CN108021824A - A kind of system and method for realizing application system mandate retrieval - Google Patents
A kind of system and method for realizing application system mandate retrieval Download PDFInfo
- Publication number
- CN108021824A CN108021824A CN201711277900.0A CN201711277900A CN108021824A CN 108021824 A CN108021824 A CN 108021824A CN 201711277900 A CN201711277900 A CN 201711277900A CN 108021824 A CN108021824 A CN 108021824A
- Authority
- CN
- China
- Prior art keywords
- module
- user
- access
- access rights
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/252—Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of system and method for realizing application system mandate retrieval, the system comprises the mandate unified retrieval module that input interface is provided for outwardly application, for being registered and being judged whether the user has the mandate access Resource TOC module of access rights to the user information for authorizing unified retrieval module record, for the information access rights configuration management module of details and the data acquisition module of the database progress data acquisition access for being accessed according to search condition and user right details mandate that user right is provided according to user information;The described method includes the user information and search condition for receiving extraneous application transmission, judge whether the user there are access rights;The user having permission is sent to mandate unified retrieval module for extraneous application acquisition according to search condition and user right information to authorizing the database accessed progress data acquisition access, and by the information of acquisition.
Description
Technical field
The present invention relates to information security field, more particularly, to a kind of system for realizing application system mandate retrieval and
Method.
Background technology
Information technology highly developed today, information network increasingly undertakes important role in social life, in gold
Melt, government affairs, it is commercial suffer from extensive and irreplaceable effect, but there are substantial amounts of concerning security matters or spy in many application systems
Different data are, it is necessary to maintain secrecy or can only apply interior access and use;But due to information sharing and the actual needs exchanged, compel to be essential
Realize the access of outside;And in order to ensure information security, it is necessary to be accomplished that the Operational Visit under safe controlled condition.
The content of the invention
In order to solve the problems, such as to need existing for background technology to realize the Operational Visit under safe controlled condition, the present invention carries
A kind of system and method for realizing application system mandate retrieval is supplied, the system and method provides setting for user right
The mandate searching system and method putting, judge, applying etc. so that in the range of user can limit again or in the range of the limitation of application
Controlled access is carried out to information such as concerning security matters, realizes the shared of information;A kind of system bag for realizing application system mandate retrieval
Include:
Unified retrieval module is authorized, it is described to authorize unified retrieval module to be used to provide to the extraneous application outside application system
Input interface, and the user information and search condition of record access;The user information includes User ID;The unified inspection of mandate
Rope module is used to retrieval result being back to extraneous application;
Authorize and access Resource TOC module, described authorize accesses Resource TOC module for authorizing unified retrieval module note
The user information of record is registered, and judges whether user has access rights, and data acquisition module is then notified if any access rights
Search condition is obtained from unified retrieval module is authorized;The result of no access rights is back to mandate unification if no access rights
Retrieve module;
Information access rights configuration management module, described information access rights configuration management module are used for according to access user
User ID in information determines the details of user right;The details of the user right include what user was able to access that
Level of confidentiality;And
Data acquisition module, the data acquisition module are used for according to the search condition received from mandate unified retrieval module
And the details of the user right provided from information access rights configuration management module are to authorizing the database accessed to carry out
Data acquisition accesses;The access data back of acquisition is extremely authorized unified retrieval module by the data acquisition module;
Further, the system comprises authorize access rule setup module, information level of confidentiality configuration management module and award
Weigh access rights setup module;
Described to authorize access rule setup module to be used to be configured the rule of access rights, the rule includes level of confidentiality
Rule;
Described information level of confidentiality configuration management module is used for authorizing the data in the database accessed to carry out security classification settings;
The mandate access rights for authorizing access rights setup module to be used for each user are configured, and determine that user can
With the level of confidentiality of access;
Further, the system comprises authorize to access Audit Module and authorize to access application module;
Described authorize accesses the operation log that Audit Module accesses overall process for recording mandate;
Described authorize accesses the application that application module is used to receive the mandate access rights of user's proposition;User can propose
The situation of application includes:Accessed when authorizing when Resource TOC module judges user without access rights and when user's number to be accessed
It is believed that breath is not belonging in the mandate access rights of user;
Further, described to authorize unified retrieval module by providing the Https access interfaces of XML, outwardly application carries
For input interface;
Further, the level of confidentiality collocation method of described information level of confidentiality configuration management module include be directed to per data carry out by
Bar sets or carries out batch setting according to imposing a condition;The authority configuring method bag of described information access rights configuration management module
Include and according to each user information set one by one or carry out batch setting according to imposing a condition;
A kind of method for realizing application system mandate retrieval includes:
Step 1, unified retrieval module is authorized to be used to receive user information and search condition that extraneous application is transmitted, the visit
Ask that user information includes User ID and its correlation attribute information;
Step 2, access Resource TOC module is authorized to step on the user access information for authorizing unified retrieval module record
Note, and judge whether the user has access rights;
Step 3, for the user having permission, data acquisition module is according to the retrieval bar received from mandate unified retrieval module
Part and the database accessed from the user right details that information access rights configuration management module provides mandate carry out
Data acquisition accesses;
Step 4, user's acquisition module send the information of acquisition extraneous using acquisition to authorizing unified retrieval module to supply;
Further, when mandate access Resource TOC module judges the user without access rights, by the knot of no access rights
Fruit, which is back to, authorizes unified retrieval module;No access rights user can access application module proposition access mandate Shen by authorizing
Please;
Further, by authorizing access rule setup module to be configured the rule of access rights, the rule bag
Include level of confidentiality rule;By information level of confidentiality configuration management module to authorizing the data in the database accessed to carry out security classification settings;It is logical
Cross and authorize mandate access rights of the access rights setup module to each user to be configured, determine the level of confidentiality that user can access;
By authorizing the operation log for accessing Audit Module record and authorizing access overall process;Application module reception user is accessed by authorizing
The application of the mandate access rights of proposition, the situation that user can file an application include:Sentence when authorizing access Resource TOC module
When disconnected user is without access rights and when user's data message to be accessed is not belonging in the mandate access rights of user;
Further, described to authorize unified retrieval module by providing the Https access interfaces of XML, outwardly application carries
For input interface;
Further, the level of confidentiality collocation method of described information level of confidentiality configuration management module include be directed to per data carry out by
Bar sets or carries out batch setting according to imposing a condition;The authority configuring method bag of described information access rights configuration management module
Include and according to each user information set one by one or carry out batch setting according to imposing a condition;
Beneficial effects of the present invention are:Technical scheme, gives a kind of application system and externally realizes mandate inspection
Rope realizes system and method, and the system and method is improved by setting unified access entry to be accessed for extraneous application
The convenience used;By managing the record of user information, management, mandate etc. the access rights of user to database into line number
According to access, improve the diversity and convenience of authorization control so that in the range of user can limit again or application limitation model
Enclose it is interior controlled access is carried out to information such as concerning security matters, realize the shared of information.
Brief description of the drawings
By reference to the following drawings, the illustrative embodiments of the present invention can be more fully understood by:
Fig. 1 is a kind of structure chart of system for realizing application system mandate retrieval of the specific embodiment of the invention;
Fig. 2 is a kind of flow chart of method for realizing application system mandate retrieval of the specific embodiment of the invention.
Embodiment
The illustrative embodiments of the present invention are introduced referring now to attached drawing, however, the present invention can use many different shapes
Formula is implemented, and is not limited to the embodiment described herein, there is provided these embodiments are to disclose at large and fully
The present invention, and fully pass on the scope of the present invention to person of ordinary skill in the field.Show for what is be illustrated in the accompanying drawings
Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached
Icon is remembered.
Unless otherwise indicated, term (including scientific and technical terminology) used herein has person of ordinary skill in the field
It is common to understand implication.Further it will be understood that the term limited with usually used dictionary, be appreciated that and its
The linguistic context of association area has consistent implication, and is not construed as Utopian or overly formal meaning.
Fig. 1 be the specific embodiment of the invention it is a kind of realize application system mandate retrieval system structure chart, such as Fig. 1
It is shown, including realize the system 110 and service database 120 of application system mandate retrieval;Shown system 110 includes:
Unified retrieval module 111 is authorized, the mandate unified retrieval module 111 is used for should to the external world outside application system
With providing input interface, and record access user information and search condition;The external world is unified by sign-on access mandate using user
The interface of module 111 is retrieved, the search condition for logging in the user information of database and being retrieved in database is recorded
Enter into system;
The access user information includes User ID and correlation attribute information;The correlation attribute information is weighed including user
Limit, the level of confidentiality grade of data that can be read etc.;
The mandate unified retrieval module 111 is used to retrieval result being back to extraneous application;Because authorize unified retrieval
Module 111 is the unique interface with external world's application, therefore when data acquisition module 114 has been retrieved according to search condition and priority assignation
Cheng Hou, retrieval result is back to and authorizes unified retrieval module 111, is read for external world's application;
Preferably, for the mandate unified retrieval module 111 by providing, outwardly application provides input interface.
Authorize and access Resource TOC module 112, described authorize accesses Resource TOC module 112 for authorizing unified retrieval
The user information of module record is registered, optionally, described to authorize access Resource TOC module to include storage unit, described to deposit
Storage unit is used to store user information, authorizes and accesses resource purpose module registers user information after user's letter in storage unit
Breath is compared;Optionally, the recalls information access rights configuration after authorizing access resource purpose module registers user information
The user information stored in management module is compared;
Further, authorize access Resource TOC module 112 to judge whether the user there are access rights, such as judge the user
There are access rights then to notify data acquisition module 114 from authorizing unified retrieval module 111 to obtain search condition, to carry out data acquisition
And retrieval;The result of no access rights is back to if user is without access rights and authorizes unified retrieval module 111;
Further, the interface of the authorized unified retrieval module 111 of user learns that mandate accesses Resource TOC module 112 and sentences
When disconnected user is without access rights, user can be by authorizing 111 access mandate of unified retrieval module to access application module 118, application
Access mandate, after through backstage, examination & approval pass through, user authorized unified retrieval module 111 can carry out mandate retrieval again.
Information access rights configuration management module 113, described information access rights configuration management module 113 be used for according to
Family information determines the details of user right;The details of the user right include the level of confidentiality that user can access;
The user right details of described information access rights configuration management module 113 are adjusted by data acquisition module 114
Take;The work order for accessing Resource TOC module 112 and sending is authorized (to authorize and access money when data acquisition module 114 receives
Source directory module 112 judges that the user has access rights then to notify data acquisition module 114) after, data acquisition module 114 is from letter
Breath access rights configuration management module 113 transfers the details of corresponding user, it is preferred that what calling and obtaining user authority can access
Data level of confidentiality;
Further, in described information access rights configuration management module the user right of each user by mandate access rights
Setup module 116 is configured, and determines the level of confidentiality that each user can access;Described information access rights configuration management module
Authority configuring method includes according to each user information set one by one or carries out batch setting according to imposing a condition;
Further, the rule that each authority can access in described information access rights configuration management module is accessed by authorizing
Rule setting module 115 is configured, and the rule includes level of confidentiality rule;Preferably, the level of confidentiality rule can include to
The family opening access right data lower than its Permission Levels and the user to possessing certain access rights open and specific visit
Ask authority relevant access right data.
Data acquisition module 114, the data acquisition module 114 are used to receive according to from mandate unified retrieval module 111
Search condition and from information access rights configuration management module 113 provide user right details to authorize access
Database carries out data acquisition access;After the data acquisition module is connected to the work order for authorizing access Resource TOC module,
User information and search condition are obtained from mandate unified retrieval module 111, and is matched somebody with somebody by user information from information access rights
Put management module 113 and obtain the corresponding user right of the user's information, by the user right of the user and its search condition into
Row compares, and confirms the retrieval content for meeting its search condition in its user right;Service database is want according to this retrieval content
Carry out retrieval access;
The data acquisition module 114 is used to the result that the service database for retrieving access obtains sending back mandate unification
Module 111 is retrieved, for extraneous user by authorizing the interface of unified retrieval module 111 to carry out the acquisition of retrieval result.
Further, the system comprises information level of confidentiality configuration management module 117, described information level of confidentiality configuration management module
117 are used for authorizing the data in the database accessed to carry out security classification settings;The level of confidentiality of described information level of confidentiality configuration management module
Collocation method, which includes being directed to, to carry out setting one by one per data or carries out batch setting according to imposing a condition;
Further, the system comprises authorizing to access Audit Module 119, described authorize accesses Audit Module for recording
Authorize the operation log for accessing overall process;Administrator can access the operation of Audit Module real-time monitoring system by authorizing
Journey;Preferably, warning message can be set according to demand, the warning message set occur when authorizing in the operation log accessed
When, described authorize accesses the prompting of Audit Module 119 in the presence of exception, for administrator's timely processing;Preferably, administrator can basis
Demand inquiry authorizes the operation log for accessing overall process, and the demand includes inquiring about user grants access row according to user information
For, according to level of confidentiality inquiry be accessed situation with classified data, according to data query, the data are accessed situation etc..
A kind of system for realizing application system mandate retrieval, by authorizing unified retrieval module outwardly to provide one
A unified input interface so that the access to system is more convenient, the preferable Https access interfaces for using XML, adaptation
Most of extraneous application, has relatively broad use scope;The system accesses Resource TOC module letter by authorizing
Breath access rights configuration management module etc. establishes the perfect access rights that contain and authorizes, manages, changing, setting and authority
Rule setting management, realize more easily access rights management, be adapted to the use demands of more scenes;Pass through information
Level of confidentiality configuration management module carries out security classification settings to the data in service database, and can change at any time, and improving makes difference
With the adaptability of the difference demand of data level of confidentiality in scene;The system can be applied to a variety of usage scenarios, tackle a variety of external worlds
Using, it is particularly possible to using in the government affairs application system more sensitive to information security.
Fig. 2 is a kind of flow chart of method for realizing application system mandate retrieval of the specific embodiment of the invention;Such as figure
Shown, the method 200 includes:
Step 201, authorize unified retrieval module to be used to receive user information and search condition that extraneous application is transmitted, authorize
The interface of unified retrieval module is unique input interface of extraneous application access system;
Preferably, described to authorize unified retrieval module by providing the Https access interfaces of XML, outwardly application provides
Input interface;
The access user information includes User ID and its correlation attribute information;The correlation attribute information is weighed including user
Limit, the level of confidentiality grade of data that can be read etc.;
Step 202, the user access information progress for accessing Resource TOC module to authorizing unified retrieval module record is authorized
Registration, and judge whether the user has access rights;
Further, the recalls information access rights configuration pipe after authorizing access resource purpose module registers user information
The user information stored in reason module is compared;
Further, data acquisition module is notified to be obtained from mandate unified retrieval module if judging that the user there are access rights
Search condition is taken, carries out data acquisition and retrieval;The result of no access rights is back to mandate if user is without access rights
Unified retrieval module;The interface of the authorized unified retrieval module of user learns that mandate accesses Resource TOC module and judges user without visit
When asking authority, user can be examined by authorizing the mandate of unified retrieval module accesses to access application module application access mandate through backstage
Criticize after passing through, user authorized unified retrieval module can carry out mandate retrieval again;
Step 203, for the user having permission, data acquisition module is according to the retrieval received from mandate unified retrieval module
Condition and from information access rights configuration management module provide user right details to authorize access database into
Row data acquisition accesses;
After the data acquisition module is connected to the work order for authorizing access Resource TOC module, from mandate unified retrieval mould
Block obtains user information and search condition, and obtains the user from information access rights configuration management module by user information
The corresponding user right of information, is compared with its search condition by the user right of the user, confirmed in its user right
Inside meet the retrieval content of its search condition;Think that service database carries out retrieval access according to this retrieval content;
Further, in described information access rights configuration management module the user right of each user by mandate access rights
Setup module is configured, and determines the level of confidentiality that each user can access;The power of described information access rights configuration management module
Limiting collocation method includes according to each user information set one by one or carries out batch setting according to imposing a condition;
Further, the rule that each authority can access in described information access rights configuration management module is accessed by authorizing
Rule setting module is configured, and the rule includes level of confidentiality rule;Preferably, the level of confidentiality rule can include opening user
Put the access right data lower than its Permission Levels and user's opening and specific access privileges to possessing certain access rights
Limit relevant access right data
Step 204, user's acquisition module send the information of acquisition extraneous using acquisition to authorizing unified retrieval module to supply;
Further, management staff accesses Audit Module to authorizing the overall process accessed to be monitored by authorizing, institute
State to authorize and access the operation log that Audit Module accesses overall process for recording mandate;Administrator can access audit by authorizing
The operational process of module real-time monitoring system;Preferably, warning message can be set according to demand, when the operation day for authorizing access
When occurring the warning message set in will, described authorize accesses Audit Module prompting in the presence of exception, for administrator's timely processing;
Preferably, administrator can inquire about the operation log for authorizing and accessing overall process according to demand, and the demand is included according to user information
User grants access behavior is inquired about, situation is accessed with classified data according to level of confidentiality inquiry, the data are interviewed according to data query
Ask situation etc.;
Further, set by information level of confidentiality configuration management module to authorizing the data in the database accessed to carry out level of confidentiality
It is fixed;The level of confidentiality collocation method of described information level of confidentiality configuration management module includes being directed to carry out setting one by one or according to setting per data
Fixed condition carries out batch setting;
A kind of method for realizing application system mandate retrieval, by authorizing unified retrieval module outwardly to provide one
A unified input interface so that the access to system is more convenient, the preferable Https access interfaces for using XML, adaptation
Most of extraneous application, has relatively broad use scope;Multinomial module of the method in system realizes
Contain access rights authorize, manage, changing, setting and the rights management of the rule setting of authority, realize more easily
Access rights management, to use the demand of more scenes, by information level of confidentiality configuration management module to the data in service database
Security classification settings are carried out, and can be changed at any time, improve the adaptability to the difference demand of data level of confidentiality in different usage scenarios;This
Method can be applied to a variety of usage scenarios, tackle a variety of extraneous applications, it is particularly possible to which use is more sensitive to information security
Government affairs application system in.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the disclosure
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, summary and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
Replace.Involved in this specification to the step of numbering be only used for distinguishing each step, and time being not limited between each step
Or the relation of logic, restriction unless the context clearly, otherwise the relation between each step include various possible situations.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means to be in the disclosure
Within the scope of and form different embodiments.For example, embodiment claimed in detail in the claims is one of any
Mode it can use in any combination.
The all parts embodiment of the disclosure can be with hardware realization, or to be run on one or more processor
Software module realize, or realized with combinations thereof.The disclosure is also implemented as being used to perform side as described herein
The some or all equipment or system program (for example, computer program and computer program product) of method.It is such
Realizing the program of the disclosure can store on a computer-readable medium, or can have the shape of one or more signal
Formula.Such signal can be downloaded from internet website and obtained, and either be provided or with any other shape on carrier signal
Formula provides.
The disclosure is limited it should be noted that above-described embodiment illustrates rather than the disclosure, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.Word "comprising" is not arranged
Except there are element or step not listed in the claims.Word "a" or "an" before element does not exclude the presence of more
A such element.The disclosure can be by means of including the hardware of some different elements and by means of properly programmed calculating
Machine is realized.In if the unit claim of dry systems is listed, several in these systems can be by same
Hardware branch embodies.
The above is only the embodiment of the disclosure, it is noted that for the ordinary skill people of this area
Member for, on the premise of disclosure spirit is not departed from, can make it is some improve, modification and deformation, these improve, modification,
It is regarded as in the protection domain of the application with deformation.
Claims (10)
1. a kind of system for realizing application system mandate retrieval, the system comprises:
Unified retrieval module is authorized, it is described to authorize unified retrieval module to be used to provide input to the extraneous application outside application system
Interface, and the user information and search condition of record access;The user information includes User ID;The mandate unified retrieval mould
Block is used to retrieval result being back to extraneous application;
Authorize and access Resource TOC module, described authorize accesses Resource TOC module for authorizing unified retrieval module record
User information is registered, and judges whether user has access rights, then notifies data acquisition module from awarding if any access rights
Weigh unified retrieval module and obtain search condition;The result of no access rights is back to mandate unified retrieval if no access rights
Module;
Information access rights configuration management module, described information access rights configuration management module are used for according to access user information
In User ID determine the details of user right;The details of the user right are able to access that close including user
Level;And
Data acquisition module, the data acquisition module be used for according to from authorize unified retrieval module receive search condition and
The details of the user right provided from information access rights configuration management module are to authorizing the database accessed to carry out data
Obtain and access;The access data back of acquisition is extremely authorized unified retrieval module by the data acquisition module.
2. system according to claim 1, it is characterised in that:The system comprises authorize access rule setup module, letter
Cease level of confidentiality configuration management module and authorize access rights setup module;
Described to authorize access rule setup module to be used to be configured the rule of access rights, the rule includes level of confidentiality and advises
Then;
Described information level of confidentiality configuration management module is used for authorizing the data in the database accessed to carry out security classification settings;
The mandate access rights for authorizing access rights setup module to be used for each user are configured, and determine that user can visit
The level of confidentiality asked.
3. system according to claim 1 or 2, it is characterised in that:The system comprises authorize access Audit Module and
Authorize and access application module;
Described authorize accesses the operation log that Audit Module accesses overall process for recording mandate;
Described authorize accesses the application that application module is used to receive the mandate access rights of user's proposition;User can file an application
Situation include:Accessed when authorizing when Resource TOC module judges user without access rights and when the user's data to be accessed letter
Breath is not belonging in the mandate access rights of user.
4. system according to claim 1, it is characterised in that:The mandate unified retrieval module is by providing XML's
Https access interfaces, outwardly application provide input interface.
5. system according to claim 2, it is characterised in that:The level of confidentiality configuration side of described information level of confidentiality configuration management module
Method, which includes being directed to, to be carried out setting one by one per data or carries out batch setting according to imposing a condition;Described information access rights configure
The authority configuring method of management module includes according to each user information set one by one or carries out batch according to imposing a condition
Set.
6. a kind of method for realizing application system mandate retrieval, the described method includes:
Step 1, unified retrieval module is authorized to be used to receive user information and search condition that extraneous application is transmitted, described access is used
Family information includes User ID and its correlation attribute information;
Step 2, access Resource TOC module is authorized to register the user access information for authorizing unified retrieval module record, and
Judge whether the user there are access rights;
Step 3, for the user having permission, data acquisition module according to from authorize the search condition that unified retrieval module receives with
And from the user right details that information access rights configuration management module provides to authorizing the database accessed to carry out data
Obtain and access;
Step 4, user's acquisition module send the information of acquisition extraneous using acquisition to authorizing unified retrieval module to supply.
7. according to the method described in claim 6, it is characterized in that:Access Resource TOC module is authorized to judge the user without access
During authority, the result of no access rights is back to and authorizes unified retrieval module;No access rights user can be accessed by authorizing
Apply for that module proposes access mandate application.
8. according to the method described in claim 6, it is characterized in that:By authorizing access rule setup module to access rights
Rule is configured, and the rule includes level of confidentiality rule;By information level of confidentiality configuration management module to authorizing the database accessed
In data carry out security classification settings;By authorizing mandate access rights of the access rights setup module to each user to be configured,
Determine the level of confidentiality that user can access;By authorizing the operation log for accessing Audit Module record and authorizing access overall process;Pass through
Authorize and access the application that application module receives the mandate access rights that user proposes, the situation that user can file an application includes:
Accessed when authorizing when Resource TOC module judges user without access rights and when user's data message to be accessed is not belonging to use
In the mandate access rights at family.
9. according to the method described in claim 6, it is characterized in that:The mandate unified retrieval module is by providing XML's
Https access interfaces, outwardly application provide input interface.
10. according to the method described in claim 8, it is characterized in that:The level of confidentiality configuration of described information level of confidentiality configuration management module
Method, which includes being directed to, to be carried out setting one by one per data or carries out batch setting according to imposing a condition;Described information access rights are matched somebody with somebody
Putting the authority configuring method of management module includes according to each user information set or criticized according to setting condition one by one
Amount is set.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711277900.0A CN108021824A (en) | 2017-12-06 | 2017-12-06 | A kind of system and method for realizing application system mandate retrieval |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711277900.0A CN108021824A (en) | 2017-12-06 | 2017-12-06 | A kind of system and method for realizing application system mandate retrieval |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108021824A true CN108021824A (en) | 2018-05-11 |
Family
ID=62078572
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711277900.0A Pending CN108021824A (en) | 2017-12-06 | 2017-12-06 | A kind of system and method for realizing application system mandate retrieval |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108021824A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571380A (en) * | 2010-12-16 | 2012-07-11 | 北京博阳世通信息技术有限公司 | Multi-instance GIS platform unified user management method and system |
CN102638481A (en) * | 2011-02-15 | 2012-08-15 | 英大传媒投资集团有限公司 | Audiovisual material remote filing system and method thereof |
US20150046419A1 (en) * | 2013-08-12 | 2015-02-12 | Vidmind Ltd. | Method of sorting search results by recommendation engine |
-
2017
- 2017-12-06 CN CN201711277900.0A patent/CN108021824A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571380A (en) * | 2010-12-16 | 2012-07-11 | 北京博阳世通信息技术有限公司 | Multi-instance GIS platform unified user management method and system |
CN102638481A (en) * | 2011-02-15 | 2012-08-15 | 英大传媒投资集团有限公司 | Audiovisual material remote filing system and method thereof |
US20150046419A1 (en) * | 2013-08-12 | 2015-02-12 | Vidmind Ltd. | Method of sorting search results by recommendation engine |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102514325B1 (en) | Model training system and method, storage medium | |
CN103400067B (en) | Right management method, system and server | |
US20180182052A1 (en) | Policy Fabric And Sharing System For Enabling Multi-Party Data Processing In An IoT Environment | |
CN103632082B (en) | A kind of general-purpose rights management system and method | |
US7730092B2 (en) | System and method for managing user profiles | |
CN107634951A (en) | Docker vessel safeties management method, system, equipment and storage medium | |
WO2016010777A1 (en) | Network-based real-time distributed data compliance broker | |
CN104301301B (en) | A kind of Data Migration encryption method based between cloud storage system | |
US11580206B2 (en) | Project-based permission system | |
CN106982231A (en) | A kind of inside threat real-time detection method based on Agent | |
CN105049445B (en) | A kind of access control method and free-standing access controller | |
CN112818328A (en) | Multi-system authority management method, device, equipment and storage medium | |
CN108289098A (en) | Right management method and device, server, the medium of distributed file system | |
CN108476135A (en) | The access control of numerical data | |
CN102227116A (en) | Safe local area network management method and local area network | |
EP3556129A1 (en) | System and method for user authorization | |
Rikhtechi et al. | Secured access control in security information and event management systems | |
CN108021824A (en) | A kind of system and method for realizing application system mandate retrieval | |
CN112149112A (en) | Enterprise information security management method based on authority separation | |
CN102546636B (en) | Protected resource monitoring method and device | |
CN115549988A (en) | Internal and external network data transmission system and method | |
CN113486366A (en) | Web illegal operation behavior detection method based on cluster analysis | |
Rouse et al. | A neuropsychological investigation of social‐semantic knowledge in frontotemporal dementia | |
Sood et al. | Evaluating digital device technology in Alzheimer’s disease via artificial intelligence | |
Khozoie | Health Information Management on Semantic Web:(Semantic HIM) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180511 |