CN107770146A - A kind of user data authority control method and device - Google Patents

A kind of user data authority control method and device Download PDF

Info

Publication number
CN107770146A
CN107770146A CN201610710737.1A CN201610710737A CN107770146A CN 107770146 A CN107770146 A CN 107770146A CN 201610710737 A CN201610710737 A CN 201610710737A CN 107770146 A CN107770146 A CN 107770146A
Authority
CN
China
Prior art keywords
user
information
role information
mobile terminal
opened
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610710737.1A
Other languages
Chinese (zh)
Other versions
CN107770146B (en
Inventor
何旭
牛玉富
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Didi Infinity Technology and Development Co Ltd
Original Assignee
Beijing Didi Infinity Technology and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Didi Infinity Technology and Development Co Ltd filed Critical Beijing Didi Infinity Technology and Development Co Ltd
Priority to CN201610710737.1A priority Critical patent/CN107770146B/en
Publication of CN107770146A publication Critical patent/CN107770146A/en
Application granted granted Critical
Publication of CN107770146B publication Critical patent/CN107770146B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The present invention provides a kind of user data authority control method and device, when method is included in the authority access request for receiving mobile terminal transmission, according to the identifier lookup preset table of mobile terminal, obtains the Role Information of mobile terminal;Authority access request includes the mark of mobile terminal;According to the Role Information and Role Information and the preset relation of authorization role information to be opened of mobile terminal, authorization role information to be opened corresponding with Role Information is obtained;The user's group identification information of the mark comprising mobile terminal is searched in another preset table;The user profile of authority to be opened corresponding with user's group identification information and authorization role information to be opened is searched in pre-set user group database;Control opens the data permission of the user of authority to be opened to mobile terminal;The user of authority to be opened is user corresponding with the user profile of authority to be opened.The present invention need to be only the authority relation that each user is distributed between role and determination role, be easy to obtain user data authority.

Description

A kind of user data authority control method and device
Technical field
The present invention relates to computer processing technology field, more particularly to a kind of user data authority control method and device.
Background technology
Rights management, refers generally to the safety regulation or security strategy set according to system, and user can access and only Oneself authorized resource can be accessed, it is neither too much nor too little.Rights management is occurred nearly in inside any system, as long as having user and Mi The system of code.
At present, control the data permission of user to be realized generally by institutional framework and post, i.e., be bundled in user In some specific department and post, then the user obtains the basic authority in the post, and inherits post subordinate hilllock The all permissions of position.
But sometimes one tissue does not have perfect organizational structure and department post, in this case, above-mentioned control is used The method of the data permission at family is just no longer applicable.
The content of the invention
The present invention provides a kind of user data authority control method and device, need to be only each user distribute role and Determine that the authority relation between role can obtain the data permission of mobile terminal of authority to be obtained, it is not necessary to dependent on tissue Framework and post information etc., therefore it is easy to obtain the data permission of user.
In a first aspect, the present invention provides a kind of user data authority control method, including:
It is default according to the identifier lookup of the mobile terminal when receiving the authority access request of mobile terminal transmission Role Information table, obtain the Role Information of the mobile terminal;The authority access request includes the mark of mobile terminal, described Role Information table includes the mark of mobile terminal and the corresponding relation of Role Information;
According to the Role Information of the mobile terminal and Role Information and the preset relation of authorization role information to be opened, Obtain authorization role information to be opened corresponding with the Role Information;
The user's group identification information of the mark comprising the mobile terminal is searched in default subscriber group information table;It is described Subscriber group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;
Search in default user's group database and believe with the user's group identification information and the authorization role to be opened The user profile of authority to be opened corresponding to breath;The user's group database include user's group identification information, Role Information and The corresponding relation of user profile;
Control opens the data permission of the user of authority to be opened to the mobile terminal;The use of the authority to be opened Family is user corresponding with the user profile of the authority to be opened.
Preferably, according to the pre- of the Role Information of the mobile terminal and Role Information and authorization role information to be opened If relation, authorization role information to be opened corresponding with the Role Information is obtained, including:
According to the Role Information of the mobile terminal, default authority list is searched, obtains the role with the mobile terminal The hierarchical information of tree construction corresponding to information;The authority list includes Role Information pass corresponding with the hierarchical information of tree construction System;
According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role letter to be opened Breath;The storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
Preferably, according to the pre- of the Role Information of the mobile terminal and Role Information and authorization role information to be opened If relation, authorization role information to be opened corresponding with the Role Information is obtained, including:
According to the Role Information of the mobile terminal and Role Information and the relationship expression of authorization role information to be opened Formula, obtain authorization role information to be opened corresponding with the Role Information.
Preferably, methods described also includes:
Receive the data acquisition request that the mobile terminal is sent;
According to the data acquisition request, the data of the user of authority to be opened described in acquisition, and the data are sent To the mobile terminal.
Preferably, the user's group database includes the correspondence of user's group identification information, Role Information and user's mark Relation;
The user profile of the authority to be opened identifies for user.
Second aspect, the present invention also provide a kind of user data authority control device, including:
First acquisition unit, for when receiving the authority access request of mobile terminal transmission, according to it is described it is mobile eventually The default Role Information table of identifier lookup at end, obtain the Role Information of the mobile terminal;The authority access request includes The mark of mobile terminal, the Role Information table include the mark of mobile terminal and the corresponding relation of Role Information;
Second acquisition unit, for the Role Information according to the mobile terminal and Role Information and authority angle to be opened The preset relation of color information, obtain authorization role information to be opened corresponding with the Role Information;
First searching unit, for searching the use of the mark comprising the mobile terminal in default subscriber group information table Family group identification information;The subscriber group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;
Second searching unit, for being searched and the user's group identification information and described in default user's group database The user profile of authority to be opened corresponding to authorization role information to be opened;The user's group database includes user's group mark letter The corresponding relation of breath, Role Information and user profile;
Control of authority unit, the data permission of the user of authority to be opened is opened to the mobile terminal for controlling; The user of the authority to be opened is user corresponding with the user profile of the authority to be opened.
Preferably, the second acquisition unit is additionally operable to:
According to the Role Information of the mobile terminal, default authority list is searched, obtains the role with the mobile terminal The hierarchical information of tree construction corresponding to information;The authority list includes Role Information pass corresponding with the hierarchical information of tree construction System;
According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role letter to be opened Breath;The storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
Preferably, the second acquisition unit is additionally operable to:
According to the Role Information of the mobile terminal and Role Information and the relationship expression of authorization role information to be opened Formula, obtain authorization role information to be opened corresponding with the Role Information.
Preferably, described device includes:
Receiving unit, the data acquisition request sent for receiving the mobile terminal;
3rd acquiring unit, for according to the data acquisition request, the data of the user of authority to be opened described in acquisition, And send the data to the mobile terminal.
Preferably, the user's group database includes the correspondence of user's group identification information, Role Information and user's mark Relation;
The user profile of the authority to be opened identifies for user.
As shown from the above technical solution, the present invention need to be only the power that each user is distributed between role and determination role Limit relation can obtain the data permission of the mobile terminal of authority to be obtained, it is not necessary to dependent on organizational structure and post information Deng, therefore it is easy to obtain the data permission of user.
Brief description of the drawings
Fig. 1 is a kind of flow chart for user data authority control method that the embodiment of the disclosure one provides;
Fig. 2 is a kind of theory diagram for user data authority control device that the embodiment of the disclosure one provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present disclosure, the technical scheme in the embodiment of the present disclosure is purged, be complete Site preparation describes, it is clear that described embodiment is only disclosure part of the embodiment, rather than whole embodiments.It is based on Embodiment in the disclosure, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of disclosure protection.
The partial words referred in the embodiment of the present disclosure are illustrated below.
The user equipment (User Equipment, abbreviation UE) referred in the embodiment of the present disclosure refers to calling service side, such as Passenger in vehicles dial-a-cab, used mobile terminal or personal computer (Personal Computer, abbreviation The equipment such as PC).Such as smart mobile phone, personal digital assistant (PDA), tablet personal computer, notebook computer, vehicle-mounted computer (carputer), handheld device, intelligent glasses, intelligent watch, wearable device, virtual display device or display enhancing equipment (such as Google Glass, Oculus Rift, Hololens, Gear VR).
The terminal referred in the embodiment of the present disclosure, such as the driver in vehicles dial-a-cab, is made to provide service side It is used for the equipment such as mobile terminal or the PC ends of order.It is all as above-mentioned calling service side uses each equipment.In the present embodiment, In order to distinguish passenger and driver, user equipment (UE) and terminal is respectively adopted to represent mobile terminal that passenger and driver are held respectively Etc. equipment.
In existing client development technique, including ios and android, system can be read with monitoring system call-in reporting Message registration, read-write system address list.
Android system read-write address list authority name be:
Android.permission.READ_CONTACTS (reading)
Android.permission.WRITE_CONTACTS (writes)
Ios system read-writes system communication record authority framework be:
ABAddressBook Framework
Fig. 1 is a kind of flow chart for user data authority control method that the embodiment of the disclosure one provides;
As shown in figure 1, a kind of user data authority control method of the present embodiment, including:
S101, receive mobile terminal transmission authority access request when, according to the identifier lookup of the mobile terminal Default Role Information table, obtain the Role Information of the mobile terminal;The authority access request includes the mark of mobile terminal Know, the Role Information table includes the mark of mobile terminal and the corresponding relation of Role Information;
It is understood that the Role Information is to be assigned in advance to each user, it can be according to tissue residing for user The definition such as property, as the role of car operation company can include:City manager, train commander, drive pipe and pipe is driven in outside, one The role of enterprise can include:President, chief inspector, general manager, office worker etc..
S102, according to the default of the Role Information and Role Information of the mobile terminal and authorization role information to be opened Relation, obtain authorization role information to be opened corresponding with the Role Information;
S103, the user's group mark letter that the mark for including the mobile terminal is searched in default subscriber group information table Breath;The subscriber group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;
It is understood that the user of its possible administration of same role is different, such as above-mentioned car operation company, base In the reason for the region and role's rank, a city manager can be concurrently in charge of the operation management of different cities, if it can bear The fleet management in A cities is blamed, while also is responsible for the fleet management in B cities, for these reasons, need to be by the whole in a tissue Role is grouped, and so just can determine that the user of the limit that is possessed of control power of a particular user.
S104, searched and the user's group identification information and the authority angle to be opened in default user's group database The user profile of authority to be opened corresponding to color information;The user's group database includes user's group identification information, Role Information And the corresponding relation of user profile;
S105, control open the data permission of the user of authority to be opened to the mobile terminal;The power to be opened The user of limit is user corresponding with the user profile of the authority to be opened.
Illustrate the embodiment of the present disclosure:If being organized as car operation company, its role includes:City manager, train commander, Drive pipe and pipe is driven in outside, wherein:City manager is the first order, a length of second level of fleet, drive pipe and to drive pipe be the third level for outside, Higher level has the control authority of its all subordinate.
If the mobile terminal of certain city manager, to server sending permission access request, server determines that angle is handled in its city After color, first determine that the city role that can check of manager is train commander, drives pipe and pipe is driven in outside according to above-mentioned steps S102;Then The user's group identification information of the mark comprising the mobile terminal is obtained according to above-mentioned steps S103, if sharing two user's groups, A Group and B groups, and include the mark of the mobile terminal of city manager in two user's groups, then search acquisition in A groups and B groups Train commander therein, pipe and the outside user profile for driving pipe are driven, control all train commanders in A groups and B groups, drive pipe and outside The data permission for driving pipe opens to the mobile terminal.
The embodiment of the present disclosure need to be only that each user distributes role and determines that the authority relation between role can obtain Take the data permission of the mobile terminal of authority to be obtained, it is not necessary to dependent on organizational structure and post information etc., therefore be easy to Obtain the data permission of user.
As a kind of preferred embodiment, the step S102, including:
According to the Role Information of the mobile terminal, default authority list is searched, obtains the role with the mobile terminal The hierarchical information of tree construction corresponding to information;The authority list includes Role Information pass corresponding with the hierarchical information of tree construction System;
It is understood that because the data permission of some roles in a tissue is identical, therefore the authority of role Relation represents to become apparent from a topological tree construction, therefore deposits the relation between role in the form of tree construction in this step Storage.
According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role letter to be opened Breath;The storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
It is understood that as stored in storage of data structure table as first layer:Handle in city;The second layer:Train commander;The Three layers:Drive pipe and pipe is driven in outside.
In fact, can be represented the relation between each role by the form of expression formula according to the relation between role, because This, is as a kind of preferred embodiment, the step S102, including:
According to the Role Information of the mobile terminal and Role Information and the relationship expression of authorization role information to be opened Formula, obtain authorization role information to be opened corresponding with the Role Information.
It is understood that authority angle to be opened corresponding with the Role Information is obtained by way of relational expression Color information can save the memory space for storing authority relation between Role Information and role.
As a kind of preferred embodiment, after the step S105, methods described also includes:
Receive the data acquisition request that the mobile terminal is sent;
According to the data acquisition request, the data of the user of authority to be opened described in acquisition, and the data are sent To the mobile terminal.
It is understood that being possessed of control power for the above-mentioned mobile terminal got can be checked using the embodiment of the present disclosure The data of the user of limit.
As a kind of preferred embodiment, the user's group database includes user's group identification information, Role Information and use The corresponding relation of family mark;
The user profile of the authority to be opened identifies for user.
It is understood that the user profile of the authority to be opened in addition to being identified for user, can also be other use Family attribute information, the disclosure are without limitation.
Illustrate the disclosure below by a specific embodiment.
If certain car operation company includes 7 users, it is respectively:A, B, C, D, E, F, G, this 7 users are given to assign respectively Role is:A:Handle B in city:Train commander C:Train commander D:Drive pipe E:Drive pipe F:Drive pipe G in outside:Drive pipe in outside;
Wherein, the authority relation between role is:City manager is the first order, a length of second level of fleet, drives pipe and outside It is the third level to drive pipe, and higher level has the control authority of its all subordinate.
Above-mentioned 7 users are divided into two groups, respectively organize 1 and group 2, wherein group 1 includes A, B, D, F, organize 2 include A, C, E、G;
It can be seen from the authority relation between above-mentioned role and the method described in the disclosure, party A-subscriber is actual to have control The user of authority is B, D, F, C, E, G;The user of the actual limit that is possessed of control power of party B-subscriber is D, F;C user is actual to be possessed of control power The user of limit is E, G.
Fig. 2 is a kind of theory diagram for user data authority control device that the embodiment of the disclosure one provides.
A kind of user data authority control device as shown in Figure 2, including:
First acquisition unit 201, for receive mobile terminal transmission authority access request when, according to the movement The default Role Information table of identifier lookup of terminal, obtain the Role Information of the mobile terminal;The authority access request bag The mark of mobile terminal is included, the Role Information table includes the mark of mobile terminal and the corresponding relation of Role Information;
Second acquisition unit 202, for the Role Information according to the mobile terminal and Role Information and power to be opened The preset relation of Role Information is limited, obtains authorization role information to be opened corresponding with the Role Information;
First searching unit 203, for searching the mark for including the mobile terminal in default subscriber group information table User's group identification information;The subscriber group information table includes the mark pass corresponding with user's group identification information of mobile terminal System;
Second searching unit 204, in default user's group database search with the user's group identification information and The user profile of authority to be opened corresponding to the authorization role information to be opened;The user's group database includes user's group mark Know the corresponding relation of information, Role Information and user profile;
Control of authority unit 205, the data permission of the user of authority to be opened is opened to the mobile terminal for controlling Put;The user of the authority to be opened is user corresponding with the user profile of the authority to be opened.
As a kind of preferred embodiment, the second acquisition unit 202 is additionally operable to:
According to the Role Information of the mobile terminal, default authority list is searched, obtains the role with the mobile terminal The hierarchical information of tree construction corresponding to information;The authority list includes Role Information pass corresponding with the hierarchical information of tree construction System;
According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role letter to be opened Breath;The storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
As a kind of preferred embodiment, the second acquisition unit 202 is additionally operable to:
According to the Role Information of the mobile terminal and Role Information and the relationship expression of authorization role information to be opened Formula, obtain authorization role information to be opened corresponding with the Role Information.
As a kind of preferred embodiment, described device includes:
Receiving unit, the data acquisition request sent for receiving the mobile terminal;
3rd acquiring unit, for according to the data acquisition request, the data of the user of authority to be opened described in acquisition, And send the data to the mobile terminal.
As a kind of preferred embodiment, the user's group database includes user's group identification information, Role Information and use The corresponding relation of family mark;
The user profile of the authority to be opened identifies for user.
For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, it is related Part illustrates referring to the part of embodiment of the method.
It should be noted that in all parts of the system of the disclosure, according to the function that it to be realized to therein Part has carried out logical partitioning, and still, the present disclosure is not limited thereto, all parts can be repartitioned as needed or Person combines, for example, can be single part by some component combinations, or can be further broken into some parts more Subassembly.
The all parts embodiment of the disclosure can realize with hardware, or to be run on one or more processor Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice Microprocessor or digital signal processor (DSP) realize some or all portions in the system according to the embodiment of the present disclosure The some or all functions of part.The disclosure is also implemented as the part or complete for performing method as described herein The equipment or program of device (for example, computer program and computer program product) in portion.Such program for realizing the disclosure It can store on a computer-readable medium, or can have the form of one or more signal.Such signal can be with Download and obtain from internet website, either provide on carrier signal or provided in the form of any other.
The disclosure is limited it should be noted that above-described embodiment illustrates rather than to the disclosure, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such Element.The disclosure can be by means of including the hardware of some different elements and being come by means of properly programmed computer real It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.
Embodiment of above is only suitable to the explanation disclosure, and is not the limitation to the disclosure, about the common of technical field Technical staff, in the case where not departing from spirit and scope of the present disclosure, it can also make a variety of changes and modification, thus it is all Equivalent technical scheme falls within the category of the disclosure, and the scope of patent protection of the disclosure should be defined by the claims.

Claims (10)

  1. A kind of 1. user data authority control method, it is characterised in that including:
    When receiving the authority access request of mobile terminal transmission, according to the default role of the identifier lookup of the mobile terminal Information table, obtain the Role Information of the mobile terminal;The authority access request includes the mark of mobile terminal, the role Information table includes the mark of mobile terminal and the corresponding relation of Role Information;
    According to the Role Information of the mobile terminal and Role Information and the preset relation of authorization role information to be opened, obtain Authorization role information to be opened corresponding with the Role Information;
    The user's group identification information of the mark comprising the mobile terminal is searched in default subscriber group information table;The user Group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;
    Searched and the user's group identification information and the authorization role information pair to be opened in default user's group database The user profile for the authority to be opened answered;The user's group database includes user's group identification information, Role Information and user The corresponding relation of information;
    Control opens the data permission of the user of authority to be opened to the mobile terminal;The user of the authority to be opened is User corresponding with the user profile of the authority to be opened.
  2. 2. according to the method for claim 1, it is characterised in that believed according to the Role Information of the mobile terminal and role Cease and the preset relation of authorization role information to be opened, obtain authorization role information to be opened corresponding with the Role Information, Including:
    According to the Role Information of the mobile terminal, default authority list is searched, obtains the Role Information with the mobile terminal The hierarchical information of corresponding tree construction;The authority list includes the corresponding relation of the hierarchical information of Role Information and tree construction;
    According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role information to be opened;Institute Stating storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
  3. 3. according to the method for claim 1, it is characterised in that believed according to the Role Information of the mobile terminal and role Cease and the preset relation of authorization role information to be opened, obtain authorization role information to be opened corresponding with the Role Information, Including:
    According to the Role Information of the mobile terminal and Role Information and the relational expression of authorization role information to be opened, obtain Take authorization role information to be opened corresponding with the Role Information.
  4. 4. according to the method for claim 1, it is characterised in that methods described also includes:
    Receive the data acquisition request that the mobile terminal is sent;
    According to the data acquisition request, the data of the user of authority to be opened described in acquisition, and send the data to institute State mobile terminal.
  5. 5. according to the method any one of claim 1-4, it is characterised in that the user's group database includes user's group The corresponding relation of identification information, Role Information and user's mark;
    The user profile of the authority to be opened identifies for user.
  6. A kind of 6. user data authority control device, it is characterised in that including:
    First acquisition unit, for receive mobile terminal transmission authority access request when, according to the mobile terminal The default Role Information table of identifier lookup, obtain the Role Information of the mobile terminal;The authority access request includes movement The mark of terminal, the Role Information table include the mark of mobile terminal and the corresponding relation of Role Information;
    Second acquisition unit, believe for the Role Information according to the mobile terminal and Role Information with authorization role to be opened The preset relation of breath, obtain authorization role information to be opened corresponding with the Role Information;
    First searching unit, for searching the user's group of the mark comprising the mobile terminal in default subscriber group information table Identification information;The subscriber group information table includes the mark of mobile terminal and the corresponding relation of user's group identification information;
    Second searching unit, for searching and the user's group identification information and described waiting out in default user's group database The user profile of authority to be opened corresponding to limit of delegating power Role Information;The user's group database include user's group identification information, The corresponding relation of Role Information and user profile;
    Control of authority unit, the data permission of the user of authority to be opened is opened to the mobile terminal for controlling;It is described The user of authority to be opened is user corresponding with the user profile of the authority to be opened.
  7. 7. device according to claim 6, it is characterised in that the second acquisition unit is additionally operable to:
    According to the Role Information of the mobile terminal, default authority list is searched, obtains the Role Information with the mobile terminal The hierarchical information of corresponding tree construction;The authority list includes the corresponding relation of the hierarchical information of Role Information and tree construction;
    According to the hierarchical information of the tree construction, default storage of data structure table is searched, obtains authorization role information to be opened;Institute Stating storage of data structure table includes the hierarchical information relation corresponding with Role Information of tree construction.
  8. 8. device according to claim 6, it is characterised in that the second acquisition unit is additionally operable to:
    According to the Role Information of the mobile terminal and Role Information and the relational expression of authorization role information to be opened, obtain Take authorization role information to be opened corresponding with the Role Information.
  9. 9. device according to claim 6, it is characterised in that described device includes:
    Receiving unit, the data acquisition request sent for receiving the mobile terminal;
    3rd acquiring unit, for according to the data acquisition request, the data of the user of authority to be opened described in acquisition, and will The data are sent to the mobile terminal.
  10. 10. according to the device any one of claim 6-9, it is characterised in that the user's group database includes user The corresponding relation of group identification information, Role Information and user's mark;
    The user profile of the authority to be opened identifies for user.
CN201610710737.1A 2016-08-23 2016-08-23 User data authority control method and device Active CN107770146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610710737.1A CN107770146B (en) 2016-08-23 2016-08-23 User data authority control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610710737.1A CN107770146B (en) 2016-08-23 2016-08-23 User data authority control method and device

Publications (2)

Publication Number Publication Date
CN107770146A true CN107770146A (en) 2018-03-06
CN107770146B CN107770146B (en) 2020-06-26

Family

ID=61264725

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610710737.1A Active CN107770146B (en) 2016-08-23 2016-08-23 User data authority control method and device

Country Status (1)

Country Link
CN (1) CN107770146B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110808964A (en) * 2019-10-22 2020-02-18 贵阳朗玛信息技术股份有限公司 Authority management method and device
CN111027091A (en) * 2019-11-13 2020-04-17 北京字节跳动网络技术有限公司 Method, device, medium and electronic equipment for managing authority
CN111241526A (en) * 2019-12-31 2020-06-05 深圳云天励飞技术有限公司 Data permission matching method and device, electronic equipment and storage medium
CN112465476A (en) * 2020-12-17 2021-03-09 中国农业银行股份有限公司 Access control method, device, equipment and medium
CN112733162A (en) * 2020-12-31 2021-04-30 北京乐学帮网络技术有限公司 Resource allocation method, device, computer equipment and storage medium
CN114884733A (en) * 2022-05-10 2022-08-09 中国农业银行股份有限公司 Authority management method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101207639A (en) * 2007-12-03 2008-06-25 华为技术有限公司 Method and apparatus of classifying for user
CN101247395A (en) * 2008-03-13 2008-08-20 武汉理工大学 ISAPI access control system for Session ID fully transparent transmission
CN101441688A (en) * 2007-11-20 2009-05-27 阿里巴巴集团控股有限公司 User authority allocation method and user authority control method
CN101582767A (en) * 2009-06-24 2009-11-18 阿里巴巴集团控股有限公司 Authorization control method and authorization server
US7904556B2 (en) * 2002-03-05 2011-03-08 Computer Associates Think, Inc. Method and apparatus for role grouping by shared resource utilization
CN102456103A (en) * 2010-10-26 2012-05-16 王芳 Improved RBAC (Role Based Access Control) model

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7904556B2 (en) * 2002-03-05 2011-03-08 Computer Associates Think, Inc. Method and apparatus for role grouping by shared resource utilization
CN101441688A (en) * 2007-11-20 2009-05-27 阿里巴巴集团控股有限公司 User authority allocation method and user authority control method
CN101207639A (en) * 2007-12-03 2008-06-25 华为技术有限公司 Method and apparatus of classifying for user
CN101247395A (en) * 2008-03-13 2008-08-20 武汉理工大学 ISAPI access control system for Session ID fully transparent transmission
CN101582767A (en) * 2009-06-24 2009-11-18 阿里巴巴集团控股有限公司 Authorization control method and authorization server
CN102456103A (en) * 2010-10-26 2012-05-16 王芳 Improved RBAC (Role Based Access Control) model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
孙群: "多组织多用户条件下基于角色的访问控制", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110808964A (en) * 2019-10-22 2020-02-18 贵阳朗玛信息技术股份有限公司 Authority management method and device
CN111027091A (en) * 2019-11-13 2020-04-17 北京字节跳动网络技术有限公司 Method, device, medium and electronic equipment for managing authority
CN111027091B (en) * 2019-11-13 2022-04-22 北京字节跳动网络技术有限公司 Method, device, medium and electronic equipment for managing authority
CN111241526A (en) * 2019-12-31 2020-06-05 深圳云天励飞技术有限公司 Data permission matching method and device, electronic equipment and storage medium
CN111241526B (en) * 2019-12-31 2022-11-22 深圳云天励飞技术有限公司 Data permission matching method and device, electronic equipment and storage medium
CN112465476A (en) * 2020-12-17 2021-03-09 中国农业银行股份有限公司 Access control method, device, equipment and medium
CN112733162A (en) * 2020-12-31 2021-04-30 北京乐学帮网络技术有限公司 Resource allocation method, device, computer equipment and storage medium
CN114884733A (en) * 2022-05-10 2022-08-09 中国农业银行股份有限公司 Authority management method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN107770146B (en) 2020-06-26

Similar Documents

Publication Publication Date Title
CN107770146A (en) A kind of user data authority control method and device
CN108717861B (en) Medical data sharing method based on block chain
CN104094261B (en) Access the optimized treatment method and system of restricted data
US9218481B2 (en) Managing password strength
EP2510473B1 (en) Unified user login for co-location facilities
US20090063448A1 (en) Aggregated Search Results for Local and Remote Services
EP2405607A1 (en) Privilege management system and method based on object
CN107276775A (en) A kind of enterprise group sets up cube method and device
CN110063065B (en) System and method for user authorization
CN102595340A (en) Method for managing contact person information and system thereof
CN107070946A (en) The cloud storage system realized based on openstack
CN105933374A (en) Mobile terminal data backup method, system and mobile terminal
CN106326766A (en) HBase data reading control method
CN109817347A (en) Inline diagnosis platform, its right management method and Rights Management System
CN108173839A (en) Right management method and system
CN110348237A (en) Data managing method and device, storage medium, electronic equipment based on block chain
CN111478894B (en) External user authorization method, device, equipment and readable storage medium
CN104615662A (en) Data processing method and device and terminal device
WO2003038669A1 (en) Directory request caching in distributed computer systems
CN106131064A (en) User data management and system towards many application
US8171057B2 (en) Modeling party identities in computer storage systems
CN111402400A (en) Pipeline engineering display method, device, equipment and storage medium
CN106487770B (en) Method for authenticating and authentication device
CN105827597A (en) Method for managing internet account number and password
US7080403B2 (en) Method and system for person data authentication and management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant