CN108021824A - A kind of system and method for realizing application system mandate retrieval - Google Patents

A kind of system and method for realizing application system mandate retrieval Download PDF

Info

Publication number
CN108021824A
CN108021824A CN201711277900.0A CN201711277900A CN108021824A CN 108021824 A CN108021824 A CN 108021824A CN 201711277900 A CN201711277900 A CN 201711277900A CN 108021824 A CN108021824 A CN 108021824A
Authority
CN
China
Prior art keywords
module
user
access
access rights
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711277900.0A
Other languages
Chinese (zh)
Inventor
黄永庄
朱林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huadi Computer Group Co Ltd
Original Assignee
Huadi Computer Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huadi Computer Group Co Ltd filed Critical Huadi Computer Group Co Ltd
Priority to CN201711277900.0A priority Critical patent/CN108021824A/en
Publication of CN108021824A publication Critical patent/CN108021824A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/252Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of system and method for realizing application system mandate retrieval, the system comprises the mandate unified retrieval module that input interface is provided for outwardly application, for being registered and being judged whether the user has the mandate access Resource TOC module of access rights to the user information for authorizing unified retrieval module record, for the information access rights configuration management module of details and the data acquisition module of the database progress data acquisition access for being accessed according to search condition and user right details mandate that user right is provided according to user information;The described method includes the user information and search condition for receiving extraneous application transmission, judge whether the user there are access rights;The user having permission is sent to mandate unified retrieval module for extraneous application acquisition according to search condition and user right information to authorizing the database accessed progress data acquisition access, and by the information of acquisition.

Description

A kind of system and method for realizing application system mandate retrieval
Technical field
The present invention relates to information security field, more particularly, to a kind of system for realizing application system mandate retrieval and Method.
Background technology
Information technology highly developed today, information network increasingly undertakes important role in social life, in gold Melt, government affairs, it is commercial suffer from extensive and irreplaceable effect, but there are substantial amounts of concerning security matters or spy in many application systems Different data are, it is necessary to maintain secrecy or can only apply interior access and use;But due to information sharing and the actual needs exchanged, compel to be essential Realize the access of outside;And in order to ensure information security, it is necessary to be accomplished that the Operational Visit under safe controlled condition.
The content of the invention
In order to solve the problems, such as to need existing for background technology to realize the Operational Visit under safe controlled condition, the present invention carries A kind of system and method for realizing application system mandate retrieval is supplied, the system and method provides setting for user right The mandate searching system and method putting, judge, applying etc. so that in the range of user can limit again or in the range of the limitation of application Controlled access is carried out to information such as concerning security matters, realizes the shared of information;A kind of system bag for realizing application system mandate retrieval Include:
Unified retrieval module is authorized, it is described to authorize unified retrieval module to be used to provide to the extraneous application outside application system Input interface, and the user information and search condition of record access;The user information includes User ID;The unified inspection of mandate Rope module is used to retrieval result being back to extraneous application;
Authorize and access Resource TOC module, described authorize accesses Resource TOC module for authorizing unified retrieval module note The user information of record is registered, and judges whether user has access rights, and data acquisition module is then notified if any access rights Search condition is obtained from unified retrieval module is authorized;The result of no access rights is back to mandate unification if no access rights Retrieve module;
Information access rights configuration management module, described information access rights configuration management module are used for according to access user User ID in information determines the details of user right;The details of the user right include what user was able to access that Level of confidentiality;And
Data acquisition module, the data acquisition module are used for according to the search condition received from mandate unified retrieval module And the details of the user right provided from information access rights configuration management module are to authorizing the database accessed to carry out Data acquisition accesses;The access data back of acquisition is extremely authorized unified retrieval module by the data acquisition module;
Further, the system comprises authorize access rule setup module, information level of confidentiality configuration management module and award Weigh access rights setup module;
Described to authorize access rule setup module to be used to be configured the rule of access rights, the rule includes level of confidentiality Rule;
Described information level of confidentiality configuration management module is used for authorizing the data in the database accessed to carry out security classification settings;
The mandate access rights for authorizing access rights setup module to be used for each user are configured, and determine that user can With the level of confidentiality of access;
Further, the system comprises authorize to access Audit Module and authorize to access application module;
Described authorize accesses the operation log that Audit Module accesses overall process for recording mandate;
Described authorize accesses the application that application module is used to receive the mandate access rights of user's proposition;User can propose The situation of application includes:Accessed when authorizing when Resource TOC module judges user without access rights and when user's number to be accessed It is believed that breath is not belonging in the mandate access rights of user;
Further, described to authorize unified retrieval module by providing the Https access interfaces of XML, outwardly application carries For input interface;
Further, the level of confidentiality collocation method of described information level of confidentiality configuration management module include be directed to per data carry out by Bar sets or carries out batch setting according to imposing a condition;The authority configuring method bag of described information access rights configuration management module Include and according to each user information set one by one or carry out batch setting according to imposing a condition;
A kind of method for realizing application system mandate retrieval includes:
Step 1, unified retrieval module is authorized to be used to receive user information and search condition that extraneous application is transmitted, the visit Ask that user information includes User ID and its correlation attribute information;
Step 2, access Resource TOC module is authorized to step on the user access information for authorizing unified retrieval module record Note, and judge whether the user has access rights;
Step 3, for the user having permission, data acquisition module is according to the retrieval bar received from mandate unified retrieval module Part and the database accessed from the user right details that information access rights configuration management module provides mandate carry out Data acquisition accesses;
Step 4, user's acquisition module send the information of acquisition extraneous using acquisition to authorizing unified retrieval module to supply;
Further, when mandate access Resource TOC module judges the user without access rights, by the knot of no access rights Fruit, which is back to, authorizes unified retrieval module;No access rights user can access application module proposition access mandate Shen by authorizing Please;
Further, by authorizing access rule setup module to be configured the rule of access rights, the rule bag Include level of confidentiality rule;By information level of confidentiality configuration management module to authorizing the data in the database accessed to carry out security classification settings;It is logical Cross and authorize mandate access rights of the access rights setup module to each user to be configured, determine the level of confidentiality that user can access; By authorizing the operation log for accessing Audit Module record and authorizing access overall process;Application module reception user is accessed by authorizing The application of the mandate access rights of proposition, the situation that user can file an application include:Sentence when authorizing access Resource TOC module When disconnected user is without access rights and when user's data message to be accessed is not belonging in the mandate access rights of user;
Further, described to authorize unified retrieval module by providing the Https access interfaces of XML, outwardly application carries For input interface;
Further, the level of confidentiality collocation method of described information level of confidentiality configuration management module include be directed to per data carry out by Bar sets or carries out batch setting according to imposing a condition;The authority configuring method bag of described information access rights configuration management module Include and according to each user information set one by one or carry out batch setting according to imposing a condition;
Beneficial effects of the present invention are:Technical scheme, gives a kind of application system and externally realizes mandate inspection Rope realizes system and method, and the system and method is improved by setting unified access entry to be accessed for extraneous application The convenience used;By managing the record of user information, management, mandate etc. the access rights of user to database into line number According to access, improve the diversity and convenience of authorization control so that in the range of user can limit again or application limitation model Enclose it is interior controlled access is carried out to information such as concerning security matters, realize the shared of information.
Brief description of the drawings
By reference to the following drawings, the illustrative embodiments of the present invention can be more fully understood by:
Fig. 1 is a kind of structure chart of system for realizing application system mandate retrieval of the specific embodiment of the invention;
Fig. 2 is a kind of flow chart of method for realizing application system mandate retrieval of the specific embodiment of the invention.
Embodiment
The illustrative embodiments of the present invention are introduced referring now to attached drawing, however, the present invention can use many different shapes Formula is implemented, and is not limited to the embodiment described herein, there is provided these embodiments are to disclose at large and fully The present invention, and fully pass on the scope of the present invention to person of ordinary skill in the field.Show for what is be illustrated in the accompanying drawings Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached Icon is remembered.
Unless otherwise indicated, term (including scientific and technical terminology) used herein has person of ordinary skill in the field It is common to understand implication.Further it will be understood that the term limited with usually used dictionary, be appreciated that and its The linguistic context of association area has consistent implication, and is not construed as Utopian or overly formal meaning.
Fig. 1 be the specific embodiment of the invention it is a kind of realize application system mandate retrieval system structure chart, such as Fig. 1 It is shown, including realize the system 110 and service database 120 of application system mandate retrieval;Shown system 110 includes:
Unified retrieval module 111 is authorized, the mandate unified retrieval module 111 is used for should to the external world outside application system With providing input interface, and record access user information and search condition;The external world is unified by sign-on access mandate using user The interface of module 111 is retrieved, the search condition for logging in the user information of database and being retrieved in database is recorded Enter into system;
The access user information includes User ID and correlation attribute information;The correlation attribute information is weighed including user Limit, the level of confidentiality grade of data that can be read etc.;
The mandate unified retrieval module 111 is used to retrieval result being back to extraneous application;Because authorize unified retrieval Module 111 is the unique interface with external world's application, therefore when data acquisition module 114 has been retrieved according to search condition and priority assignation Cheng Hou, retrieval result is back to and authorizes unified retrieval module 111, is read for external world's application;
Preferably, for the mandate unified retrieval module 111 by providing, outwardly application provides input interface.
Authorize and access Resource TOC module 112, described authorize accesses Resource TOC module 112 for authorizing unified retrieval The user information of module record is registered, optionally, described to authorize access Resource TOC module to include storage unit, described to deposit Storage unit is used to store user information, authorizes and accesses resource purpose module registers user information after user's letter in storage unit Breath is compared;Optionally, the recalls information access rights configuration after authorizing access resource purpose module registers user information The user information stored in management module is compared;
Further, authorize access Resource TOC module 112 to judge whether the user there are access rights, such as judge the user There are access rights then to notify data acquisition module 114 from authorizing unified retrieval module 111 to obtain search condition, to carry out data acquisition And retrieval;The result of no access rights is back to if user is without access rights and authorizes unified retrieval module 111;
Further, the interface of the authorized unified retrieval module 111 of user learns that mandate accesses Resource TOC module 112 and sentences When disconnected user is without access rights, user can be by authorizing 111 access mandate of unified retrieval module to access application module 118, application Access mandate, after through backstage, examination & approval pass through, user authorized unified retrieval module 111 can carry out mandate retrieval again.
Information access rights configuration management module 113, described information access rights configuration management module 113 be used for according to Family information determines the details of user right;The details of the user right include the level of confidentiality that user can access;
The user right details of described information access rights configuration management module 113 are adjusted by data acquisition module 114 Take;The work order for accessing Resource TOC module 112 and sending is authorized (to authorize and access money when data acquisition module 114 receives Source directory module 112 judges that the user has access rights then to notify data acquisition module 114) after, data acquisition module 114 is from letter Breath access rights configuration management module 113 transfers the details of corresponding user, it is preferred that what calling and obtaining user authority can access Data level of confidentiality;
Further, in described information access rights configuration management module the user right of each user by mandate access rights Setup module 116 is configured, and determines the level of confidentiality that each user can access;Described information access rights configuration management module Authority configuring method includes according to each user information set one by one or carries out batch setting according to imposing a condition;
Further, the rule that each authority can access in described information access rights configuration management module is accessed by authorizing Rule setting module 115 is configured, and the rule includes level of confidentiality rule;Preferably, the level of confidentiality rule can include to The family opening access right data lower than its Permission Levels and the user to possessing certain access rights open and specific visit Ask authority relevant access right data.
Data acquisition module 114, the data acquisition module 114 are used to receive according to from mandate unified retrieval module 111 Search condition and from information access rights configuration management module 113 provide user right details to authorize access Database carries out data acquisition access;After the data acquisition module is connected to the work order for authorizing access Resource TOC module, User information and search condition are obtained from mandate unified retrieval module 111, and is matched somebody with somebody by user information from information access rights Put management module 113 and obtain the corresponding user right of the user's information, by the user right of the user and its search condition into Row compares, and confirms the retrieval content for meeting its search condition in its user right;Service database is want according to this retrieval content Carry out retrieval access;
The data acquisition module 114 is used to the result that the service database for retrieving access obtains sending back mandate unification Module 111 is retrieved, for extraneous user by authorizing the interface of unified retrieval module 111 to carry out the acquisition of retrieval result.
Further, the system comprises information level of confidentiality configuration management module 117, described information level of confidentiality configuration management module 117 are used for authorizing the data in the database accessed to carry out security classification settings;The level of confidentiality of described information level of confidentiality configuration management module Collocation method, which includes being directed to, to carry out setting one by one per data or carries out batch setting according to imposing a condition;
Further, the system comprises authorizing to access Audit Module 119, described authorize accesses Audit Module for recording Authorize the operation log for accessing overall process;Administrator can access the operation of Audit Module real-time monitoring system by authorizing Journey;Preferably, warning message can be set according to demand, the warning message set occur when authorizing in the operation log accessed When, described authorize accesses the prompting of Audit Module 119 in the presence of exception, for administrator's timely processing;Preferably, administrator can basis Demand inquiry authorizes the operation log for accessing overall process, and the demand includes inquiring about user grants access row according to user information For, according to level of confidentiality inquiry be accessed situation with classified data, according to data query, the data are accessed situation etc..
A kind of system for realizing application system mandate retrieval, by authorizing unified retrieval module outwardly to provide one A unified input interface so that the access to system is more convenient, the preferable Https access interfaces for using XML, adaptation Most of extraneous application, has relatively broad use scope;The system accesses Resource TOC module letter by authorizing Breath access rights configuration management module etc. establishes the perfect access rights that contain and authorizes, manages, changing, setting and authority Rule setting management, realize more easily access rights management, be adapted to the use demands of more scenes;Pass through information Level of confidentiality configuration management module carries out security classification settings to the data in service database, and can change at any time, and improving makes difference With the adaptability of the difference demand of data level of confidentiality in scene;The system can be applied to a variety of usage scenarios, tackle a variety of external worlds Using, it is particularly possible to using in the government affairs application system more sensitive to information security.
Fig. 2 is a kind of flow chart of method for realizing application system mandate retrieval of the specific embodiment of the invention;Such as figure Shown, the method 200 includes:
Step 201, authorize unified retrieval module to be used to receive user information and search condition that extraneous application is transmitted, authorize The interface of unified retrieval module is unique input interface of extraneous application access system;
Preferably, described to authorize unified retrieval module by providing the Https access interfaces of XML, outwardly application provides Input interface;
The access user information includes User ID and its correlation attribute information;The correlation attribute information is weighed including user Limit, the level of confidentiality grade of data that can be read etc.;
Step 202, the user access information progress for accessing Resource TOC module to authorizing unified retrieval module record is authorized Registration, and judge whether the user has access rights;
Further, the recalls information access rights configuration pipe after authorizing access resource purpose module registers user information The user information stored in reason module is compared;
Further, data acquisition module is notified to be obtained from mandate unified retrieval module if judging that the user there are access rights Search condition is taken, carries out data acquisition and retrieval;The result of no access rights is back to mandate if user is without access rights Unified retrieval module;The interface of the authorized unified retrieval module of user learns that mandate accesses Resource TOC module and judges user without visit When asking authority, user can be examined by authorizing the mandate of unified retrieval module accesses to access application module application access mandate through backstage Criticize after passing through, user authorized unified retrieval module can carry out mandate retrieval again;
Step 203, for the user having permission, data acquisition module is according to the retrieval received from mandate unified retrieval module Condition and from information access rights configuration management module provide user right details to authorize access database into Row data acquisition accesses;
After the data acquisition module is connected to the work order for authorizing access Resource TOC module, from mandate unified retrieval mould Block obtains user information and search condition, and obtains the user from information access rights configuration management module by user information The corresponding user right of information, is compared with its search condition by the user right of the user, confirmed in its user right Inside meet the retrieval content of its search condition;Think that service database carries out retrieval access according to this retrieval content;
Further, in described information access rights configuration management module the user right of each user by mandate access rights Setup module is configured, and determines the level of confidentiality that each user can access;The power of described information access rights configuration management module Limiting collocation method includes according to each user information set one by one or carries out batch setting according to imposing a condition;
Further, the rule that each authority can access in described information access rights configuration management module is accessed by authorizing Rule setting module is configured, and the rule includes level of confidentiality rule;Preferably, the level of confidentiality rule can include opening user Put the access right data lower than its Permission Levels and user's opening and specific access privileges to possessing certain access rights Limit relevant access right data
Step 204, user's acquisition module send the information of acquisition extraneous using acquisition to authorizing unified retrieval module to supply;
Further, management staff accesses Audit Module to authorizing the overall process accessed to be monitored by authorizing, institute State to authorize and access the operation log that Audit Module accesses overall process for recording mandate;Administrator can access audit by authorizing The operational process of module real-time monitoring system;Preferably, warning message can be set according to demand, when the operation day for authorizing access When occurring the warning message set in will, described authorize accesses Audit Module prompting in the presence of exception, for administrator's timely processing; Preferably, administrator can inquire about the operation log for authorizing and accessing overall process according to demand, and the demand is included according to user information User grants access behavior is inquired about, situation is accessed with classified data according to level of confidentiality inquiry, the data are interviewed according to data query Ask situation etc.;
Further, set by information level of confidentiality configuration management module to authorizing the data in the database accessed to carry out level of confidentiality It is fixed;The level of confidentiality collocation method of described information level of confidentiality configuration management module includes being directed to carry out setting one by one or according to setting per data Fixed condition carries out batch setting;
A kind of method for realizing application system mandate retrieval, by authorizing unified retrieval module outwardly to provide one A unified input interface so that the access to system is more convenient, the preferable Https access interfaces for using XML, adaptation Most of extraneous application, has relatively broad use scope;Multinomial module of the method in system realizes Contain access rights authorize, manage, changing, setting and the rights management of the rule setting of authority, realize more easily Access rights management, to use the demand of more scenes, by information level of confidentiality configuration management module to the data in service database Security classification settings are carried out, and can be changed at any time, improve the adaptability to the difference demand of data level of confidentiality in different usage scenarios;This Method can be applied to a variety of usage scenarios, tackle a variety of extraneous applications, it is particularly possible to which use is more sensitive to information security Government affairs application system in.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the disclosure Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and attached drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power Profit requires, summary and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation Replace.Involved in this specification to the step of numbering be only used for distinguishing each step, and time being not limited between each step Or the relation of logic, restriction unless the context clearly, otherwise the relation between each step include various possible situations.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included some features rather than further feature, but the combination of the feature of different embodiments means to be in the disclosure Within the scope of and form different embodiments.For example, embodiment claimed in detail in the claims is one of any Mode it can use in any combination.
The all parts embodiment of the disclosure can be with hardware realization, or to be run on one or more processor Software module realize, or realized with combinations thereof.The disclosure is also implemented as being used to perform side as described herein The some or all equipment or system program (for example, computer program and computer program product) of method.It is such Realizing the program of the disclosure can store on a computer-readable medium, or can have the shape of one or more signal Formula.Such signal can be downloaded from internet website and obtained, and either be provided or with any other shape on carrier signal Formula provides.
The disclosure is limited it should be noted that above-described embodiment illustrates rather than the disclosure, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.Word "comprising" is not arranged Except there are element or step not listed in the claims.Word "a" or "an" before element does not exclude the presence of more A such element.The disclosure can be by means of including the hardware of some different elements and by means of properly programmed calculating Machine is realized.In if the unit claim of dry systems is listed, several in these systems can be by same Hardware branch embodies.
The above is only the embodiment of the disclosure, it is noted that for the ordinary skill people of this area Member for, on the premise of disclosure spirit is not departed from, can make it is some improve, modification and deformation, these improve, modification, It is regarded as in the protection domain of the application with deformation.

Claims (10)

1. a kind of system for realizing application system mandate retrieval, the system comprises:
Unified retrieval module is authorized, it is described to authorize unified retrieval module to be used to provide input to the extraneous application outside application system Interface, and the user information and search condition of record access;The user information includes User ID;The mandate unified retrieval mould Block is used to retrieval result being back to extraneous application;
Authorize and access Resource TOC module, described authorize accesses Resource TOC module for authorizing unified retrieval module record User information is registered, and judges whether user has access rights, then notifies data acquisition module from awarding if any access rights Weigh unified retrieval module and obtain search condition;The result of no access rights is back to mandate unified retrieval if no access rights Module;
Information access rights configuration management module, described information access rights configuration management module are used for according to access user information In User ID determine the details of user right;The details of the user right are able to access that close including user Level;And
Data acquisition module, the data acquisition module be used for according to from authorize unified retrieval module receive search condition and The details of the user right provided from information access rights configuration management module are to authorizing the database accessed to carry out data Obtain and access;The access data back of acquisition is extremely authorized unified retrieval module by the data acquisition module.
2. system according to claim 1, it is characterised in that:The system comprises authorize access rule setup module, letter Cease level of confidentiality configuration management module and authorize access rights setup module;
Described to authorize access rule setup module to be used to be configured the rule of access rights, the rule includes level of confidentiality and advises Then;
Described information level of confidentiality configuration management module is used for authorizing the data in the database accessed to carry out security classification settings;
The mandate access rights for authorizing access rights setup module to be used for each user are configured, and determine that user can visit The level of confidentiality asked.
3. system according to claim 1 or 2, it is characterised in that:The system comprises authorize access Audit Module and Authorize and access application module;
Described authorize accesses the operation log that Audit Module accesses overall process for recording mandate;
Described authorize accesses the application that application module is used to receive the mandate access rights of user's proposition;User can file an application Situation include:Accessed when authorizing when Resource TOC module judges user without access rights and when the user's data to be accessed letter Breath is not belonging in the mandate access rights of user.
4. system according to claim 1, it is characterised in that:The mandate unified retrieval module is by providing XML's Https access interfaces, outwardly application provide input interface.
5. system according to claim 2, it is characterised in that:The level of confidentiality configuration side of described information level of confidentiality configuration management module Method, which includes being directed to, to be carried out setting one by one per data or carries out batch setting according to imposing a condition;Described information access rights configure The authority configuring method of management module includes according to each user information set one by one or carries out batch according to imposing a condition Set.
6. a kind of method for realizing application system mandate retrieval, the described method includes:
Step 1, unified retrieval module is authorized to be used to receive user information and search condition that extraneous application is transmitted, described access is used Family information includes User ID and its correlation attribute information;
Step 2, access Resource TOC module is authorized to register the user access information for authorizing unified retrieval module record, and Judge whether the user there are access rights;
Step 3, for the user having permission, data acquisition module according to from authorize the search condition that unified retrieval module receives with And from the user right details that information access rights configuration management module provides to authorizing the database accessed to carry out data Obtain and access;
Step 4, user's acquisition module send the information of acquisition extraneous using acquisition to authorizing unified retrieval module to supply.
7. according to the method described in claim 6, it is characterized in that:Access Resource TOC module is authorized to judge the user without access During authority, the result of no access rights is back to and authorizes unified retrieval module;No access rights user can be accessed by authorizing Apply for that module proposes access mandate application.
8. according to the method described in claim 6, it is characterized in that:By authorizing access rule setup module to access rights Rule is configured, and the rule includes level of confidentiality rule;By information level of confidentiality configuration management module to authorizing the database accessed In data carry out security classification settings;By authorizing mandate access rights of the access rights setup module to each user to be configured, Determine the level of confidentiality that user can access;By authorizing the operation log for accessing Audit Module record and authorizing access overall process;Pass through Authorize and access the application that application module receives the mandate access rights that user proposes, the situation that user can file an application includes: Accessed when authorizing when Resource TOC module judges user without access rights and when user's data message to be accessed is not belonging to use In the mandate access rights at family.
9. according to the method described in claim 6, it is characterized in that:The mandate unified retrieval module is by providing XML's Https access interfaces, outwardly application provide input interface.
10. according to the method described in claim 8, it is characterized in that:The level of confidentiality configuration of described information level of confidentiality configuration management module Method, which includes being directed to, to be carried out setting one by one per data or carries out batch setting according to imposing a condition;Described information access rights are matched somebody with somebody Putting the authority configuring method of management module includes according to each user information set or criticized according to setting condition one by one Amount is set.
CN201711277900.0A 2017-12-06 2017-12-06 A kind of system and method for realizing application system mandate retrieval Pending CN108021824A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711277900.0A CN108021824A (en) 2017-12-06 2017-12-06 A kind of system and method for realizing application system mandate retrieval

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711277900.0A CN108021824A (en) 2017-12-06 2017-12-06 A kind of system and method for realizing application system mandate retrieval

Publications (1)

Publication Number Publication Date
CN108021824A true CN108021824A (en) 2018-05-11

Family

ID=62078572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711277900.0A Pending CN108021824A (en) 2017-12-06 2017-12-06 A kind of system and method for realizing application system mandate retrieval

Country Status (1)

Country Link
CN (1) CN108021824A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571380A (en) * 2010-12-16 2012-07-11 北京博阳世通信息技术有限公司 Multi-instance GIS platform unified user management method and system
CN102638481A (en) * 2011-02-15 2012-08-15 英大传媒投资集团有限公司 Audiovisual material remote filing system and method thereof
US20150046419A1 (en) * 2013-08-12 2015-02-12 Vidmind Ltd. Method of sorting search results by recommendation engine

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571380A (en) * 2010-12-16 2012-07-11 北京博阳世通信息技术有限公司 Multi-instance GIS platform unified user management method and system
CN102638481A (en) * 2011-02-15 2012-08-15 英大传媒投资集团有限公司 Audiovisual material remote filing system and method thereof
US20150046419A1 (en) * 2013-08-12 2015-02-12 Vidmind Ltd. Method of sorting search results by recommendation engine

Similar Documents

Publication Publication Date Title
KR102514325B1 (en) Model training system and method, storage medium
CN103400067B (en) Right management method, system and server
US20180182052A1 (en) Policy Fabric And Sharing System For Enabling Multi-Party Data Processing In An IoT Environment
CN103632082B (en) A kind of general-purpose rights management system and method
US7730092B2 (en) System and method for managing user profiles
CN107634951A (en) Docker vessel safeties management method, system, equipment and storage medium
WO2016010777A1 (en) Network-based real-time distributed data compliance broker
CN104301301B (en) A kind of Data Migration encryption method based between cloud storage system
US11580206B2 (en) Project-based permission system
CN106982231A (en) A kind of inside threat real-time detection method based on Agent
CN105049445B (en) A kind of access control method and free-standing access controller
CN112818328A (en) Multi-system authority management method, device, equipment and storage medium
CN108289098A (en) Right management method and device, server, the medium of distributed file system
CN108476135A (en) The access control of numerical data
CN102227116A (en) Safe local area network management method and local area network
EP3556129A1 (en) System and method for user authorization
Rikhtechi et al. Secured access control in security information and event management systems
CN108021824A (en) A kind of system and method for realizing application system mandate retrieval
CN112149112A (en) Enterprise information security management method based on authority separation
CN102546636B (en) Protected resource monitoring method and device
CN115549988A (en) Internal and external network data transmission system and method
CN113486366A (en) Web illegal operation behavior detection method based on cluster analysis
Rouse et al. A neuropsychological investigation of social‐semantic knowledge in frontotemporal dementia
Sood et al. Evaluating digital device technology in Alzheimer’s disease via artificial intelligence
Khozoie Health Information Management on Semantic Web:(Semantic HIM)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180511