified rights method of servicing according to claim 1, it is characterised in that described to judge user whether to the desire
There is the object of access the step of access rights to specifically include:
Whether search includes the access rights of user's object to be accessed in the unified rights service system.
A kind of 6. unified rights service system, it is characterised in that including:
Rights service unified login module, for providing unified interface for the user of each operation system;
Rights service management module, for receiving the data access request of user, wherein, the data access request of the user is
The user of each operation system authorized logs in the access request sent after the unified rights service system, and the data are visited
Ask in request and comprise at least user's object to be accessed;
Rights service authentication module, for judging whether user has access rights to the object to be accessed;If have
Access rights, then user is allowed to conduct interviews;If not having access rights, user is not allowed to conduct interviews.
7. unified rights service system according to claim 6, it is characterised in that also include:Authorization module, for be each
The user of individual operation system authorizes role and/or function in unified rights service system, to log in the unified rights clothes
Business system.
8. unified rights service system according to claim 7, it is characterised in that the user for each operation system
Authorize role and/or function that there is permission inheritance function in unified rights service system.
9. unified rights service system according to claim 7, it is characterised in that the user for each operation system
Authorizing the method for role and/or function includes:
Role and/or function are authorized in unified rights service system for the user of each operation system by character list;
Or role and/or work(are authorized in unified rights service system for the user of each operation system by authority menu tree
Energy.
10. unified rights service system according to claim 6, it is characterised in that the rights service management module, also
Including:
Menu management module, for being that authorized user has shown the authority tree of operation system and provides menu certainly by setting menu
Define icon function;
Information department management module, for showing the organization in extent of competence for authorized user;
Role Management module, for showing role existing for the operation system in extent of competence for authorized user;
User authority management module, for being used to have authorized operation system user to show existing for the operation system in extent of competence
Family.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710586334.5A CN107563206A (en) | 2017-07-18 | 2017-07-18 | Unified rights method of servicing and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710586334.5A CN107563206A (en) | 2017-07-18 | 2017-07-18 | Unified rights method of servicing and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107563206A true CN107563206A (en) | 2018-01-09 |
Family
ID=60973640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710586334.5A Pending CN107563206A (en) | 2017-07-18 | 2017-07-18 | Unified rights method of servicing and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107563206A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110889142A (en) * | 2019-12-20 | 2020-03-17 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
| CN111177789A (en) * | 2020-01-07 | 2020-05-19 | 江苏满运软件科技有限公司 | Authority management method, system, device and storage medium |
| CN113239344A (en) * | 2021-05-12 | 2021-08-10 | 建信金融科技有限责任公司 | Access right control method and device |
| CN113709143A (en) * | 2021-08-26 | 2021-11-26 | 四川启睿克科技有限公司 | Accurate authority access control system and method for Web integrated system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388897A (en) * | 2007-09-12 | 2009-03-18 | 福建富士通信息软件有限公司 | Enterprise portal webpage integration system |
| CN101441734A (en) * | 2007-11-19 | 2009-05-27 | 上海久隆电力科技有限公司 | Unite identification authentication system |
| CN102567675A (en) * | 2012-02-15 | 2012-07-11 | 合一网络技术(北京)有限公司 | User authority management method and system in business system |
| CN104753960A (en) * | 2015-04-22 | 2015-07-01 | 成都华西公用医疗信息服务有限公司 | Single-point login based system configuration management method |
| CN104992118A (en) * | 2015-06-30 | 2015-10-21 | 北京奇虎科技有限公司 | Unified permission management method and system for multiple service systems |
| CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
-
2017
- 2017-07-18 CN CN201710586334.5A patent/CN107563206A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388897A (en) * | 2007-09-12 | 2009-03-18 | 福建富士通信息软件有限公司 | Enterprise portal webpage integration system |
| CN101441734A (en) * | 2007-11-19 | 2009-05-27 | 上海久隆电力科技有限公司 | Unite identification authentication system |
| CN102567675A (en) * | 2012-02-15 | 2012-07-11 | 合一网络技术(北京)有限公司 | User authority management method and system in business system |
| CN104753960A (en) * | 2015-04-22 | 2015-07-01 | 成都华西公用医疗信息服务有限公司 | Single-point login based system configuration management method |
| CN104992118A (en) * | 2015-06-30 | 2015-10-21 | 北京奇虎科技有限公司 | Unified permission management method and system for multiple service systems |
| CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110889142A (en) * | 2019-12-20 | 2020-03-17 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
| CN110889142B (en) * | 2019-12-20 | 2022-08-26 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
| CN111177789A (en) * | 2020-01-07 | 2020-05-19 | 江苏满运软件科技有限公司 | Authority management method, system, device and storage medium |
| CN113239344A (en) * | 2021-05-12 | 2021-08-10 | 建信金融科技有限责任公司 | Access right control method and device |
| CN113709143A (en) * | 2021-08-26 | 2021-11-26 | 四川启睿克科技有限公司 | Accurate authority access control system and method for Web integrated system |
| CN113709143B (en) * | 2021-08-26 | 2023-03-07 | 四川启睿克科技有限公司 | Accurate authority access control system and method for Web integrated system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107563206A (en) | Unified rights method of servicing and system | |
| CN102468971A (en) | Authority management method and device, and authority control method and device | |
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| CN1989472A (en) | A generic declarative authorization scheme for java | |
| CN108092945B (en) | Method and device for determining access authority and terminal | |
| US6678682B1 (en) | Method, system, and software for enterprise access management control | |
| US8719894B2 (en) | Federated role provisioning | |
| CN102236762A (en) | Method for processing file access for multi-tenancy application and file agent device | |
| CN101952830A (en) | Methods and systems for user authorization | |
| JP2006099777A (en) | Centrally managed proxy-based security for legacy automation systems | |
| CN102902911B (en) | A kind of method of safe operation third party code in Java Virtual Machine | |
| CN107682285A (en) | A kind of isomery cloud platform unified resource authorization method | |
| CN101673358B (en) | Method and device for managing authority in workflow component based on authority component | |
| CN102393889A (en) | Permissions configuration management system | |
| CN107871062A (en) | A kind of application permission control method, device and terminal | |
| CN105550590A (en) | Role-based access control mechanism | |
| CN102857537A (en) | Remote call method, device and system | |
| CN104935599A (en) | Control and management method and system for universal right | |
| CN106534202A (en) | Permission processing method and device | |
| CN104580081A (en) | Integrated SSO (single sign on) system | |
| US7730093B2 (en) | Method for controlling access to the resources of a data processing system, data processing system, and computer program | |
| CN105376198A (en) | Access control method and device | |
| CN110414257A (en) | A kind of data access method and server | |
| CN105786551A (en) | Application program operation access control method and system | |
| CN108809930B (en) | User authority management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180109 |