CN107770146A - A kind of user data authority control method and device - Google Patents
A kind of user data authority control method and device Download PDFInfo
- Publication number
- CN107770146A CN107770146A CN201610710737.1A CN201610710737A CN107770146A CN 107770146 A CN107770146 A CN 107770146A CN 201610710737 A CN201610710737 A CN 201610710737A CN 107770146 A CN107770146 A CN 107770146A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- role information
- mobile terminal
- opened
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The present invention provides a kind of user data authority control method and device, when method is included in the authority access request for receiving mobile terminal transmission, according to the identifier lookup preset table of mobile terminal, obtains the Role Information of mobile terminal;Authority access request includes the mark of mobile terminal;According to the Role Information and Role Information and the preset relation of authorization role information to be opened of mobile terminal, authorization role information to be opened corresponding with Role Information is obtained;The user's group identification information of the mark comprising mobile terminal is searched in another preset table;The user profile of authority to be opened corresponding with user's group identification information and authorization role information to be opened is searched in pre-set user group database;Control opens the data permission of the user of authority to be opened to mobile terminal;The user of authority to be opened is user corresponding with the user profile of authority to be opened.The present invention need to be only the authority relation that each user is distributed between role and determination role, be easy to obtain user data authority.
Description
Technical field
The present invention relates to computer processing technology field, more particularly to a kind of user data authority control method and device.
Background technology
Rights management, refers generally to the safety regulation or security strategy set according to system, and user can access and only
Oneself authorized resource can be accessed, it is neither too much nor too little.Rights management is occurred nearly in inside any system, as long as having user and Mi
The system of code.
At present, control the data permission of user to be realized generally by institutional framework and post, i.e., be bundled in user
In some specific department and post, then the user obtains the basic authority in the post, and inherits post subordinate hilllock
The all permissions of position.
But sometimes one tissue does not have perfect organizational structure and department post, in this case, above-mentioned control is used
The method of the data permission at family is just no longer applicable.
The content of the invention
The present invention provides a kind of user data authority control method and device, need to be only each user distribute role and
Determine that the authority relation between role can obtain the data permission of mobile terminal of authority to be obtained, it is not necessary to dependent on tissue
Framework and post information etc., therefore it is easy to obtain the data permission of user.
In a first aspect, the present invention provides a kind of user data authority control method, including:
It is default according to the identifier lookup of the mobile terminal when receiving the authority access request of mobile terminal transmission
Role Information table, obtain the Role Information of the mobile terminal;The authority access request includes the mark of mobile terminal, described
Role Information table includes the mark of mobile terminal and the corresponding relation of Role Information;
According to the Role Information of the mobile terminal and Role Information and the preset relation of authorization role information to be opened,
Obtain authorization role information to be opened corresponding with the Role Information;
The user's group identification information of the mark comprising the mobile terminal is searched in default subscriber group information table;It is described
Subscriber group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;
Search in default user's group database and believe with the user's group identification information and the authorization role to be opened
The user profile of authority to be opened corresponding to breath;The user's group database include user's group identification information, Role Information and
The corresponding relation of user profile;
Control opens the data permission of the user of authority to be opened to the mobile terminal;The use of the authority to be opened
Family is user corresponding with the user profile of the authority to be opened.
Preferably, according to the pre- of the Role Information of the mobile terminal and Role Information and authorization role information to be opened
If relation, authorization role information to be opened corresponding with the Role Information is obtained, including:
According to the Role Information of the mobile terminal, default authority list is searched, obtains the role with the mobile terminal
The hierarchical information of tree construction corresponding to information;The authority list includes Role Information pass corresponding with the hierarchical information of tree construction
System;
According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role letter to be opened
Breath;The storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
Preferably, according to the pre- of the Role Information of the mobile terminal and Role Information and authorization role information to be opened
If relation, authorization role information to be opened corresponding with the Role Information is obtained, including:
According to the Role Information of the mobile terminal and Role Information and the relationship expression of authorization role information to be opened
Formula, obtain authorization role information to be opened corresponding with the Role Information.
Preferably, methods described also includes:
Receive the data acquisition request that the mobile terminal is sent;
According to the data acquisition request, the data of the user of authority to be opened described in acquisition, and the data are sent
To the mobile terminal.
Preferably, the user's group database includes the correspondence of user's group identification information, Role Information and user's mark
Relation;
The user profile of the authority to be opened identifies for user.
Second aspect, the present invention also provide a kind of user data authority control device, including:
First acquisition unit, for when receiving the authority access request of mobile terminal transmission, according to it is described it is mobile eventually
The default Role Information table of identifier lookup at end, obtain the Role Information of the mobile terminal;The authority access request includes
The mark of mobile terminal, the Role Information table include the mark of mobile terminal and the corresponding relation of Role Information;
Second acquisition unit, for the Role Information according to the mobile terminal and Role Information and authority angle to be opened
The preset relation of color information, obtain authorization role information to be opened corresponding with the Role Information;
First searching unit, for searching the use of the mark comprising the mobile terminal in default subscriber group information table
Family group identification information;The subscriber group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;
Second searching unit, for being searched and the user's group identification information and described in default user's group database
The user profile of authority to be opened corresponding to authorization role information to be opened;The user's group database includes user's group mark letter
The corresponding relation of breath, Role Information and user profile;
Control of authority unit, the data permission of the user of authority to be opened is opened to the mobile terminal for controlling;
The user of the authority to be opened is user corresponding with the user profile of the authority to be opened.
Preferably, the second acquisition unit is additionally operable to:
According to the Role Information of the mobile terminal, default authority list is searched, obtains the role with the mobile terminal
The hierarchical information of tree construction corresponding to information;The authority list includes Role Information pass corresponding with the hierarchical information of tree construction
System;
According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role letter to be opened
Breath;The storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
Preferably, the second acquisition unit is additionally operable to:
According to the Role Information of the mobile terminal and Role Information and the relationship expression of authorization role information to be opened
Formula, obtain authorization role information to be opened corresponding with the Role Information.
Preferably, described device includes:
Receiving unit, the data acquisition request sent for receiving the mobile terminal;
3rd acquiring unit, for according to the data acquisition request, the data of the user of authority to be opened described in acquisition,
And send the data to the mobile terminal.
Preferably, the user's group database includes the correspondence of user's group identification information, Role Information and user's mark
Relation;
The user profile of the authority to be opened identifies for user.
As shown from the above technical solution, the present invention need to be only the power that each user is distributed between role and determination role
Limit relation can obtain the data permission of the mobile terminal of authority to be obtained, it is not necessary to dependent on organizational structure and post information
Deng, therefore it is easy to obtain the data permission of user.
Brief description of the drawings
Fig. 1 is a kind of flow chart for user data authority control method that the embodiment of the disclosure one provides;
Fig. 2 is a kind of theory diagram for user data authority control device that the embodiment of the disclosure one provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present disclosure, the technical scheme in the embodiment of the present disclosure is purged, be complete
Site preparation describes, it is clear that described embodiment is only disclosure part of the embodiment, rather than whole embodiments.It is based on
Embodiment in the disclosure, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of disclosure protection.
The partial words referred in the embodiment of the present disclosure are illustrated below.
The user equipment (User Equipment, abbreviation UE) referred in the embodiment of the present disclosure refers to calling service side, such as
Passenger in vehicles dial-a-cab, used mobile terminal or personal computer (Personal Computer, abbreviation
The equipment such as PC).Such as smart mobile phone, personal digital assistant (PDA), tablet personal computer, notebook computer, vehicle-mounted computer
(carputer), handheld device, intelligent glasses, intelligent watch, wearable device, virtual display device or display enhancing equipment
(such as Google Glass, Oculus Rift, Hololens, Gear VR).
The terminal referred in the embodiment of the present disclosure, such as the driver in vehicles dial-a-cab, is made to provide service side
It is used for the equipment such as mobile terminal or the PC ends of order.It is all as above-mentioned calling service side uses each equipment.In the present embodiment,
In order to distinguish passenger and driver, user equipment (UE) and terminal is respectively adopted to represent mobile terminal that passenger and driver are held respectively
Etc. equipment.
In existing client development technique, including ios and android, system can be read with monitoring system call-in reporting
Message registration, read-write system address list.
Android system read-write address list authority name be:
Android.permission.READ_CONTACTS (reading)
Android.permission.WRITE_CONTACTS (writes)
Ios system read-writes system communication record authority framework be:
ABAddressBook Framework
Fig. 1 is a kind of flow chart for user data authority control method that the embodiment of the disclosure one provides;
As shown in figure 1, a kind of user data authority control method of the present embodiment, including:
S101, receive mobile terminal transmission authority access request when, according to the identifier lookup of the mobile terminal
Default Role Information table, obtain the Role Information of the mobile terminal;The authority access request includes the mark of mobile terminal
Know, the Role Information table includes the mark of mobile terminal and the corresponding relation of Role Information;
It is understood that the Role Information is to be assigned in advance to each user, it can be according to tissue residing for user
The definition such as property, as the role of car operation company can include:City manager, train commander, drive pipe and pipe is driven in outside, one
The role of enterprise can include:President, chief inspector, general manager, office worker etc..
S102, according to the default of the Role Information and Role Information of the mobile terminal and authorization role information to be opened
Relation, obtain authorization role information to be opened corresponding with the Role Information;
S103, the user's group mark letter that the mark for including the mobile terminal is searched in default subscriber group information table
Breath;The subscriber group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;
It is understood that the user of its possible administration of same role is different, such as above-mentioned car operation company, base
In the reason for the region and role's rank, a city manager can be concurrently in charge of the operation management of different cities, if it can bear
The fleet management in A cities is blamed, while also is responsible for the fleet management in B cities, for these reasons, need to be by the whole in a tissue
Role is grouped, and so just can determine that the user of the limit that is possessed of control power of a particular user.
S104, searched and the user's group identification information and the authority angle to be opened in default user's group database
The user profile of authority to be opened corresponding to color information;The user's group database includes user's group identification information, Role Information
And the corresponding relation of user profile;
S105, control open the data permission of the user of authority to be opened to the mobile terminal;The power to be opened
The user of limit is user corresponding with the user profile of the authority to be opened.
Illustrate the embodiment of the present disclosure:If being organized as car operation company, its role includes:City manager, train commander,
Drive pipe and pipe is driven in outside, wherein:City manager is the first order, a length of second level of fleet, drive pipe and to drive pipe be the third level for outside,
Higher level has the control authority of its all subordinate.
If the mobile terminal of certain city manager, to server sending permission access request, server determines that angle is handled in its city
After color, first determine that the city role that can check of manager is train commander, drives pipe and pipe is driven in outside according to above-mentioned steps S102;Then
The user's group identification information of the mark comprising the mobile terminal is obtained according to above-mentioned steps S103, if sharing two user's groups, A
Group and B groups, and include the mark of the mobile terminal of city manager in two user's groups, then search acquisition in A groups and B groups
Train commander therein, pipe and the outside user profile for driving pipe are driven, control all train commanders in A groups and B groups, drive pipe and outside
The data permission for driving pipe opens to the mobile terminal.
The embodiment of the present disclosure need to be only that each user distributes role and determines that the authority relation between role can obtain
Take the data permission of the mobile terminal of authority to be obtained, it is not necessary to dependent on organizational structure and post information etc., therefore be easy to
Obtain the data permission of user.
As a kind of preferred embodiment, the step S102, including:
According to the Role Information of the mobile terminal, default authority list is searched, obtains the role with the mobile terminal
The hierarchical information of tree construction corresponding to information;The authority list includes Role Information pass corresponding with the hierarchical information of tree construction
System;
It is understood that because the data permission of some roles in a tissue is identical, therefore the authority of role
Relation represents to become apparent from a topological tree construction, therefore deposits the relation between role in the form of tree construction in this step
Storage.
According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role letter to be opened
Breath;The storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
It is understood that as stored in storage of data structure table as first layer:Handle in city;The second layer:Train commander;The
Three layers:Drive pipe and pipe is driven in outside.
In fact, can be represented the relation between each role by the form of expression formula according to the relation between role, because
This, is as a kind of preferred embodiment, the step S102, including:
According to the Role Information of the mobile terminal and Role Information and the relationship expression of authorization role information to be opened
Formula, obtain authorization role information to be opened corresponding with the Role Information.
It is understood that authority angle to be opened corresponding with the Role Information is obtained by way of relational expression
Color information can save the memory space for storing authority relation between Role Information and role.
As a kind of preferred embodiment, after the step S105, methods described also includes:
Receive the data acquisition request that the mobile terminal is sent;
According to the data acquisition request, the data of the user of authority to be opened described in acquisition, and the data are sent
To the mobile terminal.
It is understood that being possessed of control power for the above-mentioned mobile terminal got can be checked using the embodiment of the present disclosure
The data of the user of limit.
As a kind of preferred embodiment, the user's group database includes user's group identification information, Role Information and use
The corresponding relation of family mark;
The user profile of the authority to be opened identifies for user.
It is understood that the user profile of the authority to be opened in addition to being identified for user, can also be other use
Family attribute information, the disclosure are without limitation.
Illustrate the disclosure below by a specific embodiment.
If certain car operation company includes 7 users, it is respectively:A, B, C, D, E, F, G, this 7 users are given to assign respectively
Role is:A:Handle B in city:Train commander C:Train commander D:Drive pipe E:Drive pipe F:Drive pipe G in outside:Drive pipe in outside;
Wherein, the authority relation between role is:City manager is the first order, a length of second level of fleet, drives pipe and outside
It is the third level to drive pipe, and higher level has the control authority of its all subordinate.
Above-mentioned 7 users are divided into two groups, respectively organize 1 and group 2, wherein group 1 includes A, B, D, F, organize 2 include A, C,
E、G;
It can be seen from the authority relation between above-mentioned role and the method described in the disclosure, party A-subscriber is actual to have control
The user of authority is B, D, F, C, E, G;The user of the actual limit that is possessed of control power of party B-subscriber is D, F;C user is actual to be possessed of control power
The user of limit is E, G.
Fig. 2 is a kind of theory diagram for user data authority control device that the embodiment of the disclosure one provides.
A kind of user data authority control device as shown in Figure 2, including:
First acquisition unit 201, for receive mobile terminal transmission authority access request when, according to the movement
The default Role Information table of identifier lookup of terminal, obtain the Role Information of the mobile terminal;The authority access request bag
The mark of mobile terminal is included, the Role Information table includes the mark of mobile terminal and the corresponding relation of Role Information;
Second acquisition unit 202, for the Role Information according to the mobile terminal and Role Information and power to be opened
The preset relation of Role Information is limited, obtains authorization role information to be opened corresponding with the Role Information;
First searching unit 203, for searching the mark for including the mobile terminal in default subscriber group information table
User's group identification information;The subscriber group information table includes the mark pass corresponding with user's group identification information of mobile terminal
System;
Second searching unit 204, in default user's group database search with the user's group identification information and
The user profile of authority to be opened corresponding to the authorization role information to be opened;The user's group database includes user's group mark
Know the corresponding relation of information, Role Information and user profile;
Control of authority unit 205, the data permission of the user of authority to be opened is opened to the mobile terminal for controlling
Put;The user of the authority to be opened is user corresponding with the user profile of the authority to be opened.
As a kind of preferred embodiment, the second acquisition unit 202 is additionally operable to:
According to the Role Information of the mobile terminal, default authority list is searched, obtains the role with the mobile terminal
The hierarchical information of tree construction corresponding to information;The authority list includes Role Information pass corresponding with the hierarchical information of tree construction
System;
According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role letter to be opened
Breath;The storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
As a kind of preferred embodiment, the second acquisition unit 202 is additionally operable to:
According to the Role Information of the mobile terminal and Role Information and the relationship expression of authorization role information to be opened
Formula, obtain authorization role information to be opened corresponding with the Role Information.
As a kind of preferred embodiment, described device includes:
Receiving unit, the data acquisition request sent for receiving the mobile terminal;
3rd acquiring unit, for according to the data acquisition request, the data of the user of authority to be opened described in acquisition,
And send the data to the mobile terminal.
As a kind of preferred embodiment, the user's group database includes user's group identification information, Role Information and use
The corresponding relation of family mark;
The user profile of the authority to be opened identifies for user.
For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, it is related
Part illustrates referring to the part of embodiment of the method.
It should be noted that in all parts of the system of the disclosure, according to the function that it to be realized to therein
Part has carried out logical partitioning, and still, the present disclosure is not limited thereto, all parts can be repartitioned as needed or
Person combines, for example, can be single part by some component combinations, or can be further broken into some parts more
Subassembly.
The all parts embodiment of the disclosure can realize with hardware, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) realize some or all portions in the system according to the embodiment of the present disclosure
The some or all functions of part.The disclosure is also implemented as the part or complete for performing method as described herein
The equipment or program of device (for example, computer program and computer program product) in portion.Such program for realizing the disclosure
It can store on a computer-readable medium, or can have the form of one or more signal.Such signal can be with
Download and obtain from internet website, either provide on carrier signal or provided in the form of any other.
The disclosure is limited it should be noted that above-described embodiment illustrates rather than to the disclosure, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The disclosure can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Embodiment of above is only suitable to the explanation disclosure, and is not the limitation to the disclosure, about the common of technical field
Technical staff, in the case where not departing from spirit and scope of the present disclosure, it can also make a variety of changes and modification, thus it is all
Equivalent technical scheme falls within the category of the disclosure, and the scope of patent protection of the disclosure should be defined by the claims.
Claims (10)
- A kind of 1. user data authority control method, it is characterised in that including:When receiving the authority access request of mobile terminal transmission, according to the default role of the identifier lookup of the mobile terminal Information table, obtain the Role Information of the mobile terminal;The authority access request includes the mark of mobile terminal, the role Information table includes the mark of mobile terminal and the corresponding relation of Role Information;According to the Role Information of the mobile terminal and Role Information and the preset relation of authorization role information to be opened, obtain Authorization role information to be opened corresponding with the Role Information;The user's group identification information of the mark comprising the mobile terminal is searched in default subscriber group information table;The user Group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;Searched and the user's group identification information and the authorization role information pair to be opened in default user's group database The user profile for the authority to be opened answered;The user's group database includes user's group identification information, Role Information and user The corresponding relation of information;Control opens the data permission of the user of authority to be opened to the mobile terminal;The user of the authority to be opened is User corresponding with the user profile of the authority to be opened.
- 2. according to the method for claim 1, it is characterised in that believed according to the Role Information of the mobile terminal and role Cease and the preset relation of authorization role information to be opened, obtain authorization role information to be opened corresponding with the Role Information, Including:According to the Role Information of the mobile terminal, default authority list is searched, obtains the Role Information with the mobile terminal The hierarchical information of corresponding tree construction;The authority list includes the corresponding relation of the hierarchical information of Role Information and tree construction;According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role information to be opened;Institute Stating storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
- 3. according to the method for claim 1, it is characterised in that believed according to the Role Information of the mobile terminal and role Cease and the preset relation of authorization role information to be opened, obtain authorization role information to be opened corresponding with the Role Information, Including:According to the Role Information of the mobile terminal and Role Information and the relational expression of authorization role information to be opened, obtain Take authorization role information to be opened corresponding with the Role Information.
- 4. according to the method for claim 1, it is characterised in that methods described also includes:Receive the data acquisition request that the mobile terminal is sent;According to the data acquisition request, the data of the user of authority to be opened described in acquisition, and send the data to institute State mobile terminal.
- 5. according to the method any one of claim 1-4, it is characterised in that the user's group database includes user's group The corresponding relation of identification information, Role Information and user's mark;The user profile of the authority to be opened identifies for user.
- A kind of 6. user data authority control device, it is characterised in that including:First acquisition unit, for receive mobile terminal transmission authority access request when, according to the mobile terminal The default Role Information table of identifier lookup, obtain the Role Information of the mobile terminal;The authority access request includes movement The mark of terminal, the Role Information table include the mark of mobile terminal and the corresponding relation of Role Information;Second acquisition unit, believe for the Role Information according to the mobile terminal and Role Information with authorization role to be opened The preset relation of breath, obtain authorization role information to be opened corresponding with the Role Information;First searching unit, for searching the user's group of the mark comprising the mobile terminal in default subscriber group information table Identification information;The subscriber group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;Second searching unit, for searching and the user's group identification information and described waiting out in default user's group database The user profile of authority to be opened corresponding to limit of delegating power Role Information;The user's group database include user's group identification information, The corresponding relation of Role Information and user profile;Control of authority unit, the data permission of the user of authority to be opened is opened to the mobile terminal for controlling;It is described The user of authority to be opened is user corresponding with the user profile of the authority to be opened.
- 7. device according to claim 6, it is characterised in that the second acquisition unit is additionally operable to:According to the Role Information of the mobile terminal, default authority list is searched, obtains the Role Information with the mobile terminal The hierarchical information of corresponding tree construction;The authority list includes the corresponding relation of the hierarchical information of Role Information and tree construction;According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role information to be opened;Institute Stating storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
- 8. device according to claim 6, it is characterised in that the second acquisition unit is additionally operable to:According to the Role Information of the mobile terminal and Role Information and the relational expression of authorization role information to be opened, obtain Take authorization role information to be opened corresponding with the Role Information.
- 9. device according to claim 6, it is characterised in that described device includes:Receiving unit, the data acquisition request sent for receiving the mobile terminal;3rd acquiring unit, for according to the data acquisition request, the data of the user of authority to be opened described in acquisition, and will The data are sent to the mobile terminal.
- 10. according to the device any one of claim 6-9, it is characterised in that the user's group database includes user The corresponding relation of group identification information, Role Information and user's mark;The user profile of the authority to be opened identifies for user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610710737.1A CN107770146B (en) | 2016-08-23 | 2016-08-23 | User data authority control method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610710737.1A CN107770146B (en) | 2016-08-23 | 2016-08-23 | User data authority control method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107770146A true CN107770146A (en) | 2018-03-06 |
CN107770146B CN107770146B (en) | 2020-06-26 |
Family
ID=61264725
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610710737.1A Active CN107770146B (en) | 2016-08-23 | 2016-08-23 | User data authority control method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107770146B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110808964A (en) * | 2019-10-22 | 2020-02-18 | 贵阳朗玛信息技术股份有限公司 | Authority management method and device |
CN111027091A (en) * | 2019-11-13 | 2020-04-17 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for managing authority |
CN111241526A (en) * | 2019-12-31 | 2020-06-05 | 深圳云天励飞技术有限公司 | Data permission matching method and device, electronic equipment and storage medium |
CN112465476A (en) * | 2020-12-17 | 2021-03-09 | 中国农业银行股份有限公司 | Access control method, device, equipment and medium |
CN112733162A (en) * | 2020-12-31 | 2021-04-30 | 北京乐学帮网络技术有限公司 | Resource allocation method, device, computer equipment and storage medium |
CN114884733A (en) * | 2022-05-10 | 2022-08-09 | 中国农业银行股份有限公司 | Authority management method and device, electronic equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207639A (en) * | 2007-12-03 | 2008-06-25 | 华为技术有限公司 | Method and apparatus of classifying for user |
CN101247395A (en) * | 2008-03-13 | 2008-08-20 | 武汉理工大学 | ISAPI access control system for Session ID fully transparent transmission |
CN101441688A (en) * | 2007-11-20 | 2009-05-27 | 阿里巴巴集团控股有限公司 | User authority allocation method and user authority control method |
CN101582767A (en) * | 2009-06-24 | 2009-11-18 | 阿里巴巴集团控股有限公司 | Authorization control method and authorization server |
US7904556B2 (en) * | 2002-03-05 | 2011-03-08 | Computer Associates Think, Inc. | Method and apparatus for role grouping by shared resource utilization |
CN102456103A (en) * | 2010-10-26 | 2012-05-16 | 王芳 | Improved RBAC (Role Based Access Control) model |
-
2016
- 2016-08-23 CN CN201610710737.1A patent/CN107770146B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7904556B2 (en) * | 2002-03-05 | 2011-03-08 | Computer Associates Think, Inc. | Method and apparatus for role grouping by shared resource utilization |
CN101441688A (en) * | 2007-11-20 | 2009-05-27 | 阿里巴巴集团控股有限公司 | User authority allocation method and user authority control method |
CN101207639A (en) * | 2007-12-03 | 2008-06-25 | 华为技术有限公司 | Method and apparatus of classifying for user |
CN101247395A (en) * | 2008-03-13 | 2008-08-20 | 武汉理工大学 | ISAPI access control system for Session ID fully transparent transmission |
CN101582767A (en) * | 2009-06-24 | 2009-11-18 | 阿里巴巴集团控股有限公司 | Authorization control method and authorization server |
CN102456103A (en) * | 2010-10-26 | 2012-05-16 | 王芳 | Improved RBAC (Role Based Access Control) model |
Non-Patent Citations (1)
Title |
---|
孙群: "多组织多用户条件下基于角色的访问控制", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110808964A (en) * | 2019-10-22 | 2020-02-18 | 贵阳朗玛信息技术股份有限公司 | Authority management method and device |
CN111027091A (en) * | 2019-11-13 | 2020-04-17 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for managing authority |
CN111027091B (en) * | 2019-11-13 | 2022-04-22 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for managing authority |
CN111241526A (en) * | 2019-12-31 | 2020-06-05 | 深圳云天励飞技术有限公司 | Data permission matching method and device, electronic equipment and storage medium |
CN111241526B (en) * | 2019-12-31 | 2022-11-22 | 深圳云天励飞技术有限公司 | Data permission matching method and device, electronic equipment and storage medium |
CN112465476A (en) * | 2020-12-17 | 2021-03-09 | 中国农业银行股份有限公司 | Access control method, device, equipment and medium |
CN112733162A (en) * | 2020-12-31 | 2021-04-30 | 北京乐学帮网络技术有限公司 | Resource allocation method, device, computer equipment and storage medium |
CN114884733A (en) * | 2022-05-10 | 2022-08-09 | 中国农业银行股份有限公司 | Authority management method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107770146B (en) | 2020-06-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107770146A (en) | A kind of user data authority control method and device | |
CN108717861B (en) | Medical data sharing method based on block chain | |
CN104094261B (en) | Access the optimized treatment method and system of restricted data | |
US9218481B2 (en) | Managing password strength | |
EP2510473B1 (en) | Unified user login for co-location facilities | |
US20090063448A1 (en) | Aggregated Search Results for Local and Remote Services | |
EP2405607A1 (en) | Privilege management system and method based on object | |
CN107276775A (en) | A kind of enterprise group sets up cube method and device | |
CN110063065B (en) | System and method for user authorization | |
CN102595340A (en) | Method for managing contact person information and system thereof | |
CN107070946A (en) | The cloud storage system realized based on openstack | |
CN105933374A (en) | Mobile terminal data backup method, system and mobile terminal | |
CN106326766A (en) | HBase data reading control method | |
CN109817347A (en) | Inline diagnosis platform, its right management method and Rights Management System | |
CN108173839A (en) | Right management method and system | |
CN110348237A (en) | Data managing method and device, storage medium, electronic equipment based on block chain | |
CN111478894B (en) | External user authorization method, device, equipment and readable storage medium | |
CN104615662A (en) | Data processing method and device and terminal device | |
WO2003038669A1 (en) | Directory request caching in distributed computer systems | |
CN106131064A (en) | User data management and system towards many application | |
US8171057B2 (en) | Modeling party identities in computer storage systems | |
CN111402400A (en) | Pipeline engineering display method, device, equipment and storage medium | |
CN106487770B (en) | Method for authenticating and authentication device | |
CN105827597A (en) | Method for managing internet account number and password | |
US7080403B2 (en) | Method and system for person data authentication and management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |